Target Server Issue?

sidd-harth
Participant V

Hi guys, I have two targets which are mentioned in TargetServer.

I created two Target Endpoints and have respective Route rules in a proxy.

Now when I hit a targetendpoint it is routing correctly but I get 400 Bad Request error, even after providing all correct request params.

2975-2.png

2976-1.png

<html>
    <head>
        <title>400 The plain HTTP request was sent to HTTPS port</title>
    </head>
    <body bgcolor="white">
        <center>
            <h1>400 Bad Request</h1>
        </center>
        <center>The plain HTTP request was sent to HTTPS port</center>
        <hr>
        <center>nginx</center>
    </body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

So I created an other sample proxy in which I hard coded the target url in the targetendpoint and used the same policies/code and request params.

2977-3.png

This worked for me.

Why can't it work when I use target servers ?

Solved Solved
2 13 3,498
1 ACCEPTED SOLUTION

Not applicable

Also, at proxy side make sure you have added SSL configuration in target endpoint as:

<SSLInfo> <Enabled>true</Enabled> </SSLInfo>

View solution in original post

13 REPLIES 13

Dear @Barahalikar Siddharth,

Based on the target endpoint definition provided, I see that the target url is using "https", which means its a secure/SSL connection. However, your target servers are defined to use http port 80. If the target server is SSL based, then you need to define your target servers with port # 443. Please read more information about Target servers here.

You can also refer to the tutorial on using target servers.

Thanks,

Amar

I tried 443 port also @AMAR DEVEGOWDA I get the same error

@Barahalikar Siddharth,
The section "Configuring a target server for TLS/SSL" in the link explains this with a sample example that you need to set the port # as 443 and Enabled flag set to true in SSLInfo section while creating the secure target servers.

Not applicable

Also, at proxy side make sure you have added SSL configuration in target endpoint as:

<SSLInfo> <Enabled>true</Enabled> </SSLInfo>

Thanks @Sonali Somase, I thought enabling it at the Targetserver UI page is enough

@Barahalikar Siddharth

Can you please try to GET the target named server using GET API CALL?

https://api.enterprise.apigee.com/v1/organizations/<ORG NAME>/environments/<ENV NAME>/targetservers

And compare the output with below :-

{
"host": "test.jokeindex.com",
"isEnabled": true,
"name": "TS1",
"port": 443
}

Also, the sometimes the port is not 443, by default is 443. Please check the URL, if the port is mention in the URL then use that port.

Setting the port to 443 in the UI is not enough. SSL also needs to be enabled on the Target Server. If the target server is already created, then do a PUT to update the settings - using the Management API

PUT https://api.enterprise.apigee.com/v1/organizations/{org}/e/{env}/targetservers/{targetserver}

{
  "host": "hostname",
  "isEnabled": true,
  "name": "targetserver_name",
  "port": 443,
  "sSLInfo": {
    "ciphers": [],
    "clientAuthEnabled": "false",
    "enabled": "true",
    "ignoreValidationErrors": false,
    "protocols": []
  }
}

Hi,

I was following this post because i have similar situation.

My question is why do we need SSL info when we configure target server?

Because when we give the url directly in the target endpoint we do not give any ssl info and it works just fine.

So why is this extra step in target server?

I am getting below response with my target server:

{ "fault":

{ "faultstring": "The Service is temporarily unavailable",

"detail": { "errorcode": "messaging.adaptors.http.flow.NoActiveTargets" }

}

}

Thanks,

Kumud

The target server will negotiate the SSL handshake - so this is the reason why SSL needs to be enabled. With target servers, you can also upload specific SSL certs for two-way SSL.

Hi @dmehi@apigee.com,

So how was SSL handshake handled with direct URL in target endpoint?

Thanks,

Kumud

Hi,

I have tried adding ssl info true but this is not working for me:

<HTTPTargetConnection>

<LoadBalancer>

<Server name="target1"/>

</LoadBalancer>

<IsEnabled>true</IsEnabled>

<SSLInfo>

<Enabled>true</Enabled>

</SSLInfo>

<Path>/api/{resource path}</Path>

</HTTPTargetConnection>

Where target1 is: {backend URL}/api/{resource path}

No port number. I have separate value for target1 in prod and test, so it can call correct environment in backend.

I still get:

{ "fault": { "faultstring": "The Service is temporarily unavailable", "detail": { "errorcode": "messaging.adaptors.http.flow.NoActiveTargets" } } }

It works fine with below configuration:

<HTTPTargetConnection>

<Properties/>

<URL>https://{backend URL}/api/{resource path}</URL>

</HTTPTargetConnection>

Is this feature not supported in free accounts, cab someone please confirm.

Cause it works just fine in paid account.

Thanks,

Kumud

@Kumud Gautam

You need to put the SSLInfo in the TargetServer, not the HTTPTargetConnection.

This needs to be done via the Management API (POST to create or PUT if it exists already)

PUT {{MGMTSVR}}/v1/o/{{ORG}}/e/{{ENV}}/targetservers/target1

<TargetServer name="target1">
  <Host>yourorgname-test.apigee.net</Host>
  <Port>443</Port>
  <IsEnabled>true</IsEnabled>
  <SSLInfo> 
      <Enabled>true</Enabled> 
  </SSLInfo> 
</TargetServer> 

This then returns:

{
  "host": "yourorgname-test.apigee.net",
  "isEnabled": true,
  "name": "target1",
  "port": 443,
  "sSLInfo": {
    "ciphers": [],
    "clientAuthEnabled": "false",
    "enabled": "true",
    "ignoreValidationErrors": false,
    "protocols": []
  }
}

Then, in your HTTPTargetConnection you just need:

<HTTPTargetConnection>
    <LoadBalancer>
        <Server name="target1"/>
    </LoadBalancer>
    <Path>/target</Path>
</HTTPTargetConnection>

Or you can create the Target Server in the UI and then add SSLInfo to the HTTPTargetConnection

<HTTPTargetConnection>
    <LoadBalancer>
        <Server name="target1"/>
    </LoadBalancer>
    <SSLInfo>
        <Enabled>true</Enabled>
    </SSLInfo>
    <Path>/target</Path>
</HTTPTargetConnection>