azure - 为什么 kestrel 不断抛出此调试 ssl 异常？

Question

我有一个 Service Fabric 设置，并且有一个在端口 443 上注册并使用 https 的微服务。我的集群设置中有一个反向代理。反向代理通过证书进行保护。

启动微服务时我也使用相同的证书:

 new ServiceInstanceListener(serviceContext =>
                new KestrelCommunicationListener(serviceContext, "EndpointHttps", (url, listener) =>
                {
                    ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Kestrel on {url}");

                    return new WebHostBuilder()
                                .UseKestrel(x =>
                                {
                                    int port = serviceContext.CodePackageActivationContext.GetEndpoint("EndpointHttps").Port;
                                    x.Listen(IPAddress.IPv6Any, port, listenOptions =>
                                    {
                                        listenOptions.UseHttps(transportCertificate);
                                        listenOptions.NoDelay = true;
                                    });
                                })
                                .ConfigureServices(
                                    services => services
                                        .AddSingleton<StatelessServiceContext>(serviceContext))
                                .UseContentRoot(Directory.GetCurrentDirectory())
                                .UseEnvironment(environment)
                                .UseStartup<Startup>()
                                .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
                                .UseUrls(url)
                                .UseSerilog(Logger.Serilog)
                                .Build();
                }))
        };

一切似乎都工作正常，我的网站在浏览器中是安全的，并且 API 可以正常工作。然而，我的日志被以下语句填满(这些只是调试消息，但它们正在填满我的日志):

133649  Failed to authenticate HTTPS connection.    Debug   System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
133643  Connection id ""0HLPCETMP8DKM"" started.    key='SourceContext'>Microsoft.AspNetCore.Server.Kestrel
133642  Connection id ""0HLPCETMP8DKL"" received FIN.   key='SourceContext'>Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets
133641  Connection id ""0HLPCETLEPLQ7"" stopped.    key='SourceContext'>Microsoft.AspNetCore.Server.Kestrel
133640  Connection id ""0HLPCETLEPLQ7"" sending FIN.    key='SourceContext'>Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets

异常(exception)情况是:

System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
 at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
 at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
 --- End of stack trace from previous location where exception was thrown ---
 at System.Net.Security.SslState.ThrowIfExceptional()
 at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
 at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
 at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
 at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__51_1(IAsyncResult iar)
 at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
 --- End of stack trace from previous location where exception was thrown ---
 at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionAdapter.InnerOnConnectionAsync(ConnectionAdapterContext context)

有谁知道为什么要这样做吗？我可以查看任何其他日志或有关如何调试的建议吗？

谢谢。

Answer 1

这很可能是因为您使用标准模板运行 Service Fabric，该模板为您设置使用的端口设置了一个带有运行状况探测的 Azure 负载均衡器。标准探测通常是 TCP，每 5 秒探测一次端点。如果可行的话，您可以删除探头。我个人使用不太激进的探测间隔。

请注意，更改负载均衡器规则通常需要很长时间，从几分钟到近半小时不等。