I've got an Azure Front Door that has been set up to link to 2 Windows VM's running IIS, I'm trying to add a Frontend Domain that I can then use to access websites on the VM's.
Azure Frontend Domain
Then I have the backend pool which links to the 2 servers.
Back End Pool
I then have a route to the web servers, which should (as far as I can tell) just forward the request onwards.
Routing Rule
Then I have my web servers which I have set up the bindings on for the website
Website Bindings
However whenever I try to browse to the website I just see the IIS landing page rather than the website I have setup. How do I get to my actual website?
The problem in the end was that the Certificate subject name validation had been enabled. To change you need to go to Front Door Designer then Settings.
if you get the IIS landing page it means the traffic is forwarded correctly from the AFD, your problem is likely with the local IIS setup like the default page or something like that.
Related
I'm migrating a complete infrastructure over to Azure; it's been slow going as there's so much to learn and for every two steps forward, there seems to be one step back.
After what seems like an eternity, I think I've got it all sorted with one exception.
The architecture is as follows:
Azure Traffic Manager ==> 2 Azure Application Gateways (geo separated) ==> Azure App Service
A custom domain is used for the traffic manager and the gateways are listening for the same domain and, when the route matches, passing on the requests down to the app service.
The actual app itself is a ASP.NET MVC application and it uses forms authentication; and this is where the challenge happens.
When navigating to the public address: client.domain.com and hitting the website, it determines that the user is not authenticated and sends the browser to the login page... so far so good but, rather than using client.domain.com/login it uses the web-server dns name, so client.azurewebsites.com/login
How do I go about changing the behaviour so that it uses the external DNS name rather than the website name?
I can't setup custom domains on the app service as the only route into the site is via the gateway as this is also the firewall.
Is there some Web Config setting I can make? I'm looking at the outbound rewrite rules but these seem to only work on tags rather than 302 redirects.
Any thoughts would be most welcome.
You need to setup custom dns names on your webapp (you can use TXT record to verify dns name, so i dont see a reason why you can add it to the webapp). or you can alter the code.
In order to solve this problem, I had to make a code change to the web app itself. Not ideal but it worked.
What I had to do was to extend the code that redirects an unauthenticated request to the login page by sniffing for the X-Original-Host HTTP Header that the App Gateway forwards on. This contains the public facing DNS name. If the header is present and it is on a pre-approved white-list (so as to prevent any hijacking), then redirect the user to the login page for this domain, rather than the one the server is listening on directly (so use client.domain.com rather than client.azurewebsites.com)
We have 200 customer facing web sites all on one server. They are all ASP.NET running in IIS. Is it possible to move some of them to another server WITHOUT changing the customer's URL? Any links explaining how to do this would be helpful.
If your sits are already registered to specific sub domains, you can simply re-point the names to the new server using dns.
If they are simply different sites under the same domain on IIS you can use your current IIS server to reverse proxy the new ones. Some info is given here
Lastly, you could consider using a load balancer such as netscaler, f5 or application request routing. You would again, point the domain name to this using DNS and the load balancer would send the requests to the correct server.
I currently have a VPS with another provider. On that VPS, I have IIS running with multiple app pools and web sites. I would like to get out of the "server management business", so it would seem that Azure Web Sites (Reserved) would be a great fit. I'm able to get the Azure Web Sites set up, including the custom domain piece. The problem that I can't seem to figure out is how to get the same URLs and behavior that I currently have on my VPS.
For example, I have URLs that look like this right now:
www.foo.com/bar
www.foo.com/baz
wildcard.foo.com/bla
I can't find a way to mimic that in Azure.
Things I've thought of/tried:
Go with one Azure Web Site and have separate virtual directories/app pools in Azure, but googling tells me that isn't supported.
Create 3 Azure Web Sites, one for each of the above. The problem there as I see it is I would need to change to use bar.foo.com, baz.foo.com, and bla.foo.com/wildcard (i.e. lose wildcard subdomain mapping and rework things to have a custom route at the end).
Maybe have one Azure Web Site with a rewrite URL? The problem I think I'd run into there is that it all runs in one app pool, so deploying one piece will affect all 3, and obviously a fault in one app would impact the other 2.
Has anyone else gone down this path and solved it? If the answer is spin up a virtual server, I'll probably just stay where I'm at.
Considering www.foo.com/bar, www.foo.com/baz and wildcard.foo.com/bla are 3 independent web applications that share a domain (foo.com):
Create a Windows Azure Website for each web application. You don't necessarily need to assign custom domain names to them.
Create another, separate website and assign to it the *.foo.com domain using an A record. Refer to Configuring a custom domain name for a Windows Azure web site for instructions. As documented, "With an A record, you map a domain (e.g., contoso.com or www.contoso.com) or a wildcard domain (e.g., *.contoso.com) to the single public IP address of a deployment within a Windows Azure web site. The main benefit of this approach over using CNAMEs is that you can map root domains (e.g., contoso.com) and wildcard domains (e.g., *.contoso.com), in addition to subdomains (e.g., www.contoso.com)."
In this "master" website, set up URL redirection (possibly with status code 307 Temporary Redirect) so that requests go to the appropriate applications.
Alternatively, to avoid the delay of the additional request caused by the redirection, set up the "master" website as a reverse proxy that transparently forwards the request to the "inner" web application and sends the response back to the user.
As yet another alternative, use a custom DNS service to do the routing at the DNS layer.
This way, each web application is independent and you solve the issue of routing requests to the appropriate application.
I've looked at all related posts in MSDN and stack overflow but still having difficulty finding a solution.
I am looking to map a domain and all sub-domains to my windows azure website. It is a reserved website instance. I am using Amazon Route 53 DNS manager and have mapped a wildcard CNAME to my azure sub domain, and created a redirect on the naked domain to the www. subdomain.
When I navigate to the naked root, the redirect kicks in and I'm brought to www..com, where I receive a 404 error from azure.
I know the wildcard CNAME is working. I've verified using MXToolbox. If I go to "Manage Domains" in the Azure web UI admin system, I can manually add "www..com" or any other subdomain (e.g. "helloworld..com"). Azure verifies it fine and after saving, I can pull up the website fine by navigating to that subdomain and my azure website loads.
Is there any way to add wild card subdomains without having to verify each one manually through the azure ui interface? My application is a SaaS that relies on custom user sub-domains to serve up their branded website and gain access to their account so I need any and all subdomains to map to my application.
Currently, wildcard domains are not supported as far as I know. At least on Windows Azure Web Sites. They are on the roadmap, but currently you'll have to rely on adding every domain manually.
See wildcard comment on "Configuring a custom domain name for a Windows Azure web site".
Another feature not yet available on Azure Web Sites is SSL using a vanity (your own) domain name. If you want full control of your site(s) you can use Azure Cloud Services instead of Web Sites. With Cloud Services you can provision certificates, domain names, and run multiple sites on the same instances using host header routing.
Anything you can do with IIS Management you can do with a cloud service.
You're a little closer to the metal compared to Azure Web Sites (but not as close as with a VM) and you get load balancing, scaling, caching, and other goodness. Visual Studio 2010/2012 has excellent deployment tooling. You will need to study up on Azure deployment projects from VS, bit it's not bad.
Let's say I have a website that is hosted on a traditional dedicated hosting:
http://www.mycompany.com
This website has 'folders' like /area1, /area2, /area3, etc.
I'd like to host /area1 and /area3 on Windows Azure, and keep the other parts of the website hosted on my existing dedicated hosting.
Is it possible? How?
Subfolders will always be requested against the base host, you will not be able to serve content from the Azure instance without first hitting your www server. If you use subdomains on the other hand (like #CSharpRocks suggest) you will be able to configure separate DNS entries and thus direct traffic directly to the Azure web role without ever hitting your dedicated server.
Not exactly what you're looking for but you can set a CNAME that points to a Web role. You'll end up having something like this:
http://area1.mycompany.com
http://area2.mycompany.com