cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

DevOps on-prem, public URL and 500: Internal Server Error

MBender
Brass Contributor

‎Mar 24 2022 06:52 AM - last edited on ‎Mar 05 2024 01:36 PM by

‎Mar 24 2022 06:52 AM - last edited on ‎Mar 05 2024 01:36 PM by

DevOps on-prem, public URL and 500: Internal Server Error

In our current on-prem DevOps setup the server exposed via our firewall's proxy. Most (if not all) operations are unaffected - people can access the DevOps site, log in, and generally perform operations normally.

 

However, certain operations related to administration are causing issues, resulting in the server "thinking" an anonymous access is being attempted, and I don't really understand why this is happening.

 

If I attempt to connect to the server over the local domain / internal network address then everything works fine, but this only tells me that SOMETHING is being blocked, without actually pinpointing the issue.

 

Here's an example:

If the DevOps Server Console has the Public URL set to our actual public URL (ex. https://devops.company.com) then if I try to "Administer Security" I get the following error:

MateuszBender_0-1648129834807.png

 

If I switch the public URL to point to the local network address (ex. devops-server.local.domain) then the error no longer shows up. Similarly, testing the public URL from the "Change Public URL" option produces the same error as above.

 

I'm guessing our firewall / proxy is to blame, obviously, but it's really hard to tell what the underlying issue is, especially since other operations are working fine. Any ideas what could be wrong?

Labels:
4,155 Views
0 Likes
4 Replies
Reply
4 Replies
John_Lusby

‎Oct 26 2022 07:38 PM

‎Oct 26 2022 07:38 PM

Re: DevOps on-prem, public URL and 500: Internal Server Error

Did you discover any resolution for this issue since you posted it? I came across this question while trying to resolve this same issue in our organization. The end user website and git repositories are available remotely only when the Public URL is set to the internal machine name, but I am getting a 500 error when trying to add the server to my Visual Studio connection manager. It works just fine when connecting from within the local network, just not across the firewall boundary. Like you, I am assuming something is being blocked.
0 Likes
Reply
best response confirmed by MBender (Brass Contributor)
MBender

‎Oct 27 2022 02:29 AM - edited ‎Oct 27 2022 02:30 AM

‎Oct 27 2022 02:29 AM - edited ‎Oct 27 2022 02:30 AM

Solution

Re: DevOps on-prem, public URL and 500: Internal Server Error

@John_Lusby 

Yeah, we managed to get it resolved but it's dependant on the edge device.

In our case it's a Sophos UTM which was the culprit (see https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/132837/waf-issue... for a lengthy topic on the issue). Ultimately Sophos released a workaround, which is setting a "Proxy100Continue Off" flag in the reverse proxy config on the edge device (see https://support.sophos.com/support/s/article/KB-000044067 for Sophos KB article on the workaround).

0 Likes
Reply
John_Lusby

‎Oct 27 2022 06:16 AM

‎Oct 27 2022 06:16 AM

Re: DevOps on-prem, public URL and 500: Internal Server Error

@MBenderAbsolutely brilliant.  Ours is also a Sophos UTM and I have no doubt this will be our solution.  Thank you!

0 Likes
Reply
shahimSM

‎Oct 17 2023 07:06 AM

‎Oct 17 2023 07:06 AM

Re: DevOps on-prem, public URL and 500: Internal Server Error

@MBender I've encountered a similar issue before, and it can indeed be frustrating to pinpoint the cause. Based on what you've described, it does seem likely that your firewall/proxy setup is causing this. To get a better understanding, you might want to check the configuration of your firewall or proxy, especially how it handles the traffic between your public URL and your internal network address.

Additionally, you could look into the server logs or any error messages to see if there's more specific information about why these "Administer Security" operations are failing when using the public URL. Sometimes, error logs can provide valuable clues.

Lastly, you may consider reaching out to your firewall/proxy vendor's support or community forums to see if others have encountered a similar issue and found a solution. They might be able to provide specific guidance based on your setup.

Troubleshooting Windows Server Errors

Hope this helps, and good luck with resolving this!

 
 
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by MBender (Brass Contributor)
MBender

‎Oct 27 2022 02:29 AM - edited ‎Oct 27 2022 02:30 AM

‎Oct 27 2022 02:29 AM - edited ‎Oct 27 2022 02:30 AM

Solution

Re: DevOps on-prem, public URL and 500: Internal Server Error

@John_Lusby 

Yeah, we managed to get it resolved but it's dependant on the edge device.

In our case it's a Sophos UTM which was the culprit (see https://community.sophos.com/utm-firewall/f/hardware-installation-up2date-licensing/132837/waf-issue... for a lengthy topic on the issue). Ultimately Sophos released a workaround, which is setting a "Proxy100Continue Off" flag in the reverse proxy config on the edge device (see https://support.sophos.com/support/s/article/KB-000044067 for Sophos KB article on the workaround).

View solution in original post

0 Likes
Reply