使用nginx反向代理部署K8S时ABP框架HttpApi.Host失败

我已经在 Kubernetes 集群中部署了 ABP 框架。

存在以下部署：

• Redis
• MSSql
• 认证服务器
• HttpApi.Host
• Nginx 入口/反向代理，带 https 终止，集群内不加密。

因此，AuthServer、HttpApi.Host 正在监听端口 80 / http，而 nginx 正在监听 https。配置/Helm 值如下：

use-forwarded-headers: "true"
use-proxy-protocol: "true"
use-gzip: "true"

到目前为止一切顺利，部署后我可以进入 Swagger 并授权：

这可以在检查 AuthServer 日志时确认：

[19:12:39 INF] CORS policy execution successful.
[19:12:39 INF] The request URI matched a server endpoint: Token.
[19:12:39 INF] The token request was successfully extracted: {
  "grant_type": "authorization_code",
  "code": "[redacted]",
  "client_id": "foobar_Swagger",
  "redirect_uri": "https://api.staging.foobar.io/swagger/oauth2-redirect.html"
}.
[19:12:39 INF] The token request was successfully validated.

但是，现在我想使用 Swagger 来确保端点的连接正常工作，所以我尝试第一个 GET 端点：

如您所见，有 500 条回复。查看 HttpApi.Host pod 中的日志：

--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
[19:12:52 ERR] Connection id "0HMSQJRK38VSM", Request id "0HMSQJRK38VSM:00000005": An unhandled exception was thrown by the application.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer.
 ---> System.Net.Sockets.SocketException (104): Connection reset by peer
   --- End of inner exception stack trace ---

所以看来 HttpApi 无法连接到 AuthServer，因为根据上面的堆栈跟踪它是 http “无法建立 SSL 连接，请参阅内部异常”

看起来 HttpApi.Host 在集群内通过 http 连接，但 AuthServer 不喜欢它？

请给我一些建议，先谢谢了。