ERR_SPDY_PROTOCOL_ERROR

shahzaib

Active Member

Reaction score: 1
Messages: 110

Hi,

We've been getting net::ERR_SPDY_PROTOCOL_ERROR on mostly chrome when serving video files. In the beginning we thought that issue is with Chrome browser but after testing it further we found that video serving working perfect on Debian but error is only occuring on Freebsd.

The way we're generating this error is that we create an html page and put 6 direct video links on the page (Video links served by NGINX FreeBSD)

After that we open this link in Incognito chrome and in Inspect element under Console those SPDY protocol errors start to occur. Here see the screenshot : http://prntscr.com/g3bqcg

I've also tried updating openssl, updating FreeBSD-11 to FreeBSD-11.1 , updated Nginx to latest 1.12.1 but this error is not removed.

Here is my Nginx SSL config :

https://pastebin.com/gaVWfWJv

NOTE: This error is not comming for Debian or Centos but only in FreeBSD.

Please guide me on how to fix this error.

Thanks in advance !!
Shahzaib
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 6,926
Messages: 28,850

We've been getting net::ERR_SPDY_PROTOCOL_ERROR on mostly chrome when serving video files. In the beginning we thought that issue is with Chrome browser but after testing it further we found that video serving working perfect on Debian but error is only occuring on Freebsd.
It's probably related to the version of Chrome. They stopped supporting SPDY some time ago.
 
OP
OP
S

shahzaib

Active Member

Reaction score: 1
Messages: 110

Hi,

I thought the same also we're not using spdy we're using HTTP2 , if chrome is not supporting spdy then videos are playing on Debian server without any problem over HTTP2 on same chrome browser and same nginx setting.

Also i'd like to mention that somehow i've fixed SPDY error on one of the FreeBSD-10 version with updating it to 10.3 and installing nginx with pkg instead of port but this problem is not getting fixed on this FreeBSD-11 version :(

There must be something else i am missing on FreeBSD. :(
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 6,926
Messages: 28,850

As far as I know the FreeBSD version has very little to do with SPDY. It's something an application supports (or not) and doesn't require support on the OS or kernel level because it runs on top of 'normal' TCP/IP connections.

All I can think of is that you've somehow "solved" it by upgrading both Chrome and nginx to a version without SPDY support.

https://www.nginx.com/blog/nginx-1-9-5/
 

ondra_knezour

Aspiring Daemon

Reaction score: 193
Messages: 758

The ALPN TLS extension is required by nginx to support HTTP/2, which is available from OpenSSL 1.0.2 which is included only in the 11 branch (AFAIK). 10.3-RELEASE definitely contains v 1.0.1s (cf. RELEASE NOTES). I was experimenting with HTTP/2 on the FreeBSD 11.0-RCsomething and everything worked fine with the "official" FreeBSD nginx package.

If you have HTTP/2 working on 10.3-RELEASE, then nginx must be built/linked against newer OpenSSL library than is available in base. There was talks about moving base OpenSSL into "private mode", usable only by base itself, to make "room" for newer version usable by ports/packages with quicker turn-out, but I don't know how far this get. And by quick looking into the Makefile it looks to me that port is forcing dependency on the openssl-port on release < 11. Maybe here can arise some problem?
 
OP
OP
S

shahzaib

Active Member

Reaction score: 1
Messages: 110

Hi,

On FreeBSD-11 , openssl version is 1.0.2k and nginx is built with it but issue is same however after removing HTTP2 from config, spdy error is no more comming on chrome but in Debian its working flawless with HTTP2 :
Code:
[root@cw012 ~]# nginx -V
nginx version: nginx/1.12.1
built with OpenSSL 1.0.2k-freebsd  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --with-pcre --with-http_v2_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --with-http_ssl_module
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 6,926
Messages: 28,850

Looking at the potential issues with the OpenSSL version you may want to try this. Add to /etc/make.conf (create the file if it doesn't exist):
Code:
DEFAULT_VERSIONS+= ssl=openssl
And rebuild www/nginx. The options in make.conf will force every port to use the port OpenSSL instead of the base OpenSSL. The port version is newer and may provide the necessary TLS/SSL options for HTTP/2.
 
OP
OP
S

shahzaib

Active Member

Reaction score: 1
Messages: 110

Hi,

Rebuilt the Nginx but issue is same :
Code:
nginx version: nginx/1.12.1
built with OpenSSL 1.0.2l  25 May 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_addition_module --without-http-cache --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-pcre --with-http_v2_module --with-threads --with-http_ssl_module
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 6,926
Messages: 28,850

I can't remember where I read it but the modules aren't loaded automatically any more as they did previously. So make sure you're loading the nginx HTTP/2 module and HTTP/2 is enabled on the port.

Edit: Never mind, the module isn't separate. I just checked my own nginx and the HTTP/2 option is on by default and seems to be active.
 

dexter234

New Member


Messages: 6

There are various reasons why you can get the error err_spdy_protocol_error, such as outdated chrome, anti-virus/firewall

settings. The following steps can help get rid of the error and solve the problem:
1. download and install the latest version of chrome on your desktop
2. Check Antivirus/ Firewall Setting- add websites to web shield exclusion inside the Antivirus software such as avast.
3. Run Chrome Cleanup Tool
4. Clear host Cache and DNS Cache
5. Flush Sockets
Follow this comprehensive guide ERR_SPDY_PROTOCOL_ERROR to get rid of the error completely.
 
Top