問題描述
在使用APIM配置內部VNET后,如API-1正常配置訪問后端服務器的一個接口,而API-2則是通過調用APIM中的API-1來作為backendUrl,會出現500錯誤。 經過測試,目前這種配置內部集成VNET的情況下,會出現錯誤。這是一個已知的問題。
錯誤消息為:Unable to connect to the remote server
而在APIM的開發者門戶中測試跟蹤接口,則會獲取到如下的錯誤信息:
異常日志
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443 at System.Net.Sockets.Socket.InternalEndConnect(IAsyncResult asyncResult) at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Handlers.DefaultServiceRequestExecutor.<ExecuteAsync>d__9.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Runtime.Configuration.Models.DefaultHttpBackend.<ProcessAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.IO.CallServiceHandler.<ProcessAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.Policies.PipelineWalker.<ExecuteAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.WindowsAzure.ApiManagement.Proxy.Gateway.PipelineExecutor.<ExecuteAsync>d__15.MoveNext()
問題原因
因為APIM 后端實例中, 所有傳出流量(包含請求到自己的流量)都被路由到APIM Load Balancer,而不是直接環回接口(Loopback)。 由於SLB的一個局限性,即如果它映射到相同的VM,則不允許建立從后端池中的VM到SLB IP的連接。最終結果是,請求發送到同一APIM服務的API調用開始失敗。
解決辦法
使用127.0.0.1來代替APIM的域名,並且在API的inbound策略中設置host header,指定值為該APIM的域名。 操作步驟如下:
1:使用127.0.0.1替換APIM域名
2:添加Host header,設置值為APIM域名
設置后全部的 API Policy 為:
<policies>
<inbound>
<set-header name="Host" exists-action="override">
<value>your apim url here</value>
</set-header>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>