skip to Main Content

App GW can’t connect to a backend ubuntu VM when Azure VMSS is being used. When I tested, my python application is responding with 200 status code locally.
curl https://0.0.0.0:8000/v2/get_api_version -k
{"code":200,"message":"AI API 2.0","version":2.1,"api date":"October 2021"}

When accessing the URL from browser it is timing out with a message, "This site can’t be reached".

The App GW health probe responding with, "Cannot connect to backend server. Check whether any NSG/UDR/Firewall is blocking access to the server. Check if application is running on correct port".
App GW health probe response here

I made sure that port 8000 is added to NSG inbound security rule, Load balancer rule and listens to port 8000 on App GW. This VM is pingable but can be accessed from other devices on the same subnet. There were no firewalls that’s blocking the incoming traffic. I tried to follow majority of the recommendations but nothing seems to be working.

I understand the incoming traffic is blocked which is causing 502 bad gateway error. Appreciate your suggestions or sharing your experiences.

Thank you

2

Answers


  1. Chosen as BEST ANSWER

    Thank you @Imran.I tried your recommendations for backend settings like backend protocol and port as well as host name override. Health probe is still unhealthy.

    It appears like I have digital certificate issue where in Health probe erroring out, "Health Probe showing Unhealthy status and the reason is "The Common Name (CN) of the backend server certificate does not match the host header entered in the health probe configuration (v2 SKU) or the FQDN in the backend pool (v1 SKU). Verify if the hostname matches with the CN of the backend server certificate".

    Looks like it is a certificate issue where in current certificate is not recognized. Trying to link up current certificate to the crt file so that, I can renew since it is already expired.


  2. As per MsDoc Make sure to add the backend setting. The default probe request is sent in the format of http://127.0.0.1:80 for an HTTP probe on port 80.

    Only HTTP status codes of 200 through 399 are considered healthy.

    enter image description here

    Add host name override -> pick host name from backend target and add custom domain like below:

    enter image description here

    Now in a healthy probe, select pick host name from the backend setting as yes and interval timeout like below:

    enter image description here

    Now, application gateway healthy probes have reached healthy status, and Application runs successfully like below:

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search