Share via

How to fix application 504 Azure App service

Phuti Mabitsela 40 Reputation points
2026-03-15T17:29:54.8833333+00:00

Hi everyone,

I need help troubleshooting an Azure deployment issue.

I have a Java backend running on Payara Server (Jakarta EE) with:

  • REST endpoints
  • WebSockets
  • external PostgreSQL database on Aiven

The same backend works on Render and is publicly accessible there, using the same Aiven PostgreSQL database. On Azure App Service, deployment appears to succeed, but accessing it through the internet results in 504 / timeout behavior.

Environment details:

  • Stack: Java + Payara + Jakarta EE
  • App type: REST + WebSockets
  • Database: external PostgreSQL on Aiven
  • DB plan/specs: Premium-32, 8 CPU, 32 GB RAM, 700 GB storage, 3-node HA
  • The DB works from Render, so the DB itself is reachable and functional in another hosted environment

Observed behavior on Azure:

  • deployment completes
  • app sometimes appears partially alive
  • internet access still fails with timeout / 504
  • I have also seen health/startup/probe-related issues during testing

What makes this confusing:

  • same codebase
  • same external PostgreSQL database
  • same DB credentials/config pattern
  • Render works over the internet
  • Azure App Service is the one failing

I am trying to determine whether this is likely an Azure App Service / networking / startup / WebSocket / reverse proxy issue rather than an application code issue.

Main questions:

  1. What Azure App Service settings should I verify first for a Payara + WebSocket app?
  2. Could this be caused by health check / startup probe configuration?
  3. Does Azure App Service need any special configuration for WebSockets beyond enabling them?
  4. Are there common outbound connectivity / SSL issues when Azure App Service connects to external PostgreSQL such as Aiven?
  5. Could port/startup timeout/recycling behavior explain why deployment succeeds but public access fails?
  6. Is App Service the right hosting choice here, or would Container Apps / another Azure service be better for this kind of workload?

Any advice on the most likely root cause or a checklist of Azure-specific things to inspect would be appreciated.

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

Answer accepted by question author

Golla Venkata Pavani 5,745 Reputation points Microsoft External Staff Moderator
2026-03-17T14:11:28.94+00:00

Hii @Phuti Mabitsela ,

Thank you for reaching us regarding the issue you are seeing deployment succeeds but the application is not reachable publicly (504 Gateway Timeout) is typically related to application startup, health checks, or platform timeouts on Azure App Service, rather than a deployment failure.

  1. What Azure App Service settings should I verify first for a Payara + WebSocket app?

Verify these Azure App Service settings first for a Payara + WebSocket app:

  • Always On > Enable it to avoid cold starts and timeouts
  • Health Check > Ensure endpoint returns 200–299 quickly
  • Port Binding > App must listen on 80/8080 (App Service default)
  • WebSockets > Enable in App Service settings
  • App Service Plan > Ensure enough CPU/RAM (B1 may be too small)
  1. Could this be caused by health check / startup probe configuration?

Yes, Misconfigured Health Check / startup behavior can cause 504 errors in Azure App Service.

If the health endpoint doesn’t exist or returns non-2xx or takes too long to respond

The instance is marked unhealthy and removed from the load balancer > 504 Gateway Timeout

Common causes:

  • Health endpoint depends on DB (slow/fails)
  • Payara startup is slow while probes are already running.
  1. Does Azure App Service need special configuration for WebSockets beyond enabling them?
  • Linux App Service: WebSockets are enabled by default
  • Windows App Service: WebSockets must be explicitly enabled in Configuration
  • No additional network ports can be opened
  • The app must handle WebSocket upgrade requests over HTTP/HTTPS (80/443)
  1. Are there common outbound connectivity / SSL issues when Azure App Service connects to external PostgreSQL such as Aiven? Yes
  • TLS/SSL is required for PostgreSQL connections
  • Clients should use sslmode=require or stronger
  • If TLS validation is misconfigured, the app may block or retry during startup
  • Blocking database calls during application startup can delay readiness and cause timeouts
  1. Could port/startup timeout/recycling behavior explain why deployment succeeds but public access fails?
    Timeout. This situation commonly occurs when the application startup is slow, health checks fail, or the app process is repeatedly restarting, preventing it from becoming fully available to handle incoming requests.
  • Deployment success only confirms files were deployed
  • It does not guarantee the app started successfully
  • App Service has a platform‑enforced request timeout (~230 seconds) that cannot be changed
  • If the app does not respond in time, requests return 504 Gateway Timeout
  1. Is App Service the right hosting choice here, or would Container Apps / another Azure service be better for this kind of workload?
    In this scenario, Azure App Service can work but isn’t ideal, as it is best suited for fast-starting, stateless web apps. Applications using full Java servers like Payara, with WebSockets and longer startup times, may face limitations such as startup delays and health check issues. For better control over startup, scaling, and runtime behavior, container-based options like Azure Container Apps or Azure Kubernetes Service are more suitable.

Reference:
https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#always-on
https://learn.microsoft.com/en-us/troubleshoot/azure/app-service/web-request-times-out-app-service

 Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

If you have any other questions, let me know in the "comments" and I would be happy to help you

Was this answer helpful?

1 person found this answer helpful.
0 comments

Answer accepted by question author

AI answer

2026-03-15T17:30:46.92+00:00

The behavior described (deployment succeeds, but public access times out with 504) aligns with typical Azure App Service issues around app startup, health, or outbound connectivity rather than a pure code or database problem.

A focused checklist based on Azure App Service behavior:

  1. App Service basics and monitoring
  • In the Azure portal, open the App Service and check Monitoring → Metrics for:
    • Requests
    • CPU time
    • Memory working set
    • Average memory working set If requests are reaching the app but responses are slow or failing, these metrics will show high CPU, memory, or long-running requests.
  • Also verify overall platform health via Azure Service Health to rule out platform incidents.
  1. 502/503/504-style behavior and app startup

504 from a front-end (Application Gateway, browser) often maps to the app not responding in time or at all. For App Service, similar symptoms are documented for 502/503:

  • Common causes:
    • Requests taking a long time.
    • High memory or CPU usage.
    • Exceptions preventing the app from responding.
  • Recommended approach:
    1. Observe and monitor app behavior (metrics as above).
    2. Collect data (logs, failed request traces, app logs).
    3. Mitigate (optimize code, increase plan size, fix exceptions).

For a Java/Payara app, slow startup or long first-request initialization can cause the front-end to time out, especially if health probes or warm-up pings are not configured correctly.

  1. Health checks, warm-up, and startup behavior

Azure App Service can use warm-up pings and health checks to decide when to send organic traffic to an instance:

  • WEBSITE_WARMUP_PATH (not shown in context but implied by WEBSITE_WARMUP_STATUSES) and WEBSITE_WARMUP_STATUSES control how the platform judges a container as ready.
  • WEBSITE_WARMUP_STATUSES is a comma-delimited list of HTTP status codes that are considered successful when the platform makes warm-up pings against a newly started container.
    • Example: 200,202.
    • If the warm-up path returns a status not in this list (for example 502), the platform keeps pinging until a valid status is returned or the container startup timeout is reached.
    • If the app never returns a valid status, the platform fails startup and retries, which can surface as 503/504-like behavior to callers.

For Payara:

  • Ensure the warm-up/health endpoint is:
    • Fast (no heavy DB or initialization logic).
    • Returns an allowed status code (200/202) when the app is ready.
  • If using Application Gateway or another probe, align its probe path and timeout with the App Service warm-up/health behavior so that the gateway does not time out before the app is considered ready.
  1. Outbound connectivity and external PostgreSQL (Aiven)

The context describes intermittent outbound connection issues in App Service, often due to SNAT port exhaustion:

  • Symptoms include:
    • Slow response times.
    • Intermittent 5xx / Bad Gateway.
    • Time-out errors.
    • Inability to connect to external endpoints (for example SQL DB or other services).

For an external PostgreSQL (Aiven):

  • Ensure proper connection pooling in the Java stack (JDBC pool such as HikariCP, Tomcat pool, etc.).
  • Avoid opening a new DB connection per request; reuse pooled connections to reduce outbound connection churn and SNAT usage.
  • If the app uses HTTP-based dependencies as well, pool HTTP connections as recommended (for .NET there is HttpClientFactory; for Java, use pooled HttpClient implementations).

If SNAT exhaustion or outbound connectivity issues occur, the app may hang on DB calls, leading to timeouts and 504s at the front-end.

  1. Logs and diagnostics to distinguish app vs. platform issues

To determine whether the issue is in the app or the platform:

  • Enable diagnostics logs for the web app:
    • In the portal: Diagnostics Logs → enable Failed Request Tracing.
    • Download failed request traces via Kudu (Tools → Kudu → Debug Console → LogFiles → W3SVC*).
  • Use these traces to see:
    • Whether requests reach the app.
    • Where they stall (for example, during DB calls, during WebSocket upgrade, or during app startup).

This will confirm whether the 504 is due to:

  • App not starting or throwing exceptions early.
  • Long-running requests (for example, DB connectivity or slow initialization).
  • Platform-level issues (less common, but visible via service health and metrics).
  1. WebSockets-specific considerations

The context does not list special WebSocket configuration beyond the general App Service environment variables and metrics. In general for App Service:

  • WebSockets must be enabled in the App Service configuration.
  • There is a WEBSOCKET_CONCURRENT_REQUEST_LIMIT (read-only) that indicates the limit for concurrent WebSocket requests; for Standard tier and higher, it is -1 but still subject to per-VM limits.

Checklist for WebSockets:

  • Confirm WebSockets are enabled in the App Service configuration.
  • Ensure the Application Gateway (if used) is configured to support WebSockets and not prematurely time out idle connections.
  • Verify that the app responds quickly to the initial HTTP upgrade request; slow or blocked upgrade can manifest as timeouts.
  1. App Service vs. Container Apps / other services

The context does not directly compare App Service vs. Container Apps, but it does highlight that:

  • App Service is sensitive to application-level issues (startup time, CPU/memory, exceptions) that surface as 502/503/504.
  • For more control over container startup, health checks, and networking, container-based services (for example, running Payara in a container with explicit health probes) can sometimes be easier to tune.

Given a Java + Payara + WebSocket + external DB workload:

  • App Service is viable if:
    • Startup time is kept within platform limits.
    • Health/warm-up endpoints are configured correctly.
    • Outbound DB connectivity is pooled and stable.
  • If very fine-grained control over container lifecycle, probes, and networking is required, container-focused services might be more flexible.
  1. Direct answers to the numbered questions
  2. Settings to verify first for Payara + WebSockets on App Service
    • WebSockets enabled in App Service.
    • Health/warm-up path returns 200/202 quickly.
    • App Service metrics (CPU, memory, requests) to detect slow or failing app behavior.
    • Diagnostics logs and failed request tracing to see where requests fail.
  3. Health check / startup probe as cause
    • Yes. Misconfigured or slow health/warm-up endpoints can cause the platform to repeatedly restart or never route traffic, resulting in 503/504-like behavior.
    • Ensure WEBSITE_WARMUP_STATUSES-compatible responses and a fast warm-up path.
  4. Special configuration for WebSockets beyond enabling them
    • From the provided context, no additional App Service settings are required beyond enabling WebSockets and respecting the concurrent request limits.
    • Ensure any front-end (Application Gateway) is configured to support WebSockets and appropriate timeouts.
  5. Common outbound connectivity / SSL issues to external PostgreSQL
    • The main documented class of issues is intermittent outbound connection errors due to SNAT port exhaustion or poor connection management.
    • Use proper JDBC connection pooling and avoid excessive connection churn.
  6. Port/startup timeout/recycling explaining successful deployment but failed public access
    • Yes. If the app takes too long to start, fails health checks, or crashes, the platform can keep recycling it. Deployment will show as successful, but public requests will time out or see 5xx until the app is healthy.
  7. Is App Service the right choice?
    • App Service is suitable if the app is tuned for its startup and health model and outbound connectivity is managed properly.
    • For more control over container behavior and probes, container-centric services may be preferable, but that trade-off is not explicitly covered in the context.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.