I've a simple problem that I provisioned a Ubuntu 16.04 LTS VM with all of its default components. I ssh into the machine, installed Docker and expose a web app container at the port 80 where a simple static web app is running. But the problem is I can't access the application from the public ip address in the browser that has been created as a separate resource with ARM model. I also assigned a named DNS but could not work :(. I have a stand alone VM.
I previously tried Docker on Ubuntu Server Azure service where I need to configure VM's endpoints in the classical way and the same application was up and running. But how do I do that in a stand alone Ubuntu VM using ARM?
For ARM you need to configure Network Security Groups, instead of Endpoints.
You would want to allow traffic on port 80 to the VM. Here's the link to the documentation. And link to a guide on how to do that with Portal.
Related
I have a set of containerized http services that I wrote, the services are configured using a docker-compose.yml and a collection of Dockerfiles to build the service images. I would like to be able to host my docker-compose.yml setup on Azure, specifically one of my http services requires the ability to rotate which outbound Public IP Address it is making requests from (similar to a proxy.)
I have looked at the following resources:
Azure App Service
Container App
Container Instances
Virtual Machine
I have been able to deploy my app successfully and test it on all of the solutions, however, my issue is that one of my services needs to rotate the outbound IP Address that it is making requests from (kind of like using a proxy to make requests.)
I can accomplish this with a virtual machine and by adding a VNet with multiple IP Address resources associated. This works perfectly fine but using the virtual machine alienates me from the benefits of azure's other managed container services.
I Have read the docs for App Service, Container App, and Container Instances and it doesn't seem like it's possible to assign these resources to a VNet with my current configuration.
Any advice on how I could go about solving my problem is appreciated.
I have created my infrastructure through Terraform, the relevant (Azure) resources are
Application Gateway
VMSS (Virtual Machine Scale Set)
Windows VMs => Created/Destroyed by VMSS (Windows VM are in private
subnet, and HTTPS access is through Application Gateway)
Ubuntu based Bastion Host (for RDP and ansible configuration)
So far I am able to configure one of my windows VM through Ansible using psrp protocol, but that was only possible because I knew the private IPV4 of my VM (added the private IP to host file of bastion vm). How can I do it without knowing the IP address(es)?
My other question is how will the Ansible know a new VM has been created and it needs to be configured?
Edit
If you think this is not the best approach, please guide me on how to do it properly? Should I use Packer with custom image? OR is there any other option? The main configuration I want to do is enable IIS and install a few programs like GIT.
Thank you.
The best way IMO is to use a dynamic inventory. Although the doc examples are detailed for clobber and EC2, you will find more info on the included scripts with examples for Azure.
Once you have your dynamic inventory in place, you can refresh it with meta: refresh_inventory whenever you need to.
In Azure I have the following resources: A VM and a Linux Web App for container. After putting them on the same VNet, the started Container within the App Service can't communicate through private IP.
I wanted to include sshd for the container for debugging purposes, however I couldn't connect to the container after connecting the Web App to the VNet (that already has the VM on it).
Sounds to me like you still need to configure VNET integration for your Web App?
https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet
And also read here a bit:
Azure Web App for Containers networking VNET
Context:
Windows host (with up-to-date Docker For Windows).
Linux-based container running on said host.
MySQL database running on Azure (and not in a container).
When running the container it is impossible to ping the Azure database (let alone query it). The message indicates that it cannot find a route to {azure db IP}.
However I can easily access a database on my Windows host local network. I can also access the internet, for example to download ping tools on my container.
My Windows host can ping and query the Azure database.
I've tried messing with Docker ip configuration (in the visual application) as well as going into the container at run time and changing its ip address since Docker default address is in the same subnet as Azure.
I've even tried switching the virtual commutator on the hyper-v machine but Docker seems to recreate those configurations when restarting.
How can my container successfully route to an azure network?
Thank you for your advice and help.
I followed this tutorial (Elasticsearch 2.X on Microsoft Azure) and now I got the following question: How do I access elasticsearch 2.3.4 running on the VM from my Asp.Net MVC 5 website?
The VM is not reachable from the internet. So the only solution would be to access the Virtual Network from the WebApp?! But I don't know how to configure the Ubuntu VM to allow access to elasticsearch (I used iptables to allow port 9200 and in the elasticsearch.yml I added network.host: 0.0.0.0) and how to access the Virtual Network from my WebApp.
In the guideline (the link above) stood, that the WebApp and the VM have to be in the same Virtual Network - but I can't add my WebApp to the Virtual Network...
Thanks for any help or ideas! Azure is driving me crazy :|
EDIT: Okay, I found another tutorial (secure communications between azure web-apps and virtual machines), but that did not work either. Right now I can access the elasticsearch VM via an url from everywhere in the internet. When I try to access the VM from the Web-App via the private IP of the VM, it does not work :( Maybe because the Azure team changed something? Some screenshots look different to mine.