Automic Workload Automation

 View Only

JETTY 21.0.X 24.1 and F5 Load Balancer

  • 1.  JETTY 21.0.X 24.1 and F5 Load Balancer

    Posted Jul 26, 2024 10:37 AM

    Hello Community,

         We have for quite some time been running V21.0.2 Jetty webinterface behind a load balancer for quite some time just fine. I've recently upgraded to 21.0.11 and since then the F5 refuses to connect to the environment.

    I am able to connect to each individual node directly and log in both securely and non secure. Which lead me down the road that it is an F5 issue.

    in the 21.0.2 webinterface version the F5 seems to indicate it is connecting via HTTP/1.1

    f5 log:

    *  SSL certificate verify ok.
    * TLSv1.3 (OUT), TLS app data, [no content] (0):
    > GET /awi HTTP/1.1
    > Host: awaprod
    > User-Agent: curl/7.61.1
    > Accept: */*
    >
    * TLSv1.3 (IN), TLS app data, [no content] (0):
    < HTTP/1.1 302 Found

    When using any of the newer  Jetty Versions

    • ALPN, server accepted to use h2
      * Server certificate:
      ***
      *  SSL certificate verify result: self signed certificate (18), continuing anyway.
      * Using HTTP2, server supports multi-use
      * Connection state changed (HTTP/2 confirmed)
      * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
      * TLSv1.3 (OUT), TLS app data, [no content] (0):
      * TLSv1.3 (OUT), TLS app data, [no content] (0):
      * TLSv1.3 (OUT), TLS app data, [no content] (0):
      * Using Stream ID: 1 (easy handle 0x555b829615e0)
      * TLSv1.3 (OUT), TLS app data, [no content] (0):
      > GET /awi HTTP/2
      > Host: hawaiitest:7443
      > User-Agent: curl/7.61.1
      > Accept: */*
      >
      * TLSv1.3 (IN), TLS handshake, [no content] (0):
      * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
      * TLSv1.3 (IN), TLS app data, [no content] (0):
      * Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
      * TLSv1.3 (OUT), TLS app data, [no content] (0):
      * TLSv1.3 (IN), TLS app data, [no content] (0):
      * TLSv1.3 (IN), TLS app data, [no content] (0):
      < HTTP/2 302
      < date: Thu, 25 Jul 2024 14:25:40 GMT
      < content-length: 0

    My understanding from this article is that Jetty hasnt had HTTP/2 enabled since version 21.0.8.

    Adding https.version=1 to the configuration.properties file does not change the behavior, so my questions are... Is anyone running Jetty behind and F5 load balancer, and have you had similar issues with newer versions? If so, how have you overcome them?

    Thanks for your help

    Ben