Open Closed

502 Bad Gateway Error #4338


User avatar
0
shailendra.adhav created
  • ABP Framework version: v7.0 latest

  • UI type: MVC

  • DB provider: EF Core

  • **Tiered (MVC)

  • All pods are up and running successfully and we are able to access authserver application

  • Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app

  • While checking pods, we are getting the logs which are provided below

    ---------------------

  • Exception message and stack trace:

  • We are using Azure Kubernetes Services for hosting and for building we are using Azure DevOps pipelines

  • We are unable to access public web app and web app, they are showing 502 bad gateway errors

  • logs of both pods are similar

  • [10:27:40 INF] Initialized all ABP modules. [10:27:41 INF] Now listening on: http://[::]:80 [10:27:41 INF] Now listening on: https://[::]:443 [10:27:41 INF] Application started. Press Ctrl+C to shut down. [10:27:41 INF] Hosting environment: Production [10:27:41 INF] Content root path: /app/ [10:27:50 INF] Request starting HTTP/1.1 GET http://publicweb.jailocal.in/ - - [10:27:50 INF] Start processing HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Sending HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Received HTTP response headers after 119.174ms - 200 [10:27:50 INF] End processing HTTP request after 130.2113ms - 200 [10:27:50 ERR] Connection id "0HMNKGUK23U8M", Request id "0HMNKGUK23U8M:00000002": An unhandled exception was thrown by the application. Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Issuer name does not match authority: http://authserver.jailocal.in/ at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName) at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.IdentityModel.Web.HttpContextIdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.<GetAsync>b__13_0() at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable`1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync() at Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync()


  • Appsettings.json file for publicwebapp is
  • { "App": { "SelfUrl": "https://localhost:44335" }, "AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "false", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "IsOnK8s": "true", "MetaAddress": "https://localhost:44322" }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", "Scope": "IdentityService" } }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "RemoteServices": { "Default": { "BaseUrl": "https://localhost:44353" }, "AbpIdentity": { "BaseUrl": "https://localhost:44388/", "UseCurrentAccessToken": "false" } }, "StringEncryption": { "DefaultPassPhrase": "7XVHOPyjN5Laxsjb" }, "Redis": { "Configuration": "localhost:6379" }, "RabbitMQ": { "Connections": { "Default": { "HostName": "localhost" } }, "EventBus": { "ClientName": "PublicWeb", "ExchangeName": "POC" } }, "ElasticSearch": { "Url": "http://localhost:9200" } }

*** yaml file for public web app is **

  • #Deployment apiVersion: apps/v1 kind: Deployment metadata: name: publicwebapp spec: replicas: 1 selector: matchLabels: app: publicwebapp template: metadata: labels: app: publicwebapp spec: containers: - name: publicwebapp image: imagename:$(Build.BuildId) imagePullPolicy: IfNotPresent env: - name: ASPNETCORE_ENVIRONMENT value: "Production" - name: ASPNETCORE_URLS value: "http://+:80;https://+:443" - name: App__SelfUrl value: "https://publicweb.domain.in" - name: "AuthServer__Authority" value: "https://authserver.domian.in" - name: "AuthServer__RequireHttpsMetadata" value: "false" - name: "AuthServer__IsOnK8s" value: "true" - name: "AuthServer__MetaAddress" value: "https://authserver.domain.in" - name: IdentityClients__Default__Authority value: "https://authserver.domain.in" - name: RemoteServices__Default__BaseUrl value: "https://publicwebgateway.domain.in" - name: RemoteServices__AbpIdentity__BaseUrl value: "https://identity.domain.in" - name: RemoteServices__AbpIdentity__UseCurrentAccessToken value: "false" - name: "StringEncryption__DefaultPassPhrase" value: "7XVHOPyjN5Laxsjb" - name: "Redis__Configuration" value: "redis" - name: "RabbitMQ__Connections__Default__HostName" value: "rabbitmq" - name: "ElasticSearch__Url" value: "https://elasticsearch.domain.in" - name: ASPNETCORE_Kestrel__Certificates__Default__Path value: "app/dev-cert/localhost.pfx" - name: ASPNETCORE_Kestrel__Certificates__Default__Password value: "e8202f07-66e5-4619-be07-72ba76fde97f" - name: CustomConnectionString__Environment ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP
  • All pods are up and running successfully and we are able to access authserver application
  • Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app
  • While checking pods, we are getting the logs which are provided above

1 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Your authority and the issuer doesn't match basically.

    Expected issuer: https://authserver.domian.in Your issuer: http://authserver.jailocal.in/

    You can set issuer at OpenIddictServerBuilder option:

    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        ...
        builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); //Should be "https://authserver.domian.in"
    });
    

    Your authserver MetaAddress should be http://authserver.jailocal.in/ which will be requested internally during token validation.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 01, 2025, 08:37