abp vnext pro Microsoft v5.1.4 deploy to K8s problems-01 #2827

10 Answer(s)

• 

  0

  songshuai1986 created 2 years ago

  Hi:

  I'm trying to deploy microservice to my local K8s Enviroment,and I have some questions.I use the apb suite to create MiscroTemplate,after that,I changed nothing but only the appsettings.json files.

  My Enviroment info and steps for testing is :

  1、K8s version : 1.20.4 with Ingress 【K8s with one master and three workers】,managered by Kuboard v3.0

  2、I used another docker server to run all infrastrature like sqlserver,rabbitmq,redis,etc;

  3、Use k8s services & endpoints[Configured to the docker server&port] to ref the infrastrature;

  4、Use one Haproxy server for LB and setting with L4 to K8s ingress; [Used a fake domain "fa.cn" & Testing Passed]

  5、I created a pvc to store all project appsettings & a self self-signed certificate 【pfx】;

  6、All projects appsettings.json info as following [name as the k8s service name and only important info,other infos runs good], this is my final test version,also, i tried to use all host:port with https://***.fa.cn and it's not working:

  6.1 auth-server

  { "App": { "SelfUrl": "https://auth.fa.cn", "CorsOrigins": "https://.fa.cn,https://admin-gate,https://public-gate,https://publicgate.fa.cn,https://webgate.fa.cn", "RedirectAllowedUrls": "https://.fa.cn,https://www.fa.cn,https://admin.fa.cn" }, "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false" } ...

  6.2 ms-admin [AdministrationService]

  { "App": { "SelfUrl": "https://ms-admin" }, "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false" }, "RemoteServices": { "AbpIdentity": { "BaseUrl": "https://ms-identity/", "UseCurrentAccessToken": "false" } }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "CNP_AdministrationService", "ClientSecret": "1q2w3e*", "Authority": "http://auth-server", "Scope": "IdentityService" } } ...

  6.3 ms-identity [IdentityService]

  { "App": { "SelfUrl": "https://ms-identity" }, "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false" }, ... "IdentityServerClients":{ "CNP_BlazorServer": { "RootUrl": "https://admin.fa.cn/" }, "CNP_PublicWeb": { "RootUrl": "https://www.fa.cn/" }, "WebGateway": { "RootUrl": "https://publicgate.fa.cn/" }, "PublicWebGateway": { "RootUrl": "https://publicgate.fa.cn" } } }

  6.4 ms-saas [SaaSSevice]

  "App": { "SelfUrl": "https://ms-saas" }, "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false" }, ...

  6.5 ms-product 【ProductService】

  { "App": { "SelfUrl": "https://ms-product" }, "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false" }, ...

  6.6 admin-gate 【WebGateWay】

  { "App": { "SelfUrl": "https://admin-gate", "CorsOrigins": "https://.fa.cn" }, "AuthServer": { "Authority": "https://auth-server", "RequireHttpsMetadata": "false", "SwaggerClientId": "WebGateway_Swagger", "SwaggerClientSecret": "1q2w3e" }, ... "Routes": [ { "DownstreamPathTemplate": "/api/account/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "auth-server", "Port": 80 } ], "UpstreamPathTemplate": "/api/account/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/identity/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-identity", "Port": 80 } ], "UpstreamPathTemplate": "/api/identity/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/identity-server/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-identity", "Port": 80 } ], "UpstreamPathTemplate": "/api/identity-server/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/account-admin/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-identity", "Port": 80 } ], "UpstreamPathTemplate": "/api/account-admin/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/saas/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-saas", "Port": 80 } ], "UpstreamPathTemplate": "/api/saas/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/abp/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/abp/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/audit-logging/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/audit-logging/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/language-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/language-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/text-template-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/text-template-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/feature-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/feature-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/permission-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/permission-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/setting-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/setting-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/lepton-theme-management/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-admin", "Port": 80 } ], "UpstreamPathTemplate": "/api/lepton-theme-management/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/product-service/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "ms-product", "Port": 80 } ], "UpstreamPathTemplate": "/api/product-service/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] } ], "GlobalConfiguration": { "BaseUrl": "https://admin-gate" }, ...

  Save Cancel
• 

  0

  songshuai1986 created 2 years ago

  6.7 public-gate [PublicWebGateWay]

  { "App": { "SelfUrl": "https://public-gate", "CorsOrigins": "https://.fa.cn,https://www.fa.cn" }, "AuthServer": { "Authority": "http://auth-server", "RequireHttpsMetadata": "false", "SwaggerClientId": "PublicWebGateway_Swagger", "SwaggerClientSecret": "1q2w3e" }, ... "Routes": [ { "DownstreamPathTemplate": "/api/account/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "auth.fa.cn", "Port": 80 } ], "UpstreamPathTemplate": "/api/account/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/abp/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "adminsvc.fa.cn", "Port": 80 } ], "UpstreamPathTemplate": "/api/abp/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ] }, { "DownstreamPathTemplate": "/api/product-service/{everything}", "DownstreamScheme": "http", "DownstreamHostAndPorts": [ { "Host": "productsvc.fa.cn", "Port": 80 } ], "UpstreamPathTemplate": "/api/product-service/{everything}", "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ], "QoSOptions": { "ExceptionsAllowedBeforeBreaking": 2, "DurationOfBreak": 2000, "TimeoutValue": 5000 } } ], "GlobalConfiguration": { "BaseUrl": "http://public-gate" }, ...

  6.8 blazor-server 【Blazor】

  { "App": { "SelfUrl": "https://blazor-server" }, ... "AuthServer": { "Authority": "http://auth.fa.cn", "RequireHttpsMetadata": "false", "ClientId": "CNP_BlazorServer", "ClientSecret": "1q2w3e*" }

  6.9 public-web 【PublicWeb】

  { "App": { "SelfUrl": "https://public-web" }, ... "RemoteServices": { "Default": { "BaseUrl": "https://public-web/" } }, ... "AuthServer": { "Authority": "http://auth.fa.cn/", "RequireHttpsMetadata": "false", "ClientId": "CNP_PublicWeb", "ClientSecret": "1q2w3e*" }

  6.10 dbmigration

  "IdentityServerClients":{ "CNP_BlazorServer": { "RootUrl": "https://admin.fa.cn/" }, "CNP_PublicWeb": { "RootUrl": "https://www.fa.cn/" }, "WebGateway": { "RootUrl": "https://webgate.fa.cn" }, "PublicWebGateway": { "RootUrl": "https://publicgate.fa.cn" }

  7. The Result

  all the MicroServices works good;

  • all the gates can access good and can't Authorize

  • auth-server works good

  • Can't access web and Public web,the pod log is following.

  Save Cancel
• 

  0

  gterdem created 2 years ago

  Support Team Senior .NET Developer

  6.9 public-web 【PublicWeb】

  { "App": { "SelfUrl": "https://public-web" }, ... "RemoteServices": { "Default": { "BaseUrl": "https://public-web/" -> should be http://public-gate } },

  Public-Web application RemoteService should be Public-Web-Gateway, not itself.

  Save Cancel
• 

  0

  songshuai1986 created 2 years ago

  Hi,gterdem I corrected the mistake you pointed out. Now I can access blazor server and public website, and I can access the test data of products on the website. But there are still mistakes when i try to login both blazor and website. And the log is :

  [00:25:04 INF] Request finished HTTP/1.1 POST http://admin.fa.cn/_blazor/negotiate?negotiateVersion=1 text/plain;charset=UTF-8 0 - 200 316 application/json 17.4048ms
  [00:25:04 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/_blazor?id=gvfM9rkXoHhinDzUV32hRQ - -
  [00:25:04 INF] Executing endpoint '/_blazor'
  [00:25:04 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: SettingManagement.Emailing
  [00:25:04 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: AbpIdentity.SettingManagement
  [00:25:04 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: LeptonThemeManagement.Settings
  [00:25:04 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: AbpAccount.SettingManagement
  [00:25:04 INF] Authorization failed. These requirements were not met:
  DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
  [00:25:05 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/images/logo/logo-light.png - -
  [00:25:05 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2 - -
  [00:25:05 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/libs/flag-icon-css/flags/1x1/gb.svg - -
  [00:25:05 INF] Sending file. Request path: '/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2'. Physical path: '/app/wwwroot/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2'
  [00:25:05 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-600.woff2 - - - 200 7836 font/woff2 0.5991ms
  [00:25:05 INF] Sending file. Request path: '/libs/flag-icon-css/flags/1x1/gb.svg'. Physical path: '/app/wwwroot/libs/flag-icon-css/flags/1x1/gb.svg'
  [00:25:05 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/libs/flag-icon-css/flags/1x1/gb.svg - - - 200 541 image/svg+xml 0.7806ms
  [00:25:05 INF] Sending file. Request path: '/images/logo/logo-light.png'. Physical path: '/app/wwwroot/images/logo/logo-light.png'
  [00:25:05 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/images/logo/logo-light.png - - - 200 1579 image/png 3.0731ms
  [00:25:05 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/_content/Blazorise/button.js?v=0.9.5.4 - -
  [00:25:05 INF] Sending file. Request path: '/_content/Blazorise/button.js'. Physical path: '/app/wwwroot/_content/Blazorise/button.js'
  [00:25:05 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/_content/Blazorise/button.js?v=0.9.5.4 - - - 200 1004 application/javascript 0.8164ms
  [00:25:05 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/_content/Blazorise/utilities.js - -
  [00:25:05 INF] Sending file. Request path: '/_content/Blazorise/utilities.js'. Physical path: '/app/wwwroot/_content/Blazorise/utilities.js'
  [00:25:05 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/_content/Blazorise/utilities.js - - - 200 4291 application/javascript 0.6404ms
  [00:25:14 INF] Authorization failed. These requirements were not met:
  DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
  [00:25:25 INF] Authorization failed. These requirements were not met:
  DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
  [00:25:34 INF] Authorization failed. These requirements were not met:
  DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
  [00:25:34 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/Account/Login - -
  [00:25:34 INF] Executing endpoint 'FA.CNP.Blazor.Controllers.AccountController.Login (FA.CNP.Blazor)'
  [00:25:34 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller FA.CNP.Blazor.Controllers.AccountController (FA.CNP.Blazor).
  [00:25:34 INF] Executing ChallengeResult with authentication schemes (["oidc"]).
  [00:25:34 INF] Executed action FA.CNP.Blazor.Controllers.AccountController.Login (FA.CNP.Blazor) in 3.6101ms
  [00:25:34 INF] Executed endpoint 'FA.CNP.Blazor.Controllers.AccountController.Login (FA.CNP.Blazor)'
  [00:25:34 ERR] An unhandled exception has occurred while executing the request.
  System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
     at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
     at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
     at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResultFilterAsync>g__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeResultFilters()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
     at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
     at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
     at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
     at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
  [00:25:34 INF] Request starting HTTP/1.1 GET http://admin.fa.cn/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-700.woff2 - -
  [00:25:34 INF] Sending file. Request path: '/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-700.woff2'. Physical path: '/app/wwwroot/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-700.woff2'
  [00:25:34 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/_content/Volo.Abp.AspNetCore.Components.Web.LeptonTheme/assets/fonts/poppins-v6-latin-700.woff2 - - - 200 7924 font/woff2 4.0564ms
  [00:25:34 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
  [00:25:34 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
  [00:25:34 INF] Executed endpoint '/_blazor'
  [00:25:34 INF] Request finished HTTP/1.1 GET http://admin.fa.cn/_blazor?id=gvfM9rkXoHhinDzUV32hRQ - - - 101 - - 29763.8270ms
  [00:25:34 INF] Executing ViewResult, running view ~/Views/Error/500.cshtml.
  [00:25:34 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
  [00:25:34 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: SettingManagement.Emailing
  [00:25:34 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: AbpIdentity.SettingManagement
  [00:25:34 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: LeptonThemeManagement.Settings
  [00:25:34 INF] Authorization failed. These requirements were not met:
  PermissionRequirement: AbpAccount.SettingManagement
  [00:25:34 INF] Executed ViewResult - view ~/Views/Error/500.cshtml executed in 31.7968ms.
  

  Save Cancel
• 

  0

  songshuai1986 created 2 years ago

  i changed the Auth-server appsettings.json,should i use https://auth-server or https://auth.fa.cn As app_ selfurl?

  Save Cancel
• 

  0

  songshuai1986 created 2 years ago

  when i use the service name ,the bug log is above show,and when i change it with https://auth.fa.cn, the bug log shows:

  [00:46:46 ERR] An unhandled exception has occurred while executing the request.
  System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
   ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
   ---> System.Net.Http.HttpRequestException: Connection refused (auth.fa.cn:80)
   ---> System.Net.Sockets.SocketException (111): Connection refused
     at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
     at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
     at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
     --- End of inner exception stack trace ---
     at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
     at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
     at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
     at System.Net.Http.HttpClient.&lt;SendAsync&gt;g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
     at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
     --- End of inner exception stack trace ---
     at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
     at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
     at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
     --- End of inner exception stack trace ---
     at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
     at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
     at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
     at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResultFilterAsync>g__Awaited|30_0[TFilter,TFilterAsync](ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResultExecutedContextSealed context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.ResultNext[TFilter,TFilterAsync](State& next, Scope& scope, Object& state, Boolean& isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeResultFilters>g__Awaited|28_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
     at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
     at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
     at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
     at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
     at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
     at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
     at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
  --- End of stack trace from previous location ---
     at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
  

  Save Cancel
• 

  1

  Radoslav created 2 years ago

  @songshuai1986 I am interested in the same topic (just learning Infrastructure as code deployments). Please PM me to continue discussion. I will attempt to help. I was doing some POC on microsoft Yarn reverse proxy (lke custom api gateway) and know some stuff.

  First. I noticed some new documentation: https://docs.abp.io/en/commercial/latest/guides/identityserver-deployment?&_ga=2.203072337.1127043900.1648793980-1948653032.1648275318#kubernetes

  I think based on this order of execution: at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)

  ... from your Your API host that is protected by OpenIdConnect which requires login

  https://github.com/skoruba/IdentityServer4.Admin/issues/914

  I think your API host that is protected by OpenId Connect and configureed with an OpenID Connect provider like Identity server 4 and your client (web app) is trying to send you to login screen and uses well known URL to discover the URL of the login page and since the middleware is trying to reach this document it cannot see it because of your intra services visibility. So how are your web host and Identity provider talking to each other. I would first try to see if well-known URL is active (Identity service is running) and second to play with service discovery within the node

  Endpoints, where Identity Server 4 seams to be contacted are slow or not responding: https://auth.fa.cn.azurewebsites.net/.well-known/openid-configuration https://auth.fa.cn.azurewebsites.net/api/abp/application-configuration https://auth.fa.cn.azurewebsites.net/Account/Login Generating tokens: https://auth.fa.cn.azurewebsites.net/connect/token

  Some useful pointers: https://github.com/IdentityServer/IdentityServer4/issues/2337 This error is caused by your API being unable to load the OpenID Discovery Document (/.well-known/openid-configuration) For Microsoft OpenID Connect metadata document location is here: https://login.microsoftonline.com/45a9ecad-23ee-48d2-a93e-3d324fccc453/v2.0/.well-known/openid-configuration in your case it is: https://auth.fa.cn.azurewebsites.net/.well-known/openid-configuration

  I've just noticed, when running in Docker the responses from the .well-known/openid-configuration endpoint are all http, but the entire app is setup to be https.

  Save Cancel
• 

  0

  songshuai1986 created 2 years ago

  @Radoslav Hi,Thanks for helping,

  How can I contact you. At present, this problem has puzzled me for several days. I look forward to your better suggestions。

  I checked the new documentation before,and try with many ways,still not work.

  Save Cancel
• 

  0

  Radoslav created 2 years ago

  @songshuai1986 try radvistaATgmailDotcom

  Save Cancel
• 

  0

  gterdem created 2 years ago

  Support Team Senior .NET Developer

  [00:46:46 ERR] An unhandled exception has occurred while executing the request. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'. ---> System.Net.Http.HttpRequestException: Connection refused (auth.fa.cn:80)

  You application can not reach IdentityServer at auth.fa.cn:80. If you want to use cluster service names, you can set Public Origin. Please check IdentityServer deployment on Kubernetes guide.

  Save Cancel