Questions[azure-web-apps](server)

I have an Azure Web App that needs to connect to the addresses xx.x.x.10 and xx.x.x.12 the customers on-premise server. For this purpose the Customer have setup a Policy based VPN (Cisco ASA 9.8) with public IP yyy.yy.y.y

While trying to get to obtain this connection to the on-premise service, I have for now created the following resources:

• a Local Network Gateway with
  • IPaddress yyy.yy.y.y
  • Address spaces xx.x.x.10/32 and xx.x.x.12/32
• a VNet with
  • Address space 10.0.0.0/16
  • GatewaySubnet 10.0.255.0/24
• a Public IP: zzz.zz.z.z
• a Virtual Network Gateway
  • Sku: Basic
  • VPN: PolicyBased
  • Subnet: GatewaySubnet (10.0.255.0/24)
  • Public IP: zzz.zz.z.z
• a Site-to-site connection between the Local Network Gateway and the Virtual Network Gateway

Since the Virtual Network Gateway needs to be Policy-based, it (as I see it):

• has to be Basic Sku
• is restricted to maximum one site-to-site connection
• cannot have point-to-site connections

Will it somehow be possible for me to get my web app in contact with the on-premise server? and in that case that what am I still missing to make it work? or is it required that the VPN is changed to a route-based?

I successfully deployed an app service plan, web application and application insights resources using an ARM Template. The APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING app settings have been added to the configuration/app settings.

The issue im noticing is that when I select the 'application insights' option in the menu I'm presented with 'Turn on Application Insights'. I thought adding the app settings above would turn on app insights but apparently not. Is it possible to enable app insights in an ARM Template? I'd like app insights to be enabled by default once the arm template deploys.

we are looking to enable Safe Documents for Office 365 ProPlus to ensure when protected view is turned off to edit a document, malicious files are not opened.

The problem I have is that there doesn't seem to be a way to pilot this on a few users at first rather than tick it for the whole environment.

Safe attachment checkbox

Can anyone suggest a way I can test it on a small group of users first before rolling it out to everyone?

Thanks.

I'm new to Azure and trying to run an out-of-the-box pipeline on Azure but it's failing on the deployment step of the pipeline. I get the error below. I am using the free trial tier of Azure.

I have a resource group in West Europe and I have the release step of the pipeline configured to West Europe. Is there some setting on I have completely missed?

2020-04-10T18:08:42.8286287Z ##[error]Unauthorized: { "Code": "Unauthorized", "Message": "This region has quota of 0 instances for your subscription. Try selecting different region or SKU.", "Target": null, "Details": [ { "Message": "This region has quota of 0 instances for your subscription. Try selecting different region or SKU." }, { "Code": "Unauthorized" },

I have a Flask Python app that is run via Gunicorn from a Docker Linux container. Running the Docker container on Ubuntu works fine locally, but when the container is pushed to the Azure Container Registry and then deployed as an Azure App, it fails with the following error messages:

1. Container my-app_900f4c for site my-app did not start within expected time limit.
2. Container my-app_900f4c didn't respond to HTTP pings on port: 80, failing site start.

Docker Log

2020-02-17 INFO  - Pull Image successful, Time taken: 0 Minutes and 15 Seconds
2020-02-17 INFO  - Starting container for site
2020-02-17 INFO  - docker run -d -p 9031:80 --name my-app_900f4c -e PORT=80 -e WEBSITES_PORT=80 -e WEBSITE_SITE_NAME=my-app -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=my-app.azurewebsites.net -e WEBSITE_INSTANCE_ID=eaaf...51e441df96704916ba7b506b6150b26cdc7 -e HTTP_LOGGING_ENABLED=1 myazureappregistry.azurecr.io/my_app:v1  

2020-02-17 INFO  - Initiating warmup request to container my-app_900f4c for site my-app
2020-02-17 ERROR - Container my-app_900f4c for site my-app did not start within expected time limit. Elapsed time = 255.9515056 sec
2020-02-17 ERROR - Container my-app_900f4c didn't respond to HTTP pings on port: 80, failing site start. See container logs for debugging.
2020-02-17 INFO  - Stopping site my-app because it failed during startup.

Default Docker Log

2020-02-17 [1] [INFO] Starting gunicorn 20.0.4
2020-02-17 [1] [INFO] Listening at: http://0.0.0.0:80 (1)
2020-02-17 [1] [INFO] Using worker: gthread
2020-02-17 [7] [INFO] Booting worker with pid: 7
2020-02-17 [8] [INFO] Booting worker with pid: 8
2020-02-17 [9] [INFO] Booting worker with pid: 9
2020-02-17 [10] [INFO] Booting worker with pid: 10

In the Azure Portal under Settings > Configuration I have the following Application settings:

• PORT 80
• WEBSITES_PORT 80

Dockerfile

FROM python:3.8-slim-buster

LABEL Name=my_app Version=0.0.1
EXPOSE 80

WORKDIR /app

RUN python3 -m pip install --upgrade pip
RUN python3 -m pip install -r requirements.txt
ADD . /app
CMD ["gunicorn", "-c", "gunicorn.conf.py", "main:app"]

I don't understand what is causing HTTP pings on port 80 to fail, when the logs show that Gunicorn is listening on http://0.0.0.0:80.

Similar questions that have not resolved the issue:

• Azure Web App (Linux): “Error: Container didn't respond to HTTP pings on port: 8080” - when using: “start”: “pm2 start server.js”
• Running a docker container in Azure web app: didn't respond to HTTP pings on port
• Azure: Container did not start within expected time (WebApp)