Azure App Service Cheatsheets
Azure App Service Cheatsheets
By Saeed Salehi
7 min read
- Authors
- Name
- Saeed Salehi
- linkedinSaeed Salehi
- twitter@1saeedsalehi
- Github
- github1saeedsalehi
- Website
- websiteBlog
Part of series
Developing Solutions for Microsoft Azure (AZ-204) certification exam Cheatsheets
- Part 1:
Introduction to (AZ-204) certification exam Cheatsheets
- Part 2:
Implement IaaS in Azure Cheatsheets
- Part 3:
Azure Functions Cheatsheets
- Part 4:
Azure App Service Cheatsheets
- Part 5:
Develop solutions that use Blob storage Cheatsheets
- Part 6:
Develop solutions that use Azure Cosmos DB Cheatsheets
- Part 7:
Implement Azure Security Cheatsheet
- Part 8:
Microsoft Identity platform Cheatsheet
- Part 9:
Monitoring And logging in Azure Cheatsheets
- Part 10:
Azure Cache for Redis Cheatsheets
- Part 11:
Develop message-based solutions Cheatsheets
- Part 12:
Develop event-based solutions Cheatsheets
- Part 13:
API Management in Azure Cheatsheets
App Service can also host web apps natively on Linux for supported application stacks.
App Service on Linux limitations:
- App Service on Linux is not supported on Shared pricing tier.
- You can't mix Windows and Linux apps in the same App Service plan.
- you could not mix Windows and Linux apps in the same resource group.
- The Azure portal shows only features that currently work for Linux apps. As features are enabled,
az webapp list-runtimes --os-type linux
App Service plans
Azure Functions also has the option of running in an App Service plan.
Each App Service plan defines:
- Region (West US, East US, etc.)
- Number of VM instances
- Size of VM instances (Small, Medium, Large)
- Pricing tier (Free, Shared, Basic, Standard, Premium, PremiumV2, PremiumV3, Isolated)
pricing tiers:
Shared compute: Both Free and Shared share the resource pools of your apps with the apps of other customers. These tiers allocate CPU quotas. the resources can't scale out.
Dedicated compute: The Basic, Standard, Premium, PremiumV2, and PremiumV3 tiers run apps on dedicated Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the tier, the more VM instances are available to you for scale-out.
Isolated: This tier runs dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.
Consumption: This tier is only available to function apps. It scales the functions dynamically depending on workload.
deployment:
- Automated
- Azure DevOps
- GitHub
- Bitbucket
- Manual
- Git
- CLI
az webapp up
- Zip Deploy
curl
- FTPS/s
Sample reference
- az group create
- az appservice plan create
- az webapp create
- az webapp deployment source / az webapp config container set / ...
Github
az webapp deployment source config --name $webapp --resource-group $resourceGroup --repo-url $gitrepo --branch master --git-token $token
DockerHub
az webapp config container set --docker-custom-image-name $dockerHubContainerPath --name $webApp --resource-group $resourceGroup
Slot
- az group create
- az appservice plan create
- az webapp create
- az webapp deployment slot create
- az webapp deployment source config
- az webapp deployment slot swap
deploy Private Endpoint
- Create a VNet
az network vnet create.
- Configure the Subnet
az network vnet subnet update:
- Create the private endpoint
az network private-endpoint create
- Configure the private zone
az network private-dns zone create
az network private-dns link vnet create
az network private-endpoint dns-zone-group create
authentication and authorization
Identity providers
- Microsoft Identity Platform
- OpenID Connect providers
How It Works:
- Authenticates users with the specified provider
- Validates, stores, and refreshes tokens
- Manages the authenticated session
- Injects identity information into request headers
In Linux and containers the authentication and authorization module runs in a separate container, isolated from your application code. Because it does not run in-process
networking behavior
multitenant public service hosts App Service plans in the Free, Shared, Basic, Standard, Premium, PremiumV2, and PremiumV3 pricing SKUs
single-tenant App Service Environment (ASE) hosts Isolated SKU App Service plans directly in your Azure virtual network
Multi-tenant App Service networking features:
Inbound features:
- App-assigned address
- Access restrictions
- Service endpoints
- Private endpoints
Outbound features:
Hybrid Connections
Gateway-required virtual network integration
Virtual network integration
free and Shared SKU:
- host customer workloads on multitenant workers
- all use the same worker VM typ
Basic and higher plans
- host customer workloads that are dedicated to only one App Service plan
When you change the VM family, you get a different set of outbound addresses
Standard to PremiumV2, your outbound addresses will change PremiumV2 to PremiumV3, your outbound addresses will change
Find outbound IPs
az webapp show \
--resource-group <group_name> \
--name <app_name> \
--query outboundIpAddresses \
--output tsv
Query possibleOutboundIpAddresses
used for find all possible outbound IP addresses ,regardless of pricing tiers
Create the web app
az webapp up -g $resourceGroup -n $appName --html
CORS
az webapp cors add --allowed-origins https://myapps.com --name MyWebApp --resource-group MyResourceGroup --subscription MySubscription
Configure application settings
app settings are variables passed as environment variable
App settings are always encrypted when stored (encrypted-at-rest).
:
should be replaced by __
(double underscore).`
general settings:
- Stack settings: language and SDK versions
- Platform settings
- Bitness: 32 / 64 BIT
- WebSocket Protocol: SignalR or socket.io
- Always On: By default, Always On is not enabled (required for WebJobs)
- Managed pipeline version (IIS Pipeline mode)
- Http Version
- ARR Affinity (ensure that the client is routed to the same instance for the life of the session,can set this option to Off for stateless applications)
- Debugging: This option turns off automatically after 48 hours.
- Incoming client certificates: TLS mutual authentication
path mappings
- Windows apps (un-containerized)
- Customize IIS handler mappings and virtual applications and directories
- Linux and containerized apps
- Azure Storage Mount
diagnostic logging
Type | Platform | Location |
---|---|---|
Application logging | Windows, Linux | App Service file system and/or Azure Storage blobs |
Web server logging | Windows | App Service file system or Azure Storage blobs |
Detailed error logging | Windows | App Service file system |
Failed request tracing | Windows | App Service file system |
Deployment logging | Windows, Linux | App Service file system |
Any information written to files ending in .txt, .log, or .htm that are stored in the /LogFiles
directory (d:/home/logfiles) is streamed by App Service
.
Stream logs live
az webapp log tail --name appname --resource-group myResourceGroup
security certificates
options you have for adding certificates in App Service:
- Create a free App Service managed certificate
- Purchase an App Service certificate
- Import a certificate from Key Vault
- Upload a private certificate
- Upload a public certificate
Private certificate requirements:
- Exported as a password-protected PFX file, encrypted using triple DES.
- Contains private key at least 2048 bits long
- Contains all intermediate certificates in the certificate chain
free managed certificate:
your App Service plan must be in the Basic, Standard, Premium, or Isolated tier. Custom SSL is not supported in the F1 or D1 tier.
Free certificate limitations:
- Does not support wildcard certificates.
- Does not support usage as a client certificate by certificate thumbprint.
- Is not exportable.
- Is not supported on App Service Environment (ASE).
- Is not supported with root domains that are integrated with Traffic Manager.
- If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to
<app-name>
.azurewebsites.net.
Autoscale
Autoscaling can be triggered according to a schedule, or by assessing whether the system is running short on resources
only changes the number of web servers.
Autoscale conditions
Scale based on a metric (across all instances)
- CPU Percentage
- Memory Percentage
- Disk Queue Length
- Http Queue Length (HTTP 408 - Timeout)
- Data In (bytes received)
- Data Out (bytes sent)
- can also scale based on metrics for other Azure services
Scale to a specific instance count according to a schedule
scale-out or scale-in
A scale-out action increases the number of instances scale-in action reduces the instance count
cool down period , threshold , avoid "flapping"
Not all pricing tiers support autoscaling. The development pricing tiers are either limited to a single instance (the F1 and D1 tiers), or they only provide manual scaling (the B1 tier). If you've selected one of these tiers, you must first scale up to the S1 or any of the P level production tiers.
Autoscale supported on pricing tiers:
- Standard
- Premium
- Isolated
Deployment Slots
Standard tier supports only five deployment slots.
Steps to ensure target slot doesn't experience downtime:
- Apply the settings from the target slot to all instances of the source slot (Any of these cases trigger all instances in the source slot to restart)
- Slot-specific app settings and connection strings, if applicable.
- Continuous deployment settings
- App Service authentication settings, if enabled
- Wait for every instance in the source slot to complete its restart.
- If local cache is enabled, trigger local cache initialization by making an HTTP request to the application root ("/") on each instance of the source slot.
- If auto swap is enabled with custom warm-up, trigger Application Initiation by making an HTTP request to the application root ("/") on each instance of the source slot.
- swap the two slots by switching the routing rules for the two slots.
Settings that are swapped:
- General settings
- App settings
- Connection strings
- Handler mappings
- Public certificates
- WebJobs content
Settings that aren't swapped:
- Publishing endpoints
- Custom domain names
- Non-public certificates and TLS/SSL settings
- Scale settings
- WebJobs schedulers
- IP restrictions
- Always On
- Diagnostic log settings
- Cross-origin resource sharing (CORS)
To make swappable setting of specific slot: set WEBSITE_OVERRIDE_PRESERVE_DEFAULT_STICKY_SLOT_SETTINGS
to 0 / false
custom warm-up
applicationInitialization
in `Web.Config
<system.webServer>
<applicationInitialization>
<add initializationPage="/" hostName="[app hostname]" />
<add initializationPage="/Home/About" hostName="[app hostname]" />
</applicationInitialization>
</system.webServer>
Route production
Traffic %
x-ms-routing-name
Cookie will be set / query string
By default, new slots are given a routing rule of 0%
Upcoming events
Coven of Wisdom - Herentals - Winter `24 edition
Worstelen jij en je team met automated testing en performance? Kom naar onze meetup waar ervaren sprekers hun inzichten en ervaringen delen over het bouwen van robuuste en efficiënte applicaties. Schrijf je in voor een avond vol kennis, heerlijk eten en een mix van creativiteit en technologie! 🚀 18:00 – 🚪 Deuren open 18:15 – 🍕 Food & drinks 19:00 – 📢 Talk 1 20:00 – 🍹 Kleine pauze 20:15 – 📢 Talk 2 21:00 – 🙋♀️ Drinks 22:00 – 🍻 Tot de volgende keer? Tijdens deze meetup gaan we dieper in op automated testing en performance. Onze sprekers delen heel wat praktische inzichten en ervaringen. Ze vertellen je hoe je effectieve geautomatiseerde tests kunt schrijven en onderhouden, en hoe je de prestaties van je applicatie kunt optimaliseren. Houd onze updates in de gaten voor meer informatie over de sprekers en hun specifieke onderwerpen. Over iO Wij zijn iO: een groeiend team van experts die end-to-end-diensten aanbieden voor communicatie en digitale transformatie. We denken groot en werken lokaal. Aan strategie, creatie, content, marketing en technologie. In nauwe samenwerking met onze klanten om hun merken te versterken, hun digitale systemen te verbeteren en hun toekomstbestendige groei veilig te stellen. We helpen klanten niet alleen hun zakelijke doelen te bereiken. Samen verkennen en benutten we de eindeloze mogelijkheden die markten in constante verandering bieden. De springplank voor die visie is talent. Onze campus is onze broedplaats voor innovatie, die een omgeving creëert die talent de ruimte en stimulans geeft die het nodig heeft om te ontkiemen, te ontwikkelen en te floreren. Want werken aan de infinite opportunities van morgen, dat doen we vandaag.
| Coven of Wisdom Herentals
Go to page for Coven of Wisdom - Herentals - Winter `24 editionMastering Event-Driven Design
PLEASE RSVP SO THAT WE KNOW HOW MUCH FOOD WE WILL NEED Are you and your team struggling with event-driven microservices? Join us for a meetup with Mehmet Akif Tütüncü, a senior software engineer, who has given multiple great talks so far and Allard Buijze founder of CTO and founder of AxonIQ, who built the fundaments of the Axon Framework. RSVP for an evening of learning, delicious food, and the fusion of creativity and tech! 🚀 18:00 – 🚪 Doors open to the public 18:15 – 🍕 Let’s eat 19:00 – 📢 Getting Your Axe On Event Sourcing with Axon Framework 20:00 – 🍹 Small break 20:15 – 📢 Event-Driven Microservices - Beyond the Fairy Tale 21:00 – 🙋♀️ drinks 22:00 – 🍻 See you next time? Details: Getting Your Axe On - Event Sourcing with Axon Framework In this presentation, we will explore the basics of event-driven architecture using Axon Framework. We'll start by explaining key concepts such as Event Sourcing and Command Query Responsibility Segregation (CQRS), and how they can improve the scalability and maintainability of modern applications. You will learn what Axon Framework is, how it simplifies implementing these patterns, and see hands-on examples of setting up a project with Axon Framework and Spring Boot. Whether you are new to these concepts or looking to understand them more, this session will provide practical insights and tools to help you build resilient and efficient applications. Event-Driven Microservices - Beyond the Fairy Tale Our applications need to be faster, better, bigger, smarter, and more enjoyable to meet our demanding end-users needs. In recent years, the way we build, run, and operate our software has changed significantly. We use scalable platforms to deploy and manage our applications. Instead of big monolithic deployment applications, we now deploy small, functionally consistent components as microservices. Problem. Solved. Right? Unfortunately, for most of us, microservices, and especially their event-driven variants, do not deliver on the beautiful, fairy-tale-like promises that surround them.In this session, Allard will share a different take on microservices. We will see that not much has changed in how we build software, which is why so many “microservices projects” fail nowadays. What lessons can we learn from concepts like DDD, CQRS, and Event Sourcing to help manage the complexity of our systems? He will also show how message-driven communication allows us to focus on finding the boundaries of functionally cohesive components, which we can evolve into microservices should the need arise.
| Coven of Wisdom - Utrecht
Go to page for Mastering Event-Driven DesignThe Leadership Meetup
PLEASE RSVP SO THAT WE KNOW HOW MUCH FOOD WE WILL NEED What distinguishes a software developer from a software team lead? As a team leader, you are responsible for people, their performance, and motivation. Your output is the output of your team. Whether you are a front-end or back-end developer, or any other discipline that wants to grow into the role of a tech lead, RSVP for an evening of learning, delicious food, and the fusion of leadership and tech! 🚀 18:00 – 🚪 Doors open to the public 18:15 – 🍕 Let’s eat 19:00 – 📢 First round of Talks 19:45 – 🍹 Small break 20:00 – 📢 Second round of Talks 20:45 – 🙋♀️ drinks 21:00 – 🍻 See you next time? First Round of Talks: Pixel Perfect and Perfectly Insane: About That Time My Brain Just Switched Off Remy Parzinski, Design System Lead at Logius Learn from Remy how you can care for yourself because we all need to. Second Round of Talks: Becoming a LeadDev at your client; How to Fail at Large (or How to Do Slightly Better) Arno Koehler Engineering Manager @ iO What are the things that will help you become a lead engineer? Building Team Culture (Tales of trust and positivity) Michel Blankenstein Engineering Manager @ iO & Head of Technology @ Zorggenoot How do you create a culture at your company or team? RSVP now to secure your spot, and let's explore the fascinating world of design systems together!
| Coven of Wisdom - Amsterdam
Go to page for The Leadership Meetup