Err_spdy_protocol_error

devad · July 17, 2018, 1:17pm

HI,

Suddenly (around 6th of July) this error code display: ERR_SPDY_PROTOCOL_ERROR. I have check both safari and Chrome displays ERR_SPDY_PROTOCOL_ERROR and safari display kCFErrorDomainCFNetwork error 303.

I have not done anything on server level. Just updated the Let’s Encrypt certicate. I have done a test in chrome://net-internals/#events and get the following error messages. Don’t now what to do with it though:

119628: URL_REQUEST
https://www.allduplo.se/
Start Time: 2018-07-17 14:36:04.632

t=6143 [st= 0] +REQUEST_ALIVE [dt=956]
–> priority = “HIGHEST”
–> url = “https://www.allduplo.se/”
t=6144 [st= 1] URL_REQUEST_DELEGATE [dt=0]
t=6144 [st= 1] +URL_REQUEST_START_JOB [dt=953]
–> load_flags = 18433 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VALIDATE_CACHE)
–> method = “GET”
–> url = “https://www.allduplo.se/”
t=6144 [st= 1] URL_REQUEST_DELEGATE [dt=0]
t=6144 [st= 1] HTTP_CACHE_GET_BACKEND [dt=0]
t=6144 [st= 1] HTTP_CACHE_OPEN_ENTRY [dt=0]
–> net_error = -2 (ERR_FAILED)
t=6144 [st= 1] HTTP_CACHE_CREATE_ENTRY [dt=0]
t=6144 [st= 1] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=6144 [st= 1] +HTTP_STREAM_REQUEST [dt=1]
t=6144 [st= 1] HTTP_STREAM_JOB_CONTROLLER_BOUND
–> source_dependency = 119630 (HTTP_STREAM_JOB_CONTROLLER)
t=6145 [st= 2] HTTP_STREAM_REQUEST_BOUND_TO_JOB
–> source_dependency = 119631 (HTTP_STREAM_JOB)
t=6145 [st= 2] -HTTP_STREAM_REQUEST
t=6145 [st= 2] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=6145 [st= 2] HTTP_TRANSACTION_HTTP2_SEND_REQUEST_HEADERS
–> :authority: www.allduplo.se
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
accept-encoding: gzip, deflate, br
accept-language: sv-SE,sv;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
cookie: _ga=GA1.2.152687942.1531808727; _gid=GA1.2.1796538786.1531808727
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
t=6145 [st= 2] -HTTP_TRANSACTION_SEND_REQUEST
t=6145 [st= 2] +HTTP_TRANSACTION_READ_HEADERS [dt=951]
t=7096 [st=953] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
–> HTTP/1.1 200
status: 200
server: nginx
date: Tue, 17 Jul 2018 12:36:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
link: https://www.allduplo.se/wp-json/; rel=“https://api.w.org/”
link: https://www.allduplo.se/; rel=shortlink
x-powered-by: EasyEngine 3.7.4
rt-fastcgi-cache: MISS
content-encoding: gzip
t=7096 [st=953] -HTTP_TRANSACTION_READ_HEADERS
t=7096 [st=953] +HTTP_CACHE_WRITE_INFO [dt=1]
t=7097 [st=954] HTTP2_STREAM_ERROR
–> description = “Server reset stream.”
–> net_error = “ERR_SPDY_PROTOCOL_ERROR”
–> stream_id = 3
t=7097 [st=954] -HTTP_CACHE_WRITE_INFO
t=7097 [st=954] HTTP_CACHE_WRITE_DATA [dt=0]
t=7097 [st=954] HTTP_CACHE_WRITE_INFO [dt=0]
t=7097 [st=954] URL_REQUEST_DELEGATE [dt=0]
t=7097 [st=954] URL_REQUEST_FILTERS_SET
–> filters = “GZIP”
t=7097 [st=954] -URL_REQUEST_START_JOB
t=7097 [st=954] +URL_REQUEST_DELEGATE [dt=1]
t=7097 [st=954] DELEGATE_INFO [dt=1]
–> delegate_blocked_by = “MojoAsyncResourceHandler”
t=7098 [st=955] -URL_REQUEST_DELEGATE
t=7098 [st=955] HTTP_TRANSACTION_READ_BODY [dt=0]
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)
t=7098 [st=955] FAILED
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)
t=7099 [st=956] -REQUEST_ALIVE
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)

Url: www.allduplo.se
Installed on: Ubuntu 16.04 LTS Linux Nginx

Thanks!

stevenzhu · July 17, 2018, 4:39pm

Hi,

Can you kindly share us your Nginx / Apache configuration of this site… (Looks like this is your issue)

Thank you

Osiris · July 17, 2018, 5:40pm

Your webserver seems to be malfunctioning. When debugging with the nghttp tool (a client util from the nghttp2 library), the client receives some sort of “reset” command from your webserver:

osiris@client ~ $ nghttp -nv https://www.allduplo.se/
[  0.071] Connected
The negotiated protocol: h2
[  0.165] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
          (niv=3)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65536]
          [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]
[  0.165] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
          (window_size_increment=2147418112)
[  0.165] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.165] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
          (dep_stream_id=0, weight=201, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
          (dep_stream_id=0, weight=101, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
          (dep_stream_id=0, weight=1, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
          (dep_stream_id=7, weight=1, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
          (dep_stream_id=3, weight=1, exclusive=0)
[  0.165] send HEADERS frame <length=40, flags=0x25, stream_id=13>
          ; END_STREAM | END_HEADERS | PRIORITY
          (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
          ; Open new stream
          :method: GET
          :path: /
          :scheme: https
          :authority: www.allduplo.se
          accept: */*
          accept-encoding: gzip, deflate
          user-agent: nghttp2/1.31.1
[  0.236] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.953] recv (stream_id=13) :status: 200
[  0.953] recv (stream_id=13) server: nginx
[  0.953] recv (stream_id=13) date: Tue, 17 Jul 2018 17:36:23 GMT
[  0.953] recv (stream_id=13) content-type: text/html; charset=UTF-8
[  0.953] recv (stream_id=13) vary: Accept-Encoding
[  0.953] recv (stream_id=13) x-frame-options: SAMEORIGIN
[  0.953] recv (stream_id=13) link: <https://www.allduplo.se/wp-json/>; rel="https://api.w.org/"
[  0.953] recv (stream_id=13) link: <https://www.allduplo.se/>; rel=shortlink
[  0.953] recv (stream_id=13) x-powered-by: EasyEngine 3.7.4
[  0.953] recv (stream_id=13) rt-fastcgi-cache: MISS
[  0.953] recv (stream_id=13) content-encoding: gzip
[  0.953] recv HEADERS frame <length=238, flags=0x04, stream_id=13>
          ; END_HEADERS
          (padlen=0)
          ; First response header
[  0.953] recv RST_STREAM frame <length=4, flags=0x00, stream_id=13>
          (error_code=INTERNAL_ERROR(0x02))
[  0.953] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
          (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
Some requests were not processed. total=1, processed=0
osiris@client ~ $

After the reset, the client sends a “go away” command, but this isn’t unusual if you compare it to a regular HTTP2 session, for example, when connecting to google.com:

osiris@client ~ $ nghttp -nv https://google.com/
[  0.142] Connected
The negotiated protocol: h2
[  0.259] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
          (niv=3)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):1048576]
          [SETTINGS_MAX_HEADER_LIST_SIZE(0x06):16384]
[  0.259] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
          (window_size_increment=983041)
[  0.259] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.259] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
          (dep_stream_id=0, weight=201, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
          (dep_stream_id=0, weight=101, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
          (dep_stream_id=0, weight=1, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
          (dep_stream_id=7, weight=1, exclusive=0)
[  0.260] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
          (dep_stream_id=3, weight=1, exclusive=0)
[  0.260] send HEADERS frame <length=35, flags=0x25, stream_id=13>
          ; END_STREAM | END_HEADERS | PRIORITY
          (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
          ; Open new stream
          :method: GET
          :path: /
          :scheme: https
          :authority: google.com
          accept: */*
          accept-encoding: gzip, deflate
          user-agent: nghttp2/1.31.1
[  0.395] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.395] recv (stream_id=13) :status: 301
[  0.395] recv (stream_id=13) location: https://www.google.com/
[  0.395] recv (stream_id=13) content-type: text/html; charset=UTF-8
[  0.395] recv (stream_id=13) date: Tue, 17 Jul 2018 17:38:45 GMT
[  0.395] recv (stream_id=13) expires: Thu, 16 Aug 2018 17:38:45 GMT
[  0.395] recv (stream_id=13) cache-control: public, max-age=2592000
[  0.395] recv (stream_id=13) server: gws
[  0.395] recv (stream_id=13) content-length: 220
[  0.395] recv (stream_id=13) x-xss-protection: 1; mode=block
[  0.395] recv (stream_id=13) x-frame-options: SAMEORIGIN
[  0.395] recv (stream_id=13) alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
[  0.395] recv HEADERS frame <length=220, flags=0x04, stream_id=13>
          ; END_HEADERS
          (padlen=0)
          ; First response header
[  0.395] recv DATA frame <length=220, flags=0x00, stream_id=13>
[  0.395] recv DATA frame <length=0, flags=0x01, stream_id=13>
          ; END_STREAM
[  0.395] recv PING frame <length=8, flags=0x00, stream_id=0>
          (opaque_data=0000000000000000)
[  0.395] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
          (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
osiris@cllient ~ $

You can clearly see the difference: after the response header, the Google webserver sends a “DATA frame” (the website itself) whereas your webserver sends a “RST_STREAM frame”.

So I would check your webservers error log, possibly increasing its verbosity if you don’t get any errors at first.

devad · July 17, 2018, 6:24pm

Hi,

Thank you for your reply. Here is the nginx.conf file. I have also tried to turn off firewall but that did not work either. Can you make something out of this? I also tried to reboot the server but ended up with “Error establishing a database connection”.

user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;

events {
	worker_connections 4096;
	multi_accept on;
}

http {
	##
	# EasyEngine Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 30;
	types_hash_max_size 2048;

	server_tokens off;
	reset_timedout_connection on;
	add_header X-Powered-By "EasyEngine 3.7.4";
	add_header rt-Fastcgi-Cache $upstream_cache_status;

	# Limit Request
	limit_req_status 403;
	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

	# Proxy Settings
	# set_real_ip_from	proxy-server-ip;
	# real_ip_header	X-Forwarded-For;

	fastcgi_read_timeout 300;
	client_max_body_size 100m;

	##
	# SSL Settings
	##

	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 10m;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	
	##
	# Basic Settings
	##
	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	# Log format Settings
	log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
	'$http_host "$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent"';

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types
	    application/atom+xml
	    application/javascript
	    application/json
	    application/rss+xml
	    application/vnd.ms-fontobject
	    application/x-font-ttf
	    application/x-web-app-manifest+json
	    application/xhtml+xml
	    application/xml
	    font/opentype
	    image/svg+xml
	    image/x-icon
	    text/css
	    text/plain
	    text/x-component
	    text/xml
	    text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

devad · July 18, 2018, 11:22am

I restored a backup so the issue is solved.

system · August 17, 2018, 11:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.