I want to share http/80 port for two different web application(webpi/website) inside service fabric cluster, the application must have 2 different host name:
mywebapi.com and mywebsite.com
if i run the apps out of fabric(console app) all works fine:
The first console app
var _webHost = new Microsoft.AspNetCore.Hosting.WebHostBuilder()
.UseWebListener().UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>().UseUrls("http://myWebApi.com/").Build();
The second console app:
var _webHost = new Microsoft.AspNetCore.Hosting.WebHostBuilder()
.UseWebListener().UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseUrls(
"http://myWebSite.com/"
)
.Build();
but if i run apps inside a local fabric i get:
HTTP Error 503. The service is unavailable.
I've setup correct ACL with netsh and SetupEntryPoint(no Access Denied on open).
On microsoft http.sys guide explicit host is allowed.
Make sure you remove any HTTP Endpoint configurations for port 80 in your ServiceManifest.xml, otherwise Service Fabric will override your domain-specific ACLs. See here for info: host multiple public sites on service fabric
Why not just publish both to a non 80 port and use the default load balancer to remap it ?
Related
I am trying to get Grafana stood up in a ECS Fargate stack. The stack is comprise of the following:
An Application Load Balancer with an ACM cert applied listening on port 443
The ALB's target group is forwarding traffic port 3000 on my Grafana container. SSL is terminated at the ALB so the traffic coming into the container is non-SSL.
I have an A record created in Route53 that points to the ALB.
The container is using ephemeral storage that Fargate provides to the container.
What's wrong?
When I try to access Grafana from my A-record I get to the home page fine.
But when I'm prompted to enter the user name and password it fails with an unauthorized exception. On my very first attempt, when asked to change the password. I get a "password was changed successfully" followed by an "unauthorized" message at the same time.
However, if try to go directly to the the container's private IP address everything works fine.
Is this a CORS issue or is there a setting I need to pass into the container to tell is to accept traffic from the ALB as the origin (e.g. whitelisting).
Thanks!
Issue was resolved by turning on session stickiness in the target group property for the ALB.
I generated Web service client using the given WSDL in Eclipse. I have written a main method to invoke the Proxy class for getting the response.
https://val-p1-all-vim:8080/Selfcare/address?wsdl
I want to see the request that am making for debugging. I don't know what to configure as a Local monitoring port.
Local monitoring port: ?
Host name: val-p1-all-vim
Port: ?
Type: ?
Please help me with this.
You are free to choose a port that is not in use on your system like 8080. In your program change server to localhost:, e.g. localhost:8080.
A problem is that you can't connect to https. Your web service should also allow http.
I have an application running on my own server with kubernetes. This application is supposed to work as a gateway and has a LoadBalancer service, which is exposing it to "the world". Now I'd like to connect this application with other applications running within the very same kubernetes cluster, so they can exchange HTTP requests with each other.
So let's say that my Gateway app is running on the port 9000, the app which I'd like to call runs on 9001. When I make curl my_cluster_ip:9001 it gives me a response. Nevertheless I never know, what the Cluster IP will be, so I can't implement this to my gateway app.
Use case is typing to the web browser url_of_my_server:9000 -> this will call the gateway -> it sends HTTP Request to the other app running in the cluster on the port 9001 -> response back to the gateway -> response back to the user.
Where the magic has to happen and how to easily make these two apps to talk with each other, while only one will be exposed to "the world" and the other one will be accessible only from within the cluster?
You can expose your app on port 9001 as a service (lets say myservice).
When you do that myservice.<namespace>.svc.cluster.local will resolve to IP addres of your app. More Info on DNS here : https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
And then you can access your app within Kubernetes cluster as:
http://myservice.<namespace>.svc.cluster.local:9001
You have a couple of options for internal service discovery:
You can use the cluster-internal DNS service to find the other application, as detailed in the answer by bits.
if both the proxy and the app runs in the same namespace, there are environment variables that expose the IP and ports. This may mean you have to restart the proxy if you remove/readd the other application, as the ports may change.
you can run both apps as two different containers in the same pod; this will ensure they get scheduled on the same host, which allows you to communicate on the same host.
Also note that support for your HTTP proxy setup already exist in Kubernetes; take a look at Ingress and Ingress Controllers.
I'm trying to configure a Postgresql pod on OpenShift 3 for external access and I'm unable to expose it to the outside world. I have created a route, but it is not responding to TCP on port 5423 whenever I try to connect to the host over the internet.
The message I get is: "Is the server running on host "xxxxxxx.1d35.starter-us-east-1.openshiftapps.com" (xx.xx.xx.xx) and accepting TCP/IP connections on port 5432?"
Routes can only be used to expose HTTP/HTTPS servers, or when using TLS pass through the service is terminating the secure connection and the client for the services support SNI over TLS.
For a database such as PostgreSQL you can though temporarily expose it to your local machine by using the oc port-forward command. You can find an interactive tutorial for how to use port forwarding in the OpenShift interactive learning portal at:
https://learn.openshift.com/
In OpenShift Online there is no way to expose a database service such as PostgreSQL permanently outside of the cluster. This is because exposing it would require admin access, which you don't have with OpenShift Online.
testing Marathon application/group deployment I have observed that if I try to deploy an application specifying a service port that has already been assigned to another app Marathon v2/apps endpoint rejects the request, as expected:
{"messageā:"Requested service port 8306 conflicts with a service port in app /dbaas01/mysql"}
Yet, it seems that the service port uniqueness is not checked when submitting the deployment of an application group. I was able to deploy twice the same application group (changing the root group name) and using the same service ports for the applications.
Of course, this creates an issue with the haproxy-marathon-bridge: the load balancer configuration is modified so that the same port points to different services:
listen dbaas01_mysql-8306
bind 0.0.0.0:8306
mode tcp
option tcplog
balance leastconn
server dbaas01_mysql-1 172.30.15.84:31841 check
listen dbaas02_mysql-8306
bind 0.0.0.0:8306
mode tcp
option tcplog
balance leastconn
server dbaas02_mysql-1 172.30.15.85:31075 check
Is this the expected behavior? Why the check on the service port uniqueness is not performed on the application deployed using the /v2/groups endpoint?
Thank you in advance for feedbacks.
Best regards,
Marica