azure application gateway is not working with 502 - azure

I am following the example here on Azure tutorial
https://learn.microsoft.com/en-gb/azure/application-gateway/quick-create-cli
And at the end when I browser for the IP address I got:
502 - Web server received an invalid response while acting as a gateway or proxy server.

Cause of HTTP 502 Error: The HyperText Transfer Protocol (HTTP) 502 Bad Gateway server error response code indicates that the server, while acting as a gateway or proxy, received an invalid response from the upstream server. (source)
So make sure you are not using proxy in client or server machine.

Issue: Application gateway throws 502.
Application gateway throws 502 when the backend VMs/ resource is unavailable.
Step 1: Check the backend health from portal. It shows the current health status of your backend resource. If it is unhealthy, it shows the reason why it is "unhealthy"
Possible Reason :
NSG/UDR blocking the request reaching the resource
Backend server responds to with respond codes which is not between (200-399)
If it is an end to end SSL , certificate needs to be whitelisted
Step 2: If the backend is healthy, and you still receive 502, make sure the backend is responding to the request sent by Application gateway within 30 seconds(Default value).

Related

Azure App Gateway - Backend Health 404 error

I am trying to configure Azure Application Gateway with ADFS. The Backend pool points to ADFS Web Application Proxy. The backend health check is reporting as unhealthy.
I am getting an a error: received invalid status code 404 in the backend servers http response
Everything appears to be configured correctly and I can access the site when bypassing the App Gateway
This was resolved by re-configuring the health probe
In my case with the App Service as a backend pool, I had to create a custom Health probe(http-probe for ex.) to be used in the HTTP setting(http for ex.), where the HTTP setting(http for ex.) is the one configured in the Request Routing Rule.

Requests through Azure Application Gateway fail with HTTP 504 if headers + payload is greater than about 1590 bytes

We have a web application on an Azure hosted VM sitting behind an Azure Application Gateway. The Azure Application Gateway terminates SSL using the public certificate for the host, then uses an internal certificate to send the traffic to the backend server.
Most GET requests are forwarded correctly to the backend but most POST requests fail with HTTP 504 (gateway timeout). Experimenting using PowerShell Invoke-WebRequest and Fiddler replay has led us to discover that it is the total size of the request (headers + payload) that causes this error: if headers + payload is greater than about 1590 bytes then the request never reaches the backend server (no entry in IIS log file) and the Application Gateway returns a HTTP 504 to the caller.
What do we need to change on Application Gateway to fix this?
Microsoft support identified a bug with Windows Server 2022 that was causing the problem, so we re-installed on a Windows Server 2019 VM and the issue went away.
A little more info on the symptomns: we discovered that an error was appearing in the HTTP.sys log (at C:\Windows\System32\LogFiles\HTTPERR).

Azure Application Gateway won't forward Error Code 500

I face the issue that azure application gateway will show error 502 instead of forwarding the correct error message with HTTP code 500 from the underlying service.
Is that something one could configure? I don't want the application gateway to filter my error messages?
#thomasuebi, by default Azure application gateway sends out periodic probes to backend servers to check their health status. If any backend server does not respond successfully Azure application gateway marks it as unhealthy. When a client request is received for such "unhealthy" backend servers the application gateway does not forward the request to "unhealthy" backend servers and returns a "502 Bad Gateway" error to the requesting client. You can go through this documentation for additional details.
You can also go through this document to set custom error pages instead of 502 bad gateway page.

azure error 502 - Web server received an invalid response while acting as a gateway or proxy server

I'm trying to host an azure website and tried troubleshooting for a few hours, but still keep getting the same error 502 Web server received an invalid response while acting as a gateway or proxy server.
I tried enabling logging errors on azure, but all it gives me are 404 not found errors
502 errors won't be visible in your IIS logs because they are returned by the front end server which basically fowards the requests to the worker hosting your site and there are many reasons why the front end can return 502 error.
Please follow https://azure.microsoft.com/en-in/documentation/articles/app-service-web-troubleshoot-http-502-http-503/ to troubleshoot the issue and see if you can identify which one you are running into
I had a setup with web servers behind a azure application gateway, some servers works properly and traffic to one of the server is having the 502 issue. So I take the following steps:
Check the Backend health on the application gateway, the server can't be reached.
Open the backend server url on a cloud VM http://hostname, the root website can't be reached. But the http://hostname/app is running.
It turns out the gateway will ping the port 80 of the target machine and somehow I disabled the root website on the target server. So the gateway assumes the server is dead and refused to do the redirect.
We were getting a 502 response with an Azure function. The Function App was started, and all of our functions inside here were marked as "good". But when we checked the azure function process explorer, there were no java proceses (this was written in java... pity me)
When checking the Azure function logs, it turned out that someone had deployed a dynatrace integration and this was crashing the function on startup.
So 502 basically means "I can see you are triggering me but when I try to pass that trigger back to the actual function app, I can't see anything"

Azure application gateway throws 502 when application sends 401

Azure application gateway displays 502 bad gateway error, while application returns 401 or 500 errors. It should send whatever the application sends but by default it sends 502. Any idea what happen and any configuration or code change suggestions?
EDIT:
We are using node js for our API service. When a client tries to hit the endpoint without any auth header, then the service will return 401 error. This error is transformed into 502 when it's passing the App gateway.
General Workflow
When application gateway receives a status code greater than 399, then it will consider there were some issues with the servers and it will remove the server from the pool. After sometime it will check the application status, if it is returning status code lesser than 400 then it add the server to pool.
By default application gateway will be configured to check the app health by making a HTTP/HTTPS request.
Cause
Application may encountered any errors or any authentication errors may result in different error codes. This might caused the application gateway result in 502 error.
Probe
We can configure a special file/end point to check the application/database health. This configuration should be in the probe file.
Useful resource
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-create-probe-classic-ps/
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-probe-overview/
Hope it helps!
Error Status Codes(401, 404) returned from pod considered as unhealthy by the azure application gateway and it produces 502 Bad Gateway Error as a response. So you need to modify the health check mechanism of Azure Application Gateway.
Error Codes that are considered to be healthy 200-399 by default
Modify it in "health probes" section inside your Application Gateway Resource, https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-create-probe-portal

Resources