I am using Azure App service to deploy my microservice, those are exposed via APIM consumption mode.
I have deployed 2 microservices in separate app service, traffic of only one app service is allowed from APIM, whereas other app service can be accessed by first app service. How can I achieve this, I am new to Azure.
APIM -> App service instance 1 -> App service instance 2
Related
I have deployed few .net core microservices along with ocelot api gateway and react application using azure app services.
Every app service is running in its own app service plan and subnet with vnet integration enabled. I am able to restrict direct access to microservices through service end points.
The problem is, I want to restrict access to api gateway app service so that it only accepts traffic from react application app service. Whenever I try to do so through vnet integration and service endpoints, my application stops working with 403 IP forbidden.
Is there any way I can achieve the desired result?
what is the recommended best practice for using Azure Application Gateway with redundant app services (in either different regions or availability sets)? I've had some issues recently where our app service would occasionally go down for a couple minutes (due to maintenance in msft's data center) and I'd like to have our app gateway redirect load to another instance or app service when this happens.
Currently traffic is handled as such: public request -> app.example.com -> app gateway -> app.example.com -> backend app service.
I've been unable to add a second app service because when I attempt to do so I get the error "Hostname is already being used in the following App: myappservicename. Please remove the Hostname from myfirstappservice, and try again" when I attempt to add the custom domain to a second app service. It seems my custom domain would need to be added to each individual app service in order for traffic to be routed properly to my backend web app. Or is there another way I should have traffic configured?
You should bind your custom domain to your app gateway only and add your two app services into a backend pool so that the traffic could be:
public request -> app.example.com -> app gateway ->backend pool(handled by one of your 2 app services)
which meets your requirement.
I first created the App Service Plan and App service and later created the App Services Environment. Now I want to change the App Service Plan to use the newly configured ASE, but not able to change it. I created another App Service Plan to use the ASE, but then it was not visible under the Change App Service Plean within App Services.
I created another App Service Plan to use the ASE, but then it was not visible under the Change App Service Plean within App Services.
If apps have already been deployed into existing App Service Plan. Unfortunately there is no straight way option to move to an ASE.
All you can do is to clone it into a new ASP which has been deployed into your ASE or redeploy the app in ASE.
Follow this for more information : Cloning an existing App to an App Service Environment
I have a WAF App Gateway
appgateway.eastus.cloudapp.azure.com.
And 2 App Service web apps
api-service.azurewebsites.net
web-ui.azurewebsites.net
Both these app services are completely different app and one of them is a JS Application and other is Java Application. Both these belong to single App Service Plan.
I'm trying to route App Gateway based on path to these app services
Eg:
/api/* -> route to backend pool of api app service
/* -> route to backend pool of web app service
Is it possible with App Gateway to send in the traffic based on path to the app services?
Yes, this is possible. You need to place each web app in seperate backend pool. Then create path based rule to achieve your ask.
If you face any difficulty during the implementation, let me know.
I have an on premise desktop application and I need it to hit Web APIs I have living in an App Service Web App (on an App Service Plan) in Azure.
My on premise resources are connected over a site to site VPN and I was wondering if there is a way I can call these Web API services(in an app service) directly over the VPN instead of going to the public endpoint.
The "normal" App Service Plan exists in a multi-tenant environment so this is not possible. You would need to use an ASE (App Service Environemnt) to use advanced networking features like VPN and NSG.