How to attach Public Static IP to Azure App Service

Question

There are 100 external domains are pointing to my existing application. We're planning to migrate to Azure App service. In this case, we have to request all domain users to point to our new app service. It involved lot of coordination and takes time.

In future(may after 2 years), we've a plan to deploy solution to another app service or azure VM, then we've to repeat the same process of requesting external domain owner to point to new deployment environment.

Currently we're thinking below two solutions. Could you please suggest on those.

• First, create a public static IP address, and request all external domains to point to this IP address.

Solution 1:

• Attach this IP address to Azure VM which is very lower capacity and use this server as redirecting url where ever you deploy the solution, it may be Azure app service.

Solution 2:

• Is it possible to attach public static IP address to Azure app service? I know app service is not an IaaS service to control on infrastructure. I went through some of article to set static IP address to app service. But that is different that what I required.

Please also suggest if you've any other better solution.

Regards, Venkat

Answer 1

There's a REALLY EASY way to do this. Just add a custom domain with IP-based binding. After you do this, the inbound IP changes from the original shared IP, to a new IP specific to your webapp. The website's default domain changes as well. But after that, you've got a static IP.

Answer 2

I did it like this:

1. Create a Virtual Network
2. Create NAT Gateway
3. Create Public IP Create
4. SubNets for each App
5. Attach SubNets to VN
6. Use NAT In SubNets
7. Enable vnetRouteAllEnabled for each App

Bicep for the network part:

param location string = resourceGroup().location
var appOne = 'app-one'
var appTwo = 'app-two'

resource publicIp 'Microsoft.Network/publicIPAddresses@2021-05-01' = {
  name: 'public-ip-name'
  location: location
  sku: {
    name: 'Standard'
  }
  properties: {
    publicIPAddressVersion: 'IPv4'
    publicIPAllocationMethod: 'Static'
    idleTimeoutInMinutes: 4
  }
}

resource natgateway 'Microsoft.Network/natGateways@2021-05-01' = {
  name: 'natgateway-name'
  location: location
  sku: {
    name: 'Standard'
  }
  properties: {
    idleTimeoutInMinutes: 4
    publicIpAddresses: [
      {
        id: publicIp.id
      }
    ]
  }
}

resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = {
  name: 'virtualNetwork'
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        '192.168.0.0/16'
      ]
    }
    subnets: [
      {
        name: 'subnet-for-${appOne}'
        properties: {
          addressPrefix: '192.168.0.0/24'
          natGateway: {
            id: natgateway.id
          }
          delegations: [
            {
              name: 'delegation'
              properties: {
                serviceName: 'Microsoft.Web/serverfarms'
              }
            }
          ]
        }
      }
      {
        name: 'subnet-for-${appTwo}'
        properties: {
          addressPrefix: '192.168.1.0/24'
          natGateway: {
            id: natgateway.id
          }
          delegations: [
            {
              name: 'delegation'
              properties: {
                serviceName: 'Microsoft.Web/serverfarms'
              }
            }
          ]
        }
      }
    ]
  }
}

resource prodcutsToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = {
  name: '${appOne}/virtualNetwork'
  properties: {
    subnetResourceId: virtualNetwork.properties.subnets[0].id
    swiftSupported: true
  }
}
resource webhooksToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = {
  name: '${appTwo}/virtualNetwork'
  properties: {
    subnetResourceId: virtualNetwork.properties.subnets[1].id
    swiftSupported: true
  }
}

Answer 3

Nancy, thanks for your suggestion. It helps me to finalize solution.

Three solutions we identified for this scenario. We chose 3rd solution.

1. Use static IP for azure app service and wanted to migrate after a year or two you would have to inform every external domain owner to change their endpoint to a different environment. https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-custom-domain-name-portal#understand-cname-and-a-records

2. A CNAME may be a better alternative since it maps to a specific domain and will resolve to the ip address of your app automatically so if your cloud services changes you will not have to take any action.

3. Create a public static IP address, request every external domain owners to point to this IP address. Next, create a Azure VM with low capacity (B1ms) and attach the public static IP address to this VM. Then use this VM as reverse proxy, currently it may point to existing Azure app service, in future, wherever new environment will be, I will redirect to that environment. In future, public static IP address can also attach to load balancer or any other azure VM.

Answer 4

For solution1, It's easy to set the static public IP for an Azure VM. But it might lack redundancy. All of the services rely on the only one Azure VM.

I will suggest Solution2, Azure app services run in the same App service plan which shared the compute resources and VM instances are available to you for scale-out. You can flexibly adjust the app service plan according to your need. Generally, the Azure web app service IP addresses change when you perform one of the following actions:

Delete an app and recreate it in a different resource group. Delete the last app in a resource group and region combination and recreate it. Delete an existing SSL binding, such as during certificate renewal (see Renew certificates).

The Azure web app service IP address does not change, this looks like "static" unless you do the above actions and change to a free tier. Sometimes, if you want a dedicated, static IP address for your app. You need to configure an IP-based SSL binding.

Ref: How to get a static IP address for your Windows App Service Web App