I have set up a new application Gateway following the MS document. I have configured the back end pool .it is connected to an App Service via FQDN. Somehow I receive 502 immediately every time I browse to the application gateway. Browsing to the website directly works with no issues .
I have resolved this issue. Here is the solution.
If you have web apps in your backend pools you CAN'T set up the health probes via Azure portal.
You need to set them up via resource templates or Powershell. The key is that you need to leave the host field empty and set -PickHostNameFromBackendAddress property.
The two lines below did the magic to make the 502s go away
# Create a probe with the PickHostNameFromBackendHttpSettings switch for web apps
$probeconfig = New-AzureRmApplicationGatewayProbeConfig -name webappprobe -Protocol Http -Path / -Interval 30 -Timeout 120 -UnhealthyThreshold 3 -PickHostNameFromBackendHttpSettings
# Define the backend http settings
$poolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name appGatewayBackendHttpSettings -Port 80 -Protocol Http -CookieBasedAffinity Disabled -RequestTimeout 120 -PickHostNameFromBackendAddress -Probe $probeconfig
Related
I have configured an Azure Web Application Firewall in-front of my App Service and it is successfully passing requests through. I have followed the instructions a the following microsoft docs.
I have the following configuration:
Custom domain: test.[customdomain].com the DNS records points to the public IP configured against the WAF. The custom domain is also configured on the Web App.
The WAF has a backendpool which is configured to use "IP Address or FQDN" with the following record:
[customwebsite].azurewebsites.net
When I navigate to test.[customdomain].com I am successfully receiving the website, however it appears as though the WAF is rewriting the request when forwarding to the App Service.
As such, my App Service receives the request and it has the URL [customwebsite].azurewebsites.net, instead of test.[customdomain].com.
Is this intended? Reviewing the multi-tenant documentation it should not be rewriting the host by default?
The solution was to ensure you do not use the option -PickHostNameFromBackendAddress when specifying the New-AzureRmApplicationGatewayBackendHttpSettings. I should have noticed, but this setting tells the WAF to rewrite using the addresses specified in the BackendHttpSettings.
You also then need to reconfigure your probe to specify manual hostnames. e.g. do not specify -PickHostNameFromBackendHttpSettings when setting AzureRmApplicationGatewayProbeConfig.
For me what has worked is in the HTTP Settings to make sure -PickHostNameFromBackendAddress is NOT selected. Also the interface doesn't let you set the -HostName so drop to PowerShell and set the -HostName and the probe like this:
$GW = Get-AzureRmApplicationGateway -ResourceGroupName "MY-APP-WAF-RG" -Name "APP-WAF"
$PROBE = Get-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $GW -Name "my-api-https-probe"
Set-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $GW -Probe $PROBE -HostName "my-api.example.org" -CookieBasedAffinity "enabled" -AffinityCookieName "AGAffinity" -Protocol "HTTPS" -Port 443 -Name "my-api-https-settings"
Set-AzureRmApplicationGateway -ApplicationGateway $GW
Also on the probe I have the -PickHostNameFromBackendHttpSettings selected.
Using the above way I have two web apps with custom domain and SSL configured behind the WAF.
Terrible experience setting this up.
I have 2 web apps behind Application Gateway. I am trying to access by http://<aap_gateway_pub_ip>/web1 should go to http://webapp1.azurewebsites.net and http://<aap_gateway_pub_ip>/web2 should go to http://webapp2.azurewebsites.net. I have defined path based rule like:
$web1PathRule = New-AzureRmApplicationGatewayPathRuleConfig -Name web1pathrule -Paths "/web1" -BackendAddressPool $regbackendpool -BackendHttpSettings $poolSetting
$web2PathRule = New-AzureRmApplicationGatewayPathRuleConfig -Name web2pathrule -Paths "/web2" -BackendAddressPool $accbackendpool -BackendHttpSettings $poolSetting
$urlpathmap = New-AzureRmApplicationGatewayUrlPathMapConfig -Name urlpathmap -PathRules $web1PathRule, $web2PathRule -DefaultBackendAddressPool $defaultPool -DefaultBackendHttpSettings $poolSetting
$urlRoutingRule = New-AzureRmApplicationGatewayRequestRoutingRule -Name routingrule-001 -RuleType PathBasedRouting -HttpListener $defaultlistener -UrlPathMap $urlpathmap
The issue is when I directly access http://<aap_gateway_pub_ip> request goes to default pool which is web1 backendpool and opens web1 app. But when I access http://<aap_gateway_pub_ip>/web1, it returns 404 error.
What additional configuration is required to make this working?
I also got stuck in this problem for a day and trust me Microsoft should think about and adding more clear instructions.
The thing is when you access the base address of frontend IP like this http://<aap_gateway_pub_ip>
It simply replace the frontend IP with the backend pool based web app IP, so the request sent to the web app is something like http://webapp1.azurewebsites.net and it works.
Problem starts when you create a path based rule and configure it like this http://<aap_gateway_pub_ip>/web1 -> http://webapp1.azurewebsites.net
What app gateway does, it simply replace the front end ip with the backend ip
So the request sent to backend is
http://webapp1.azurewebsites.net/web1
and if your backend webapp does not contain that page in the website then it will through 404 error.
So there are 2 solutions for that
1> Edit the httpsetting of the rule and add a '/' in the "override backend path"
2> The other approach is to actually drive the path based rule in such a way that the final path (like web1 in your case) should actually exists in the backend server or webapp.
Please follow additional backend http settings and probe configuration for integration with Web Apps to work correctly. The documentation is here.
I deploy a application Gateway on Azure, but Backend health say "unknown" as satus all the time.
If I request via
Get-AzureRmApplicationGatewayBackendHealth -Name $appGwName -ResourceGroupName $myRg
I receive
"BackendHttpSettings": {
"ProbeEnabled": false,
"Id": "/subscriptions/XXX"
},
"Servers": [
{
"Address": "X.X.X.X",
"Health": "Unknown"
}
]
But I did not find a way to activate the probe. I created the probe via Portal and via powershell, in both cases I run into the same Problem.
$helthProbe01 = New-AzureRmApplicationGatewayProbeConfig -Name "httpsProbe" -Protocol Https -HostName "127.0.0.1" -Path "/page/index.aspx" -Interval 30 -Timeout 60 -UnhealthyThreshold 3
How can I activate the Health probe?
Thanks
Daniel
This properties can Flag if probe should be enabled, not the status of the probe.
But,whether the probe is enabled, Default value is false. So, it means that it does nothing about whether your probe is active.
Backend health say "unknown" as satus all the time.
Ensure you have configure all settings correctly, you can refer to this document to add a probe to your Applicaiton gateway.
Don't use the IP address like 127.0.0.1 as your hostname, please add a hostname which can be access from public Network.
Hope this helps!
I am hosting two web applications on IIS server on Azure Virtual machine (classic), But I am unable to access the second application by url.
I have two websites- One is hosted on port 80 and other is hosted on port 8081.
I am able to access the site one using - http://abc.cloudapp.net, but can not access the second site as http://abc.cloudapp.ne:8081. I have added the both endpoint for VM.
Locally I am able to access both sites using url- http:://localhost and http://localhost:8081.
Can any one help me?
You must also open port 8081 on the local VM firewall. On the server from PowerShell.
PS C:\> New-NetFirewallRule -DisplayName "Open Inbound Port 8081" -Direction Inbound –LocalPort 8081 -Protocol TCP -Action Allow
ref: https://technet.microsoft.com/en-us/library/jj554908(v=wps.630).aspx
I've got a load-balanced end-point being served by 2 vms, and I shut down one of them through the web interface, however it seems that the shut-down endpoint is still being included in the load-balancer rotation. Is this the case or am I missing a silly mistake on my part?
Are you talking about new "Windows Azure Virtual Machines" or "Web/Worker based VM"?
With Windows Azure Virtual Machine, you can create multiple separate Virtual Machines and use Powershell cmdlets "get-azurevm" with parameter "-LBSetName" to set probe Load balancing undersame -LBSetName setting as below:
get-azurevm -ServiceName "XXXX" -Name "XXX" | Set-AzureEndpoint -Name "HttpIn" -Protocol "tcp" -PublicPort 80 -LocalPort 80 -LBSetName "XXX" -ProbePort 80 -ProbeProtocol "http" -ProbePath "/" | Update-AzureVM
If you configured the Load Balancer and shutdown the instance, the Load Balancer will still shows all machines configured with probe.