I have several (4) web apps running on Azure: 3 of them require very little processing power, thus, they had been running
on a Free plan; while the other one is meant for final users which means a higher load and a needs for a custom domain and SSL certificate.
SSL certificate was correctly configured (https://azure.microsoft.com/en-us/documentation/articles/web-sites-purchase-ssl-web-site/) and is working as expected.
However, we noticed all of the other sites are now importing this SSL certificate as opposed to the one offered by default by Azure (the one for *.azurewebsites.net sites);
this has caused all of our Free sites to move to the Basic tier automatically. We are the unable to set them to Free again, as an error message states Free does not support
our custom SSL certificate for our custom domain.
Notice that our custom domain is in no way associated with any of the (3) Free sites but just the one that needs it.
Also, when going to SSL cert options in our Free sites, we cannot remove the custom SSL cert, as it states the site requires at least one of them, and custom one is the only one.
When creating a new site, this custom SSL will be automatically imported as well.
What should we do so the Free sites make use of the default *.azurewebsites.net SSL cert instead of the custom one, so we can then get back these sites to the Free plan?
Thank you for your help.
1.Root cause: It maybe that use the same hosting plan for all your websites.
As free app service plan doesn’t support custom SSL, if you want to use your user custom SSL then need to scale up to app service plan from to basic or higher.
After scaling up the App service plan, it will apply to all your websites in your app service plan.
2. How to resolve it
Please have a try to create another free app service plan for the 3 websites. Detail please refer to how to create-a-new-app-service-plan and Move an app to a different App Service plan.
Note: Only valid plans (in the same resource group and geographical location) are shown.
With Azure websites you are basically renting an IIS instance. In order to use SSL on your website you need to switch your plan to "Basic" or higher, as you've seen. Right now I think all of your websites are in the same "webhosting" plan. This means that they are automatically scaled to the "Basic", as you are basically scaling the IIS instance, not the indiviudual website.
See it as buying a hosting plan that can host multiple web applications. If you move to basic, you end up paying for 1 basic plan that hosts all 4 sites (so not 4 billable plans, just 1).
In this case you won't end up with a higher bill (you need a basic instance for the SSL-site anyway) - the other sites are including in this same hosting plan for 'free' - sharing the resources of the basic instance).
If you want to keep the basic site and the 3 free sites separated, you should create a new webhosting plan (App service plan) on the new Azure Portal (https://portal.azure.com) and move those 3 websites there.
I would recommend letting those 3 sites use the basic plan - it won't cost you any extra.
Related
I have a dotnet website on Azure App Service, with a custom domain and their generated SSL cert. I get about a dozen hits a day (LOW traffic). The service level that azure requires is a B1 which includes the ssl cert. and custom domain, but $70 a month seems crazy high for the amount of traffic.
Is there any alternatives/solutions/workarounds to use the shared tier level with custom domain and SSL to have a server in the $20 range instead? I have looked at cloudflare, but still azure won't allow their ssl on any lower levels tiers.
I suppose an alternative is aws or google, but I imagine they have the same pricing? plus, I like the integrated tools with dotnet and Azure :(
Is there any alternatives/solutions/workarounds to use the shared tier
level with custom domain and SSL to have a server in the $20 range
instead?
No, As per the current Azure documentation To create custom domains & custom TLS/SSL bindings or enable client certificates for your App Service app, your App Service plan must be in the Basic and above tier ( Standard, Premium, or Isolated tier). It is the ASP (App Service Plan) tier.
Alternatively, As mentioned in this SO thread, you can use Azure front-door service Create Linux-based proxy server, and setup proxy and use it as a ssl-termination.
CloudFlare Free plan comes with a free SSL certificate. So essentially your traffic is SSL secured.
For more information you can refer this SO thread.
I made an app service - deployed and my final part of the puzzle is my SSL certificate. When I click on that option in Azure's portal (app service menu for my app) they are all greyed out with the words
"App Service Environments are available in the Premium tier. They
offer even greater scale options, private access, and more.".
I'm on pay-as-you-go so I feel like I should be able to select the service I would like? When I click on upgrade - it just goes to my account page tries to upgrade to pay-as-you-go (even though I already have that) and then times out.
Failing that - does anyone know a way to get around this and letting me upload my ssl certificate? Thanks
You dont need the App Service Environment to deploy custom SSL certificates (that's a good news, since ASE isnt cheap :)).
Since you want to upload your own SSL certificate, I assume you want to have your own domain (and you did configure it in the Custom domains blade already, otherwise you will not be able to assign certificate anyway), then all you need is B1 or higher pricing tier instance, where custom domains are available, more details about differences in pricing tiers can be found here https://azure.microsoft.com/en-us/pricing/details/app-service/plans/
Note that for Microsoft managed domains (so ending with azurewebsites.net), MSFT is the owner of the SSL certificate.
You can try Azure Powershell: https://learn.microsoft.com/en-us/azure/app-service-web/app-service-web-app-powershell-ssl-binding
I have a wordpress site hosted on Azure. Call it, mysite.com. I'd also like to develop a separate .net app and host it at subsite.mysite.com. How can I do this without having to pay for 2 separate Azure sites?
There are ways to achieve what you require. However, key point here is to understand the Azure App Service. Because, in Azure app service, you never pay (your concern is having to pay, not having to maintain) for a single site!
If you take a closer look at the App Service Pricing model, you will see that even with the free (like in Free lunch) tier, you get to host 10 applications in your hosting plan. But you need custom domain, then you go to Shared plan, you already can host 100 web sites within it, all with your custom domain/s.
Next you will have to learn a bit about what is Top Level Domain, what is Domain, what is Sub Domain, what is A DNS Record and what is C-Name DNS record, because these are all thing you need to understand in order to properly configure your sites.
And finally read the article on how to configure custom domain for Azure App Service.
Remember. With Azure App Service, you are paying for a hosting environment (or service plan), not for a single web site!
I have a custom domain www.abc.com configured for web app webapp-a, and I'd like to transfer it to webapp-b without downtime.
If I try to add the domain to webapp-b, I am getting
The host name www.abc.com is already assigned to another Azure website: webapp-a
It there a way to let webapp-a continues to serve the requests, until the DNS cache expires?
Edit: The domain has IP based SSL binding, and the DNS is caching the virtual IP.
I faced the same issue, and was able to solve it in a tricky way.
I created new App Service Plan (previously known as Web Hosting Plan), and assigned "new" Web App to it (you can do it via new portal, or you can create Service Plan during Web App creation).
Then, I was able to assign the same host name to Web Apps in different hosting plans.
Thinking about this, I feel it logical: most probably Service Plan is mapped to physical IIS machine, and you cannot have two sites with the same host name in the same IIS for the obvious reason.
After migration from one DNS to another is done, you can remove unused Service Plan (as you basically pay for each separately).
According to a blog post by the Azure App Service Team in June 2017, it would appear that Azure now supports adding the same custom domain to multiple web apps:
There are scenarios where a customer would like to add the same hostname to multiple web apps in the same subscription, having a geo distributed website is one example. Our custom hostname feature allows you to bypass validation for hostnames that have already been validated. You only need to verify domain ownership when you add a hostname for the first time. For all other apps in the same subscription, you can add the same hostname without creating any DNS records.
You can read the entire blog post at https://blogs.msdn.microsoft.com/appserviceteam/2017/06/21/custom-hostnames-with-app-service/. The quote above was taken from the Adding the same custom hostname to multiple web apps section.
This should help in scenarios such as this where you want to transfer a custom domain name from one web app to another. You can simply add the same custom domain name to both web apps, add any required SSL bindings, and then change the DNS to point to the new web app. As the DNS change propagates, traffic should gradually move over to the new web app without any downtime.
I've tested this myself in the North Europe region and had no problems. Both web apps were in different App Service Plans. I have not tested this scenario with both web apps in the same App Service Plan. Bear in mind that if you're using IP addresses/A records in your DNS, you'd need both web apps to have different IP addresses for the DNS to be able to differentiate between your web apps.
Try assigning the domain to Azure Traffic Manager and have the traffic manager forward the request to the second site. Azure Traffic Manager and Web Apps are two different systems so you might be able to assign the same domain name to a web app and a traffic manager.
Once the DNS cache has expired remove the domain from the old Azure web app and add it to the new one, then finally delete the Traffic Manager account.
Option 2
Set the TTL to something very small, say 5 seconds (I believe your hostname provider should let you set that up), wait for the new TTL to propagate through all the caches. Then switch the custom domain from one app to another, and set the TTL back to it's original value.
This will result in just a few seconds of downtime for any customers, but if you do it at a low-traffic time the effect shouldn't be too bad.
I have just started exploring Azure, and my main purpose is to host the O365 SharePoint Provider Hosted App. Which means I need to create web sites.
I am looking at the pricing of Azure WebApp at How Azure pricing works, and they are Free, Shared, Basic, Standard, Premium.
There are few things which I have not understood completely.
Basic, Standard, and Premium plans provide Virtual Machines dedicated to your plan: Does this mean that I will get a VM which accessible and on that my website will be hosted?
The Shared and Free are have cores 240 cpu minutes/per day and 60 cpu minutes/per day resectively: What does this exactly means?
Azure is already on secure port i.e. https:// : So do I need to have an SSL for my Provider Hosted website
App Service VMs are not accessible in the sense of RDP/SSH. It just means it's not shared with other tenants.
MS has not published exactly how CPU Minutes are calculated (that I am aware of), but obviously it correlates to how heavily your app is used. [1]
The Azure Portal is already on https. For web apps, MS provides a wildcard SSL cert for the *.azurewebsites.net domain. If you use a custom domain then you are responsible for obtaining the SSL cert. [2]
[1] https://stackoverflow.com/a/15758256/310446
[2] https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#bkmk_azurewebsites