I just setup azure CDN endpoint. Pointed to my origin server. This works with http protocol. But the same files when i try https - it returns a 502 - bad gateway error. How do i troubleshoot and fix the problem?
A very similar setup works perfectly on another endpoint with HTTPs.
I think you may need to do is to serve your CDN assets over HTTPS. To do this you'll need to enable HTTPS within the Azure Portal
if still not then:
You can't yet use your own domain/SSL certificate with Azure CDN although there is a big request for this on the Azure Feedback Site.
If you've created a CDN for an Azure Cloud Service (e.g. http://[yourapp].cloudapp.net/cdn/) it's important that you create a self-signed certificate for your Azure domain ([yourapp].cloudapp.net). If you're using Azure Virtual Machines this can be done through IIS.
This caught us out recently when we enabled HTTPS for an origin server that did have an SSL certificate but it was for our own custom domain and not the *.cloudapp.net one.
for details click on http://benfoster.io/blog/azure-cdn-https
Related
I'm trying to make a call to a wcf service from an Azure function hosted in Azure. The wcf service requires a certificate.
I'm able to call to wcf service when I do debug in local machine (I import successfully the cert) but in Azure I got the error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
I believe this is due to missing certificate in Azure side.
I try to upload the .cer to Public Key Certificates (.cer) but still doesn't work. My Function app still returns the same error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
Please let me know how to make my request accept in wcf service?
It would be nice if we have solution in Azure Portal rather than doing PowerShell.
Note: I use the same certification and source code when I do debug in local machine and when I publish to Azure Function.
Thank you.
thank you for your time.
The issue has been resolved in WCF side. The WCF guy adds the Azure Function IP address to the white list and it works. It's nothing to do with Azure Function.
Looks like the same issue with this one.
I have configured an Azure DevOps pipeline. When I try to run NuGetToolInstaller, I received ERR:self signed certificate in certificate chain. What is the solution to this error?
If you use Azure DevOps service, and your organization is secured with a firewall or proxy server, you need to add certain IP addresses and domain URLs to the Allow list by following this doc: Allowed address lists and network connections. And if you use self-hosted agents, please follow this doc: Run a self-hosted agent behind a web proxy to configure your agent.
If you use on-premise Azure DevOps Server, please refer to this doc: Run the agent with a self-signed certificate to check this issue.
In addition, if you recently changed your account, you could refer to this thread to check if its solution works for your issue.
BTW, you could review debug logs to diagnose pipeline issues.
I am able to setup a static website using azure storage -> static website and map to a container blob. I used the link below
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website
I want to know if its possible to map it to a https custom domain name ?
I was following the below link but i am bit confused if it needs CDN to do https custom host name mapping. If it requires CDN then i can remove static website hosting because CDN also does hosting which is same as Static WebSite?
Are there any security related features that change between Azure Static WebSite and CDN hosting? Our website doesnt have video content and its not open to global makrets just a country.
So my main question is, is Azure Static WebSite hosting enough and does it allow host name mapping with https?
https://microsoft.github.io/AzureTipsAndTricks/blog/tip138.html
Azure Static WebSite hosting is not enough to map with https, but it allow host name mapping with https by Azure CDN.
The document you are following described very clear about how to do that, and there is nothing to worry about the security after you enable https and set the certificate. Actually, Azure CDN support certificate management.
REST API in Postman
I have following working setup:
Container serving an ASP.net Core OData application on port 80
Ingress publishing web-app as HTTPS with a letsencrypt-certificate
Everything worked as expected. OData service is accessible via HTTPS. But now I wanted to connect with PowerBI to the web-service, and with the help of Fiddler I saw that PowerBi is not only calling /odata/$metadata, but also calling /odata/. This endpoint publishs a smaller metadata description with following entry:
"#odata.context": "http://my-url/odata/$metadata"
This url is used in an subsequent call by PowerBI and leads to an 308 (redirect). This results in an error in PowerBI. The returned url shall use HTTPS://. In my dev-environment, with a self-signed certificate, it works and returns the correct adress, depending on the used protocol.
Every examble, I found, which describes the usage of HTTPS, needs the certificate. But this does not make sense. The container shall not know the certificate. The certificate is defined outside (Ingress) of the application.
Another possible solution is a system-wide string-replace for the HTTP address. But this sounds weird and wrong to me.
I also tried to manually forward the port to 443, but this is not working.
I've written a simple WebAPI Service (hosted with OWIN in a Windows Service) and put the [Authorize] attribute on the POST-method. As I understand, only "known" users can now access the service (don't worry, I know, all known users is not really safe yet).
My test client works fine so far when the host and the client are located on the same machine (f.ex. my workstation). However when I deploy the service on a server machine, and try again to call the service, I get a HTTP 400 failure when using the System.Net.Http.HttpClient and set httpClientHandler.UseDefaultCredentials=true, or a HTTP 401 when I use System.Net.WebClient and set webClient.UseDefaultCredentials=True.
So it seems the authentication mechanism acts different depending if the service is hosted local or remote.
For test reason I've also tried to set the credential explicit with user and password, but with exactly the same result.
However, what do I miss here? Any suggestions?
Thank you in advance!
verify the machine keys.
If the authorization server and the resource server are not on the same computer, the OAuth middleware will use the different machine keys to encrypt and decrypt bearer access token. In order to share the same private key between both projects, we add the same machinekey setting in both web.config files.
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server