Reputation: 540
Azure Web App Service: IIS Reverse proxy possible?
Is it possible to run a reverse proxy on IIS for Azure App Service?
I'd like to reverse proxy socket.io port 3000 to port 443 for https.
Upvotes: 5
Views: 5965
Answers (2)
Reputation: 41
TL;DR;
- Any site hosted in Azure Web Sites has URL Rewrite and ARR installed but disabled
- There are some specifics settings in web.config and applicationHost.xdt that needs to be applied to make it work
Update Jun-29-2023
According to Zaid Safadi, it is possible to use a regular Azure Web App (no need for ASE as described below) to configure a reverse proxy using URL Rewrite module and ARR.
The recommended Article from Ruslan with the title Using Azure Web Site as a reverse proxy says that "Any site hosted in Azure Web Sites has URL Rewrite and ARR installed. However, the proxy functionality is disabled by default in ARR. To enable that we will use the Azure Site Extension XDT transform which will modify the applicationHost.config file for our site and will enable proxy features."
The xdt transform file content to enable proxy:
<!--?xml version="1.0"?-->
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
</system.webServer>
</configuration>
A detailed step by step
A detailed step by step can be found in an article written by Edi Wang, where he states the following steps at Microsft Azure:
- Create a web.config file under wwwroot folder
web.config example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="996" stopProcessing="false">
<match url="996(.*)" />
<action type="Rewrite" url="https://996.icu/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
<rule name="996js" stopProcessing="false">
<match url="js/(.*)" />
<action type="Rewrite" url="https://996.icu/js/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="strict-transport-security" value="max-age=15552001; includeSubDomains; preload" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
It still won't work at Azure Server, it will show a 404 HTTP error because Azure App Service doesn't by default enable the ARR module although it is preinstalled
To enable ARR on Azure App Service, you need to create an xdt file and upload it to your site directory.
Go to Advanced Tools on your website's management blade.
Go to Debug console, CMD, or PowerShell
Enter site directory
Click + New file
Enter the magic filename applicationHost.xdt and click the pen icon for editing its content
Copy and paste the xdt transform file (Which is the same from Ruslan Article)
The xdt transform file content to enable proxy:
<!--?xml version="1.0"?-->
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
</system.webServer>
</configuration>
- Go back to Azure App Service and restart your website
- The ARR will be enabled after the website restarts, and the reverse proxy will work as expected
Also, Edi Wang made a video applying this setting step by step.
The DevCentral article recommended by Zaid Safadi, seems to be outdated now.
Upvotes: 0
Reputation: 709
--- Update Aug-24-2016
You can use a regular Azure Web App (no need for ASE as described below) to configure a reverse proxy using URL Rewrite module and ARR: http://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
However, I'm not sure yet how you are planning to open the port 3000 for your application on Azure Web App as Web Apps doesn't support non standard ports.
You can do this by creating an Azure App Service Environment (ASE), configuring your VNET and deploying your app service to it. This article can help you get started: https://devcentral.f5.com/articles/securing-azure-web-apps-with-the-big-ip
Upvotes: 3
Related Questions
- Reverse proxy in Azure with Web Apps
- Can IIS Express support reverse proxies?
- Can I make the Azure Application Gateway act as a forward proxy?
- how to add forward proxy to azure app service
- Reverse Proxy with Azure Websites
- Azure app service running .net and node/express app
- Access Azure web app through reverse proxy
- IIS reverse proxy not working in Azure Web App
- Host Node.js Socket.io as Azure app
- Reverse Proxy with ARR using Azure platform