Tyk GW V2 to V3 upgrade, got '502 Bad Gateway' from the Alicloud Load Balancer

Our Tyk Gateway V2.9.2 runs as back end server to the Alicloud Load Balancer without any problem until we tested to upgrade to Tyk Gateway v3.2.2. With V3 (regardless of minor releases), the load balancer will response back with ‘502 Bad Gateway’.

Talking to Alicloud support who read the load balancer log, I was informed that:

  1. Tyk gateway V2 responses normally (2xx or 3xx) for the health check query from the load balancer that uses HEAD operation.
  2. Tyk gateway V3 response with 405 (not allowed?) for the health check query from the load balancer that uses HEAD operation. This causes the load balancer determines that the back end server (Tyk GW V3) is not healthy and publishes ‘502 Bad Gateway’.

Now could someone pls help to explain:

  1. Why’s there a change between V2 and V3 on how Tyk GW response to health-check using HEAD operation?
  2. If this change is valid, shouldn’t there be any backward compatibility?
  3. Any suggestion how to alleviate this version upgrade issue?

Hi,

Alicloud is using a HEAD method to test for gateway availability. This is not a standard use of the status API as defined in the IETF draft api health check standard which we moved to using in version 3 and is mentioned in the release notes.

To work around this with alicloud load balancers you need to rename the existing health check API to something other than ‘hello’ and create a user defined API listening on /hello which whitelists the HEAD method and responds with a 200.

Here’s the JSON for that.

          "extended_paths": {
            "white_list": [
              {
                "path": "",
                "ignore_case": false,
                "method_actions": {
                  "HEAD": {
                    "action": "reply",
                    "code": 200,
                    "data": "OK",
                    "headers": {}
                  }
                }
              }
            ]
          }

Cheers,
Pete

Thank you, will look at the work around…