I have two different applications which I want to deploy on the same Azure WebApp like this:
webapp.azurewebsites.net/api/ <-- run the Java REST API here
webapp.azurewebsites.net/site/ <- put the Angular2 app here
Problem
Both apps are deployed on the server but currently I'm only able to get the REST API running with a web.config like this:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="off"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
<handlers>
<add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified"/>
</handlers>
<httpPlatform processPath="%JAVA_HOME%\bin\java.exe"
arguments="-jar D:\home\site\wwwroot\webapps\rest-api.war">
</httpPlatform>
</system.webServer>
</configuration>
but I'm not able to reach the Angular2 app on the server and I can't find documentation how I would configure the Java application and the Angular2 app at the same time.
I also tried to achieve this with the Virtual applications and directories settings from the Azure dashboard under Application settings - but it didn't work and I can't find a decent documentation of how I would achieve this, or if this is even possible with setting the Virtual applications and directories.
I tried to move the Angular2 site around but was not able to configure the server so that the Angular2 app is accessible while the Java application is running.
Question
Can someone point me to a good documentation on how to achieve this, or describe the deployment process in detail (with regard to the configs, e.g. the Application settings from the Azure Dashboard and the web.config file)?
Per my experience, I think the best way for deploying multiple Apps on Azure WebApps is to set the Virtual applications and directories of Application Settings for your Azure Webapp, please see the figure below.
As reference, please refer to the answer of the SO thread Add virtual directory to existing website on Azure.
Virtual Directories are supported for Azure Websites. See Configuring Azure Websites for what you can do through the Azure Management Portal. From the Azure Portal, click on the Website and go to Configure, then scroll down to virtual applications and directories (the last config section). Just enter your virtual directory and the physical path relative to the site root and click Save.
Regarding the second part of your answer, when investigating the subject I found this blog post to be the best explanation of how the Application Settings from the dashboard interact with the Web.config file:
https://azure.microsoft.com/en-us/blog/windows-azure-web-sites-how-application-strings-and-connection-strings-work/
In particular -
If the application setting(s) happen to already exist in your web.config file, Windows Azure Web Sites will automatically override them at runtime using the values associated with your website.
So the Application Settings tab in the Azure portal will take precedence over your web.config values.
Related
I have a static file, letsencrypt.txt, in the wwwroot folder on my website.
But going to http://{domain}.com/letsencrypt.txt gives 404.
This is not on a virtual machine, shared or otherwise. I do not have root access or CPanel access. I do not have any extra Azure Storage.
I do have a Subscription, a Resource Group, an App Service, an App Service Plan, and an API Management Service. I do have FTP access, so I can see the file structure and upload files and download log files.
In practice, all I really know is that the file is at /site/wwwroot.
The log shows
<tr class="alt"><th>Requested URL</th><td>https://{domain}:80/letsencrypt.txt</td></tr>
<tr><th>Physical Path</th><td>**C:\home\site\wwwroot\letsencrypt.txt**</td></tr>
which is exactly where I think the file is located.
I can't see any reason for it to not be able to find the file.
Nothing in the log about access control or permissions.
I thought that perhaps the https issue was a result of the DNS redirect, but I get the same 404 if I go directly to {domain}.azurewebsites.net. And it still redirects to https.
One interesting point is that, here in the log, it specifies port 80 even though it says https.
Here is the entire web.config.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\SmartTagsAPI.dll" stdoutLogEnabled="false" stdoutLogFile="\\?\%home%\LogFiles\stdout" hostingModel="inprocess" />
<rewrite>
<rules>
<!-- <rule name="wildcard">
<match url=".*well-known/acme-challenge/(?!.*?\.txt$)(.*)$" />
<action type="Redirect" url="LetsEncrypt/letsencrypt.txt" />
</rule> -->
</rules>
</rewrite>
</system.webServer>
</location>
</configuration>
As you revealed more information, this question becomes more like "how to set up free certificates for Azure App Service D1 plan".
D1 does not support custom SSL binding, which is by design. So, Let's Encrypt won't work either, as even if you find a way to generate the certificate, you cannot install it to D1 plan.
Like you tested, you can alternatively set up a service like Cloudflare in front which offers you free certificates.
Problem #1: I have a classic cloud service running a single web site role. I would like to differentiate between the way it is debugged locally versus how it is deployed to the cloud. Specifically I would like the local site to run on HTTP and the cloud service to run on HTTPS. The main reason for this is that we don't want to have to install the same cert on all the developers' machines. However, the endpoints are defined in the common "ServiceDefinition.csdef", NOT in the two "ServiceConfiguration.cscfg" files ("local" and "cloud"). So, how do I set up different endpoints for local versus cloud?
Problem #2: I would like, especially in the cloud, to have a site running on HTTP that simply redirects the user to the HTTPS site. How would I set that up?
I realize these questions may not have sufficient detail, but I didn't want to write a book. Please feel free to ask for clarification.
Thanks a lot in advance!
Partial answer to your questions:
Problem #2: I would like, especially in the cloud, to have a site
running on HTTP that simply redirects the user to the HTTPS site. How
would I set that up?
For this, you can simply rely on web.config transforms. In your web.release.config you can set a redirection rule which will redirect http requests to https. Something like the following:
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Similar thing would just not be present in your web.debug.config (or web.config).
Specifically I would like the local site to run on HTTP and the cloud
service to run on HTTPS.
For this, the way I have handled it in the past when I worked on Cloud Services is basically I created separate cloud projects for each environment (WebApp.Azure.Dev, WebApp.Azure.Prod etc.). This way I would get separate csdef file for each environment.
I am new to Azure and currently host my node.js backend at another cloud provider, and I want to understand the steps I need to make in order to host it at Azure, without using Visual Studio Code.
It is a very easy question, yet it seems impossible to find an answer to.
I've seen the 5mins quick starts here;
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-get-started-nodejs
But in the guide, the site is directly deployed to the web URL;
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-get-started-nodejs#browse-to-the-app
But none of them explains the fundamentals on how Azure runs the process.
How does Azure start my backend app? Where do I configure that, what is needed?
That's not mentioned in the guide at all.
Is there a guide for what exactly what files are required and how to configure them in order to start my backend?
Microsoft Azure feels like a black box right now, any documentation is much appreciated!
As I know, you need to configure web.config if you want to run nodejs app on the Azure.
I followed this sample node.js app: nodejs-docs-hello-world and deploy it to Azure. It works fine,you could refer to web.config file:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation batch="false" />
</system.web>
<system.webServer>
<handlers>
<add name="iisnode" path="scripts.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="myapp">
<match url="/*" />
<action type="Rewrite" url="scripts.js" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I suggest you navigating to the KUDU url: https://<your app name>.scm.azurewebsites.net/DebugConsole and go to site\wwwroot to upload your files so that the files are contained within a directory.
Or discard zip deploy temporarily, just drag the local files directly to the d:home\site\wwwroot directory.
How can I have different Web.config files for different Azure slots.
I have a staging and production slot with the same website I don't want the staging slot to be public (it's only for testing and such), so I've setup authentication for that slot through the web.config file.
The problem is that when I upload changes the production slot gets the same web.config file as the staging slot which is set for only allowing access by authenticating, and also the parameters are different so the production slot ends up getting inaccessible, I have to change the web.config file manually in the production slot to make it work.
I wanted to have some way to define a different web.config file for the production slot.
Update (adding more information to the question):
I'm using my local machine for testing (with a local server), that is the development environment.
The sites are in wordpress (wordpress uses php).
The staging slot is used only by a few people, not connected to my local Lan, when I selectively want them to test my site (different Operating Systems, different platforms, different mobile phones,..) before sending things to production. I can just stop the staging slot, when I'm not using it so production resources are not be affected.
I'm already using AppSettings for different connectionStrings, and parameters. I don't know how to use this to define different authentication settings..? I have the authentication settings in the web.config file (used by the staging slot).
My web.config file:
<configuration>
<system.web>
<authorization>
<allow users="foo#gmail.com, foo2#foo2.com, foo3#gmail.com"/>
<deny users="*"/>
</authorization>
</system.web>
<system.webServer>
<rewrite>
<rules>
<rule name="WordPress: http://contoso.azurewebsites.net" patternSyntax="Wildcard">
<match url="*"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
</conditions>
<action type="Rewrite" url="index.php"/>
</rule>
</rules>
</rewrite>
</system.webServer>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
You are using slots incorrectly. Staging slots are not meant to be long-lived applications for testing. These are for deployment and short-automated testing of the application while you are deploying.
Also if your prod and staging slots are almost identical, what is the point of securing staging if it does the same thing as production?
And to conclude - there is no way to do what you want to do. So you might as well set up separate testing WebApp and get it secured via web.config.
There are a few ways to accomplish what you are trying to do. Although I agree with Trailmax - this seems to be a misuse of the intended purpose of slots. Remember that slots share resources (CPU, memory, etc) with your production slot. If you're using a slot for your integration and testing environments and something goes sideways, you are impacting your production resources. That's really not a good idea.
But if you want to go this route anyways, you can:
Use slots along with different build configurations and associated web.config transforms. For example, if your production site is foo.azurewebsites.net, you can define a staging slot called "staging". You can publish directly to that slot at foo-staging.azurewebsites.net. Define a separate build configuration called Staging, and create a web.staging.config transform that updates the underlying web.config to the values you want to deploy to your staging slot. Make sure that when you publish, you choose the foo-staging target, and that you choose "staging" as your build configuration.
If the environments differ by AppSettings and ConnectionStrings, define slot-specific values in the Web App's Application Settings section. These override whatever is in web.config. This is my personal favorite approach.
I am trying to deploy an Azure App Service from Visual Studio 15.2. Specifically I am trying to deploy this following service: https://github.com/Microsoft/Azure-SQL-DB-auditing-OMS-integration to ingest audit logs from SQL Data Warehouse to OMS. However, due to security concerns, we would like to do so without creating a public endpoint, a url. We have tried configuring it in a VNet but it does not allow you to do so unless the VNet has a public gateway.
Configure Azure App Service without public URL
As far as I know, we couldn't configure Azure App Service without public URL. If you created a web app, it will auto provide public endpoint for user to access.
Here are two work around.
I found the github application just use the web app's webjobs.
One way:
If you don't need any web site, just use the backgourd process to run the webjobs, you could choose azure function which uses WebJobs SDK itself but doesn't require an App Service to be configured for it.
Second way:
Normally we run WebJobs in a Azure App Service web app, and that Azure App Service web app can be accessed/browsed via URL. If you want to prevent users from browsing to that Azure App Service web app, you can add a rewrite rule to site’s web.config to block web access.
The web.config is like this:
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
https://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Block unauthorized traffic to staging sites" stopProcessing="true">
<match url=".*" />
<conditions>
<!-- Enter your staging site host name here as the pattern-->
<add input="{HTTP_HOST}" pattern=".*" />
<!-- Enter your white listed IP addresses -->
<add input="{REMOTE_ADDR}" pattern="123\.123\.123\.1" negate="true"/>
<!-- Add the white listed IP addresses with a new condition as seen below -->
<!-- <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.2" negate="true"/> -->
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden"
statusDescription="Site is not accessible" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
More details about how to add the web.config to your web app, you could follow this steps:
1.Open kudu tool in web portal.
2.Open cmd console and locate the \site\wwwroot folder.
3.Create web.config and copy the settings in it.
4.When we accessed the web site, you could find this: