I'm trying to get a simple HTTP console app running as an Azure Service App. All it does is return OK when you connect. It works fine on my laptop and I can publish to Azure ok using VS2019. The issue is the prefixes that are used for listening.
On my laptop I can use http://+:80/;https://+:443/, but in Azure I get an error: [EXCEPTION] Access is denied.
This article https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#network-endpoint-listening implies the app will listen on 80 and 443
"The only way an application can be accessed via the internet is through the already-exposed HTTP (80) and HTTPS (443) TCP ports; applications may not listen on other ports for packets arriving from the internet.
However, applications may create a socket which can listen for connections from within the sandbox. For example, two processes within the same app may communicate with one another via TCP sockets; connection attempts incoming from outside the sandbox, albeit they be on the same machine, will fail. See the next topic for additional detail."
but my code always fails when I try and register the prefix. I can't use localhost as the same article says that's not allowed. I've tried using the app URL but that doesn't work either.
I've seen other articles that imply the HTTPListener needs admin permissions which I can't give it in Azure.
Does anyone know what the correct prefixes are or if it's ever going to work?
Netstat not working in KUDU so ASE (App Service Environment) is used to view the port details in portal App Service Environment -> General -> IP Addresses (check here ).
App Service applications only serve HTTP (port 80) and HTTPS (port 443) traffic. Each App Service application has default built-in HTTPS support for the azurewebsites.net domain name.
Your app may be already listening to the port 80 & 443. Please check here for more info for similar issue see here
Related
I cannot seem to connect to my website running on Azure VM. I have looked through every single Azure docs.
I allowed incoming connections to port 80 per documentation:
I have a very basic Hello World nodejs app listening on port 80 (i confirmed this app works locally my own system):
I am attempting to connect to the site via the Public IP assigned to me that i see in Azure Portal:
The problem is any attempt to connect to 40.XXX.XXX.230:80 in Chrome simply times out.
I am new to VM's but i think something is wrong with port forwarding?
Another thing to check:
Remote desktop into the virtual machine, and confirm that the virtual machine's local firewall allows incoming HTTP and HTTPS connections.
Our web app runs on two ports azure web app exposes port 80 by default which we have used for part 1 but for part two we need another port how can we expose it?
Our web app runs perfectly on local.
Our web app runs perfectly on container instance on two ports (there is an option in Azure for multiple ports while creating the container instance).
Update:
I contacted the Azure support team for this and they replied:
"
Web App for Containers currently allows you to expose only one port to the outside world. That means that your container can only listen for HTTP requests on a single port. Some apps need multiple ports. For example, you might have one port that is used for requests into the app and a separate port that is used for a dashboard or admin portal. As of today, that configuration isn't possible in Web App for Containers.
We will attempt to detect which port to bind to your container, but you can also use the WEBSITES_PORT app setting and configure it with a value for the port you want to bind to your container.
So, I'm sorry but you cannot use 2 ports for the same web app."
For your issue, you should know there are differences between Azure Web App and Azure Container Instance.
In Azure Web App, you just can use only two ports: 80 and 443. And they are exposed in default. You just need to listen to one of them or both in the container. But in Azure Container Instance, you can expose all the ports that you use in the container as you wish.
So for Web app for Container, if the two ports are not 80 and 443, then you cannot expose them.
You have to use a virtual machine to accomplish this on azure as they don't allow port other than 80 and 443.
I have been in the same situation and the only solution I could find is to use a virtual machine.
So I created a virtual machine with inbound port accepting traffic from 2 ports and it was working fine.
I also contacted with azure support for this they also suggested to use a virtual machine.
I've been experimenting with a containerised app that listens for and processes TCP traffic on a specified port.
To make this work on my own physical machine that was acting as the host I had to setup port forwarding from it to the container.
I've since deployed the dockerized app to an Azure Container Instance, which runs as expected and starts listening on own IP address and the specified port BUT I can't find a way to setup port forwarding so that traffic sent to the public IP address assigned to the container group can get to the app, is this possible?
This article on container groups seems to suggest it is but doesn't seem to say how
Official answer from Microsoft Support (posting here in case anyone has the same question)
Unfortunately Port forwarding is not supported in ACI yet and it’s in roadmap.
UPDATE
It looks like this answer from support is wrong. Ports specified when creating the container group are automatically published so containers with exposed ports can receive traffic from the outside, the issue I was having was with a problem with my code.
An app I ran tried to use certain ports, and threw an error saying they are already being used. Without having to pick random ports, how can I see which ones are already being used? Also, how can I see which apps/services are using those ports.
There is no access to netstat.
Not exactly sure what you're asking, but the only inbound ports on a web app (app service) from the outside world are 80 and 443. These end up getting mapped to ports assigned to your app (and accessible via environment variables).
I have setup an http endpoint (port 80) for my Azure VM. I have verified that the firewall is allowing port 80 both in and out. (My VM operating system is Windows Server 2012.)
Yet still, I am unable to hit IIS on port 80 from a remote machine. (Locally I can hit localhost just fine.)
So I'm wondering if what I'm missing is a network acl. However, the Azure documentation (as of 12/2/2013) seems contradictory:
When a virtual machine is created, a default ACL is put in place to
block all incoming traffic. However, if an endpoint is created for
(port 3389), then the default ACL is modified to allow all inbound
traffic for that endpoint.
Yet below it says:
It’s important to note that by default, when an endpoint is created,
all traffic is denied to the endpoint.
Which is correct? Do I need to create an allow all ACL? Am I missing something else about how Azure DNS and network traffic works?
That same page follows on to write
No ACL – By default when an endpoint is created, we permit all for the
endpoint.
I believe that the comment suggesting all traffic is denied by default is wrong.
To confirm I have just deployed a brand new Windows Server 2012 Data Centre VM, installed IIS, open the Windows Firewall and configured an endpoint for TCP port 80 and it all worked just fine although its worth pointing out that it took a few minutes between configuring the endpoint and being able to browse to the server.