I have deployed my node js app to azure in the region west-us. However, my friends in other countries cannot connect to the server. How can I make sure that they are able to access the app too? Is there a setting that I need to change in my azure dashboard?
It does not matter if you deploy in single region, still the users from different countries should be able to access your app with a public endpoint.
If your question is about setting up a secondary site, you need to create an appservice and use traffic manager to route the requests based on users region.
Related
I need to have the same Azure App Service Custom Domain running in different App Services on the same region. Is that possible?
Custom domians are based in DNS, only one record should be pointing to one App Service, so I think it would not be recommended to have same custom domain in multiple App Services in the same region. Being said that, it works for different regions and it is common to see this deployments for instance behind Traffic Manager or Azure Frontdoor.
In order to do this in the same region is a bit more challenging as the only way is to make sure your App Service goes to a different webspace (https://learn.microsoft.com/en-us/azure/app-service/app-service-plan-manage#move-an-app-to-another-app-service-plan). So basically to make sure it goes to a different webspace you need to create a new Resource Group and a new App service Plan, then you can create the specific App Service and add the custom domain. In order to make sure they are in different webspaces, check if the Inbound IP is different.
I have website deployed on Azure App Service and I want to restrict access to my website from any other country accessing it but only a specific country can access that website.
Is there any way where I can restrict/allow at the infrastructure level inside Azure?
Even though AppService does not provide, Yes this can be done with Azure CDN provider does via the Geo Level Filtering. More details can be found here.
Is there any way where I can restrict/allow at the infrastructure level inside Azure?
Agree with Sajeetharan. It seems Azure Web App could not restrict the access just by country directly. You can have a try with Azure CDN, it can restrict the access by country.
But, as the comment you said, you do not have to restrict CDN, in this case, you can consider to restrict IP addressees in Azure. You can also use IP Restrictions menu in Azure app services to add restrictions:
You can check the document Azure App Service Access Restrictions for some more details.
Besides, you can try to use web.config or use IP restrictions feature of the webapp:
Check this thread for some more info.
Hope this helps.
Answer is: Azure Front Door with Front Door WAF policy
After going through with different Microsoft documentation I finally implemented the solution with Azure Front Door where you can set Frontend hosts and Backend pools with forwarding/redirecting. And in Frontend hosts, you can select WAF policy.
In the backend pool, you can select any application e.g. App Service or any IP where your app is deployed.
In WAF policy there are multiple options to restrict your traffic and one of them is geolocation restriction.
Just apply geolocation restriction according to your desired country and it will work like a charm.
I have got a Azure AKS cluster running on Azure cloud. It is accessed by frontend and mobile via Azure API Management. My Front end app is outside of the AKS.
Is it possible to use Azure Dev Spaces in this setup to test my changes in the isolated environment?
I've created a new namespace in the AKS and created a separate deployment slot for testing environment on the forntend app, but I can't figure out how to create an isolated routing on Azure API management.
As a result I'd like to have an isolated environment which shares most of the containers on AKS, but uses my local machine to host one service which is under testing at the moment.
I assume you intend to use Dev Spaces routing through a space.s. prefix on your domain name. For this to work, you ultimately need a Host header that includes such a prefix as part of the request to the Dev Spaces ingress controller running in your AKS cluster.
It sounds like in your case, you are running your frontend as an Azure Web App and backend services in AKS. Therefore your frontend would need to include the necessary logic to do one of two things:
Allow the slot instance to customize the space name to use (e.g. it might call the AKS backend services using something like testing.s.default.myservice.azds.io)
Read the Host header from the frontend request and propagate it to the backend request.
In either case, you will probably need to configure Azure API Management to correctly propagate appropriate requests to the testing slot you have created. I don't know enough about how API Management configures routing rules to help on this part, but hopefully I've been able to shed some light on the Dev Spaces part.
I have a .NET Web Api project with several REST endpoints that I only want accessed by resources from within an Azure virtual network I have created. Resources such as Azure Functions and Azure Web Roles will access these endpoints only. In other words, I do not want the endpoints publicly available.
So, I configured the Web Api application with my virtual network but apparently I also need to add the Web Api application to an Application Service Environment (which are quite costly from what I have read). To quote the Azure documentation:
VNET Integration gives your web app access to resources in your virtual network but does not grant private access to your web app from the virtual network.
Do I indeed need to use an Application Service Environment and just deal with the costs or is there another way I can achieve what I want?
I do not want the endpoints publicly available.
Until now, Azure web app only supports for using an internal load balancer with the app service environment feature. If you want to make your Web API can only be accessed internally. An app service environment is required.
If you don't want to move your Web API to app service environment and your Azure function and web role have fixed ip addresses, you could configure the IP whitelist using ipSecurity configuration in your web API. For more information of ipSecurity, link below is for your reference.
IP and Domain Restrictions for Windows Azure Web Sites
Is it any way of placing a WCF service in an Azure CDN Endopint? Or is it only valid to place static content?
It would be useful becasue I have a web frontend that constantly communicates with the WCF service.
If not, any suggestion on how to decrease delay?
If you want to run redundant WCF services in Azure, you create a WCF Service Web Role project and deploy it. Within the configuration, you can scale the deployment up to meet load. You can create and deploy multiple roles per package with each role having its separate instance count.
If you want the service to be distributed across multiple regions, you have to use the Azure Traffic Manager which handles directing traffic based on location or in a round robin format.