reverse-proxy: Forwarding GET request to downstream SSRS server is failing.
Describe the bug
Forwarding GET request to downstream SSRS server is failing.
To Reproduce
Similar to 1476 I am unable to connect to a downstream service with auth. Although that issue related to a POST request.
I have a 2016 SSRS server that I need to make a JavaScript fetch to. 2016 doesn’t have the CORS attributes to set AllowControlAllowOrigin but rather than purchase SQL Server 2019, I would like YARP to proxy the request. I can rewrite the request using http but it fails when using https. I can’t use https on my development machine and can only test in IIS.
Code:
builder.Services.AddCors(p => p.AddPolicy("corsapp", builder =>
{
builder.WithOrigins("*").AllowAnyMethod();
}));
builder.Services.AddReverseProxy().ConfigureHttpClient((_, handler) =>
{
handler.Credentials = CredentialCache.DefaultCredentials;
handler.PreAuthenticate = true;
}).LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
Further technical details
I receive a 502 when using IIS but I am not sure how to find the relevant .net errors that describe what is happening. The IIS W3SVC logs only show a 502 and no details. Failed Request Tracing doesn’t appear to have any details either.
This is the SSRS URL I am trying to access. It renders and downloads the report without any interaction from the user.
Not sure if http 1.1 is an issue Chrome shows the protocol as http/1.1 when browsing to https://ssrs.myserver.com/Reportserver
1427 added a transform but the content is null in my case.
.AddTransforms(context =>{
context.AddRequestTransform(async transformContext => {
await transformContext.ProxyRequest.Content.LoadIntoBufferAsync();
});
});
Running IIS on Windows 2019.
Any help is greatly appreciated.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 19 (11 by maintainers)
Interesting. That redirect wasn’t directly caused by the proxy, the backend did that, you’d need to figure out why it did that. Is the host the only part of the redirected url that’s different? edit nevermind, I see the path is quite different.
Link generation and redirects are one of the first things to break when using a proxy. See https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer for mitigations.
Side note:
UseDefaultCredentialsis not a cluster level setting, that’s likely being ignored in your config. That option only exists under the Cluster/HttpClient/WebProxy node.A quick summary of the issue is that your outbound connections are happening on Http/2 which does not support NTLM etc, as they are connection based protocols. You will need to do a custom configuration for HttpClient, https://microsoft.github.io/reverse-proxy/articles/http-client-config.html#httprequest to specify to use Http1.1 as the RequestVersion.
@Tratcher can add some more color when he’s back from Vacation.
HTTP_1_1_REQUIRED is not caused by self-signed certificates. The server rejected the request because the server requires some feature not supported over HTTP/2 such as Windows Auth or Client Cert Auth.