Spring Boot Microservice com.netflix.zuul.exception.ZuulException: Forwarding error - spring-boot

I have created micro service using spring boot and implment zuul proxy so when I call url via zuul proxy and somehow my service is down I get com.netflix.zuul.exception.ZuulException: Forwarding error I have also implement errorFilter and send custom message from errorFilter but it's not working for me. I get below response:
{
"timestamp": 1537261710692,
"status": 500,
"error": "Internal Server Error",
"exception": "com.netflix.zuul.exception.ZuulException",
"message": "GENERAL"}

This problem occurs when your back-end service is not available but your gateway make proxy calls to unavaiable back-end service.
If you read a log file, you can check it.
DynamicServerListLoadBalancer for client BACKEND-YOUR-SERVICE initialized:
DynamicServerListLoadBalancer:{NFLoadBalancer:name=BACKEND-YOUR-SERVICE,
current list of Servers=[]
It means that there are not available servers of your back-end service.
Please check in the following order.
Check whether your back-end service is running
(If you use Eureka Server) Check whether your back-end service is registered on Eureka server on Eureka webpage.
Check whether your zuul proxy is configured with correct back-end service name.

Related

Spring cloud gateway does not forward HTTPS correctly

I've recently migrated a microservices backend to Spring boot v2.6.1 + spring cloud v2021.0.0 (old version was v2.2.1.RELEASE).
Previously, the setup included a discovery server (Eureka), a gateway (Zuul) and various microservices accessible externally via the gateway. All of these were TLS/secure port enabled so all requests (discovery, registration, gateway forwarding etc) required SSL trust store configuration.
Since Zuul is no longer supported in this version, I am switching to Spring cloud gateway, with the following application.properties setup:
server.port = 8080
eureka.instance.securePortEnabled=false
eureka.client.serviceUrl.defaultZone = http://localhost:8761/eureka/
spring.application.name= gateway-service
spring.cloud.gateway.routes[0].id=first-service
spring.cloud.gateway.routes[0].uri=lb://FIRST-SERVICE
spring.cloud.gateway.routes[0].predicates[0].name=Path
spring.cloud.gateway.routes[0].predicates[0].args.pattern=/firstService/**
spring.cloud.gateway.routes[0].filters[0]=StripPrefix=1
security.require-ssl=true
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=password
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=localhost
spring.cloud.gateway.httpclient.ssl.trustedX509Certificates[0]=cert.pem
Without ssl universally disabled, I can access a first service URL via that gateway without issue. With SSL enabled, I can access the first service directly and again no issue:
https://localhost:8100/test
{ "message": "Hello World!" }
However, the gateway is not correctly forwarding the requests either via the correct protocol or with the correct client certificate. I am getting the below error response instead of "Hello World" message:
https://localhost:8080/firstService/test
Bad Request This combination of host and port requires TLS.
(It's worth noting that the Eureka secure port is disabled, and registration/registry fetch is done via HTTP due to issues logged at Error setting custom trust store for Eureka Discovery client by overriding DiscoveryClient.DiscoveryClientOptionalArgs
Ok, this comes down to how the microservices register with Eureka.
Although FIRST-SERVICE was also setup with security.require-ssl=true for direct access it was also necessary to register with Eureka with SSL enabled.
Adding the settings below to application.properties fixed the issue without any changes needed for the gateway configuration:
eureka.client.tls.enabled=true
eureka.client.tls.key-store=file:<path-to-key-store>
eureka.client.tls.key-store-password=<password>
eureka.client.tls.keyStoreType=PKCS12
eureka.client.tls.keyPassword=<password>
eureka.client.tls.trust-store=file:<path-to-trust-store>
eureka.client.tls.trust-store-password=<password>

Spring boot zuul proxy returning 404 error for a post request

I am working on a spring microservice application. My application uses api gateway, zuul proxy, spring web and is deployed on openshift.
I have the following config in my application.properties file:
zuul.routes.service-name.path=/test/aos/v1/**
zuul.routes.service-name.stripPrefix=false
zuul.routes.service-name.serviceId=service-name
I get the following error when hitting the api # https://URL.com/test/aos/v1/info:
{
"timestamp": "2021-06-20T23:34:36.862+0000",
"status": 404,
"error": "Not Found",
"message": "Not Found",
"path": "/info"
}
I checked if zuul is failing to register by going to actuator/mappings and this mapping shows there. So all good there.
Also, if I call the backend API container in OCP directly # https://CONTAINER_URL.com/test/aos/v1/info then I get the expected result.
So I am understanding that zuul is not able to find the url of the backend api container. Why could that be? The app does not use netflix eureka and instead relies completely on openshift registry.
I cannot go into my standup with this bug standing..... internal screams
There needs to be a server list or URL mapping against the target service that needs to be reached as per the configured serviceId which is named as "service-name"
Along with other settings add the following -
service-name.ribbon.NIWSServerListClassName=com.netflix.loadbalancer.ConfigurationBasedServerList
service-name.ribbon.listOfServers= https://example1.com,http://example2.com
or remove the serviceId config and add the URL for your container as -
zuul.routes.service-name.url=https://example.com/

Spring boot - Netty returns 502 status

I have a Spring boot based application with reactive netty server. The application is running on multiple nodes with VIP in front of the nodes. Client applications connect to VIP and VIP routes to one of the node with hash based routing. VIP is returning 502 occasionally and VIP says, it received 502 response from Application. Application seems to be healthy and not sure why app is returning 502 occasionally and no logs in application logs related to 502. Is there any way to enable netty logs for 502? Any clue on how to narrow down the issue?
Our application implements WebFilter and logs each request and response, but unable to see anything related to 502. Is there anything in spring boot netty to enable more logs to triage 502.

Problems setting up Zuul proxy server with Eureka discovery

I am trying to set up a zuul proxy server which will act as a gateway service for other apis in my microservice architecture.
So far all the tutorials that I have come across have the discovery client and zuul proxy set up in different gradle modules while I am trying to set them up in the same gradle module.
I have defined the routes and can see that my services have been successfully registered in the eureka dashboard.
I have also verified that I can ping the services using a discovery client from my gatekeeper service but whenever I try to access the services from the URL, I get
"Load balancer does not have available server for client:xyz"
exception.
Can somebody please help me setting this up?

Spring Cloud Eureka Connecting to a Secured Service

I'm attempting to establish a discovery server with spring cloud Eureka which needs to connect to a secured client. I understand how to secure the Eureka sever itself - that isn't the issue. The issue is in the other direction - how to get Eureka to successfully communicate with a client service that itself is secured.
In other words; I have a discovery client that registers itself with Eureka. That client implements http basic authentication. It can and does successfully register itself with the discovery service, however when I attempt to utilize that service with a lookup to the discovery service, I get authentication failures (on the client service itself) which of course makes sense because I haven't specified any credentials anywhere and have no idea how to do so. Any assistance would be greatly appreciated.
Guessing from your tags you are using spring-cloud.
When you use your service (with RestTemplate or Feign or manually looking up and interacting with it), your request has nothing to do with Eureka. Eureka only provides you information about your services whereabouts. Once you (or some undelying logic) obtained the address of the service, you are directly communicating with it.

Resources