Azure App Gateway returns 502 with Private LB and Service Fabric

0
votes

We have a multi-tenant application running on Service Fabric behind a public and private load balancer. Each tenant gets a copy of the app running on a different port in Service Fabric.

Application Gateway is used for SSL offloading to private load balancer with multi-site listener per tenant/app. The application seems to work fine except in this a very odd scenario. There's a double POST followed by a GET. The first POST returns 200 and the second one 302. I think the second one sets a dynamic route that is then called by GET. If you try to manually access the new route you get 404.

Somehow in this bizarre context App Gateway returns 502.

I already tried the following: - Setting a custom probe with a range of 200-599 - Pointing an App Gateway to a single VM (from the SF cluster) - Removing HTTPS configuration - HTTP only

1
azureazure-service-fabricazure-application-gatewayservice-fabric-stateless
Try enabling the Access logs of Application gateway and repro the issue. Then on looking into the logs, you can understand, what is the status code given by your backend service for the third GET request. Also keep an eye on the time the backend service took to respond. Default timeout value of AppGW is 30 sec and if it is more than that, you might receive 502msrini-MSIT
We worked it out. It was a cookie size. The request that was throwing 502 was setting some additional cookie data, making it larger than 4KB.Danijel Malik
Awesome. Can you please add it as an answer so it help other community members?msrini-MSIT

1 Answers

0
votes

We worked it out. It was a cookie size. The request that was throwing 502 was setting some additional cookie data, making it larger than 4KB