Kentico Multisite Azure Application Gateway App Service MVC configuration issue - 502 error

0
votes

TL:DR - How can I get the Azure Application Gateway to pass 5.xx errors from the App Service to my browser? Currently the Application Gateway swallows any 5.xx error generated by the App Service and delivers a "502 - Web server received an invalid response while acting as a gateway or proxy server" error. I want to see the underlying error. And, I guess have the Application Gateway ignore the error and just pass everything directly through from the App Service to my browser.

I've turned on Application Logging for the App Service. I can see some 5.xx errors in the LogFiles/DetailedErrors folder. But I think I'm missing some understanding of what Kentico does when it throws a 5.xx error. Normally if you're on a normal server or locally, you don't see the generic 503 page as your browser is redirected to the 'Invalid license key' page.

Example Kentico invalid license key error

I don't know what sort of internal (black) magic Kentico does to deliver this page, rather than the normal asp.net 503 Service Unavailable page. But this page is very useful to see, as it gives an idea of what's really wrong with the Kentico configuration.

Background:

Kentico seems to use some 5.xx errors for information. eg, the licence check throws a 503 error, instead of a useful 200 status with a message that you need to check your license.

We have a MVC Kentico 11 MVC site. It hosts multiple websites. We are trying to set up an Azure Application Gateway that points to two App Services, one MVC, one for Kentico admin.

So far I have the Kentico admin working properly - multiple domains can all access the CMSDesk via the Application Gateway. However, the MVC site is problematic. I can only get the default domain for the App Service to work. All other domains show a 502 error.

I'm thinking that the 'default' domain of the App Service works properly because the Application Gateway isn't forwarding the domain properly to the App Service, but I don't know how to verify this. And it's just my latest theory, and it's pretty shaky - if I remove the app, and just put static .htm files there, I can browse to them without error.

It seems that the "502 - Web server received an invalid response while acting as a gateway or proxy server" message is served up by the Application Gateway for any 5.xx error generated by the App Service, essentially hiding details of any Server Errors issues that may arise. eg: The Kentico license error generates a 503 that is preseneted as a problem with this module: "PageHandlerFactory-Integrated-4.0", rather than the obvious 'invalid license' screen that you normally see when Kentico is hosted on a normal server.

2
azure-devopskenticoazure-application-gateway

2 Answers

0
votes

The Invalid license error will only show for the Admin site, not the MVC site. Never looked into what happens when that error is displayed, just always go in and add my missing license. If you want to get the full error, I would make sure you are logging all errors in your MVC into the Event log in Kentico.

In your Global.asax.cs file, you can probably do something like this:

   public void Application_Error(Object sender, EventArgs e)
   {
            Exception exception = Server.GetLastError();
            EventLogProvider.LogException("MVC", "EXCEPTION", exception);
   }

Then you should be able to see the error in the Admin Event log.

This post may help with capturing errors in MVC better. I did something like this answer for displaying errors on the MVC site.

0
votes

As soon as the Application Gateway detects a backend as unhealthy, you'll see the 502 error.

You can adjust the Health probe in your Application Gateway, so that the probe matching conditions include code 503. For example, set the condition to 200-503.

After you've done that, you should see the 503 page from Kentico.