We have a use case where we don't want to expose our cloud service to public and accessible only through our internal network. Is there a way to de associate the Public IP and access the cloud service through Internal IP. I already added CloudService to our VN but still i can access the CloudService through Public IP.
<NetworkConfiguration>
<VirtualNetworkSite name="xxxxVN" />
<AddressAssignments>
<InstanceAddress roleName="WorkerRole7">
<Subnets>
<Subnet name="default" />
</Subnets>
</InstanceAddress>
<InstanceAddress roleName="WebRole7">
<Subnets>
<Subnet name="default" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
</NetworkConfiguration>
CSDEF:
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="AzureCloudService7" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="WebRole7" vmsize="Small">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InternalEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
<Imports>
<Import moduleName="RemoteAccess" />
</Imports>
</WebRole>
<WorkerRole name="WorkerRole7" vmsize="Small">
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
</WorkerRole>
</ServiceDefinition>>
when i removed Inputendpoint it is asking for binding, so i have given it as Internalendpoint and tried deploying it still am able to access the cloudservice with VIP.
The only ports available via the public load balancer (ie. the VIP) are the ones defined as InputEndpoints in your CSDEF file. So just remove those input endpoints and you will remove the ability to communicate to that VM from the public IP.
Related
I developed a wcf webservice in a sharepoint 2016 on premise environment.
When I try to upload a long body I used to get a 413 payload too large error so I changed my app.config to this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="ilem.Sharepoint.WebServices.ISAPI.ilemGroupWS.Service">
<endpoint address="" binding="basicHttpBinding" contract="ilem.Sharepoint.WebServices.ISAPI.ilemGroupmWS.IService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/ilem.Sharepoint.WebServices.ISAPI.ilemGroup/Service/" />
</baseAddresses>
</host>
</service>
</services>
<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint name=""
helpEnabled="true"
automaticFormatSelectionEnabled="true"
maxReceivedMessageSize="2147000000"
/>
</webHttpEndpoint>
</standardEndpoints>
<bindings>
<basicHttpBinding>
<binding name="MyBinding" maxBufferPoolSize="2000000000"
maxBufferSize="2000000000" maxReceivedMessageSize="2000000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
<basicHttpsBinding>
<binding name="MyBinding" maxBufferPoolSize="2000000000"
maxBufferSize="2000000000" maxReceivedMessageSize="2000000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpsBinding>
</bindings>
</system.serviceModel>
</configuration>
But now I get this error: 500 (System.ServiceModel.ServiceActivationException)
Is there any way to resolve this issue?
I found that behaviorConfiguration, bindingConfiguration, <security mode="Transport"> are not set in your code, please make sure to configure them.
You can try setting includeExceptionDetailInFaults to true or configuring tracing to get error details.
I have below enpoints defined
<Sites>
<Site name="Internal" physicalDirectory="location">
<Bindings>
<Binding name="HttpIn100" endpointName="HttpInLB" />
<Binding name="HttpIn101" endpointName="HttpInLB" hostHeader="someheader" />
<Binding name="HttpIn102" endpointName="HttpInLB" hostHeader="someheader" />
<Binding name="HttpIn103" endpointName="HttpInLB" hostHeader="someheader" />
</Bindings>
</Site>
</Sites>
And this is the endpoint
<Endpoints>
<InputEndpoint name="HttpInLB" protocol="http" port="80" loadBalancer="LB" />
</Endpoints>
Then in my cscfg file I have
<NetworkConfiguration>
<VirtualNetworkSite name="Development" />
<AddressAssignments>
<InstanceAddress roleName="SiteName">
<Subnets>
<Subnet name="DMZ-subnet" />
</Subnets>
</InstanceAddress>
<ReservedIPs>
<ReservedIP name="ipname"/>
</ReservedIPs>
</AddressAssignments>
<LoadBalancers>
<LoadBalancer name="LB">
<FrontendIPConfiguration type="private" subnet="DMZ-subnet" staticVirtualNetworkIPAddress="00.0.00.001" />
</LoadBalancer>
</LoadBalancers>
When I publish, I get below error
ReservedIP 'ipname' was not mapped to an endpoint. The service definition must contain atleast one endpoint that maps to the ReservedIP.
Appreciate if someone could help me with this.
Many Thanks
ReservedIP is only supported with services containing an external endpoint. What you can do is add an external endpoint and block it with Network Security Groups.
For example, add following endpoint to your Endpoints tag. Then you could block the port using NSG.
<InputEndpoint name="Endpoint1" protocol="http" port="8078" />
The roles in my Cloud Service aren't getting any custom environment variables set. --Meaning if I enumerate the results of a call to Environment.GetEnvironmentVariables(), only the standard environment variables are set (things like PATH or the user id).
When I debug the Cloud Service locally using the emulator, the envvars are there, so I'm kind of at a loss here.
The relevant .csdef:
<WebRole name="..." vmsize="Small">
<ConfigurationSettings>
<Setting name="FirstSetting" />
<Setting name="AnotherSetting" />
</ConfigurationSettings>
<Runtime>
<Environment>
<Variable name="FirstSettingEnvVar">
<RoleInstanceValue xpath="/RoleEnvironment/CurrentInstance/ConfigurationSettings/ConfigurationSetting[#name='FirstSetting']/#value" />
</Variable>
<Variable name="SecondSettingEnvVar">
<RoleInstanceValue xpath="/RoleEnvironment/CurrentInstance/ConfigurationSettings/ConfigurationSetting[#name='SecondSetting']/#value" />
</Variable>
</Environment>
</Runtime>
and the relevant .cscfg:
<Role name="...">
<Instances count="2" />
<ConfigurationSettings>
<Setting name="FirstSetting" value="ABCD" />
<Setting name="SecondSetting" value="WXYZ" />
</ConfigurationSettings>
</Role>
The XML specification is not valid: The element 'WebRole' in namespace 'http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition' has incomplete content. List of possible elements expected: 'Sites' in namespace 'http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition'.
Here is the XML file
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="AzureCloudService1" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="Web" vmsize="Small">
<Startup>
<Task commandLine="StartUp.cmd" executionContext="elevated" taskType="background" />
</Startup>
</WebRole>
</ServiceDefinition>
As the error says.... Your <WebRole> tag must include a <Sites> node.
When you create a Azure Cloud Service project, there will be a default ServiceDefinition.csdef in Solution Explorer with the content below,
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="AzureCloudService1" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="WebRole1" vmsize="Small">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
<Setting name="StorageConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
</WebRole>
<WorkerRole name="WorkerRole1" vmsize="Small">
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
</WorkerRole>
</ServiceDefinition>
So, you are missing a <Sites> node.
While deploying a new Web Role on Windows Azure i am getting this error:
Unable to allocate the required address spaces for the deployment in a new or predefined subnet that is contained within the specified virtual network.
I have searched for a solution, but didn't find one. Does any one have an idea?
My cscfg file looks like this:
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="Application.Cloud" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="3" osVersion="*" schemaVersion="2013-03.2.0">
<Role name="WebApplication" vmName="vm001">
<Instances count="1" />
<ConfigurationSettings>
...
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="..." thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
<Role name="Application.ServiceOpdrachten" vmName="vm002">
<Instances count="1" />
<ConfigurationSettings>
...
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint=".." thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
<NetworkConfiguration>
<VirtualNetworkSite name="VirtualNetwork" />
<!-- The virtual network name must match the name of the vvirtual network configured in your subscription. -->
<AddressAssignments>
<!-- You must map each role in your cloud service to a subnet or a collection of subnets which were defined in your network.-->
<InstanceAddress roleName="WebApplication">
<Subnets>
<Subnet name="Subnet-1" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
</NetworkConfiguration>
</ServiceConfiguration>
In the same cloudproject i have another instance that deploys fine.
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="Ecare.Acasa.Cloud" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="3" osVersion="*" schemaVersion="2013-03.2.0">
<Role name="WebApplication">
<Instances count="1" />
<ConfigurationSettings>
...
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="..." thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
<Role name="Ecare.Acasa.ServiceOpdrachten">
<Instances count="1" />
<ConfigurationSettings>
...
</ConfigurationSettings>
<Certificates>
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="..." thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
<NetworkConfiguration>
<VirtualNetworkSite name="Ecare" />
<!-- The virtual network name must match the name of the vvirtual network configured in your subscription. -->
<AddressAssignments>
<!-- You must map each role in your cloud service to a subnet or a collection of subnets which were defined in your network.-->
<InstanceAddress roleName="WebApplication">
<Subnets>
<Subnet name="Subnet-1" />
</Subnets>
</InstanceAddress>
</AddressAssignments>
</NetworkConfiguration>
</ServiceConfiguration>
We had the same problem around three months ago. Back then may be after some update, the new IP Addresses were not being assigned, or when role or vm were deleted their IP address were not reusable.
We were not able to take help from Microsoft Support, as it was in Preview.
What worked for us was:
We deleted the whole virtual network, and created it again.
If it is possible for you, see if it works.
I was facing this issue and found the issue can be fixed. It has been documented here.