I would like to ask if it is possible to use Azure Application Gateway to route(backend pool) traffic to Azure Event Grid Topic. I have tested it but no matter what i do i always get 502 error when i tries to perform a POST Request to my App Gateway.
Here is the sample flow:
[user] ===> [Application Gateway]====>[EventGrid Topic]====> Azure Function
Is this possible?
I got working, make sure you have the application setup as follows:
There is not a 'healthcheck' endpoint from Event Grid hence I just added the FQDN + /ping to the healthprobe and configured the probe to accept a 404.
In the HTTP settings you should make sure that the incoming hostname gets overrided with the EG FQDN by using the "Override with new hostname" option.
After that it should work just fine.Take a look at the rest of my HTTP settings below.
Related
After creating Application Gateway Listeners and rules we have uploaded the SSL certificate(HTTPS) for Port:-443, but URL is not hitting.
we are using application gateway WAF , App services, we have configured Listeners, Http setting and rules but still URL is not hitting.
The same configuration is working perfectly on test environment. As the same we have configured on stage environment but this is not working.
Please suggest any setting we missed.
Server id not hitting
As per the error screen shot its TCP_Error meaning its not hitting to SSL layer. Please make sure with the same backend you're able to connect over HTTP listener.
What is outcome of probe. Please make sure to refer probe result
Also I would suggest you to check "diagnose and Solve Problem" of Application gateway.
Working on a project where we are starting to use Deployment Slots in our App Services.
All our Prod apps are located behind Application Gateway, and we would like to also have our Slots located behind Application Gateway.
I understand we can not do this using "App Services" as target type in the Backend Pools as of now, but wondered if it is doable using "IP Address or FQDN" as target type.
I have tried to set it up, with various changes in the "HTTP Settings", Probe and so, but havenĀ“t gotten it up spinning.
Can anyone confirm if this is possible, and have any tips on how this should be configured?
Thanks!
I was able to get this working on one of my slots.
Basically setup the listener with your necessary protocol, port cert, hostname, etc... I'm using multi-site listeners so I can have multiple URLs for the one AppGW/Public IP.
The rule points to the listenter, backend pool and appropriate http setting.
The HTTP setting should be configured to connect to your app service URL accordingly. I'm using the azurewebsite.net URL, so I use well known CA cert & override hostname from backend target:
The backend pool then points to the azurewebsites.net URL:
Make sure that GET / works on your app service and returns 200-399 HTTP status codes. Anything outside that range is a failure and the backend pool will be removed. If you need to create a custom health probe to a URL that will respond properly, or adjust the acceptable HTTP status code (if 401 or 403 due to required auth, then just override it with that for testing purposes for now).
I'm trying to do it again with a second slot and running into 502 errors from the App Gateway... However, I'm also waiting on DNS changes from my network team. My first one with my company domain works via hosts file edit, but the 2nd slot (which has 2 different URLs/listeners configured in the AppGW) doesn't want to work the same way for some reason.
I have some api deployed to azure webapp. In front of this app there is a Application gateway.
When I access the app through .azurewebsites.net url it works fine, but when I try to hit the same path through a custom domain of the app gw - it fails.
In application gateway logs in AzureDiagnostics part of it I see it fails with 499 error.
Application gateway has a number of multi-site listeners configured, is of Standard V2 tier (and therefore does not have any WAF applied) and manually scaled to 2 instances.
What is rejecting those calls? How can I overcome this issue?
I have an application gateway that is pointed to a .net core api running on an app service
All the endpoints are protected, so I setup a custom health probe to accept 401 as a valid response
However, after I setup the custom health probe and apply it, the status of the backend health stays at "Unhealthy" but the details says "success"
Anyone have any idea what the issue may be?
A sample URI would be: /api/sample/test
Application Gateway Probe is bound to HTTP Settings. So probe to the Backend pool will look something like this (http/https://hostname:HTTPSettingsport/Path)
Try to do a curl to the probe URL and check what response you get. Please post the curl response, based on the response will proceed further.
What am I trying to do
I have to azure apps deployed as App services. To make rest post easy let's call them "blog" and "landing_page". Both of them are hosted, so they URL are blog.azurewebsites.net and landing_page.azurewebsites.net.
I want to configure "something" in Azure with following rules:
if user access http://mydomain/ - content of landing_page.azurewebsites.net
if user access http://mydomain/blog - content of blog.azurewebsites.net
What I tried
After reading documentation, I have to reject Traffic Manager because it works on DNS level. From the other two I decided to use Application Gateway, because it should work on eny Endpoint (Any Azure internal IP address, public internet IP address, Azure VM, or Azure Cloud Service).
I configured my Application Gateway setting backend to: landing_page.azurewebsites.net. But in "Backend health" the app status is unhealthy. I tried also:
blog.azurewebsites.net - unhealthy
www.wp.pl (polish news portal) - is working
gazeta.pl (polish news portal) - is working
stapp.space (my blog) - this is same as piotrstapp.azurewebsites.net and status is unhealthy
Question :)
What did I wrong? Maybe should I use something else on Azure? Or am I missing something?
Make sure that custom probes is turned on and configured in the HTTP settings of the WAF for your site. If you don't the Application Gateway will try to go to the IP of the App Service Environment without passing a Host header, which won't work and will throw the probe into an unhealthy state resulting in a "502 Gateway Proxy" error.
There is a great article here
You may want to check out Azure's application gateway path-based rules function:
Create a path-based rule for an application gateway by using the Azure portal