Private connection between Azure Web App and Database for MySQL

Question

Private connection between Azure Web App and Database for MySQL

Uhmazing34 30

Hello,

In Azure I created a new Azure Database for MySQL flexible server, with connectivity method "Private acces (VNet Integration)".

I have an existing Azure Web App that I want to use to connect it to the new Database MySQL server through private connection.

When I created the Azure DB MySQL server, I assigned it the existing VNet (the same one that the Web App uses) and assigned it an own subnet.
I also created a Private DNS zone. My question is, how can I configure it so that there is a private connection between the existing Web App and the newly created Database Server? Thank you in advance.

ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-04-27T19:41:39.3233333+00:00

@Uhmazing34 ,

Just checking in to see if you had got a chance to see the previous response.
If the answer helped (pointed you in the right direction) > please click Accept Answer
Or please share the requested/more info to help you better.

1 answer

Your answer

ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-04-27T19:41:39.3233333+00:00

@Uhmazing34 ,

Just checking in to see if you had got a chance to see the previous response.
If the answer helped (pointed you in the right direction) > please click Accept Answer
Or please share the requested/more info to help you better.

Answer 1

ajkuma 28,111 Microsoft Employee Moderator

@Uhmazing34 ,

As I understand from your scenario description that you are wanting to establish a private connection between your WebApp, both WebApp and Azure Database for MySQL are on the same VNET, with Private DNS zone.

I understand you have mentioned, “assigned it an own subnet”. Just to clarify, are they both on same subnet or different?

You now need to have subnet that is delegated to App Service Web App endpoint. You may create a new subnet in the same virtual network as the database server was created. Please see the doc steps.

If you haven’t done this already, create a DNS record in the private DNS zone for the MySQL server.
(You may do this by going to the "Private DNS zones" blade in the Azure portal. Create a new DNS record and specify the name of the MySQL server and the private IP address of the private endpoint.)

Update the connection string for the Web App to use the private endpoint.
(You may do this by updating the connection string in the Web App's configuration settings to use the private endpoint DNS name instead of the public DNS name)

Your MySQL flexible server must be in a subnet that is delegated for MySQL flexible server use only.

Please checkout these docs for more info:

Kindly let us know how it goes, I’ll be happy to follow-up with you further.

Uhmazing34 30 Reputation points

2023-04-28T11:20:06.5166667+00:00
Thanks ajkuma, sorry for the late response.

They are both on a different subnet.
Below is some more information to clarify things:

The Web App and Azure Database for MySQL are both in the same VNet, which has address space 192.168.100.0/22.

The Azure Database for MySQL has it's own subnet 192.168.101.64/26.

If I understand correctly, I now have to create a new subnet for the Web App?
If yes, would 192.168.202.0/26 work as subnet address range? All ranges below are in use already.

Regarding the Private DNS integration: when I created the Azure Database for MySQL, I created a private DNS zone with it, so the private DNS zone is currently linked with the Azure Database for MySQL.
ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-04-30T15:59:20.4966667+00:00

No worries. thank you for providing more information. yes, you will need to create a new subnet for the Web App to enable VNet integration with the Azure Database for MySQL. The new subnet should be in the same VNet as the Azure Database for MySQL and should have a different IP address range than the subnet used by the Azure Database for MySQL.

Regarding the subnet address range, 192.168.202.0/26 should work as a subnet address range for the Web App. However, please note that the subnet address range should not overlap with any other subnet address range in the same VNet.

Regarding the Private DNS integration, since you have already created a private DNS zone with the Azure Database for MySQL, you can link the private DNS zone to the VNet where the Web App is deployed. This will allow seamless resolution of private DNS within the current VNet, or any peered VNet to which the private DNS zone is linked. If the IP address of the backend flexible server changes during failover or any other event, typically your integrated private DNS zone will be updated automatically to ensure your application connectivity resumes automatically once the server is online.
Uhmazing34 30 Reputation points

2023-05-01T14:16:13.28+00:00

Thanks again. I have just created a new subnet for the Web App. The subnet is in the same VNet as the Azure Database for MySQL and has a different IP address range than the subnet used by the Azure Database for MySQL.

If I understand correctly, the next step is to go to the Web App -> Settings -> Networking -> In the section "Outbound Traffic" open VNet integration. In the VNet integration I click on Add VNet -> Select the VNet -> Select existing subnet -> Select the subnet that I created for the Web App?

If correct, and if that has been done, I have to link the private DNS zone to the VNet where the Web App is deployed.

To do this, do I go to Private DNS Zones -> Settings -> Virtual network links? If yes, I can see that the Private DNS Zone is already linked to the VNet (automatically).

If the above steps are correct and executed, is there anything else I need to do?
In the Web App -> Settings -> Networking -> Inbound Traffic: Do I have to do something with Private endpoints and/or Access restrictions?

Thank you in advance.
ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-05-02T19:06:37.1+00:00

Yes, you are correct. The next step is to enable VNet integration for the Web App by going to the "Networking" blade in the Azure portal and selecting "VNet Integration". From there, you can select the VNet and subnet that the Web App is in and enable VNet integration.

Once you have enabled VNet integration, you can link the private DNS zone to the VNet where the Web App is deployed.

To do this, you can go to the "Private DNS zones" blade in the Azure portal and select the private DNS zone you created for the Azure Database for MySQL. Then, click on the "Virtual network links" tab and verify that the private DNS zone is already linked to the VNet where the Web App is deployed.

If the VNet integration and private DNS zone linking are correctly configured, you should not need to do anything else in the Web App's "Networking" blade. The private endpoint and access restrictions settings are not necessary for VNet integration with a private Azure Database for MySQL.

However, you may need to update the connection string for your Web App to use the private endpoint DNS name instead of the public DNS name. You can do this by updating the connection string in the Web App's configuration settings to use the private endpoint DNS name instead of the public DNS name.

I hope this helps! Let me know if you have any further questions.
Uhmazing34 30 Reputation points

2023-06-27T09:28:24.9366667+00:00

@ajkuma The connection seems to be fine, but at some moments the connection drops between the Web App and the Azure Database for MySQL flexible server.

I read about Connection Strings under the Settings of the Web App, but I see that there is no Connection String configured. Is this what could be causing the issue of the connection drops?

If yes, when adding a new Connection String to the Web App, what would I have to fill in below?

Thank you in advance.
ajkuma 28,111 Reputation points Microsoft Employee Moderator

2023-07-03T18:52:54.18+00:00

Apologies for the delay. Yes, configuring a connection string for your Web App is necessary to establish a reliable connection between your Web App and the Azure Database for MySQL flexible server.

Once you have added the connection string, your web app should be able to connect to the Azure Database for MySQL flexible server without any connection drops. If you continue to experience connection drops, there could be other factors/possible causes, such as network issues or server configuration issues.

You may always leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal.

In the left navigation, click on Diagnose and solve problems - Review and run – Network troubleshooter, and “Configuration and Management.

--Checkout the log directory/location information info - Access log files --Enable and review logs to fetch more details about the error.
Ref: Troubleshooting intermittent outbound connection errors in Azure App Service

Share via

Private connection between Azure Web App and Database for MySQL

1 answer

Your answer