Is it possible to use Web Deploy (wmsvc) across domains? That is, can I deploy from my dev box/build server in one domain onto a web server in another? I am able to do this inside the same domain so I know that I do have the web deployment service configured properly. However from another domain I can't even get the https://severname.domain.com:8172/msdeploy.axd to challenge for credentials.
The short answer is yes.
WMSVC exposes itself on port 8172, but it uses the https protocol. So long as you have a direct way to get from one network to the other, over that port, it will work.
We run all of our webservers on a DMZ, which is an isolated network with separate DNS, active directory servers, etc. I can directly deploy from my build server (on the *.hq network) to the *.dmz.com server over port 8172.
However, I did have to communicate this requirement to the networking group so that they could allow port 8172 to pass through our firewall. Also, I wasn't able to set up web deploy with automatic Windows Auth because the two networks had different domains and different sets of users.
Related
I have two app services. One for UI and one for web api. I need to create a DNS so that I should be able to access like www.example.com/ui and www.example.com/api. Please let me know anyone how to achieve this without virtual directory concept.
Thanks
You cannot achieve this purely with DNS. DNS knows nothing about routes, only domain names. So www.example.com must resolve to one service, which should be your reverse proxy, maybe Application Gateway?
Here's the tutorial on hosting two apps behind Application Gateway: Tutorial: Create an application gateway that hosts multiple web sites using the Azure CLI.
Multiple-site hosting enables you to configure more than one web site on the same application gateway instance. This feature allows you to configure a more efficient topology for your deployments by adding up to 20 web sites to one application gateway. Each web site can be directed to its own pool. For example, application gateway can serve traffic for contoso.com and fabrikam.com from two server pools called ContosoServerPool and FabrikamServerPool.
I have developed 2 applications in spring boot with embedded tomcat. I have one cloud server (Azure) and i have run both the applications in that server. First app running in port 80 and other one in 81. I have domain name registration in GoDaddy For example First app is www.abc.com and the second one is www.xyz.com. How do i configure in azure console that when request comes from www.abc.com then port 80 should serve the request else request would be served by 81. Please help me out configuring deployment.
You should be able to accomplish this by implementing User Defined Routes
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Additionally, Azure offers Load Balancers and Traffic Mangers that you could implement as well to manage the traffic.
https://azure.microsoft.com/en-us/services/load-balancer/
https://azure.microsoft.com/en-us/services/traffic-manager/
Here´s what we try to do:
We try to run several App Servers with Meteor and Mongo DB Servers on Azure VMs. We have them bundled in one cloud service with Endpoint sets that balance the load.
We setting them up via the Management Console (Ubuntu VMs) and then deploy Meteor and the content via Meteor Up.
Now we want to do HTTPS. Initially we thought that is handled by the LoadBalancer by mapping an external port 443 to the internal port 80 as there are options to upload Certificates.
It seems there is no option to configure that this way except for deployments using Visual Studio (and those seem to have to use at least some Web roles).
Here is where we struggle:
Using HTTPS seems to be tied to deploying an App developed in visual studio and/or on Windows VMs?
That´s the question:
Is it possible to use load balanced HTTPS on szure with Linux VMs?
PS: This is the Article that made me think the Load Balancer might does SSL encryption by itself: https://msdn.microsoft.com/en-us/library/azure/ff795779.aspx
AFAIK, the load balancer of Azure would only spread the traffic to the instances internal endpoint, and do not encrypt the traffic in SSL. (see: https://azure.microsoft.com/en-us/documentation/articles/load-balancer-overview/)
Even for the deployment using Visual Studio, I believe the mechanism behind is also the IIS on each web role encrypting the traffic, but not the load balancer job.
So, you should add SSL on the web server of each VMs such as using nginx.
I have started work on a Windows Azure solution that hosts multiple Web Role projects which talk to each other over HTTP.
When I Debug (F5) my project in Visual Studio two web roles are started on the following IP addresses:
127.0.0.1
127.0.0.2
When I run Fiddler I listen to traffic being sent to 127.0.0.1 by using the built in ipv4.fiddler hook.
How do I listen to the traffic being sent to on 127.0.0.2?
What I would suggest is not to use the ipv4.fiddler at all. Instead, configure you 2 webroles appropriately.
I assume that your web roles communicate over standard HTTP, and I guess you're using standard .NET approaches to communicate. Why not configure these mechanisms to use a proxy, in this case the fiddler proxy. By default this would be 127.0.0.1:8888 This means you will capture the traffic between the 2 roles.
I am trying lock down a virtual machine that acts as an app server for a web application. I have a two VM's: One for the app server and another one running the web server. I have to open a ton of ports to allow the web server talk to some wcf services, but I only want to allow those connections from the web server and no one outside of that network. I have to add endpoints in order for the web server to access the wcf services, but this also makes them accesible to the public IP. How can I only allow this traffic on the
For Virtual Machines, the only way of accessing ports from outside the hosted service is by defining input endpoints (with or without load-balancing across a set of machines). In your case, you'd just open, say, 80 and 443, specifically for your web server (e.g. not load-balanced). This is considered a port-forwarded endpoint since traffic on these two ports get forwarded directly to your web server. For more clarity around port-forwarded endpoints, I suggest Michael Washam's blog post, here.
At this point, you'd open various other ports on your app server (through its firewall config), and now your web server can talk to the app server, yet the outside world won't be able to reach the app server. Note: I'm assuming you placed your web server and app server in the same hosted service. Otherwise, you'd need to find a different way to connect between web and app servers, such as configuring a Virtual Network.
EDIT 6/5/2013 You can now enable ACLs on input endpoints, allowing (or blocking) IP ranges. Today ACLs may only be managed through PowerShell, with the June 2013 update. See this post to learn more.
Machines that exist on the same virtual network will be able to talk to each other as long as the local firewall has been opened to those ports. This problem was with my configuration in my application and not because of this. I also didn't have the correct ports open. Now it works like a charm.