Open Closed

502 Bad Gateway Error #4338


User avatar
0
shailendra.adhav created
  • ABP Framework version: v7.0 latest

  • UI type: MVC

  • DB provider: EF Core

  • **Tiered (MVC)

  • All pods are up and running successfully and we are able to access authserver application

  • Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app

  • While checking pods, we are getting the logs which are provided below

    ---------------------

  • Exception message and stack trace:

  • We are using Azure Kubernetes Services for hosting and for building we are using Azure DevOps pipelines

  • We are unable to access public web app and web app, they are showing 502 bad gateway errors

  • logs of both pods are similar

  • [10:27:40 INF] Initialized all ABP modules. [10:27:41 INF] Now listening on: http://[::]:80 [10:27:41 INF] Now listening on: https://[::]:443 [10:27:41 INF] Application started. Press Ctrl+C to shut down. [10:27:41 INF] Hosting environment: Production [10:27:41 INF] Content root path: /app/ [10:27:50 INF] Request starting HTTP/1.1 GET http://publicweb.jailocal.in/ - - [10:27:50 INF] Start processing HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Sending HTTP request GET https://authserver.jailocal.in/.well-known/openid-configuration [10:27:50 INF] Received HTTP response headers after 119.174ms - 200 [10:27:50 INF] End processing HTTP request after 130.2113ms - 200 [10:27:50 ERR] Connection id "0HMNKGUK23U8M", Request id "0HMNKGUK23U8M:00000002": An unhandled exception was thrown by the application. Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Issuer name does not match authority: http://authserver.jailocal.in/ at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName) at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName) at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.IdentityModel.Web.HttpContextIdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync(ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](ClientProxyRequestContext requestContext) at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments) at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ClientProxies.AbpApplicationConfigurationClientProxy.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.<GetAsync>b__13_0() at Volo.Abp.Caching.DistributedCache2.GetOrAddAsync(TCacheKey key, Func1 factory, Func1 optionsFactory, Nullable`1 hideErrors, Boolean considerUow, CancellationToken token) at Volo.Abp.AspNetCore.Mvc.Client.MvcCachedApplicationConfigurationClient.GetAsync() at Volo.Abp.AspNetCore.Mvc.Client.RemoteLanguageProvider.GetLanguagesAsync() at Microsoft.AspNetCore.RequestLocalization.DefaultAbpRequestLocalizationOptionsProvider.GetLocalizationOptionsAsync()


  • Appsettings.json file for publicwebapp is
  • { "App": { "SelfUrl": "https://localhost:44335" }, "AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "false", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "IsOnK8s": "true", "MetaAddress": "https://localhost:44322" }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "PublicWeb", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", "Scope": "IdentityService" } }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "RemoteServices": { "Default": { "BaseUrl": "https://localhost:44353" }, "AbpIdentity": { "BaseUrl": "https://localhost:44388/", "UseCurrentAccessToken": "false" } }, "StringEncryption": { "DefaultPassPhrase": "7XVHOPyjN5Laxsjb" }, "Redis": { "Configuration": "localhost:6379" }, "RabbitMQ": { "Connections": { "Default": { "HostName": "localhost" } }, "EventBus": { "ClientName": "PublicWeb", "ExchangeName": "POC" } }, "ElasticSearch": { "Url": "http://localhost:9200" } }

*** yaml file for public web app is **

  • #Deployment apiVersion: apps/v1 kind: Deployment metadata: name: publicwebapp spec: replicas: 1 selector: matchLabels: app: publicwebapp template: metadata: labels: app: publicwebapp spec: containers: - name: publicwebapp image: imagename:$(Build.BuildId) imagePullPolicy: IfNotPresent env: - name: ASPNETCORE_ENVIRONMENT value: "Production" - name: ASPNETCORE_URLS value: "http://+:80;https://+:443" - name: App__SelfUrl value: "https://publicweb.domain.in" - name: "AuthServer__Authority" value: "https://authserver.domian.in" - name: "AuthServer__RequireHttpsMetadata" value: "false" - name: "AuthServer__IsOnK8s" value: "true" - name: "AuthServer__MetaAddress" value: "https://authserver.domain.in" - name: IdentityClients__Default__Authority value: "https://authserver.domain.in" - name: RemoteServices__Default__BaseUrl value: "https://publicwebgateway.domain.in" - name: RemoteServices__AbpIdentity__BaseUrl value: "https://identity.domain.in" - name: RemoteServices__AbpIdentity__UseCurrentAccessToken value: "false" - name: "StringEncryption__DefaultPassPhrase" value: "7XVHOPyjN5Laxsjb" - name: "Redis__Configuration" value: "redis" - name: "RabbitMQ__Connections__Default__HostName" value: "rabbitmq" - name: "ElasticSearch__Url" value: "https://elasticsearch.domain.in" - name: ASPNETCORE_Kestrel__Certificates__Default__Path value: "app/dev-cert/localhost.pfx" - name: ASPNETCORE_Kestrel__Certificates__Default__Password value: "e8202f07-66e5-4619-be07-72ba76fde97f" - name: CustomConnectionString__Environment ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP
  • All pods are up and running successfully and we are able to access authserver application
  • Steps to reproduce the issue:"While deploying the application through CI-CD pipelines, we are able to access every application except web app and public web app
  • While checking pods, we are getting the logs which are provided above

1 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Your authority and the issuer doesn't match basically.

    Expected issuer: https://authserver.domian.in Your issuer: http://authserver.jailocal.in/

    You can set issuer at OpenIddictServerBuilder option:

    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        ...
        builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); //Should be "https://authserver.domian.in"
    });
    

    Your authserver MetaAddress should be http://authserver.jailocal.in/ which will be requested internally during token validation.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15