CODEWITHSUNDEEP
azure
yesman
yesman

Reputation: 7829

How do I secure traffic between my VM and Application Gateway?

I have a pretty simple setup with an Application Gateway (AG), that sends traffic to a virtual machine running Ubuntu. The AG is loaded with an SSL certificate. The VM is set up to only allow incoming traffic from the AG, but it's an HTTP connection. This works, but I want to secure the traffic between my VM and AG. I can't find any relevant settings or documentation for this however.

How do I encrypt traffic between an Application Gateway and Virtual Machine? I considered a private link to at least force traffic over the Azure network, but private links only support PaaS products, where a VM is IaaS.

Upvotes: 0

Views: 594

Answers (2)

silent
silent

Reputation: 16108

I assume your use the private IP of your VM in the backend settings of your Application Gateway. If so, this means that the traffic stays within your VNET and thus on the Microsoft network and also within the same region. You do not not need something like Private Link here.

So the only thing you could potentially do is to SSL-enable the endpoint on the VM and use an encrypted HTTPS connection between AppGW and your VM.

Upvotes: 1

JArgente
JArgente

Reputation: 2297

you have to do the same thing as with the api-gateway, load a certificate into de service deployed in the virtual machine and expose the API of this service using SSL protocol so the communication will be encrypted using that certificate.

The way to do it is different depending on which technology you are using to deploy your service. For example, if you are using spring-boot you can see how to do it here https://www.baeldung.com/spring-boot-https-self-signed-certificate

However, you can use mutual-tls if you want that the only service that could connect to your VM's deployed service is the AG.

https://developers.cloudflare.com/access/service-auth/mtls

Upvotes: 1

Related Questions