"service fabric https endpoint with kestrel and reverse proxy" Code Answer


digging into your code i've realized that there is nothing wrong with it except one thing. i mean, as you use kestrel, you don't need to set up anything extra in the appmanifest as those things are for http.sys implementation. you don't even need to have an endpoint in the servicemanifest(although recommended) as all these things are about url reservation for the service account and ssl binding configuration, neither of which is required with kestrel.

what you do need to do is to use ipaddress.ipv6any while you configure ssl. aside the fact that it turns out to be the recommended way which allows you to accept both ipv4 and ipv6 connections, it also does a 'correct' endpoint registration in the sf. see, when you use ipaddress.any, you'll get the sf setting up an endpoint like, and that's how the reverse proxy will try to reach the service which obviously wouldn't work. doesn't correspond to any particular ip, it's just the way to say 'any ipv4 address at all'. while when you use ipaddress.ipv6any, you'll get a correct endpoint mapped to the vm ip address that could be resolved from within the vnet. you could see that stuff by yourself in the sf explorer if you go down to the endpoint section in the service instance blade.

By Abdessabour Mtk on July 4 2022

Answers related to “service fabric https endpoint with kestrel and reverse proxy”

Only authorized users can answer the Search term. Please sign in first, or register a free account.