【API管理 APIM】APIM整合內部VNet後,自我訪問出現(Unable to connect to the remote server)問題,而Remote Server正是APIM它自己
阿新 • • 發佈:2020-09-14
問題描述
在使用APIM配置內部VNET後,如API-1正常配置訪問後端伺服器的一個介面,而API-2則是通過呼叫APIM中的API-1來作為backendUrl,會出現500錯誤。 經過測試,目前這種配置內部整合VNET的情況下,會出現錯誤。這是一個已知的問題。
錯誤訊息為:Unable to connect to the remote server
而在APIM的開發者門戶中測試跟蹤介面,則會獲取到如下的錯誤資訊:
異常日誌
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443 at System.Net.Sockets.Socket.InternalEndConnect(IAsyncResult asyncResult) at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)--- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization) --- End of stack trace fromprevious location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Handlers.DefaultServiceRequestExecutor.<ExecuteAsync>d__9.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Runtime.Configuration.Models.DefaultHttpBackend.<ProcessAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.IO.CallServiceHandler.<ProcessAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.PipelineExecutor.<ExecuteAsync>d__15.MoveNext()
問題原因
因為APIM 後端例項中, 所有傳出流量(包含請求到自己的流量)都被路由到APIM Load Balancer,而不是直接環回介面(Loopback)。 由於SLB的一個侷限性,即如果它對映到相同的VM,則不允許建立從後端池中的VM到SLB IP的連線。最終結果是,請求傳送到同一APIM服務的API呼叫開始失敗。
解決辦法
使用127.0.0.1來代替APIM的域名,並且在API的inbound策略中設定host header,指定值為該APIM的域名。 操作步驟如下:
1:使用127.0.0.1替換APIM域名
2:新增Host header,設定值為APIM域名
設定後全部的 API Policy 為:
<policies>
<inbound>
<set-header name="Host" exists-action="override">
<value>your apim url here</value>
</set-header>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>