我有以下设置:
1. Application (Java microservice) deployed on app engine.
2. Custom domain mapped to hit this service:.
myfavmicroservice.project-amazing.dev.corporation.com
3. This endpoint is secured to require authentication by enabling IAP.
4. Configured ESP to intercept, authenticate and fulfill request to all
backend microservices (like above) with a common gateway endpoint.
5. Microservice is deployed using app.yaml.
6. ESP endpoint is configured using api.yaml (OpenAPI API Surface document)
这是我正在关注的教程:
https://cloud.google.com/endpoints/docs/openapi/get-started-app-engine-standard
app.yaml 部署微服务:
runtime: java11
entrypoint: java -jar tar/worker.jar
instance_class: F2
service: myfavmicroservice
handlers:
- url: /.*
script: this field is required, but ignored
描述微服务api面的ESP api.yaml是这样的
swagger: "2.0"
info:
title: "My fav micro Service"
description: "Serve my favorite microservice content"
version: "1.0.0"
# This field will be replaced by the deploy_api.sh script.
host: microservice-system-gateway-5c4s43dedq-ue.a.run.app
schemes:
- https
produces:
- application/json
paths:
/myfavmicroservice:
get:
summary: Greet the user
operationId: hello
description: "Get helloworld mainpage"
x-google-backend:
address: https://myfavmicroservice.project amazing.dev.corporation.com
jwt_audience: .....
responses:
'200':
description: "Success."
schema:
type: string
'400':
description: "The IATA code is invalid or missing."
schema:
type: string
但问题是每当我像这样向端点发出请求时:
GET
https://microservice-system-gateway-5c4s43dedq-ue.a.run.app/myfavmicroservice
我总是收到网关 500 错误。在检查 ESP 日志后,我主要发现
1. SSL Handshake Error with Error no 40
2. upstream server temporarily disabled while SSL handshaking to upstream
3. request: "GET /metadatasvc-hello HTTP/1.1", upstream: "https://[3461:f4f0:5678:a13::63]:443/myfavmicroservice
所以 ESP 正确地拦截了我的请求,也许以正确的格式转发了请求,正如 #3 所证明的那样。但是我收到 SSL 错误。
为什么会出现此错误?
最佳答案
好的,问题解决了。为了 stackoverflow 社区的利益,我在这里发布了解决方案。
我认为如果您在 OpenAPI 配置(部署到 ESP)中使用映射到应用引擎的自定义域,SSL 握手将失败:
x-google-backend:
address: https://my-microservice.my-custom-domain.company.com
但是,如果您像这样使用微服务启动时由 APP Engine 分配的默认 URL,一切都很好:
x-google-backend:
address: https://my-microservice.appspot.com
所以我想弄清楚如何在 ESP OpenAPI 配置中使用自定义域映射。不过现在,如果我这样做,则 SSL 代理在 ESP 中不起作用。
关于google-app-engine - GCP 可扩展服务代理在转发请求时遇到错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57947365/