I have a Web app for docker currently running django with gunicorn as wsgi server and Nginx as reverse proxy. I am not serving any static assets via Nginx and the SSL is taken care by Azure.
So my question is, if I use Azure application gateway (with or without WAF) can I remove Nginx? I don't see any use for it, unless I want to use cache, which I don't. HTTP/2 is also provided by application gateway.
Both Nginx and Azure Application Gateway act as a reverse proxy with Layer 7 load‑balancing features plus a WAF to ensure strong protection against common web vulnerabilities and exploits.
Application Gateway supports autoscaling, SSL offloading, and end-to-end SSL, a web application firewall (WAF), cookie-based session affinity, URL path-based routing, multisite hosting, redirection, rewrite HTTP headers and other features. For a full list of supported features, see Introduction to Application Gateway. Also, you're aware of application gateway limits.
Whereas Nginx provides better URL rewriting and redirecting features than Application gateway. See the feedback. With Nginx, you can rewrite the URL of a request before passing it to a backend server. This means you can alter the location of files or request paths without modifying the URL advertised to clients. You can also redirect requests.
In my opinion, if you just want to simply use for load balancing without complex rewriting the URL, it's enough to use Azure Application Gateway. For complex use rewrite cases, you can plus Nginx. Read create Nginx rewrite rules and more details here.
Go for Azure Application gateway... and get rid of Nginx. When in cloud, it makes sense to use all PaaS platform features.
Related
I have a Linux Web App running on Azure with a top-level domain. I want to redirect all traffic coming from mydomain.com to www.mydomain.com (because the free TLS certificate Azure offers only works for non-naked domain names for some reason).
As far as I see this, Apache is the default web server on Linux Web Apps. Unfortunately, it seems I can't just add a Redirect rule in the Apache config files because - I quote: "Any data outside '/home' is not persisted".
Is there any way to do this without having to deal with the redirect in the client application? (e.g. using PHPs header() function)?
The recommended approach for PaaS Web Apps is to use an .htaccess file but it sounds like you don't want to deal with a redirect in the client application.
I can think of two other possibilities for you:
Use Web App Linux Containers
Use Azure Frontdoor URL redirect
I'd need the following config on Azure:
requests to www.domain.com goes to an App Service (call it MainAppService)
requests to www.domain.com/blog/* to a different App Service (call it BlogAppService)
It is important that the url stays www.domain.com/blog/something (a simple redirect to blog.domain.com/something won't work for me here).
MainAppService is a .Net Core app while BlogAppService should be php (yes, WordPress). I wonder if Azure Application Gateway is the only option. Any code based solution without the need to install AAG?
As far as I know, if you want a code-based solution, you may consider adding URL rewrite rules in web app service. It seems that Rewrite Rules only works in one web app service. That is, you could not redirect HTTP-host www.domain.com to blog.domain.com based on rewrite rule.
As your configuration, I think Azure application gateway is an easy and better way to make it.
Configuration example:
Create an application gateway with path-based routing rules using the Azure portal
How to map URL path-based rules in application gateway for your Azure web app service
Is it possible to configure dns settings in such way so web application is using www.domain.com and amazon aws api gateway uses www.domain.com/api?
Not using pure DNS, it would only let you point a subdomain to a destination, DNS doesn't see the path.
You can use something like nginx to proxy the path, or use api.domain.com for your API, which probably is better, as you don't need to proxy the requests at all.
You can configure AWS CloudFront as a proxy to map both API Gateway and Web Server (Or web application hosted in AWS S3) as origins. Then configure
www.domain.com to point to CloudFront.
This also improves the application performance, if you cache the static content, serving from the web application, by using the CloudFront CDN network of edge locations.
When mapping API Gateway do the following configuration for it to work.
Whitelist the headers and exclude Host header.
Set TTL values to zero.
Make the origin and behaviors for API Gateway https only.
To map www.domain.com/api to API Gateway, use the stage name as 'api' with CloudFront behavior mapping for /api/* .
My company wants something like the Application Gateway to be a scalable entrypoint of all incoming requests, with SSL offloading, and balance those requests to external web servers, which are not on our Azure subscription, but belong to the company.
If Application Gateway is indeed the recommended way, how can I declare in the XML configuration file something like that? And if it's not, what's the best way I can achieve that?
application gateway is an option to achive this but by using an application gateway you use an AzureVM ressource. The scalability is ok but we have to pre-create more application gateways in case of a scale out. For a scale down you should also check first how to reroute traffic from the current gateway to the others before you scale down.
i would reccomend an another design. by using azure app-services. this is a webserver farm as a service. in the webserver is IIS running and you can create a forward / redirect reverse proxy or ARR. check out point like azure topics like Application request routing and reverse proxy:
http://blogs.iis.net/carlosag/setting-up-a-reverse-proxy-using-iis-url-rewrite-and-arr
http://www.iis.net/learn/extensions/url-rewrite-module/iis-url-rewriting-and-aspnet-routing
regards
patrick
I am curious to understand how IIS 7.5 Reverse Proxy is implemented in Rewrite Module (v2).
I am planning to setup a website that will handle proxing between requests coming from users (internet) and my HTTP services that are deployed on the same server. I have setup a website within IIS and configured the reverse proxy logic. I've then setup another website on the same server and deployed all my WCF REST services there. I am planning to implement IIS offloading, common tasks (such as authentication, etc) on the reverse proxy website before the request gets to the actual services (like WCF routing service for SOAP). Configuration is working perfectly fine.
However I am trying to understand the implications of this setup. When IIS does reverse proxing, does it create a new HTTP request (and a new TCP port) between those two websites? And even if both sites are on the same server? Should I expect number of TCP connections opened on this server to get doubled when reverse proxy is used?
Furthermore, has anyone experienced any performance/resource issues with a similar setup?
Cheers,
OS