We are trying to build a cloud service on Azure. We have 3 webrole instances running. What are the possible ways to proxy the requests that we get on a webrole to some other webrole.
For Example,
I have the following 2 web roles running: webrole0, webrole1.
I get a request on webrole0. Based on some parameters either webrole0 can serve the request or the request needs to be proxied to webrole1. How do I make this proxying of the request possible?
If you are looking for the path based routing you can go with Azure Application Gateway. If you want to route traffic to web roles based on the request parameters, you need to go with third party NVAs like F5 to check if that satisfies your routing needs.
Related
Is it possible to include a separate Azure App Service as part of another App Service?
For example lets say that I have a website called www.mycompany.com hosted in its own Azure App Service. I have another Azure App Service that I want to make it accessible by going to a specific URL in the first App Service.
So in other words when a request comes to www.mycompany.com/eu/ I want the content of this endpoint (/eu) to be served from the other app service. Would a load balancer work? The reason I want to do this is because the /eu endpoint has grown too big and I would like to separate that from the main site and host it on a separate app service. I hope my question is clear.
Thanks in advance.
For this purpose you could use Application Gateway.
In a certain sense it resembles a load balancer (it is a L7 LB indeed) as you indicated, but the product provides many additional features.
The following image, extracted from the product documentation, explains how it works:
Basically, as outlined in the aforementioned docs, when describing how an Application Gateway accepts a request (note they mention WAF in the explanation, an optional security threat prevention system):
Before a client sends a request to an application gateway, it
resolves the domain name of the application gateway by using a Domain
Name System (DNS) server. Azure controls the DNS entry because all
application gateways are in the azure.com domain.
The Azure DNS returns the IP address to the client, which is the
frontend IP address of the application gateway.
The application gateway accepts incoming traffic on one or more
listeners. A listener is a logical entity that checks for
connection requests. It's configured with a frontend IP address,
protocol, and port number for connections from clients to the
application gateway.
If a web application firewall (WAF) is in use, the application
gateway checks the request headers and the body, if present,
against WAF rules. This action determines if the request is valid
request or a security threat. If the request is valid, it's routed
to the backend. If the request isn't valid and WAF is in Prevention
mode, it's blocked as a security threat. If it's in Detection mode,
the request is evaluated and logged, but still forwarded to the
backend server.
The routing to one backend or another can be based on URL Paths:
You can find an example of this configuration in this related Microsoft article.
In your use case, you will need to define two backends, one for every App Service, and define routing rules as appropriate.
As indicated before, your DNS should point to the Application Gateway: it will handle the routing to one or other App Service based on the route, /eu/* or /*, provided by the client.
The order of the routes is important: once a rule is matched, it will be the one processed.
Application Gateway is a regional service: Azure Front Door leverages a similar functionality (and much more) globally.
Please, consider review the associated costs of these services.
I am answering my own question to hopefully help others in the same situation. This was simply done using a reverse proxy. This article explains everything you need to set it up - https://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
I am getting to the point of my project where I am ready to deploy it online with my custom domain via Azure once I make the upgrade from my Free Subscription.
So a little context, I have 1 web app service and 4 api services and each one is hosted in a separate app service such as:
www.sitename.azurewebsites.net
www.sitename-api1.azurewebsites.net
www.sitename-api2.azurewebsites.net
www.sitename-api3.azurewebsites.net
www.sitename-api4.azurewebsites.net
And the above web app communicates to all 4 api's and some api's may or may not talk to another. (Would have loved an application gateway so hopefully I'll be changing this architecture later down the road).
So as I get ready to associate my domain to the services, the web container seems pretty straight forward to me as it just becomes www.sitename.com, but I am a little confused about the api services. The way I am thinking about this is that each api service will be in it's own subdomain, such as:
www.api1.sitename.net
www.api2.sitename.net
www.api3.sitename.net
www.api4.sitename.net
where I believe I can register my SSL and domain to each app service somehow, but this leaves me with a few questions.
Do I host each api in a subdomain using the same domain as the web
app, or is there a different way preferred like where I host them
all on the same domain with different exposed ports per API and web
listening 80/443, or maybe just use the IP address of the api app
service and allow www.sitename.com as the origin for CORS?
I am assuming that since I am associating my SSL cert to the web
service, I will need to do the following on the api services?
Would it be better (and still affordable) if I just had a VNET
associated to the app services and the domain only registered with
the web app?
Any insight into this would be greatly appreciated on how I can establish communication between my app services with my custom domain and SSL as I am fairly new to this part of the stack, but excited about learning!
As I known, on Azure cloud, there are two services can help to manage your APIs deployed on multiple app service containers: API Management and Application Gateway.
The Premium tier of API Management has the feature for multiple custom domain names, please see the offical document Feature-based comparison of the Azure API Management tiers as the figure below.
You can refer to the quick start tutorial of Create a new Azure API Management service instance and other related documents to kown how to.
"Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications." said in the introduce What is Azure Application Gateway?. And as the figure of its architecture below, "With Application Gateway, you can make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers. For example, you can route traffic based on the incoming URL. So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that's optimized for videos."
I recommended to use Azure Application Gateway which be a good choice to manage multiple app services and expose the unified urls of APIs.
So I'm trying to use Application Gateway in Azure and trying to do the following:
Single domain (app.mydomain.com) with path based routing to different web apps
like: http://app.mydomain.com/app1
http://app.mydomain.com/app2
Any idea how to configure it in Application Gateway?
I'm keep getting 502 Error when I did the routing to my web apps.
Any idea how to configure it in Application Gateway?
If you want to use path-based routing in the Application Gateway.
Sure, it is possible.
We can use the routing rules to point to a specific backend pool. That backend pool will point to whatever servers you want handling that request.
For more information you could following this tutorial. And you also could refer to this blog to get more detail steps
I have two web apps (webapp1 and webapp2). I would like to use Application Gateway features where can route using path based redirect.
http://mywebsite/login1 redirect to webapp1
http://mywebsite/login2 redirect to webapp2
Is this possible it possible to do this with Application gateway if so can you please give link or direction on how to do this for web apps prespective
Yes, it is. You can use path-based routing in the Application Gateway to do the job. Here is the link:
Application Gateway URL Routing
The main idea is that you can use the routing rules to point to a specific backend pool. That backend pool will point to whatever servers you want handling that request.
Is this possible it possible to do this with Application gateway
Sure. If you want to do that with Azure WebApp service. But there are two things that we need to do:
1.Make sure that the application root path is the same as you mapped in the Application Gateway. For instance:
if you want route http://mywebsite/login1 -> webapp1
Your webapp1 application root path(home page) should be :http:///login1 You can do quick config at your app service - > Application settings -> Virtual applications and directories:
2.Two custom health prob is needed for Azure web apps , we could use PS script to create them since it seems there is no way to create them on Azure portal.
For more detail information, please refer to this blog.
Is it possible to have an kind of api gateway to redirect requests for different web apps?
Foe example:
Domain: abc.com
Abc.com/ -> abc-com-home.azurewebsites.net
Abc.com/map -> abc-com-map.azurewebsites.net
And every request in teh apps should use rhe same pattern.
Thank you!
Is it possible to have an kind of api gateway to redirect requests for different web apps?
Per my understanding, you could leverage the Set backend service policy to redirect an incoming request to the related back-end. Also, you could leverage the path-based rule for the application gateway with your azure web apps to distribute your request(s) to the relevant azure web app. Details, you could follow here.
Abc.com/ -> abc-com-home.azurewebsites.net Abc.com/map -> abc-com-map.azurewebsites.net
Per my understanding, I would map a custom domain (Abc.com) for abc-com-home.azurewebsites.net, then I would leverage the URL Rewrite for my abc-com-home.azurewebsites.net to redirect the request(s) to the related azure web apps based on the request path.
Yes, the application gateway can do it, but you must do it via powershell. If you need SSL, the you must configure for end to end ssl since webapps cant be a a virtual network.
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-powershell