0

I'm trying to publish my API Gateway in IIS locally however, they always show me error 502 (bad gateway), I can't find the problem, please help me to know which way I should go.

{
  "Routes": [
    {
      "UpstreamPathTemplate": "/gateway/seguridad/auth",
      "UpstreamHttpMethod": [ "POST" ],
      "DownstreamPathTemplate": "/api/auth",
      "DownstreamScheme": "https",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 7221
        }
      ]
    },
  ],
  "GlobalConfiguration": {
    "BaseUrl": "https://localhost:8085"
  }
}

my endpoint is working correctly in a POST method, both in debug and publication.

I am consulting the url:

https://localhost:8085/gateway/seguridad/auth

The error it shows when trying to run the endpoint is 502 (bad gateway) and in the system event viewer, it is the following.

Category: Ocelot.Responder.Middleware.ResponderMiddleware
EventId: 0
SpanId: ce42c03504779a7b
TraceId: c20b3aaf91fe3ccac5d82b8b00b385ae
ParentId: 0000000000000000
RequestId: 40000014-0002-fb00-b63f-84710c7967bb
RequestPath: /gateway/seguridad/auth

requestId: 40000014-0002-fb00-b63f-84710c7967bb, previousRequestId: no previous request id, message: Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
   at Ocelot.Requester.HttpClientHttpRequester.GetResponse(HttpContext httpContext) errors found in ResponderMiddleware. Setting error response for request path:/gateway/seguridad/auth, request method: POST
Andre
  • 1
  • do you really want to have https for your downstream connection ? in my opinion, your downstream API is hidden from outside access and can only be accessed via API gateway, so you can have them as http. – CodingMytra Sep 13 '22 at 06:47

1 Answers1

0

The Error : "The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot" probably means that your self signed certificate is not trusted by your computer.

Does the service running on "localhost:7221" have a SSL certificate installed? If you visit it in your browser, you can figure which certificate you need to install.

Have a look at C# Ignore certificate errors?

For a work around while developing, you can add this to your program:

ServicePointManager.ServerCertificateValidationCallback += sender, cert, chain, sslPolicyErrors) => true;

However, I would not recommend doing this for production systems. Also if you are hosting on shared servers - I would keep your downstream servers on https

Dai Bok
  • 3,451
  • 2
  • 53
  • 70