containers icon indicating copy to clipboard operation
containers copied to clipboard
verified publisher icon bitnami

[bitnami/apache] Missing proxy_http2_module

Open pikopl opened this issue 3 years ago • 5 comments

Name and Version

bitnami/apache 9.2.10

What steps will reproduce the bug?

  1. Install apache server with default values
  2. Log to apache container, e.g. kubectl exec -it apache-proxy-645b6dd479-hnmqs -- bash
  3. Go to /opt/bitnami/apache/modules or /opt/bitnami/apache2/modules
  4. I can't find module proxy_http2_module (mod_proxy_http2.so) in module directory for apache server

Are you using any custom parameters or values?

No

What is the expected behavior?

No response

What do you see instead?

I can't find module proxy_http2_module (mod_proxy_http2.so) in module directory for apache server

Additional information

No response

pikopl avatar Jan 09 '23 15:01 pikopl

Hi,

Could you add more details on the use case this module covers? We want to be conservatives on the modules we add by default, as it increases the container size and (more importantly) the vulnerability surface.

javsalgar avatar Jan 10 '23 10:01 javsalgar

The proxy_http2_module can cover following usecase, when backend service supports only HTTP/2 protocol, e.g:

  • client <-(HTTP 1.1 plaintext/tls)-> apache server <-(HTTP/2 plaintext/tls)-> backend
  • client <-(HTTP/2 plaintext/tls)-> apache server <-(HTTP/2 plaintext/tls)-> backend

pikopl avatar Jan 10 '23 11:01 pikopl

Thank you for the feedback. I will forward this to the engineering team for evaluation. Note that, as this is not a critical feature, we cannot guarantee an ETA. For the time being, our advice is to create a fork of the bitnami/apache container and add the module: https://github.com/bitnami/containers/tree/main/bitnami/apache#customize-this-image

javsalgar avatar Jan 11 '23 09:01 javsalgar

Ok, thank you for explanation and advice.

pikopl avatar Jan 11 '23 12:01 pikopl

Hi @pikopl,

We have added the proxy_http2_module to our Apache container. Starting from tag 2.4.57-debian-11-r180 of our bitnami/apache container you can find the mod_proxy_http2.so file under the /opt/bitnami/apache/modules/ directory

root@8e49c7c3819b:/app# ls -larth /opt/bitnami/apache/modules/mod_proxy_http2.so
-rwxr-xr-x 1 root root 92K Oct  4 09:31 /opt/bitnami/apache/modules/mod_proxy_http2.so

Notice the module is disabled by default in Apache configuration (along with the http2_module)

root@8e49c7c3819b:/app# grep http2 /opt/bitnami/apache2/conf/httpd.conf
#LoadModule http2_module modules/mod_http2.so
#LoadModule proxy_http2_module modules/mod_proxy_http2.so

You can get more information on how to extend our image in the docs linked below

https://github.com/bitnami/containers/tree/main/bitnami/apache#extend-this-image

Hope it helps!

gongomgra avatar Oct 04 '23 15:10 gongomgra