search

Azure / api-management-self-hosted-gateway

Home of Azure API Management's Self-Hosted Gateway
https://docs.microsoft.com/en-gb/azure/api-management/self-hosted-gateway-overview
Other
66 stars 27 forks source link

Local loopback host 127.0.0.1 behavior is not consistent #210

Closed alexhu20 closed 4 months ago

alexhu20 commented 1 year ago

Report

Hello team,

I have two APIs in place https://{fqdn}/A and https://{fqdn}/B. I have a scenario where I need write the URL Path and redirect the request from API A to API B via the local endpoint https://127.0.0.1:443. Now in self-hosted APIM the default port number for https is 8081 hence I need to redirect to https://127.0.0.1:8081 instead

The problem here is it doesn't work for my existing API where the model has been established in Azure Managed APIM.

Expected Behavior

The expected behavior should be 200 OK instead of 400 SSL certificate error.

However, when I create brand new APIs to mimic the exact same redirect step it does not throw 400 error

Actual Behavior

when I redirect the request from API A to API B I get 400 SSL certificate issue. I also noticed in Backend second you can configure the backend in this case https://127.0.0.1:8081 to not valid the SSL cert but it seems to apply to the self-hosted version

Steps to Reproduce the Problem

And this one seems to be ok

[Info] 2023-05-7T05:13:03.008, isRequestSuccess: True, totalTime: 17, category: GatewayLogs, callerIpAddress: 71.231.161.157, timeGenerated: 2023-05-7T05:13:03.008, region: West Europe Self Hosted, correlationId: 95ab115b-e762-4c2f-b10c-3de2eed12b39, method: GET, url: https://self-hosted-apim-we-alp-01.westeurope.cloudapp.azure.com/first_, backendResponseCode: 200, responseCode: 200, responseSize: 528, cache: none, backendTime: 9, apiId: first, operationId: get, apimSubscriptionId: master, clientProtocol: HTTP/1.1, backendProtocol: HTTP/1.1, apiRevision: 1, clientTlsVersion: 1.2, backendMethod: GET, backendUrl: https://127.0.0.1:8081/second_, correlationId: 95ab115b-e762-4c2f-b10c-3de2eed12b39

[Info] 2023-05-7T05:13:03.025, isRequestSuccess: True, totalTime: 0, category: GatewayLogs, callerIpAddress: 127.0.0.1, timeGenerated: 2023-05-7T05:13:03.025, region: West Europe Self Hosted, correlationId: 82e31124-e4ee-402c-a2d8-c66c94c18512, method: GET, url: https://127.0.0.1:8081/second_, responseCode: 200, responseSize: 93, cache: none, apiId: second, operationId: get, apimSubscriptionId: master, clientProtocol: HTTP/1.1, apiRevision: 1, clientTlsVersion: 1.2, correlationId: 82e31124-e4ee-402c-a2d8-c66c94c18512

Logs from self-hosted gateway

example

First layer

[Info] 2023-05-7T05:11:59.420, isRequestSuccess: False, totalTime: 41, category: GatewayLogs, callerIpAddress: 52.173.90.107, timeGenerated: 2023-05-7T05:11:59.420, region: West Europe Self Hosted, correlationId: 0f47dbca-1d62-4419-af8d-eed464d3e5d6, method: GET, url: https://self-hosted-apim-we-alp-01.westeurope.cloudapp.azure.com/test/apps_, backendResponseCode: 400, responseCode: 400, responseSize: 439, cache: none, backendTime: 40, apiId: cloud-rpa, operationId: organization-default-get, productId: subscriptionless, clientProtocol: HTTP/1.1, backendProtocol: HTTP/1.1, apiRevision: 33, clientTlsVersion: 1.2, backendMethod: GET, backendUrl: https://127.0.0.1:8081/routing_/apps_/test, traceRecords: [

Second [Info] 2023-05-7T05:11:59.421, isRequestSuccess: False, totalTime: 40, category: GatewayLogs, callerIpAddress: 127.0.0.1, timeGenerated: 2023-05-7T05:11:59.421, region: West Europe Self Hosted, correlationId: 3e39b7a1-9912-4882-a397-711df4cb026d, method: GET, url: https://self-hosted-apim-we-alp-01.westeurope.cloudapp.azure.com/routing_/apps_/test, responseCode: 400, responseSize: 376, cache: none, backendTime: 39, apiId: apps-routing, operationId: apps-default-get, productId: subscriptionless, clientProtocol: HTTP/1.1, apiRevision: 26, clientTlsVersion: 1.2, correlationId: 3e39b7a1-9912-4882-a397-711df4cb026d

Self-hosted Gateway Version

2.2.0

Deployment

Self-Managed (YAML/Helm)

Platform

Microsoft Azure

Kubernetes Version

1.26

Anything else?

No response

tomkerkhove commented 1 year ago

when I redirect the request from API A to API B I get 400 SSL certificate issue. I also noticed in Backend second you can configure the backend in this case https://127.0.0.1:8081 to not valid the SSL cert but it seems to apply to the self-hosted version

Do you actually have a valid cert mounted for localhost? If not, then this is by design.

alexhu20 commented 1 year ago

Hey Tom, I don't have valid cert mounted for localhost, but I did another experiment that I added two new APIs to mimic the exact same reroute behavior and it works without the cert. How would you explain this behavior

tomkerkhove commented 1 year ago

Would you mind opening a support ticket please? This should help you faster.

tomkerkhove commented 4 months ago

No response for a year, closing