Hi guys I am working on Layer7 8.3 Policy Manager.
I am trying to route to HTTPS URL via Route assertion. I am getting below error.
2017-08-23T12:26:07.313-0500 WARNING 698 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion:
4042: Problem routing to https://layer7.gateway.com/a/b/c/d
Error msg: Unable to obtain HTTP response from https://layer7.gateway.com/a/b/c/d
Connection to https://layer7.gateway.com refused. Caused by: Connection refused
What is the issue & how to solve it?
Actually i have two services in Policy Manager Service1 & Service2
I am trying to call Service1 from Service2 via HTTP Route Assertion
Charles_Lilienkamp zhijun.zhang wauch01
This is usually a result of routing to an invalid port. If you don't specify a port number for an https route it defaults to port 443, and for http it defaults to port 80. If your endpoint is not listening on these ports, then you'll receive the "Connection refused" error you're seeing.
Verify the port number that the backend is listening to, and specify that in the routing assertion and re-test.
Hi ellaz01 thanks for the answer. Kindly let me know if I understood your answer,
Service 1(/ser1/*) - When I make a call to https://layer7.gateway.com/ser1/abc it will use HTTP Route assertion & calls http://backend.com:9858/something/ & gives me response.
Service 2(/ser2/*) - I have a HTTP Route Assertion to call Service 1 - https://layer7.gateway.com/ser1/abc when hit Service 2 - https://layer7.gateway.com/ser2/test I am getting the above mentioned error.
So according to your answer should I change my HTTP Route Assertion in Service 2 to call https://layer7.gateway.com:9858/ser1/abc added port number of backend from Service 1.
If your routing assertion in Service2 is routing to another service on the API Gateway, then you will want to use one of the API Gateway listen ports. Since the API Gateway is routing to the API Gateway, it needs to be a valid listen port on the API Gateway. Since it's https in your example, the default listen ports for https on the API Gateways are 8443 and 9443. Your routing assertion should look like this:https://layer7.gateway.com:9443/ser1/abc
If you have changed the default https listen ports on the API Gateway, then you will want to replace the 9443 port accordingly. If you are using http instead of https, then port 8080 is the default.
We are facing same connection refused issue even after including port 8443/9443 while invoking service from another service in same gateway.
Kindly let me know how it to procced now.
Are you using localhost or fqdn of the gateway? if using fqdn, check if the current gateway can resolve it, just simply ping it.
if ping is not good, you may add the fqdn in /etc/hosts
if ping is good, then check the port properties on "Manage Listen Ports", ensure the 1st option "Published service message input" is checked( if you're calling the build-in service, you need the 2nd option checked as well)
We are using fqdn name of the gateway.
As suggested by CA team, we have moved second API call to policy fragment even though facing same issue.
We have checked "Published service message input" in "Manage Listen Port" under port 8443.
When tested ping and no issues observed.
And we are observing connection refused error frequently and after retries getting connected.
Can you run the curl command with -v flag?
curl -kv https://<fqdn>:8443/<api uri>
please show the screen output.
When connection refused, do you see any error message in ssg log? (/opt/SecureSpan/Gateway/node/default/var/logs/ssg_0_0.log)
In another word, do you have Rate limit assertion or Apply quota assertion in your policy ?