I have 2 web apps behind Application Gateway. I am trying to access by http://<aap_gateway_pub_ip>/web1 should go to http://webapp1.azurewebsites.net and http://<aap_gateway_pub_ip>/web2 should go to http://webapp2.azurewebsites.net. I have defined path based rule like:
$web1PathRule = New-AzureRmApplicationGatewayPathRuleConfig -Name web1pathrule -Paths "/web1" -BackendAddressPool $regbackendpool -BackendHttpSettings $poolSetting
$web2PathRule = New-AzureRmApplicationGatewayPathRuleConfig -Name web2pathrule -Paths "/web2" -BackendAddressPool $accbackendpool -BackendHttpSettings $poolSetting
$urlpathmap = New-AzureRmApplicationGatewayUrlPathMapConfig -Name urlpathmap -PathRules $web1PathRule, $web2PathRule -DefaultBackendAddressPool $defaultPool -DefaultBackendHttpSettings $poolSetting
$urlRoutingRule = New-AzureRmApplicationGatewayRequestRoutingRule -Name routingrule-001 -RuleType PathBasedRouting -HttpListener $defaultlistener -UrlPathMap $urlpathmap
The issue is when I directly access http://<aap_gateway_pub_ip> request goes to default pool which is web1 backendpool and opens web1 app. But when I access http://<aap_gateway_pub_ip>/web1, it returns 404 error.
What additional configuration is required to make this working?
I also got stuck in this problem for a day and trust me Microsoft should think about and adding more clear instructions.
The thing is when you access the base address of frontend IP like this http://<aap_gateway_pub_ip>
It simply replace the frontend IP with the backend pool based web app IP, so the request sent to the web app is something like http://webapp1.azurewebsites.net and it works.
Problem starts when you create a path based rule and configure it like this http://<aap_gateway_pub_ip>/web1 -> http://webapp1.azurewebsites.net
What app gateway does, it simply replace the front end ip with the backend ip
So the request sent to backend is
http://webapp1.azurewebsites.net/web1
and if your backend webapp does not contain that page in the website then it will through 404 error.
So there are 2 solutions for that
1> Edit the httpsetting of the rule and add a '/' in the "override backend path"
2> The other approach is to actually drive the path based rule in such a way that the final path (like web1 in your case) should actually exists in the backend server or webapp.
Please follow additional backend http settings and probe configuration for integration with Web Apps to work correctly. The documentation is here.
Related
I have a question about azure front door potential for this. So I have 2 web site running by Azure App Services and I need then under same domain name but different path of URL like this:
App Service A -> www.something.com
App Service B -> www.something.com/b-product
I'm not sure this is possible to use Azure front door or I should use another service to solve this problem.
Do somebody can suggestion to me?
Yes you can do this fairly easily, when you create your routing rule you have the option tom specify patterns to match, there you can specify /foo and have this forwarded to pool A where app service A lives
Then you create a different routing rule with /bar pattern to match and forward that to pool B
Then you can repeat this until you get what you need.
you can also have one routing rule match the / domain as per your example you don't have to use a /foo pattern you can also do /* but I always found it easier to use /foo/* and /bar/* to keep the same URL structure
As suggested by Junnas , you can use the front door rules engine
Alternatively , you can use application gateway listeners
If you want all of your requests (for any domain) to be accepted and forwarded to backend pools, choose basic. Learn how to create an application gateway with a basic listener.
If you want to forward requests to different backend pools based on the host header or host names, choose multi-site listener, where you must also specify a host name that matches with the incoming request. This is because Application Gateway relies on HTTP 1.1 host headers to host more than one website on the same public IP address and port. To learn more, see hosting multiple sites using Application Gateway.
I have configured 4 webapps behind Application gateway (ARM template):
dummyapi1.azurewebsites.de/servicehosts/dummyapi1
dummyapi2.azurewebsites.de/servicehosts/dummyapi2
dummyapi3.azurewebsites.de/servicehosts/dummyapi3
dummyapi4.azurewebsites.de/servicehosts/dummyapi4
web app settings
I can open web apps when I go directly to dummyapiX.azurewebsites.de/servicehosts/dummyapiX.
I want routing work this way: when I go to https://PIPofApplicationGateway/servicehosts/dummyapiX it should redirect to
dummyapiX.azurewebsites.de/servicehosts/dummyapiX
But Application Gateway always redirect to default backend pool, therefore I get 404 error.
I created Custom probes that point to:
/servicehosts/dummyapi1
/servicehosts/dummyapi2
/servicehosts/dummyapi3
/servicehosts/dummyapi4
Backend health show Healthy status for all. Backend pools point to webapps FQDN. PickHostNameFromBackendAddress for httpsSettings and PickHostNameFromBackendHttpSettings for probes are set to true. No other Path related setting are not configured in httpsSettings.
The only path-based rule is:
default backendpool is dummyapi4
"/servicehosts/dummyapi1/*" to backendpooldummy1
"/servicehosts/dummyapi2/*" to backendpooldummy2
"/servicehosts/dummyapi3/*" to backendpooldummy3
Any suggestion? What might be a root cause?
The root cause was trailing "/" in path in rules.
So instead of:
"/servicehosts/dummyapi1/*" to backendpooldummy1
"/servicehosts/dummyapi2/*" to backendpooldummy2
"/servicehosts/dummyapi3/*" to backendpooldummy3
It should be in my case
"/servicehosts/dummyapi1*" to backendpooldummy1
"/servicehosts/dummyapi2*" to backendpooldummy2
"/servicehosts/dummyapi3*" to backendpooldummy3
Now everything works
Firstly, you can confirm if you have created the virtual directory in your web app setting. Make sure the URL-based rule maps to the specific backend pool. Create the basic listener with a listening request port. Create and map a Path-based rule and bind to the listener. Get more details from this tutorial.
Then, you can type ipconfig /flushdns to clear the DNS cache In the command prompt console. Verify it again.
Ref: Error 404 : Web App Not Found – Azure Web App
I have configured an Azure Web Application Firewall in-front of my App Service and it is successfully passing requests through. I have followed the instructions a the following microsoft docs.
I have the following configuration:
Custom domain: test.[customdomain].com the DNS records points to the public IP configured against the WAF. The custom domain is also configured on the Web App.
The WAF has a backendpool which is configured to use "IP Address or FQDN" with the following record:
[customwebsite].azurewebsites.net
When I navigate to test.[customdomain].com I am successfully receiving the website, however it appears as though the WAF is rewriting the request when forwarding to the App Service.
As such, my App Service receives the request and it has the URL [customwebsite].azurewebsites.net, instead of test.[customdomain].com.
Is this intended? Reviewing the multi-tenant documentation it should not be rewriting the host by default?
The solution was to ensure you do not use the option -PickHostNameFromBackendAddress when specifying the New-AzureRmApplicationGatewayBackendHttpSettings. I should have noticed, but this setting tells the WAF to rewrite using the addresses specified in the BackendHttpSettings.
You also then need to reconfigure your probe to specify manual hostnames. e.g. do not specify -PickHostNameFromBackendHttpSettings when setting AzureRmApplicationGatewayProbeConfig.
For me what has worked is in the HTTP Settings to make sure -PickHostNameFromBackendAddress is NOT selected. Also the interface doesn't let you set the -HostName so drop to PowerShell and set the -HostName and the probe like this:
$GW = Get-AzureRmApplicationGateway -ResourceGroupName "MY-APP-WAF-RG" -Name "APP-WAF"
$PROBE = Get-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $GW -Name "my-api-https-probe"
Set-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $GW -Probe $PROBE -HostName "my-api.example.org" -CookieBasedAffinity "enabled" -AffinityCookieName "AGAffinity" -Protocol "HTTPS" -Port 443 -Name "my-api-https-settings"
Set-AzureRmApplicationGateway -ApplicationGateway $GW
Also on the probe I have the -PickHostNameFromBackendHttpSettings selected.
Using the above way I have two web apps with custom domain and SSL configured behind the WAF.
Terrible experience setting this up.
Following situation:
there is an ILB ASE with one App Service Plan running 3 different Web Apps.
I would like to use Azure Application Gateway and its path based routing capability to route to these different Web Apps. Is it event possible?
Thanks!
Ok, got a solution for this:
under "Configure a web app behind an existing application gateway" they describe how to configure the App GW...the most important part is the parameter -PickHostNameFromBackendAddress which kind of takes the host name as it is defined in the backend pool (e.g. app1.myase.local, app2.myase.local etc. these domains are not on the internet but rather inside the VNET only per deployed App Service). Then you need to configure a private DNS zone in the VNET where the App GW and the Apps live. Here is how: https://learn.microsoft.com/en-us/azure/dns/private-dns-getstarted-cli then the path based listener works with multiple apps represented by multiple backend pools in the App GW
Do you want to reach different Web-Ressources ?
For Example:
fqdn:443/web1/
fqdn:443/web2/
fqdn:443/web3/ ?
i think you are looking for: "url based routing"
please read:
https://learn.microsoft.com/de-de/azure/application-gateway/application-gateway-introduction
For trainings you can easily work with Haproxy and multiy instances.
if a client gets /videos/ -> 10.100.1.1:443/videos/ and if a customer want to reach /images/ -> 10.100.1.2:443/images
please analyse my first config entries:
frontend http
acl videos path_end -i /videos/1
acl images path_end -i /images/2
acl pdf path_end -i /pdf/3
use_backend srvs_videos if videos
use_backend srvs_images if images
use_backend srvs_pdf if pdf
backend srvs_videos
balance roundrobin
server host1 10.100.1.1:PORT
server host2 10.100.1.2:PORT
How to debug the azure gateway probe? I have a setup which azure identifies as "unhealthy". The setup consist of one gateway with a http-setting with a custom probe. Behind it are two virtual machines.
When testing the path to the probes by direct ip, they both work. But the gateway identifies them as unhealthy.
Can I see a log somewhere why they are unhealty?
My response code is a simple "OK" string with 200 OK status code.
You could check this link.
View back-end health through PowerShell:
Get-AzureRmApplicationGatewayBackendHealth -Name ApplicationGateway1 -ResourceGroupName Contoso