Dmitry Kazakov
Reputation: 1669
Azure API Management in VNET with Gateway (502 - Web server received an invalid response while acting as a gateway or proxy server)
I need to integrate Azure API Management in an internal VNET with Application Gateway. I used the manual from Microsoft: Integrate API Management in an internal VNET with Application Gateway
I used self-signed certificate for custom domain.
Here is the diagram of API Management in an internal VNET with Application Gateway
I developed PowerShell script based on the following manual Integrate API Management in an internal VNET with Application Gateway
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="[email protected]"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "[email protected]"
$apiHostname = "api.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 10
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 11
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 12
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 14
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 15
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 16
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 17
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 18
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 19
$listener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 20
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 22
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 23
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 24
$echoapiRule = New-AzureRmApplicationGatewayPathRuleConfig -Name "externalapis" -Paths "/echo/*" -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolSetting
Write-Host("Step 24 [New-AzureRmApplicationGatewayPathRuleConfig] completed") $colors
#Step 25
$urlPathMap = New-AzureRmApplicationGatewayUrlPathMapConfig -Name "urlpathmap" -PathRules $echoapiRule -DefaultBackendAddressPool $apimProxyBackendPool -DefaultBackendHttpSettings $apimPoolSetting
Write-Host("Step 25 [New-AzureRmApplicationGatewayUrlPathMapConfig] completed") $colors
#Step 26
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType PathBasedRouting -HttpListener $listener -UrlPathMap $urlPathMap
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 27
$sku = New-AzureRmApplicationGatewaySku -Name WAF_Medium -Tier WAF -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 28
$config = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
Write-Host("Step 28 [New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration] completed") $colors
#Step 29
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener -UrlPathMaps $urlPathMap -RequestRoutingRules $rule01 -Sku $sku -WebApplicationFirewallConfig $config -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 30
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 31
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
The configuration script run successfully. There is no any error. But if I try to access Echo API through Gateway there is error: "502 - Web server received an invalid response while acting as a gateway or proxy server." If I use Azure API Management service without internal virtual network it works fine.
I went through several manuals: How to use Azure API Management with virtual networks
Troubleshooting bad gateway errors in Application Gateway
Control network traffic flow with network security groups
I found these details:
After configuring an Azure Application Gateway, one of the errors which users may encounter is "Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server". This error may happen due to the following main reasons:
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in VM Scale Set are healthy.
Back-end VMs or instances of VM Scale Set are not responding to the default health probe.
Invalid or improper configuration of custom health probes. Request time out or connectivity issues with user requests.
My questions are
- Do I need to configure Virtual Machine?
- Do I need to configure Firewall Rules using Azure Network Security Group for Subnets I have?
- Should I export custom domain self-signed certificate in Base-64 encoded or in DER encoded binary format to upload it to Azure?
- How to troubleshoot my issue?
- What is missed from Microsoft manual Integrate API Management in an internal VNET with Application Gateway ?
- How to solve 502 error?
Upvotes: 2
Views: 7163
Answers (3)
Dmitry Kazakov
Reputation: 1669
Finally, I solved (502) gateway issue. The problem was in Integrate API Management in an internal VNET with Application Gateway manual.
Wrong line:
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
To set up a custom domain name for API proxy -ProxyHostnameConfiguration $proxyHostnameConfig should be used instead of -PortalHostnameConfiguration $proxyHostnameConfig
Actually, I found 2 mistakes in Integrate API Management in an internal VNET with Application Gateway manual.
Contributed #1, #2 and Integrate API Management in an internal VNET with Application Gateway manual is updated now.
Upvotes: 3
Samir
Reputation: 679
The Post Integrate API Management in an internal VNET with Application Gateway covers the scenario of only exposing some APIs of Gateway/Proxy via the Application Gateway.
If you want to access the Developer Portal/Publisher Portal also via Application Gateway. You will need to do the follow the document Create AppGateway to access multiple web application
I have tried to capture, the change in steps here (there might be minor typos)
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiPortalHostname = "myapi.portal.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="[email protected]"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "[email protected]"
$apiHostname = "api.mydomain.com"
$portalHostname = "portal.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate <!-- This Certificate is *.mydomain.com -->
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 11
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 12
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 13
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
$portalHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$portalHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 14
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $portalHostnameConfig -ProxyHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 15
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 16
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 17
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 18
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 19
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 20
$apimlistener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $appGatewayHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
$apimportallistener = New-AzureRmApplicationGatewayHttpListener -Name listener02 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $apiPortalHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
$apimportalprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimportalprobe -Protocol Https -HostName $apiPortalHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
#Step 22
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 23
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
$apimPoolPortalSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolPortalSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimportalprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 24
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 25
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType Basic -HttpListener $apimlistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
$rule02 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule2" -RuleType Basic -HttpListener $apimportallistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 26
$sku = New-AzureRmApplicationGatewaySku -Name Standard_Medium -Tier Standard -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 27
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting, $apimPoolPortalSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $apimlistener, $apimportallistener -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe, $apimportalprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 28
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 29
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
Upvotes: 0
4c74356b41
Reputation: 72171
- You need to create a VM to test APIM internally (you can use this guide)
- No, unless you want to restrict some sort of traffic
- Question is unclear, upload to where exactly, but usually Azure Services accept base64 encoded certificates
- Create a VM inside the VNet and try accessing the API Management
- No idea, probably nothing, rarely do I see things that are blatantly wrong in MS documentation
- Make sure the HTTP probes are showing OK, check API Gateway configuration, if you are using certificate to talk to APIM, you should make sure APIM accepts that certificate
Upvotes: 1
Related Questions
- azure error 502 - Web server received an invalid response while acting as a gateway or proxy server
- 502 - Web server received an invalid response while acting as a gateway or proxy server on azure web app
- Unable to connect to Management Endpoint after integrating with VNet - Azure API Management
- Azure App Gateway with Internal API Management 503 backend server error
- Azure API Management - External Type : gateway unable to access resources within the virtual network?
- Unable to resolve (502) Bad Gateway error in Azure App Service
- Azure App Service 502 - Web server received an invalid response while acting as a gateway or proxy server
- Configuring Application Gateway with API management Azure
- Azure Websites - 502 - Web server received an invalid response while acting as a gateway or proxy server
- Azure 502 web server received an invalid response while acting as a gateway