How to deploy war files from azure DevOps private build agents to azure web app (Private Endpoint is raised already for the web app)

asked 2020-09-29T15:14:02.643+00:00
Surya Prakash 1 Reputation point

HI All,

I have two web apps in my subscription for which two Private endpoints are raised for preventing the public access. Now When I am trying to deploy the application war files to these web apps from my azure DevOps pipeline with self hosted build agents, I am getting the following error:
[error]Failed to deploy web package to App Service.
[error]Error: Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403)

How to enable my pipelines to deploy war files to these web apps? Is there any workaround for this scenario?

usually after configuring DNS for the web app, I should able to connect from pipeline. But we don't have that chance to wait till this happens.
Please note that we haven't configured any custom DNS as of now. So I am not even able to open webapp.scm from my browser. I am getting 403 error not found.

Azure Web Apps
Azure Web Apps
A feature of Azure App Service used to create and deploy scalable, mission-critical web apps.
4,306 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,173 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
273 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2020-09-30T19:51:22.487+00:00
    Ryan Hill 15,991 Reputation points Microsoft Employee

    @Surya Prakash ,

    I'm assuming that the Private Endpoint you're referring to is https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint. Whether your build agent is hosted on-prem with configured VPN or hosted in an Azure VM that's part of your configured vnet or peered, make sure your firewall is configured to allow traffic from document endpoints:

    *.visualstudio.com:

    dev.azure.com:

    EDIT: Furthermore, you can check https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment?view=azure-devops#web-app-deployment-on-app-service-environment-ase-is-not-working for additional troubleshooting steps that may be preventing deployment to your Private Endpoint. Even though this doc is referring to ASE, it also applies to Private Endpoint.