We have an Azure Front Door resource configured with a single backend pool and a health probe to the backend. The backend is a web API running in App Service. The App Service resource is configured with a custom domain. The Front Door health metrics show drastically different results when configuring the backend with the custom domain vs. the one provided by App Service.
We originally configured the backend with the hostname provided by App Service (xxx.azurewebsites.net). The metrics in Front Door showed a very low, very inconsistent success rate for backend health. Then, we tried configuring the backend using the custom hostname we use in the App Service resource, and all of a sudden the health metrics are at 100%.
In the following image, you can see the point where we configured the backend with the custom hostname. The average health shoots up to 100%.
I would expect the Front Door health metrics to be the same (at or near 100%) regardless of the hostname used to configure the backend.
Related
The DNS records for Front Door were deleted as well. We have an app gateway to the app service, which is under an app service env. I can see traffic on my app gateway:
But none on the app service:
The error I get when I try to access the web app is generic:
:( Application Error If you are the application administrator, you can
access the
The health probe on the app gateway was changed to 200-600 to show this error, because it was just a generic 502 at first. I'm not really sure where to even begin troubleshooting this. Any ideas on where I can start checking things?
Did you changed the CNAME dns entry to point to your app service instead of the frontdoor address?
I suspect that you have completely removed the CNAME entry instead of changing it to point to your my-app.azurewebsites.net address.
Also check if you have correctly configured the binding to your custom domain for the app service
Did you originally use the DNS record pointing to the AFD endpoint to point to the App Gateway? If so did you point it back to the App Gateway?
What's the backend settings for the App Gateway look like? Are you overriding the hostname, choosing it from the backend pool name, or not overriding (forwarding hostname from client)?
Also, on the App Service, when you implemented AFD in front did you setup access restrictions under the networking blade? Usually when placing AFD in front of App Service there is a rule to only allow the AFD service tag to reach the App Service so it can't be bypassed.
Lastly, check the environment variables for what port your app service is listening on. From searching that error message I see a lot of mentions about it being NodeJS and there being a mismatch in port configuration. Ensure the app service is listening on the same port as is configured on the App Gateway's backend settings as well as the probe.
I have an application gateway running with a web application in a App service plan. The application gateway listens and passes requests to the backend, which is the web app. There is a health probe implemented that works fine.
The web app was reachable fine until I scaled up the Service plan. Suddenly the health probe timed out reaching the backend and I got a 502 bad gateway error in the browser trying to reach the web application. After hours the website suddenly was back and the backend was healthy again. I was under the impression that you could scale up and down the App plan without any noticeable effect on the website, but it seems the gateway was not playing along.
Did I configure something wrong or should this work like I assumed?
I tried to reproduce the same in environment create app service running with application gateway and got a 502 error.
The number of TCP connections allowed by the plan standard while is an older it contains the double make sure while scaling up and down in app service try to remain in same tier so that inbound IP will wait for sometimes and then scale back.
Try to update your default setting in configuration ->General setting-> ARR Affinity Off. Either your application isn't stateful, or the session state is kept on a distant service like a cache or database. And try to Run your application with a minimum of 2-3 instances to prevent from failure.
You can make use of app service diagnostics gives you the right information to more easily
For Reference:
Get started with autoscale in Azure - Azure Monitor| Microsoft
Guide to Running Healthy Apps - Azure App Service
And I got the same error in application gateway as well to avoid the issue
In your virtual network -> service endpoint -> Add endpoint Microsoft.web in default subnet
.
I have a service fabric cluster that hosts some number of identical applications. The application has two main components - a stateless service that hosts web api (it listens on unique port number) and an actor service.
In front of it there is an application gateway instance with multisite listeners to reach proper application instance based on the url. The scale set for the service faberic cluster is set as backend pool for the application gateway.
For each application I have separate http settings with a unique backend port to reach. One of the configuration options for a listener is a health probe that check the web api health, by default on each backend node.
There is no problem when the api is deployed on each node on the backend, but when the api is deployed only on subset of nodes, for the nodes without it the health probe reports this app as unhealthy.
Is there a supported way to configure the application gateway health probe to check health only on a subset of backend nodes. For apps running on a service fabric cluster like in my case it will be strongly desired.
I recommend that you use a reverse proxy on the cluster for this. You can use the built-in reverse proxy, or Traefik for this.
This ensures that all incoming traffic is routed to the services.
It does introduce an additional network hop, so there is a performance impact.
I followed the docs here https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-create-multisite-portal but still getting the error :
Azure Application Gateway error 502 - Web server received an invalid response while acting as a gateway or proxy server. There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, i
Any help?
About the 502 errors after configuring the application gateway, The main reasons are as follows.
NSG, UDR or Custom DNS is blocking access to backend pool members.
Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
Invalid or improper configuration of custom health probes.
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in virtual machine scale set are healthy.
Request time-out or connectivity issues with user requests.
References: Troubleshooting bad gateway errors in Application Gateway
Just a reminder, after you changing health probe, please check if you select the use custom probe.
Issue: Receiving 502 when you have Web App as the backend pool.
This is how the default probe from Application gateway looks like http/htpps://127.0.0.1:port/
But Web App doesn't respond to localhost, so Application gateway will be receiving 404 for the request sent and it will mark that Web Application unhealthy.
In your scenario, you need to create 3 backend pool where you add one web App in each pool. Then create HTTP setting and enable "Use App Service" check box.
How to enable Use App Service
Then create 3 separate rules to achieve your scenario.
Listener1(test.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool(test.mydomain.com)
Listener2(staging.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool (staging.mydomain.com )
Listener3(prod.mydomain.com) ---> HTTP Settings (enable Use App Service) --> Backend Pool (prod.mydomain.com)
I have 1 Webapp running under same App service plan. As I am using a premium Azure app service plan with 15 instances, We are consuming only 10 percent of CPU. So to increase more availability and responsiveness of our app, I was planning to deploy one more instance of same app with a different name under same App service plan.
So now I am running my-app and my-app01 under 1 app service plan. Now I want to distibute the incoming traffic between this 2 apps.
As this app's are running under on app service, they are running on same location. So Azure Traffic manager doesn't allow the endpoints from same location. To by pass this I have used Traffic manager nested nedpoint to list my both app endpoints under one traffic manager.
then I have added my custom domain name to traffic manager as a CNAME record mapping.
myapp.abhisqs.com -> abhisq.trafficmanager.net -> (my-app.azurewebsites.net , my-app01.azurewebsites.net)
After doing this I am not able to open my app by hitting https://myapp.abhisqs.com/pages/default.aspx from Url, it was throwing 403 error. So I added a hostname(myapp.abhisqs.com) and SSL binding for my-app. Then I was able to open my app by using the https://myapp.abhisqs.com/pages/default.aspx.
So Now my other app instance my-app01 doesn't have a Hostname and SSL binding, So if my primary app (my-app) is off, then I am not able to open the app UI ( fails with error 403). Also from Azure portal I am not able to add host name and SSL binding to my second app which is running under same app service plan. It throws error "the host name 'myapp.abhisqs.com' is alredy configured for my-app so first remove that then configure with this."
So my question is what is best way to have multiple apps under same service plan, load balanced under one single custom domain name.