Describe the bug
I have a SF stateless web application, using kesterl, running on Azure (but the bug is also reproduced over the local cluster)
With http configuration, I can reach the app's controllers and everything is working fine.
But, when I'm adding a small piece of code that enable SSL configuration i.e HTTPS, I'm getting 502.
The requests dont reach the application layer so I have no logs for debugging.
Also, I couldn't find any SF logs.
I see that it successfully found the SSL certificate (that is installed on the cluster).
Can you please help me out?
Please let me know if you need more details.
To ReproduceThe code that works fine:
protected override IEnumerable CreateServiceInstanceListeners()
{
//this.Init();
///_keyVaultManager = new KeyVaultManager();
return new[]
{
new ServiceInstanceListener(serviceContext =>
new KestrelCommunicationListener(serviceContext, "SchedulerWebWithKestrelEndpointSecured", (url, listener) =>
{
TracerFactory tracerFactory = new TracerFactory(aiInstrumentationKey: "9a9e811e-afb5-41fa-b7c7-1e12cab0428c");
var tracer = tracerFactory.Create(null);
tracer.LogTrace($"Starting Kestrel on {url}");
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Kestrel on {url}");
return new WebHostBuilder()
.ConfigureServices(
services =>
{
services.AddSingleton(serviceContext);
})
.UseKestrel(opt =>
{
IConfiguration configuration = opt.ApplicationServices.GetRequiredService<IConfiguration>();
ConfigurationPackage config = this.Context.CodePackageActivationContext.GetConfigurationPackageObject("Config");
KeyedCollection<string, ConfigurationProperty> settings = config.Settings.Sections["Settings"].Parameters;
int port = int.Parse(settings["Port"].Value);
string sslCertificateSubjectName = settings["SSLCertificateSubjectName"].Value;
tracer.LogTrace($"Using port {port} and sslCertificateSubjectName {sslCertificateSubjectName}");
opt.Listen(IPAddress.Any, port, listenOptions =>
{
listenOptions.NoDelay = true;
});
})
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url) // TODO
.Build();
}))
};
}
The code that leads to 502:
protected override IEnumerable CreateServiceInstanceListeners()
{
//this.Init();
///_keyVaultManager = new KeyVaultManager();
return new[]
{
new ServiceInstanceListener(serviceContext =>
new KestrelCommunicationListener(serviceContext, "SchedulerWebWithKestrelEndpointSecured", (url, listener) =>
{
TracerFactory tracerFactory = new TracerFactory(aiInstrumentationKey: "9a9e811e-afb5-41fa-b7c7-1e12cab0428c");
var tracer = tracerFactory.Create(null);
tracer.LogTrace($"Starting Kestrel on {url}");
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Kestrel on {url}");
return new WebHostBuilder()
.ConfigureServices(
services =>
{
services.AddSingleton(serviceContext);
})
.UseKestrel(opt =>
{
IConfiguration configuration = opt.ApplicationServices.GetRequiredService<IConfiguration>();
ConfigurationPackage config = this.Context.CodePackageActivationContext.GetConfigurationPackageObject("Config");
KeyedCollection<string, ConfigurationProperty> settings = config.Settings.Sections["Settings"].Parameters;
int port = int.Parse(settings["Port"].Value);
string sslCertificateSubjectName = settings["SSLCertificateSubjectName"].Value;
tracer.LogTrace($"Using port {port} and sslCertificateSubjectName {sslCertificateSubjectName}");
opt.Listen(IPAddress.Any, port, listenOptions =>
{
var httpsconnectionadapteroptions = new HttpsConnectionAdapterOptions
{
ClientCertificateMode = ClientCertificateMode.AllowCertificate,
SslProtocols = SslProtocols.Tls12,
ServerCertificate = GetHttpsCertificateFromStore(sslCertificateSubjectName, tracer),
ClientCertificateValidation = (certificate, chain, sslPolicyErrors) =>
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
tracer.LogTrace( $"Certificate failed validation: {certificate.Issuer.ToUpper()} {certificate.Subject.ToUpper()}, errors: {sslPolicyErrors}");
return false;
}
};
listenOptions.UseHttps(httpsconnectionadapteroptions);
//listenOptions.UseHttps(GetHttpsCertificateFromStore("sfendpoint.local", tracer));
listenOptions.NoDelay = true;
});
})
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url) // TODO
.Build();
}))
};
}
Describe the bug I have a SF stateless web application, using kesterl, running on Azure (but the bug is also reproduced over the local cluster) With http configuration, I can reach the app's controllers and everything is working fine. But, when I'm adding a small piece of code that enable SSL configuration i.e HTTPS, I'm getting 502. The requests dont reach the application layer so I have no logs for debugging. Also, I couldn't find any SF logs. I see that it successfully found the SSL certificate (that is installed on the cluster).
Can you please help me out? Please let me know if you need more details.
To Reproduce The code that works fine: protected override IEnumerable CreateServiceInstanceListeners()
{
//this.Init();
///_keyVaultManager = new KeyVaultManager();
The code that leads to 502: protected override IEnumerable CreateServiceInstanceListeners()
{
//this.Init();
///_keyVaultManager = new KeyVaultManager();