I am having following setup, I have deployed public-facing front end application having NGINX web server(with Angular App) on Azure Linux App service, this is part of the docker container.
I am having another Linux app service having .net API.
Now, in order to force HTTPS, do I need to set up https certificates on Azure App service or should I be setting them in the container too where I have Nginx setup?
Second, where and how should I be mentioning the following rules
1. Redirect HTTP request to HTTPS
2. Redirect non-www traffic to www?
You try with:
server_name your_domain.com *.your_domain.com;
return 301 https://www.your_domain.com$request_uri;
SSL gets off-loaded at the front-end of App Services. That means that SSL requests never get to your Web App. You don't need to (and should not) implement any support for SSL into your app.
http://learn.microsoft.com/en-us/archive/blogs/waws/things-you-should-know-web-apps-and-linux#NoSSL
Related
I currently have an https domain https://example.com hosted in a Windows Server R2019 machine. I am also developing a web application in Node.js in my laptop that will, in the future, be installed in the server.
Say I want to share my app with external parties that require https. During this test stage I will keep the web app in my laptop, instead of installing it in the server. In order to use the same SSL certificate assigned to https://example.com, would I be able to configure IIS to redirect a certain URL like https://example.com/myapp to my laptop's internal IP/PORT (192.168.xxx.xxx:port) where the app is hosted?
Thank you in advance.
I have a Web app for docker currently running django with gunicorn as wsgi server and Nginx as reverse proxy. I am not serving any static assets via Nginx and the SSL is taken care by Azure.
So my question is, if I use Azure application gateway (with or without WAF) can I remove Nginx? I don't see any use for it, unless I want to use cache, which I don't. HTTP/2 is also provided by application gateway.
Both Nginx and Azure Application Gateway act as a reverse proxy with Layer 7 load‑balancing features plus a WAF to ensure strong protection against common web vulnerabilities and exploits.
Application Gateway supports autoscaling, SSL offloading, and end-to-end SSL, a web application firewall (WAF), cookie-based session affinity, URL path-based routing, multisite hosting, redirection, rewrite HTTP headers and other features. For a full list of supported features, see Introduction to Application Gateway. Also, you're aware of application gateway limits.
Whereas Nginx provides better URL rewriting and redirecting features than Application gateway. See the feedback. With Nginx, you can rewrite the URL of a request before passing it to a backend server. This means you can alter the location of files or request paths without modifying the URL advertised to clients. You can also redirect requests.
In my opinion, if you just want to simply use for load balancing without complex rewriting the URL, it's enough to use Azure Application Gateway. For complex use rewrite cases, you can plus Nginx. Read create Nginx rewrite rules and more details here.
Go for Azure Application gateway... and get rid of Nginx. When in cloud, it makes sense to use all PaaS platform features.
Almost have this working. Almost.
My set up is that I have an Azure B2C Tenant set up, and some modified example code that I've changed to reflect the Tenant information. This all works fine locally, with a localhost uri.
My remote set up is a Ubuntu 16.01 server, with a Nginx 1.10.0 webserver acting as a reverse proxy to a .NET Core 1.0.4 and all with a LetsEncrypt SSL cert.
The proxy serves .NET projects fine, however when I hit the sign in it takes me over to the B2C login with an incorrect redirect_url.
I'd expect the value to reflect what is in the settings file, "https.sub.host.suffix/signin-oidc" instead I'm getting "http.sub.host.suffix,sub.host.suffix/signin-oidc"
Any ideas or suggestions appreciated!
If NGINX is offloading SSL/TLS and then calling the .NET Core app, check as most probably is doing it through open HTTP (port 80).
You either need to ensure HTTPS all-the-way, or signal an HTTPS scheme to get triggered if HTTP endpoint was called.
As the .NET Core App gets a request through an HTTP endpoint, every URI created by it will keep that same scheme. So, you'll need to force https:// at link building time.
Hope it helps!
I am having a application build using pimcore (ZendFramework) which is hosted on a Linux EC2 (Apache) instance and one more application which is hosted on Windows IIS.
Now I want both of these applications to run in the following manner:
http://example.com/app1 will redirect to pimcore
http://example.com/app2 will redirect to application hosted on IIS
I can't use subdomains for this. I was trying to use URL Rewrite (ARR) of IIS. But ZendFramework is giving the following error:
Zend_Controller_Router_Exception No route, document, custom route or redirect is matching the request
You'll need a third web server to act as a reverse proxy. This could be an Apache or a Nginx instance for example.
The reverse proxy will serve your main domain on port 80 and decide what address to contact in order to provide the appropriate content.
I have an application server installed, listening for HTTP traffic on a port which is not blocked from the world by a firewall. I wish to expose the services offered by this application only through HTTPS, preferably as a "sub directory" of the HTTPS site already hosted by the server.
Using IIS7 Url Rewriting (as part of the ARR package), I am able to setup a rule that redirects all traffic to a sub path of my existing HTTPS site. However, I am facing some trouble, when trying to make the same rule route to my server farm setup - all requests matching the rule simply get 404 reponses. Adding the very same rule to a non-SSL site, yields the expected behaviour - the application services are proxied right trough.
What might be wrong in my setup? Is ARR proxying the HTTPS requests as HTTPS traffic to the application server? The application I want to host does not have a HTTPS interfaces so, if yes: can I tell it not to do so?
Yes, I can use IIS7/ARR to route HTTPS requests to HTTP application.
The problem I experienced, was caused by the fact that the web site I wanted to use as the "container" for the proxy directory was buildt with ASP.NET MVC. The URL routing framework within ASP.NET interfered with the IIS url rewriting, and causes the 404 error.