How to integrate a application gateway with static webapp as frontend and appservice as backend

Question

It is regrading a production set up on how to integrate a application gateway with a public ip, On hitting the public ip the frontend static webapp will be shown and in backend we have private endpoints through which we integrate that with a private endpoint,

How to do the configuration, do we need to set up the nsg rules for the same??

Answer 1

Hi @Ashvini Vijaya Kumar (G10X, IND),

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

• Create a new Application Gateway. Choose the appropriate tier (Standard V2 or WAF V2 for web application firewall capabilities). For your reference: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/configure-public-ip-application-gateway
• Select Public for the Frontend IP address type, either create a new public IP address or use an existing one. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-frontend-ip#:~:text=For%20a%20public%20IP%20address%2C%20you%20can%20create%20a%20new%20public%20IP%20address%20or%20use%20an%20existing%20public%20IP%20in%20the%20same%20location%20as%20the%20application%20gateway
• Create a backend pool and add the private endpoints of your backend web app to this pool.
• Create private endpoints for your backend web app in the same virtual network as your Application Gateway. This ensures communication between the Application Gateway and your web app stays within your private network.
• Configure your DNS settings (In your Vnet or using a private DNS zone) to resolve the private endpoints to the internal IP addresses of your backend web app.  For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works
• Create a listener on your Application Gateway. This listener will listen for incoming traffic on a specific port. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-listeners
• Create a routing rule that directs traffic from the listener to your backend pool. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-request-routing-rules#associated-listener
• The subnet where your Application Gateway resides will have an NSG associated with it. You'll need to add rules to allow incoming traffic on port 80 (or 443 if you're using HTTPS) from the internet. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure
• The subnet where your backend web app with private endpoints resides should have an NSG that allows traffic from the Application Gateway subnet.
• If you're using HTTPS, you'll need to configure SSL certificates on your Application Gateway. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal#before-you-begin:~:text=To%20configure%20end%2Dto%2Dend%20TLS%20with%20an%20application%20gateway%2C%20you%20need%20a%20certificate%20for%20the%20gateway.%20Certificates%20are%20also%20required%20for%20the%20backend%20servers.
• Configure your public DNS records to point to the public IP address of your Application Gateway. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-frontend-ip#:~:text=You%20must%20manually%20configure%20using%20your%20domain%20name%20by%20mapping%20its%20DNS%20record%20to%20the%20gateway%27s%20IP%20address.
• Set up health probes on your Application Gateway to monitor the health of your backend web app instances. For your reference: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-probe-overview
• Consider enabling autoscaling for your Application Gateway to handle fluctuations in traffic.

Note: If you encounter a "Bad request" error when trying to access the URL mentioned above, kindly copy the URL manually and paste it into a new tab.

Kindly let us know if the above helps or you need further assistance on this issue.

Thanks,

Sai.