I have an application gateway that is pointed to a .net core api running on an app service
All the endpoints are protected, so I setup a custom health probe to accept 401 as a valid response
However, after I setup the custom health probe and apply it, the status of the backend health stays at "Unhealthy" but the details says "success"
Anyone have any idea what the issue may be?
A sample URI would be: /api/sample/test
Application Gateway Probe is bound to HTTP Settings. So probe to the Backend pool will look something like this (http/https://hostname:HTTPSettingsport/Path)
Try to do a curl to the probe URL and check what response you get. Please post the curl response, based on the response will proceed further.
Related
I would like to ask if it is possible to use Azure Application Gateway to route(backend pool) traffic to Azure Event Grid Topic. I have tested it but no matter what i do i always get 502 error when i tries to perform a POST Request to my App Gateway.
Here is the sample flow:
[user] ===> [Application Gateway]====>[EventGrid Topic]====> Azure Function
Is this possible?
I got working, make sure you have the application setup as follows:
There is not a 'healthcheck' endpoint from Event Grid hence I just added the FQDN + /ping to the healthprobe and configured the probe to accept a 404.
In the HTTP settings you should make sure that the incoming hostname gets overrided with the EG FQDN by using the "Override with new hostname" option.
After that it should work just fine.Take a look at the rest of my HTTP settings below.
I am trying to configure Azure Application Gateway with ADFS. The Backend pool points to ADFS Web Application Proxy. The backend health check is reporting as unhealthy.
I am getting an a error: received invalid status code 404 in the backend servers http response
Everything appears to be configured correctly and I can access the site when bypassing the App Gateway
This was resolved by re-configuring the health probe
In my case with the App Service as a backend pool, I had to create a custom Health probe(http-probe for ex.) to be used in the HTTP setting(http for ex.), where the HTTP setting(http for ex.) is the one configured in the Request Routing Rule.
I face the issue that azure application gateway will show error 502 instead of forwarding the correct error message with HTTP code 500 from the underlying service.
Is that something one could configure? I don't want the application gateway to filter my error messages?
#thomasuebi, by default Azure application gateway sends out periodic probes to backend servers to check their health status. If any backend server does not respond successfully Azure application gateway marks it as unhealthy. When a client request is received for such "unhealthy" backend servers the application gateway does not forward the request to "unhealthy" backend servers and returns a "502 Bad Gateway" error to the requesting client. You can go through this documentation for additional details.
You can also go through this document to set custom error pages instead of 502 bad gateway page.
Is there any specific meaning of each status code returned by the app gateway health probe wheather it is healthy or unhealthy?
In Application Gateway probe configuration you get an option to update the range of status code you would accept as healthy. By default Application gateway will consider the backend as healthy if it receives the status code from 200 -399.
If your application returns 401 and if you think the service is healthy when it is returning 401 and it is just the authorization error, then you can add 401 to the accepted status code. When you do that Application Gateway will consider the backend as healthy when it returns 401 for the Application Gateway probe.
Azure application gateway displays 502 bad gateway error, while application returns 401 or 500 errors. It should send whatever the application sends but by default it sends 502. Any idea what happen and any configuration or code change suggestions?
EDIT:
We are using node js for our API service. When a client tries to hit the endpoint without any auth header, then the service will return 401 error. This error is transformed into 502 when it's passing the App gateway.
General Workflow
When application gateway receives a status code greater than 399, then it will consider there were some issues with the servers and it will remove the server from the pool. After sometime it will check the application status, if it is returning status code lesser than 400 then it add the server to pool.
By default application gateway will be configured to check the app health by making a HTTP/HTTPS request.
Cause
Application may encountered any errors or any authentication errors may result in different error codes. This might caused the application gateway result in 502 error.
Probe
We can configure a special file/end point to check the application/database health. This configuration should be in the probe file.
Useful resource
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-create-probe-classic-ps/
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-probe-overview/
Hope it helps!
Error Status Codes(401, 404) returned from pod considered as unhealthy by the azure application gateway and it produces 502 Bad Gateway Error as a response. So you need to modify the health check mechanism of Azure Application Gateway.
Error Codes that are considered to be healthy 200-399 by default
Modify it in "health probes" section inside your Application Gateway Resource, https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal