I am new to the Azure platform so hopefully this is an easy question:
I am currently setting up a Sharepoint web farm through Azure. My current architecture looks like this:
A WIN2008 VM serving as my Domain Controller. I have the domain setup and AD running
A WIN2008 VM SQL2012 serving as my db server
A WIN2008 VM serving as my sharepoint web server.
All of the VMs belong to the domain.
I have sharepoint up and running on the sharepoint web server and I can access the sharepoint sites using //localhost. However, I cannot access the sites from an external computer (port 80). I cannot ping it with the IP Address or the *.cloudapp.net address. I have already ensured the firewall ports for 80 are open for all profiles. I have also setup an endpoint for port 80 on the sharepoint VM.
Any thoughts? I appreciate your help in advance.
To elaborate on the endpoint reference above:
There is a configuration page in the Azure portal that you need to check out to ensure that the proper ports are open AS WELL AS the ones on the Endpoints page for your windows VM. I assume the same would apply for other hosted OS VMs like Linux, etc.
When I came across the Endpoints tab for the VM in question on the Azure portal I noticed that there were RDP and PowerShell ports listed but no HTTP. After adding that I found that I could hit my IIS server on the VM. In a nutshell its like there are two firewalls, the one on your server and one on the Azure portal.
I believe that Azure will block ping requests
http://social.msdn.microsoft.com/Forums/en-US/windowsazuredevelopment/thread/7ce4e4c5-c714-492f-8cd6-424c01552195
Looks like you have an answer, but of note is that you have to set up endpoints for anything that you want to hit.
Related
I have an Azure virtual machine, on which a process listens on a certain port. A Node.js application on my local computer is able to connect to this process using the VM's public IP address. But the same Node.js application, deployed as an app service on Azure, is apparently not able to connect using any IP address, despite the fact that the VM allows all incoming traffic on all ports.
(Details: The VM process is running "q" (kdb+), and the Node.js application is using the "node-q" package to connect to it. Both the Azure VM and the Azure app service are Linux, but the local version of the app service is on Windows. The Azure app service is able to connect to my Azure SQL database.)
Any insights into this problem would be appreciated.
There are many reasons for Bad gateway error, probably you could verify these factors on your side:
Azure VM side. Make sure the Azure VM is running and the process port is listening when you request a connection from an application. You could run sudo netstat -plnt on Linux VM to check the listening ports. Or, a server can crash if it has exhausted its memory, due to a multitude of visitors on site or a DDOS attack.
Firewall blocks a request. You should allow all incoming traffic or Azure web app service outbound traffic on this listening port on the VM. In this scenario, you could verify the Network Security Group configuration for the VM and firewall inside the VM if you have. You could find NSG settings by clicking Virtual machine--Settings---Networking---inbound port rules on the Azure portal.
Faulty programming. It seems the Node.js application could work locally.
Temporary issue. Sometimes, there is no real issue but your browser thinks there is one thanks to an issue with your browser, a problem with your networking equipment, or some other reasons. You could refresh your web browser or clear cache and cookies to get the page back what you are looking for. More details you can refer to fixing 502 error.
If you still have any question, feel free to let me know.
It was faulty deployment. I didn't include all dependencies in the upload to Azure. Thank you.
I am new to Azure and got confused with my setting.
I've created a VM, and I can see I have the below:
Both are pointing to the same app with the same IP.
I have connected to the machine using RDP, set the IIS correctly and deployed my WebAPI. When tested locally all seems to be fine.
However, the site isn't reachable externally, neither with the CloudApp domain (nmsw10services.cloudapp.net) nor my own domain which is pointing to the same IP.
Can someone please point what I'm doing wrong in here?
Any help is much appreciated.
Thanks
You need add endpoints for your web app.
By default, when you create a classic VM, it will create an endpoint for RDP (port 3389). You also need add your endpoints according to your app.
More information about endpoints please refer to this article.
I have an Azure Website and it is required to consume an elastic search service that's running on a VM.
Although I need to be able to lock the access to elastic search down so only the Azure Website can access it, I can't seem to work out how to do this using the endpoint configuration on the VM.
Am I looking in the wrong place?
Thanks
Carl
You will need to setup a Hybrid Connection between your Web Site and the VM:
Hybrid Connections create a safe tunnel between your Web Site and a VM for example. The screenshot shows the integration between a Web Site and the corporate network, but this also works for VMs running in Azure.
The only requirement is that you install the Hybrid Connection Manager on your VM. More information:
http://azure.microsoft.com/en-us/documentation/articles/integration-hybrid-connection-overview/
I'm new to Azure and have set up an Asure web site which will connect to a SOLR instance on an Azure VM. The web site cannot communicate with SOLR (port 8080) unless I create an endpoint. In order to create an endpoint I need to provide an internal and external port, however I do not want to allow external/remote access to SOLR, other than from the web site itself. Can anyone tell me how I should allow the web site to communicate with my VM, without making the VM publicly accessible?
Thank you,
JP
As #hhaggan stated, you cannot create a virtual network connection, or secure an endpoint, from Web Sites to a Virtual Machine. One option to consider is the use of SSL+certificate to secure the endpoint.
If you instead deploy your web application to a web role (in a cloud service) or a virtual machine, you can then take advantage of a brand new feature called Endpoint ACL. In essence, you can whitelist / blacklist a set of IP address ranges that may access your SOLR external endpoint. You can read about ACL'd endpoints, and how to configure them, here.
Now: You might be asking yourself why this doesn't work with Web Sites. That's because Web Sites runs on a server farm, and sites don't get unique IP addresses (unlike Cloud Services).
if you are talking about Windows Azure Websites, I am not sure if this can be done but if you are talking about Web roles in Windows Azure Cloud service, here is something that I hope it can be beneficial.
Connect ASP.NET application to SQL Server in Windows Azure via Virtual Network http://msdn.microsoft.com/en-us/library/windowsazure/jj823135.aspx
you might also would like to have a look on this http://www.windowsazure.com/en-us/services/virtual-network/ I don't think you will need it but I am just sharing it with you, it is for WIndows Azure Virtual Network.
let me know if this solved your problems or if you need anything else.
I am trying lock down a virtual machine that acts as an app server for a web application. I have a two VM's: One for the app server and another one running the web server. I have to open a ton of ports to allow the web server talk to some wcf services, but I only want to allow those connections from the web server and no one outside of that network. I have to add endpoints in order for the web server to access the wcf services, but this also makes them accesible to the public IP. How can I only allow this traffic on the
For Virtual Machines, the only way of accessing ports from outside the hosted service is by defining input endpoints (with or without load-balancing across a set of machines). In your case, you'd just open, say, 80 and 443, specifically for your web server (e.g. not load-balanced). This is considered a port-forwarded endpoint since traffic on these two ports get forwarded directly to your web server. For more clarity around port-forwarded endpoints, I suggest Michael Washam's blog post, here.
At this point, you'd open various other ports on your app server (through its firewall config), and now your web server can talk to the app server, yet the outside world won't be able to reach the app server. Note: I'm assuming you placed your web server and app server in the same hosted service. Otherwise, you'd need to find a different way to connect between web and app servers, such as configuring a Virtual Network.
EDIT 6/5/2013 You can now enable ACLs on input endpoints, allowing (or blocking) IP ranges. Today ACLs may only be managed through PowerShell, with the June 2013 update. See this post to learn more.
Machines that exist on the same virtual network will be able to talk to each other as long as the local firewall has been opened to those ports. This problem was with my configuration in my application and not because of this. I also didn't have the correct ports open. Now it works like a charm.