Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Azure front door not working with. private link service created by internal load balancer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 77%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
akash warkhade
26
Reputation points
Hi all,
I have integrated private link service with internal load balancer and then integrate that private link service with front door service using below documentations :
https://blog.baeke.info/2022/06/09/azure-kubernetes-services-and-azure-private-link-integration/
I am able to connect to my service using its private ip within vnet as shown below :
bash-5.1# kubectl get svc my-service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
my-service LoadBalancer 10.0.130.5 10.3.5.246 80:32462/TCP,443:32547/TCP 5d21h
bash-5.1# curl 10.3.5.246
404 page not found
bash-5.1# curl 10.3.5.246/service-name
request should have bearer token headers or internal headers. no token/api keys/ad ingest key /internal headers are found
But same is not happening when integrated private link service with front door service
when i try to curl front door service url its giving error below :
akashwarkhade % curl -i https://front-door-name-bjg2abbgc4hfaahp.z01.azurefd.net
HTTP/2 502
cache-control: no-store
content-length: 952
content-type: text/html
x-azure-ref: 0EOJYYwAAAADxJmfOsrcfTKvLVwax/bsCQk9NMDJFREdFMDgxNwA2NzgxNzMzMi1mZTkzLTRiZDgtOThhYS1kNGQxNDllZmY5NzQ=
x-cache: CONFIG_NOCACHE
date: Wed, 26 Oct 2022 07:30:24 GMT<div>
<div>
<h2>Our services aren't available right now</h2>
<p>We're working to restore all services as soon as possible. Please check back soon.</p>
</div>
<div><span></span>
</div>
</div>%
(note : i have updated frontdoor name in curl request for security)
PFB images for private link and front door config :
Please let me know what might be wrong
{count} votes
-
GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee2022-10-26T11:20:56.947+00:00 Hello @akash warkhade ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have integrated your Azure Front Door with a private link service but when trying to access the Front Door service url, it is giving a 502 error with the following error message "Our services aren't available right now".
I see that you are accessing the Front Door URL securely with HTTPS.
Could you please confirm what is the type of certificate used on your back-end?502 error is usually caused by a self-signed certificate being used on the origin. This is not supported with the AFD Standard/Premium. You must use a valid CA certificate on the origin server.
Regards,
Gita -
akash warkhade 26 Reputation points
2022-10-26T14:56:10.74+00:00 @GitaraniSharma-MSFT Thanks for reply.
that was our main requirement. we don't want to manage ssl certificate at our own.
thats why first we implemented api managed service with public load balancer and it was working fine but our next requirement was to implement this using a internal load balancer for secure communication.
we tried to create a private link service and then created a private endpoint and use that endpoint ip as backend for api management service but currently private link doesn't support outbound connection as per https://learn.microsoft.com/en-us/answers/questions/1060240/not-able-to-setup-azure-private-endpoint-as-backen.htmlso we discarded our plan of API management service and went ahead with front door service as it supports private link service as its origin group
but now as per you we need to have proper SSL cert at origin. and as mentioned we don't want to managed ssl cert at our own.
Do we have any alternate option other than this for our requirement i. use a internal load balancer and somehow integrate it with api management service or front door service ? -
GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
2022-10-31T14:45:21.827+00:00 Hello @akash warkhade ,
Thank you for the update.
I'll check this internally and get back to you with an update soon.
Regards,
Gita -
GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
2022-11-03T14:04:30.213+00:00 Hello @akash warkhade ,
AFAIK, if you need HTTPS, a certificate is required by default.
If managing SSL certificate on your own is a chalenge, then you can opt for a certificate managed by Front Door.
When you use a certificate managed by Azure Front Door, the HTTPS feature can be turned on with just a few clicks. Azure Front Door completely handles certificate management tasks such as procurement and renewal. After you enable the feature, the process starts immediately.
Refer : https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#option-1-default-use-a-certificate-managed-by-front-doorDoes this option work for you?
What is your current Front Door configuration? Could you please share the details?Regards,
Gita -
GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee
2022-11-07T14:33:32.72+00:00 Hello @akash warkhade ,
Could you please provide an update on this post?
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Gita -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Mohammed Shabana 0 Reputation points2023-06-09T10:20:55.15+00:00 Hi @GitaraniSharma-MSFT , i have the same issue , how can i make Azure Frond Door trust the self-signed certificate used on the origin ?
Sign in to comment