Can't browse to Azure Cloud Service site URL - azure

I've deployed an Azure cloud service (not a web site) and I'm trying to access it via a browser. When I attempt to browse to the 'site url', it times out. Nor can I ping the Public VIP listed in the Azure dashboard for the service. Hrm.
Now, if I log on to one of the instance VMs, fire up IIS Manager and find the IP address it has listed for the web site, I can browse to that one. Weird.
I'm sure I'm just thick and am missing something simple here. Can anyone point me in a good direction to make my service's site url browsable?
The service definition I'm using is https://github.com/NuGet/NuGetGallery/blob/master/src/NuGetGallery.Cloud/ServiceDefinition.csdef, if that helps.

You can check the "endpoints" tab under the cloud service section of the Azure portal.
There should be an endpoint listed for HTTP that redirects to your VM. You can forward different public ports on the cloud service to individual ports on specific VMs within the cloud service.

Related

Azure Resources WebApp deployed but not accessible from url

I'm trying to access my app, hosted on azure.
I've a finished c# solution. When I commit changes to Azure DevOps it triggers a (working & successful) build-pipeline.
It runs tests, publishes an artifact & testresults.
In my ServicePlan status is Ready and I see Data Exchanges on DataIn & DataOut graphs.
The Deployment Center:
Bu when I click the https://mywebsite.azurewebsites.net, No webpage was found for the web address.
I have Some basic Azure DevOps expierence, but this Azure Portal is something else :)
My basic questions would be:
Why is it not working?
Do I need a second pipeline, only for release? Or can I recycle the build pipeline?
Do I need some kind of deployment slots? Before I select a not-free slot, I want to know if this is necessary
What else could I be missing?
(My Azure resources include a sql-server, a sql-db, the actual appservice & a app service plan)
Thanks!
If you deploy web app to Azure and login https://<app-name>.azurewebsites.net, then the page still shows Microsoft page instead you owner page. You need check the default document, please ensure that the default page is listed in here.
Steps: login azure portal->App Service->configuration->Default documents
In Azure Web Apps, the default document is the web page that is displayed at the root URL for a website. The first matching file in the list is used. Refer File structure on azure to know more about the files and directories on Azure Web App.
Update1
When I go to the azurewebsites.net url I get a 404: No webpage was found for the web address.
Check this doc:
If you receive an HTTP 404 (Not Found) error when you browse to the URL of your custom domain, verify that your domain resolves to your app's IP address by using WhatsmyDNS.net. If not, it might be because of one of the following reasons:
The custom domain configured is missing an A record or a CNAME
record.
The browser client has cached the old IP address of your domain.
Clear the cache, and test DNS resolution again. On a Windows machine,
you clear the cache with ipconfig /flushdns.
Update2
the URL in my appservice is Azure-generated right?
Yes, then app service url is generated by Azure.
With making a new app service and going to the URL I do get a message app service is up and running.Time to take the next step and deploy your code.
And now, we should get this page, we need create new service connection and re-configure build and release pipeline and deploy your app.
Note: We need use the same user account and AAD domain to do this.

Connect to Azure App Service from Azure VM

I am planning on using an outsourcing team for data processing and want to avoid them downloading or storing client data on their local machines. To facilitate this, I want to create an Azure VM in which they can do all their work (msoft office, etc.) and access an ASP MVC app hosted as an app service in Azure. The MVC app is integrated with the corporate AD and for the outsourcing logins I want to see if the request is coming from my VM or the internet (the latter gets denied). So far I have:
Created a ASP MVC5 app and an Azure VM
Connected the two via VPN (point to site)
When I attempt to go to the public URL for the website on the VM, I get the "this page can't be displayed" thing, which leads me to believe I'm on the right track (now I have to update the hostfile of the machine to the private IP of the mvc app service app?). How do I do the following:
Connect to the app service via web browser (this needs to be over the vnet so that I can pick and choose in the app code who can login outside the network)
Get the network ip of the app service so I can update the VM hostfile
Am I on the right track here? Thanks in advance!
Your understanding of Azure App service is not accurate. Azure App service cannot be accessed via a private IP. They already sit inside a private vnet. They can be only accessed via public hostname with a common DNS name (azurewebsites.net)
Your scenario requires the Azure Web app and the VM to reside in the same VNET, which is not possible. There is another offering called ILB ASE, which allows you to do this. But it's a more elaborate setup. See this for more information: Using ILB with AN ASE
In your scenario you can restrict access to the web app via IP Restrictions module. See this article: IP & Domain Restrictions in Azure App Service
I understand this not the solution u wanted. What you want can be achieved via ILB ASE, but that is an expensive and elaborate set-up.
HTH
you may want to try using cloud service, though MS recommends App Service, you requirement doesn't fit into App service..
Official documentation from MS: https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks-common
Block a specific IP address
You can restrict an Azure web role access to a set of specified IP addresses by modifying your IIS web.config file. You also need to use a command file which unlocks the ipSecurity section of the ApplicationHost.config file.

Azure Traffic Manager not working for Web Apps at Standard S1: Small plan

I was doing some experiments with the Traffic Manager (new azure portal). I configured a new Azure Traffic Manager and added two Azure WebApp endpoints.
But when trying to browse Traffic Manager endpoint I am getting
This site can’t be reached, niktm.trafficmanager.net’s server DNS address could not be found.
The Status' of the TM endpoint are "Enabled" and both the Web apps are up and running. Also, the Azure Traffic Manager Monitoring status is Online.
I did this few times and still getting the same result. Am I missing something?
Another reason why Azure Traffic Manager could not working with Azure App Service (Web App) is because you are using Basic service-tier, which doesn't support Traffic Manager feature. As a result, a Traffic Manger Profile has the Inactive status and Stopped for Endpoint monitor status.
This site can’t be reached, niktm.trafficmanager.net’s server DNS address could not be found.
If I do not add any endpoints in my traffic manager, Monitor status is Inactive.
To verify DNS propagation using http://digwebinterface.com/, I could find similar result as yours niktm.trafficmanager.net.
And if I browse to {my traffic manager name}.trafficmanager.net, I could see same error message in browser.
If I add available endpoints for traffic manager, I will see Dig result like below, and I could browse to {my traffic manager name}.trafficmanager.net.
I suspect that your endpoints do not really add to traffic manager even though Azure portal shows they are enabled and online. You could try to create a new traffic manager and add endpoints to check if it will work fine, if Azure traffic manager still/always not work fine in your subscription, you may need to create a support ticket to fix this issue.

Azure Traffic Manager routing to Azure Website configured as External Endpoint

Here's what I did,
Created an Azure Website (http://myapp1.azurewebsites.net) in Standard tier
Configured Azure Traffic Manager and added endpoint as an Azure endpoint. Trafficmanager routes to the website. Nice!
Removed the endpoint and and added endpoint as an External endpoint. Trafficmanager routes to a 404 page. I provided the FQDN (Fully Qualified domain name) as myapp1.azurewebsites.net.
What is wrong with it? Doesn't Azure allow to have .azurewebsites.net sites to define as endpoint urls?
Endpoint details,
Status - Enabled
Monitor Status - Degraded
Type - External Endpoint
Complete error page details,
Error 404 - Web app not found.
The web app you have attempted to reach is not available in this Microsoft Azure App Service region. This could be due to one of several reasons:
1. The web app owner has registered a custom domain to point to the Microsoft Azure App Service, but has not yet configured Azure to recognize it. Click here to read more.
2. The web app owner has moved the web app to a different region, but the DNS cache is still directing to the old IP Address that was used in the previous region. Click here to read more.
When using a web site, the web site needs to know what domain name to expect in the 'host' header of the DNS request. This is the domain name the user types into their browser.
When you add a web site as an endpoint in Traffic Manager, the Traffic Manager domain name (e.g. mysite.trafficmanager.net) is automatically added as a custom domain name in your web site. And when you remove the web site endpoint, it is removed once again.
However, if you use the external endpoint type, this does not happen. Because the web site does not recognize the domain name in the host header, a 404 error is returned.
To make this work, you will need to put a vanity domain name in front of Traffic Manager using a CNAME, register the vanity domain name in your web site, and use the vanity domain name from your browser. (You cannot manually add the Traffic Manager domain name to the web site since you cannot complete the proof-of-ownership validation which web sites demand.)
External endpoint needs to be outside Azure website.

ACL rule for website access

Good evening,
I currently have deployed a VPN in azure, in this network I have added a cloud service and have also granted access to an azure website, so far so good.
Now I want the cloud service to be available only to the nodes of my VPN, especially the azure website. In order to achieve this I have created some ACLs which grant access to every node of my subnet i.e,
<Rule action="permit" description="test2" order="200" remoteSubnet="172.16.0.0/27" />
However, once the ACL Rule is enforced, the website has no access to the cloud service and therefor a timeout exception is thrown. Am I doing something wrong or the only way to achieve this is to deploy both of my projects on cloud services instead of a website and a cloud service? It is vital for this project that the cloud service is only available locally.
Thanks in advance
You can't currently restrict Azure Websites to only be accessible via a private VNet and as you suggested you will need to use either Web Role (Cloud Service) or a VM.

Resources