Share via

How to deploy war files from azure DevOps private build agents to azure web app (Private Endpoint is raised already for the web app)

Surya Prakash 1 Reputation point
2020-09-29T15:14:02.643+00:00

HI All,

I have two web apps in my subscription for which two Private endpoints are raised for preventing the public access. Now When I am trying to deploy the application war files to these web apps from my azure DevOps pipeline with self hosted build agents, I am getting the following error:
[error]Failed to deploy web package to App Service.
[error]Error: Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403)

How to enable my pipelines to deploy war files to these web apps? Is there any workaround for this scenario?

usually after configuring DNS for the web app, I should able to connect from pipeline. But we don't have that chance to wait till this happens.
Please note that we haven't configured any custom DNS as of now. So I am not even able to open webapp.scm from my browser. I am getting 403 error not found.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,503 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
515 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,901 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Hill 28,631 Reputation points Microsoft Employee
    2020-09-30T19:51:22.487+00:00

    @Surya Prakash ,

    I'm assuming that the Private Endpoint you're referring to is https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint. Whether your build agent is hosted on-prem with configured VPN or hosted in an Azure VM that's part of your configured vnet or peered, make sure your firewall is configured to allow traffic from document endpoints:

    *.visualstudio.com:

    dev.azure.com:

    EDIT: Furthermore, you can check https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment?view=azure-devops#web-app-deployment-on-app-service-environment-ase-is-not-working for additional troubleshooting steps that may be preventing deployment to your Private Endpoint. Even though this doc is referring to ASE, it also applies to Private Endpoint.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.