I have a build server with Jenkins running as a Windows Service.
It runs at the local 8080 port.
I want to be able to view the jobs dashboard at any machine by typing the correspondent address in a web browser.
Something like {DNS}:8080/myView.
What I need to define in the Jenkins/Azure to make this happen?
4 moving parts here, you don't really have to do anything on Jenkins part, apart from running it:
VM should have public IP, or you should have some kind of routing to the VM on the port you are interested in.
Network Security Group should permit traffic on the port of interest (8080) (both on the Subnet and on the Network interface) Link
Firewall on the VM should allow traffic on the port of interest.
Application on the VM (Jenkins in your case) should listen to the traffic on the port of interest.
It looks like one have to add an endpoint at the Azure VM. In any case, that's what's worked for me.
Related
So I'm using an Azure VM that has a public IP address, and I've opened an inbound port, let's say it's 5555.
What I'm trying to do now is to run an application on the VM that has an API via localhost, also with the port 5555. I'm calling it then with public_ip:5555/api/...
Since I was not able to connect to the application from outside, is there something missing here? Most tutorials and resources I've found just mentioned opening the port.
Thanks.
Take a look at Azure's IP Flow Verify utility, which will check your NSG rules to ensure traffic can reach your VM. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
If traffic is reaching your VM, check your host firewall and then your application server logs.
So I deployed a new website in IIS 10 with port number 8888 (the Default Web Site uses port 80).
I can successfully browse the website locally on the server. However, I can't visit it from another PC using Internet. The browser complains 'Hmmm.. can't reach this page'.
The firewall on server has been manually shut down.
I also checked that port 8888 is listening on my server.
Did I miss any steps here?
All right, I got it work... Turns out the cloud service that I use shut down accesses to almost all ports except port 80 by default... After I open port 8888 on the cloud settings, everything works.
Actually #NJUHOBBY is right, I use Google Cloud and I had to go over
Google Cloud Console -> VPC Networks -> Firewall Rules -> Create Firewall Rule
...to create a new rule. Please be aware that Firewall Rules are applied to VM through TAGS, so if you choose to use https-server tag this rule will apply to all your VM's (this is tag is assigned to all server instances by default). In my case I set a custom tag and then I added this tag to my VM like this:
Compute Engines-> VM Instances.
Then I clicked my server's vm name and clicked Edit then I added the custom tag in the appropriate field. After saving VM's properties, the port was successfully opened.
I've been experimenting with a containerised app that listens for and processes TCP traffic on a specified port.
To make this work on my own physical machine that was acting as the host I had to setup port forwarding from it to the container.
I've since deployed the dockerized app to an Azure Container Instance, which runs as expected and starts listening on own IP address and the specified port BUT I can't find a way to setup port forwarding so that traffic sent to the public IP address assigned to the container group can get to the app, is this possible?
This article on container groups seems to suggest it is but doesn't seem to say how
Official answer from Microsoft Support (posting here in case anyone has the same question)
Unfortunately Port forwarding is not supported in ACI yet and it’s in roadmap.
UPDATE
It looks like this answer from support is wrong. Ports specified when creating the container group are automatically published so containers with exposed ports can receive traffic from the outside, the issue I was having was with a problem with my code.
I'm banging my head on this seemingly simple task. I'm trying to stand up a Redhat VM in Azure. I've tried both the resource group approach and the classic approach.
I currently have a classic deployment. I've installed httpd via yum. I confirm that I can SSH to the server via the virtual IP. Once in, I start httpd and I can perform wget http://localhost/ and get the content that I expect.
However, when I attempt to connect to the virtual IP from my local browser, there is no response. I've also tried creating a static public IP with no success.
I have created an HTTP "endpoint" in Azure portal. I set the public and private ports to 80 with a protocol of TCP. There are no ACL values (I assume it's defaulting to allow everything).
There is no network security group assigned to the VM.
Still no success. What else am I missing!?
Well, if you really setup an endpoint on the portal to allow port 80, the only thing thats left is the firewall on the Linux VM itself, allow port 80 on the firewall and you are good to go
1) service httpd restart and 2) service firewalld restart did the trick
I've just set up a windows azure VM and installed IIS on it.
When I remote desktop onto the box I can see the default IIS website fine but I can't get this to serve on the web from the IP address of the box.
I've opened up port 80 on windows firewall and also added an endpoint for port 80.
I've tried to access it with the firewall completely turned off also but to no avail...
I cant work out if there is anything else I need to do to get this working?
Add endpoints for port 80 (http) and port 443 (https) to the VM in the Azure portal (tip: this can be automated with powershell or the Azure cli).
Remote desktop to the machine. Open the Windows firewall control panel and allow traffic to port 80 (http) and port 443 (https) or just turn it off ... the firewall is ON by default (tip: can also be scripted through the VM agent / powershell).
Go to the Azure portal and find the cloudapp.net subdomain for your VM (actually the cloud service) your VM is running under. Try accessing the site with that domain. If that doesn't work, try browsing to http://localhost on the server (remote desktop) to make sure IIS works and troubleshoot from there.
Modify the DNS records of your custom domain to use a CNAME to the .cloudapp.net domain. If you need A records make sure to use the public IP of the cloud service (just ping the .cloudapp.net domain to find it or look in the Azure portal).
You might want to look into Azure Websites or Azure Cloud Services (web roles). Those are a lot easier to manage and a lot cheaper. They still offer most of the functionality.
What fixed the issue for me was to go into the Azure Portal, browse to 'Network Security Groups', select the VM and then create an inbound rule to allow traffic to port 80.
Note: Also ensure that the inbound rule to port 80 is added and enabled on the actual VM.
Well, I deleted the existing VM and Cloud service and started again - all worked fine out of the box this time.
How annoying! The only thing I did notice was that before my cloud service had the same name as my VM - this time they had different names so that might have been what was causing the issue.
Cheers
For the newer VMs and pre-configured setups (2015+), it's possible your setup is using an azure asset called "Public IP". If so, you can set a custom DNS name label in it, inside "Configuration". Note that this name will consider any type of region used when creating the VM (e.g. my-site.brazilsouth.cloudapp.azure.com).
It's good to remember that for testing purposes, it still suffices to use the value of the public IP that is randomly designated to you.
The VMs are actually accessed via a Cloud Service (well they are for me). Azure created a Cloud Service automatically to be the scaling engine/load balancer on the front of the VM. I have to connect to the web site via that cloud service, not the VM directly.
Its possible you were using the internal IP rather than the external IP.
The sites have to use the internal IP address in the bindings section of IIS. However, in your dns you will need to use the external IP. This is presumably since the 'internal IP' is just a virtual one that Azure uses to map traffic from the external network to the VM's inside azure.
You should find both the internal and external IP's are visible on the VM's desktop.
Switch off TLS 1.3 in the Registry Editor.
This is what worked for me as of writing this in Mar 2021.