I recently provisioned a Resource Group using ARM via Visual Studio. It has an Ubuntu VM running MongoDB that I can SSH into and interact with Mongo shell successfully.
I also have an App Site running a WebAPI that I want to be able to access the MongoDB using the Private IP (MongoDB should not be directly accessible on the Public IP). I've modified the bindIp setting in the mongo.conf file so that its bound to 127.0.0.1,10.0.0.4
. Ive set the connection string in WebAPI to point to 10.0.0.4
with credentials (Ive tested credentials working using Mongo shell via SSH directly on the VM). Additionally there's a NIC, Virtual Network and the other resources (Link NIC, Storage etc). All resources are in the same resource group.
The error I'm seeing in Application Insights is:
System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions
Can anyone shed some light on why my Azure App Site (WebAPI) cannot access the MongoDB running on my Ubuntu VM - I've ran out of things to try.
Also I have added a GateWay Subnet and gone to the Networking node of the AppSite and tried to Setup VNET integration, however it shows my network greyed out with a little grey blob that upon hovering over reports that "The Virtual Network has no Gateway" - Im not entirely sure whether this is required or not but Ive created a GateWay Subnet resource regardless but it doesn't seem to help.
You're on the right track here.
First create a Gateway in your ARM Virtual Network:
Azure Portal → New → Virtual Network Gateway
Gateway Type: VPN
and
VPN Type: Route-based (which really means IKEv2)
Then add a Point-to-site address space on it for the Web App to VPN into. In Azure PowerShell:
Wait a few minutes for the Gateway to update, then go back to the Web App -> Network -> VNET Integration and select the Gateway.
That's all.