What is the use of "ApplyHostAsOrigin"?
I have an IIS web server and host a website on that server. If I add a load balancer and pass all the requests through load balancer it gives me an error. Someone recommends adding ApplyHostAsOrigin as true in the appsetting.json file and it solved the issue.
Related
I have an Azure Load Balancer which is configured with an internet facing public IP. I can confirm I can access this public IP from my browser.
My end goal is to configure Azure Front Door CDN so that it uses the IP from the Load Balancer and at the end of the day I would want to access my load balancer through the Front Door DNS.
I have created the Front Door, I configured a Backend Pool with selecting the option Public IP Address as the type, I locate the Load Balancer Public IP name from the drop-down, leave everything else to default. I then configure the HTTP and HTTPS routing rules.
I check everything is enabled and then I hit the Azure Front Door DNS entry.
According to the FAQ it should work . I keep getting the following error:
Our services aren't available right now
We're working to restore all services as soon as possible. Please check back soon.
However, if I use a separate DNS entry that points to the same IP and with SSL enabled - and then put that DNS entry in Azure Front Door(instead of the IP) - then accessing the web app through FrontDoor works.
Any insight appreciated - thanks.
Turns out FD wasn't working because of SSL validation error - trying in Postman and turning SSL validation setting off resolves the IP directly.
I am looking to configure application gateway service provided by azure, to avail dynamicIP and basic WAF protection.
I don't want to do TLS termination here, as that I can do at level of Ingress (nginx load-balancer rules )
I have a DNS zone carrying DNS mapped to CNAME of the FrontendIP of the Application gateway and the backend pool has been mapped to IP of kubernetes Load Balancer.
Upon hitting the URL, I am getting time-out error and no traffic is being intercepted by nginx controller too, seems like traffic is getting lost at level of Application gateway only
Application Gateway is a reverse proxy. So the SSL termination happens at the listener and you can configure end to end SSL by uploading .cer in the HTTPSettings.
You can use this guide to configure end to end SSL.
Also note that without configuring HTTPS listener, all your request will be timed-out.
Scenario:
Configured Azure Application Gateway to route traffic to different Azure Web Apps to leverage the Web Application Firewall (WAF).
Initial configuration worked fine except that the final URL in the browser is the {mysite}.azurewebsites.net. I want this to be the custom domain name {subdomain}.{mysite}.com. This was configured by having the backend pool bound to an app service. Changing it to FQDN is not working. Screen shots below.
CNAME is already pointing to the gateway.
Desired result
When someone hits {subdomain}.{mysite}.com (which is already configured to point to the gateway) I should get {subdomain}.{mysite}.com not {mysite}.azurewebsites.net
Current setup:
The gateway is configured with a multi-site listener with its rule pointing to a backend pool and also bound to the http setting.
Listener is listening on {subdomain}.{mysite}.com
Backend pool config
Probe config
Http setting config
The following links provide some partial answers/configurations but none of them worked for me.
Application Gateway - 502 error
https://learn.microsoft.com/en-us/azure/application-gateway/troubleshoot-app-service-redirection-app-service-url
https://learn.microsoft.com/en-us/azure/application-gateway/create-web-app
UPDATE
Here are a list of steps used to configure an azure app service with a custom domain behind the Azure Application Gateway and WAF (Web Application Firewall) using the azure portal UI.
Configure a Backend pool with target pointing to your App Service.
Configure Health Probe with the following settings
Protocol: HTTP or HTTPS
Host: {appservice}.azurewebsites.net
Path: /
Configure Http setting
Use App Service unchecked.
Use custom probe checked.
Pick host name from backend address unchecked (you might have to check this to configure the rule and then uncheck it).
Configure listener
HostName: {subdomain}.{domain}.com (your domain)
Configure basic rule
Bind it to the appropriate http setting, backend pool and listener
Caveat: If there are no http settings with Pick host name from backend checked, you might need to change it, attach it, and then remove that flag again.
Probably, you get a 502 error because you change to FQDN subdomain.mysite.com in the targets of backend pool. However, In this scenario, you have not changed the custom domains in your web app service, you only could access the web site via the default domain mysite.azurewebsites.net. I suggest changing back to the App service in the targets.
Initial configuration worked fine except that the final URL in the
browser is the {mysite}.azurewebsites.net.
Please check if you have an HTTPS Only setting ON in the Custom domains of web app service. This will redirect all Http to Https. For me, usually, it will cause the final URL in the browser is the mysite.azurewebsites.net.
Update
If you have no HTTPS Only on, this issue may happen due to the following main reasons:
You have redirection configured on your App Service. Redirection can be as simple as adding a trailing slash to the request.
You have Azure AD authentication which causes the redirection.
You have enabled “Pick Host Name from Backend Address” switch in the HTTP settings of Application Gateway.
You don’t have your custom domain registered with your App Service.
This issue can be resolved by not having a redirection on the Application side, however, if that’s not possible, you can follow this solution to resolve it.
Register the domain subdomain.mysite.com to the custom domain list of the App Service. For more information, see Map an existing custom DNS name to Azure App Service.
Once that is done, your App Service is ready to accept the hostname subdomain.mysite.com. Now change your CNAME entry in DNS to point it back to Application Gateway’s FQDN. For example, appgw.eastus.cloudapp.azure.com.
Uncheck the checkbox Pick Hostname from Backend HTTP Settings in probe settings. In the hostname field of the probe, enter your App Service's FQDN mysite.azurewebsites.net as the probe requests sent from Application Gateway will carry this in the host header.
Uncheck the checkbox Pick Hostname from Backend Address in your Application Gateway’s HTTP settings.
Associate the custom probe back to the backend HTTP settings and verify the backend health if it is healthy.
Once this is done, Application Gateway should now forward the same hostname subdomain.mysite.com to the App Service and the redirection will happen on the same hostname.
Why I am unable to add domain to azure web app for a domain coming via Cloudflare proxy even though I have configured the URL to resolve to azurewebsites.net URL via CNAME?
Here are the steps to get through Cloudflare proxy:
First you need to turn off proxy in Cloudflare.
Configure the URL to point to azurewebsites.net URL in DNS
Then add the custom domain.
Once the domain is added, enable the proxy again.
I have deployed a Virtual Machine scaleset with an application gateway. VMs in VMSS has a soap api configured. Now when I download WSDL for my soap api by going through application gateway's DNS name, for soap:addresslocation tag in WSDL it gives privateip of VM as url for example
https:\\10.1.0.9:443\servicetag
while if I access same API WSDL directly by using DNS name of VM it gives same URL in this for :
https\\<VM DNS name>\servicetag.
Please tell me what is causing this behaviour.
I resolved this issue after some research into my setup. SO the problem was due to this flag
--host-name-from-backend-pool
which was setup as true due to which it was picking the hostname of my VM instead of my application gateway frontend IP. setting
--host-name-from-backend-pool false
as false resolved it