Deploying an ILB App Service Environment

Microsoft recently changed the ILB deployment in a big way. You can no longer specify your own domain name for your ILB ASE, you will now be using the appserviceenvironment.net domain by default. The reason for this change is actually a great one. No more having to deal with the ILB Certificate. Yes, by using the default appserviceenvironment.net domain, Microsoft will be taking care of the SSL certificate. 

So let's summarize what changed:

  • ILB ASE now uses the domain appserviceenvironment.net by default
  • appserviceenvironment.net is still not a public domain and you need to take care of the DNS for it
  • No need to provision the ILB Certificate, will be taken care of by Microsoft by default
  • Using Custom Domains on Web Apps inside the ILB ASE will be on per Web App base, just like outside of the ASE. Remember that the DNS for these custom domains is still in your hands and within local DNS inside the VNET
  • KUDU will now only be usable using the appserviceenvironment.net domain, a.k.a webappname.scm.asename.appserviceenvironment.net

So we will be deploying an ILB ASE and do the initial configuration

Let's start!

Table of Contents:

Add a comment

If you want to remove unnecessary headers from a Web App in Azure App Services, here are some things we need to know.

App Services run on a PaaS. This means that not everything can be touched or changed. We will be addressing the Azure App Service (Windows).

In particular:

  • 502, 503 and 403 http statuses are returned from the front-end instances and never reach the worker, which means that we cannot influence the headers there

Removing the X-AspNet-Version header

You can do this by editing the web.config file in KUDU. If you don't have one, just create a web.config file in the wwwroot dir.

This is between the <configuration> </configuration>

<system.web>
    <httpRuntime enableVersionHeader="false" /> <!-- Removes ASP.NET version header. Not needed for Ghost running in iisnode -->
</system.web>

Removing the X-Powered-By: ASP.NET header

Again under <configuration> 

Add a comment

Deploying an ILB ASE + Application Gateway (WAF)

*This method of deploying an ILB ASE is now depricated by Microsoft and is moved to (Classic)* so i have new versions of the deployments:

Deploying ILB ASE (new version) here - https://www.azuretechguy.com/ilb-ase-new

Integrating the App gateway (WAFv2) with the ILB ASE - https://www.azuretechguy.com/ilb-ase-appgw

This lab aims at deploying an ILB ASE from scratch, deploy and configure private DNS to serve the ASE, configuring the VNET, provisioning of the ILB SSL Certificate, creating Web Apps and exposing one of the web apps to the internet by using an Application Gateway in WAF tier.

By doing this you will gain knowledge in ILB ASE, SSL, Domain, private DNS, Application Gateway and WordPress deployment.

Table of Contents:

Summary

This is a serious and big lab so it takes time. Here is what actions we will be doing and ~approx. time

  • Buying free internet domain ~20 min
  • Creating the RG + VNET ~5 min
  • Deploying a VM ~10 min
  • Installing and Configuring private DNS ~20-30 min
  • Deploying ILB ASE ~20 min + 1hour deployment time
  • ILB Certificate ~25 min
  • Post-ASE DNS Configuration ~5-10 min
  • Deploying App Service plan + 1st Web App ~10 min
  • Deploying WordPress site + exploring KUDU ~20min
  • Deploying and Configuring Application Gateway ~1 hour + 30 min deployment time

Total ~ 3h

Add a comment