I have an Azure Web App for Linux Container with PHP Web Application deployed as a single Container. This Azure Web App is running with minimum of two of instance and is setup to auto scale. This Web Application uses sticky session. Does the Azure Web App for Linux Container supports it? Is there any way I can set it up in Azure Web App for Linux Container?
Of course, the Azure Web App for Linux Container supports the sticky session. But in the Web App, it calls ARR affinity, if you need the sticky session, just enable it. In addition, it's enabled in default. You can take look at the document here. You can enable it if it was disabled:
Related
I have a web application running in a docker container. I need to let only the users authenticated with Microsoft SSO (only the users in my AzureAD tenant). The web application is written in Spark Java and trying to change the existing basic authentication to Azure with MSAL4j is proving to be time consuming and difficult.
Is there a way to authenticate all users with SSO externally to the container without having to change my application?
I saw an Azure NGINX solution on NGINX site but it seemed to not have a free version. Anything I can use out of the box or develop?
TIA!
There is no way to authenticate all users with SSO externally to the container without having to change your application. You would need to change your application code and add the Azure Authentication manually.
I am in the process of evaluating moving a very large Azure Cloud Service (Web Role) microservice architecture to AKS and have been working through the necessary code and build changes to support it.
In order to replicate the production environment locally for the developers, we run nginx on the host with SSL offloading and DNS (hosted in Azure) A records pointing to 127.0.0.1. When running in the Azure Emulator, the net affect is the ability for both the developer to visit the various web front ends in their browser (i.e. https://myapp.mydomain.dev) as well as hit the various API's in the solution (Web API 2) in Postman/cURL, etc.
Additionally due to how the networking of the Azure Emulator works, the apps themselves can resolve each other through nginx on the host (i.e. MVC app at https://myapp.mydomain.dev can obtain a token from the IdP web API at https://identity.mydomain.dev and then use that token at the API at https://api.mydomain.dev). This is the critical piece and the source of my question.
All attempts at getting the containers themselves to resolve each other the same way the host OS can (browser/Postman, SSL offloading via nginx) have failed. Many of the instructions out there are understandably for linux containers but having adapted the various networking docker-compose settings for the windows container equivalent have not yet yielded an success. In order to keep the development environments aligned with the real work systems, which are tenantized and make sure of the default mapping in nginx to catch all incoming traffic and route it to a specific user facing app/container, it is not as simple as determining a "static" method of addressing these on startup and why the effort was put in to produce the development environments we have today.
Right now when one service (container) attempts to communication with another, it ultimately results in a resolution error as all requests resolve to https://127.0.0.1 due to the DNS A records hosted in Azure for the domain. Since this migration will be a longer term project, the environments need to co-exist so changing the way that DNS is resolved (real DNS A records pointing to 127.0.0.1), host running nginx and handling SSL offloading to the various webroles normally running in the Azure Emulator is not an option.
Is there a way (with Windows containers) to either:
Allow the container to utilize nginx on the host OS transparently (app must still call the API at https://api.mydomain.dev), which will cause the traffic to be routed properly to the correct container/port defined in the docker-compose file?
OR
Run nginx on each container, allowing each container to then resolve and route appropriately without knowing the IP of the other container, possibly through an alias which could be added to the containers nginx.conf before the service starts?
The platform utilizes OAuth2/OIDC and it is critical to maintain the full URL to the other services from the applications perspective. Beyond mirroring production and sandbox environments, this URL's are utilized for redirect URL and post logout redirect URL validation among other things so using "https://myContainerNameForOtherContainerAlias" is not a workable solution.
Will I have the same problem when setting up the AKS environment as well?
I can create an FTP-server using docker according to this.
I wonder whether it works in the azure web app for containers.
If the answer is yes, how could make it works?
By the way, I've tried it, according to the steps from the link, I have to create users. but I don't know how to connect the container's linuxOS.
Generally, the FTP server should need to open multiple ports as the document you provided shows. But Azure Web App service only can open 80 and 443 port. And you would not be a whole controller for it. So, if you want to deploy an FTP server, the Azure Web App service is not a good choice. Even if it can run the FTP image. And the VM is recommended.
By the way, if you want to connect to the container's LinuxOS of Web App, you need to enable the SSH feature in the image before you deploy it into the Web App. You can follow the steps about How to enable the SSH in the Web App.
Is there a way to deploy a containerized say .net core web app to IIS on a web server and use things like docker swarm and a virtual load balancer.
Am I looking at this all wrong? Would IIS even factor here?
If you want to go down this path, IIS does run in a (Windows) container, however most web apps I’ve seen uses Kestrel as the application web server (I.e. the default netcore images) and some kind of reverse proxy in front (Nginx, HAproxy) to handle things like load balancing, SSL termination and serving of static content.
I think the use case for IIS (though I haven’t used it so I may be wrong here) is to serve legacy ASP.net applications in a containerized environment.
See:
https://hub.docker.com/r/microsoft/iis/
I am using the Offline Sync feature of Azure Mobile Apps and it is working as expected.
I am also running a Service Fabric cluster on Azure for other services.
Is there anything that would prevent me technically or legally from running the Azure Mobile App on Service Fabric? (As opposed to running Azure Moble App on Azure Mobile App host on Azure).
Azure Mobile Apps uses three things:
Offline sync with a SQL Azure instance backend - fully supported on whatever container you choose
Push Registrations connected via App Service Push - will not be supported outside of Azure App Service
Authentication via server-flow or client-flow - will not be supported outside of Azure App Service
You don't have a problem legally - Azure Mobile Apps is an open-source project licensed under a OSS friendly license. However, Auth and Push are going to be issues if you use them.