Linux Training in Coimbatore & Best Linux Server Administration Training Institute

Wednesday, 29 May 2024

Configure an App Service app

This article explains how to configure common settings for web apps, mobile back end, or API app. For Azure Functions, see App settings reference for Azure Functions.

Configure app settings

For example to set an environment variable in App Service Linux with the value "pa$$w0rd\" the string for the app setting should be: "pa\$\$w0rd\\"

In App Service, app settings are variables passed as environment variables to the application code. For Linux apps and custom containers, App Service passes app settings to the container using the --env flag to set the environment variable in the container. In either case, they're injected into your app environment at app startup. When you add, remove, or edit app settings, App Service triggers an app restart.

For ASP.NET and ASP.NET Core developers, setting app settings in App Service are like setting them in <appSettings> in Web.config or appsettings.json, but the values in App Service override the ones in Web.config or appsettings.json. You can keep development settings (for example, local MySQL password) in Web.config or appsettings.json and production secrets (for example, Azure MySQL database password) safely in App Service. The same code uses your development settings when you debug locally, and it uses your production secrets when deployed to Azure.

Other language stacks, likewise, get the app settings as environment variables at runtime. For language-stack specific steps, see:

App settings are always encrypted when stored (encrypted-at-rest).

Note

App settings can also be resolved from Key Vault using Key Vault references.

In the Azure portal, search for and select App Services, and then select your app.
In the app's left menu, select Configuration > Application settings.
By default, values for app settings are hidden in the portal for security. To see a hidden value of an app setting, select its Value field. To see the hidden values of all app settings, select the Show values button.
To add a new app setting, select New application setting. To edit a setting, select the Edit button on the right side.
In the dialog, you can stick the setting to the current slot.
Note
In a default Linux app service or a custom Linux container, any nested JSON key structure in the app setting name like ApplicationInsights:InstrumentationKey needs to be configured in App Service as ApplicationInsights__InstrumentationKey for the key name. In other words, any : should be replaced by __ (double underscore). Any periods in the app setting name will be replaced with a _ (single underscore).
When finished, select Update. Don't forget to select Save back in the Configuration page.

Edit app settings in bulk

Select the Advanced edit button. Edit the settings in the text area. When finished, select Update. Don't forget to select Save back in the Configuration page.

App settings have the following JSON formatting:

JSON

[
  {
    "name": "<key-1>",
    "value": "<value-1>",
    "slotSetting": false
  },
  {
    "name": "<key-2>",
    "value": "<value-2>",
    "slotSetting": false
  },
  ...
]

Configure connection strings

In the Azure portal, search for and select App Services, and then select your app. In the app's left menu, select Configuration > Application settings.

Application Settings

For ASP.NET and ASP.NET Core developers, setting connection strings in App Service are like setting them in <connectionStrings> in Web.config, but the values you set in App Service override the ones in Web.config. You can keep development settings (for example, a database file) in Web.config and production secrets (for example, SQL Database credentials) safely in App Service. The same code uses your development settings when you debug locally, and it uses your production secrets when deployed to Azure.

For other language stacks, it's better to use app settings instead, because connection strings require special formatting in the variable keys in order to access the values.

Note

There is one case where you may want to use connection strings instead of app settings for non-.NET languages: certain Azure database types are backed up along with the app only if you configure a connection string for the database in your App Service app. For more information, see Create a custom backup. If you don't need this automated backup, then use app settings.

At runtime, connection strings are available as environment variables, prefixed with the following connection types:

SQLServer: SQLCONNSTR_
MySQL: MYSQLCONNSTR_
SQLAzure: SQLAZURECONNSTR_
Custom: CUSTOMCONNSTR_
PostgreSQL: POSTGRESQLCONNSTR_

Note

.NET apps targeting PostgreSQL should set the connection string to Custom as workaround for a knows issue in .NET EnvironmentVariablesConfigurationProvider

For example, a MySQL connection string named connectionstring1 can be accessed as the environment variable MYSQLCONNSTR_connectionString1. For language-stack specific steps, see:

Connection strings are always encrypted when stored (encrypted-at-rest).

Note

Connection strings can also be resolved from Key Vault using Key Vault references.

In the Azure portal, search for and select App Services, and then select your app.
In the app's left menu, select Configuration > Application settings.
By default, values for connection strings are hidden in the portal for security. To see a hidden value of a connection string, select its Value field. To see the hidden values of all connection strings, select the Show value button.
To add a new connection string, select New connection string. To edit a connection string, select the Edit button on the right side.
In the dialog, you can stick the connection string to the current slot.
When finished, select Update. Don't forget to select Save back in the Configuration page.

Edit connection strings in bulk

Select the Advanced edit button. Edit the connection strings in the text area. When finished, select Update. Don't forget to select Save back in the Configuration page.

Connection strings have the following JSON formatting:

JSON

[
  {
    "name": "name-1",
    "value": "conn-string-1",
    "type": "SQLServer",
    "slotSetting": false
  },
  {
    "name": "name-2",
    "value": "conn-string-2",
    "type": "PostgreSQL",
    "slotSetting": false
  },
  ...
]

Configure language stack settings

Configure general settings

In the Azure portal, search for and select App Services, and then select your app. In the app's left menu, select Configuration > General settings.

General settings

Here, you can configure some common settings for the app. Some settings require you to scale up to higher pricing tiers.

Stack settings: The software stack to run the app, including the language and SDK versions.
For Linux apps, you can select the language runtime version and set an optional Startup command or a startup command file.
Platform settings: Lets you configure settings for the hosting platform, including:
- Platform bitness: 32-bit or 64-bit. For Windows apps only.
- FTP state: Allow only FTPS or disable FTP altogether.
- HTTP version: Set to 2.0 to enable support for HTTPS/2 protocol.
Note
Most modern browsers support HTTP/2 protocol over TLS only, while non-encrypted traffic continues to use HTTP/1.1. To ensure that client browsers connect to your app with HTTP/2, secure your custom DNS name. For more information, see Secure a custom DNS name with a TLS/SSL binding in Azure App Service.
- Web sockets: For ASP.NET SignalR or socket.io, for example.
- Always On: Keeps the app loaded even when there's no traffic. When Always On isn't turned on (default), the app is unloaded after 20 minutes without any incoming requests. The unloaded app can cause high latency for new requests because of its warm-up time. When Always On is turned on, the front-end load balancer sends a GET request to the application root every five minutes. The continuous ping prevents the app from being unloaded.
  Always On is required for continuous WebJobs or for WebJobs that are triggered using a CRON expression.
- ARR affinity: In a multi-instance deployment, ensure that the client is routed to the same instance for the life of the session. You can set this option to Off for stateless applications.
- HTTPS Only: When enabled, all HTTP traffic is redirected to HTTPS.
- Minimum TLS version: Select the minimum TLS encryption version required by your app.
Debugging: Enable remote debugging for ASP.NET, ASP.NET Core, or Node.js apps. This option turns off automatically after 48 hours.
Incoming client certificates: require client certificates in mutual authentication.

Configure default documents

This setting is only for Windows apps.

The default document is the web page that's displayed at the root URL of an App Service app. The first matching file in the list is used. If the app uses modules that route based on URL instead of serving static content, there's no need for default documents.

In the Azure portal, search for and select App Services, and then select your app.
In the app's left menu, select Configuration > Default documents.
To add a default document, select New document. To remove a default document, select Delete to its right.

Map a URL path to a directory

By default, App Service starts your app from the root directory of your app code. But certain web frameworks don't start in the root directory. For example, Laravel starts in the public subdirectory. Such an app would be accessible at http://contoso.com/public, for example, but you typically want to direct http://contoso.com to the public directory instead. If your app's startup file is in a different folder, or if your repository has more than one application, you can edit or add virtual applications and directories.

Important

Virtual directory to a physical path feature is only available on Windows apps.

In the Azure portal, search for and select App Services, and then select your app.
In the app's left menu, select Configuration > Path mappings
Select New virtual application or directory.
- To map a virtual directory to a physical path, leave the Directory check box selected. Specify the virtual directory and the corresponding relative (physical) path to the website root (D:\home).
- To mark a virtual directory as a web application, clear the Directory check box.
Select OK.

Configure handler mappings

For Windows apps, you can customize the IIS handler mappings and virtual applications and directories. Handler mappings let you add custom script processors to handle requests for specific file extensions.

To add a custom handler:

In the Azure portal, search for and select App Services, and then select your app.
In the app's left menu, select Configuration > Path mappings.
Select New handler mapping. Configure the handler as follows:
- Extension. The file extension you want to handle, such as *.php or handler.fcgi.
- Script processor. The absolute path of the script processor to you. Requests to files that match the file extension are processed by the script processor. Use the path D:\home\site\wwwroot to refer to your app's root directory.
- Arguments. Optional command-line arguments for the script processor.
Select OK.

Configure custom containers

Creating the secure cluster

Ensure you are logged in to Visual Studio with an account that can access the target subscription.

There are several ways to publish the Service Fabric Application, below are the two simplest options:

From the Build menu, select Publish Web1:

Or by right-clicking the Service Fabric Application (the one with the pretty icon partially obscured below):

Either method will display the main Publish screen:

As highlighted above, in the Connection Endpoint, you can select Create New Cluster. Doing so will launch the following screen:

As I am in the UK, I set the Location to UK South but left the other options as the defaults. Specifying a 3-node cluster will automatically denote it as a Test cluster in Azure - i.e. a cluster that is not suitable for Production use and has certain restrictions - for full details, please see the Service Fabric cluster capacity documentation.

You can either click Next to navigate to the Certificate tab or simply click the Certificate tab. Either will present the following screen:

As part of the wizard, a certificate will automatically be created in an equally automatically created Azure KeyVault – no need to do anything 😊 The Import certificate checkbox will import the certificate once created so you can immediately manage the cluster via the Service Fabric Explorer. The certificate password is not optional, I recommend you use a strong password even if the cluster is only intended for testing (as it is here).

Clicking Next or selecting the VM Detail tab will display the following:

At this point, you may notice that the Next button has changed to Create and is enabled. Don’t be fooled in to thinking you can skip the remaining options:

The current template does not list all the possible VM sizes but does cover the basics (and, the size can be changed later via the Portal / PowerShell / Azure CLI):

The Advanced tab has the following options:

As shown, ports 80 and 83 are enabled by default – I usually remove 83 (as I avoid using non-standard ports for publically accessible APIs - I am not sure why Microsoft even include Port 83!) but you can set the ports to whatever you require. The Application Insights key is more interesting; it not only allows you to specify the key (no surprise there) but it will automatically send the cluster messages (such as Application Starting) to the specified Application Insights instance. You will still need to send your application-specific messages to Application Insights if you want them to show there, but this does simplify monitoring the overall cluster health quite considerably.

I have entered my Application Insights key and clicked Create. After 1-2 seconds (where Visual Studio performs a series of validation checks), a confirmation screen will be displayed:

Clicking OK will return you to Visual Studio and how the output window with the status messages:

The mistake I made the first time was thinking that the Application would also be deployed – this is not the case. A second Publish will be required as we will see later. In hindsight, it is clear that we have deviated from the initial Publish route as we are creating a cluster, but that did not occur to me the first time!

The Resource group will be created, and you can monitor the creation of the cluster from either Visual Studio or the Azure Portal (although). I’ve italicized the monitor as the Azure Portal will only show the items created, not any pending items such as the actual VMs:

From the Properties option (1), we can see the Provisioning Status (2) was successful and that the nodes are being created (3).

For this test, the cluster took approximately 15 minutes to create which is far from ideal but the screenshot below shows the successful completion message (if you are wondering how / why the completion message is green, may I recommend VSColorOutput which is an excellent Visual Studio plug-in).

The Portal shows:

The Cluster state shows Baseline upgrade and this means we are good to go. OK, it really means the cluster is performing some internal upgrade tasks, but it is fully functional for our purposes so we can continue.

Publishing the Application

As with the Cluster Creation, you can use the same Publish option you used earlier - i.e. either from the Build menu or by right-clicking the Application Project. The original Publish screen will be displayed again:

You may need to <Refresh> to see the newly created cluster.

As the application does not exist, we do not need to select the Upgrade the Application or change any of the other defaults. Click Publish and you will be returned to Visual Studio. Below is a capture of the Output window just after clicking Publish.

Once completed, the Visual Studio Output window will look like the one below:

And the Service Fabric Explorer will look like:

Did you notice the issue I deliberately created? No? Neither did I as I was doing the screenshots! I didn’t change the WebAPI to use port 80 or specify the port WebAPI uses in the Cluster Creation (on the Advanced tab).

As it stands, Postman - an excellent tool for testing APIs - shows:

To resolve this, I have two choices:

Add the port to the cluster configuration or
Update the Service Manifest (shown below):

As mentioned in several posts, I am lazy by nature, so I will change the Service Manifest, but this also improves the accessibility as the port will become an industry standard port – a win-win to me!

Below is the default ServiceManifest (the pink squiggles are from the Visual Studio Spell Checker plugin showing that even Microsoft can make mistakes! Directoy…) with the Port highlighted – your port number will probably be different.

Once changed to 80, I can redeploy:

As the steps are the same, I won’t repeat them all here. The important differences are:

The Upgrade the Application must be ticked (#1 below) as, by default, Visual Studio will deploy the application as though it were a new application and the deployment will fail - even if the manifest has been updated (#2 below):

We also need to update the Manifest Versions by clicking the Manifest Versions button (#2 above). This is required so that Service Fabric knows the version is different (the how it is different does not matter as we will see below) or a Same version error will occur.

The Edit Versions screen is shown below – I have expanded the Web1Pkg but other than that, it is as is.

Whilst the above versions are using the traditional Semantic versioning, you don’t have to – all that matters to Service Fabric is that the new version is different from the current version. Below, I have continued with the Semantic versioning and updated the Config version to 1.0.1 – as the Automatically update application and service versions is ticked, and as the example is using sematic versioning, the Application Version is also increased to 1.0.1 automatically (yep, I’m lazy!)

Clicking Save will return you to the previous screen where we can simply Publish, and you will again return to Visual Studio. Below is a snapshot of the Output window:

After a few minutes, the application upgrade will be complete, in the meantime, you can also monitor via Service Fabric Explorer:

Clicking on the highlighted box above will show the upgrade domain status:

Once complete, Service Fabric Explorer will return to the earlier appearance:

Within Visual Studio, the Output window will show:

More importantly, Postman will get a result: