How to connect frontend and backend with vnet integration and private endpoint

Andoni Garrido Albizu 20 Reputation points
2023-09-21T10:41:26.3333333+00:00

Hello,

I want to implement the following architecture or something similar.

User's image

But I don't know how to do it correctly.

  • I restrict the public endpoint of the frontend, so it is only accessible through the app gateway.
  • I enable vnet integration to route outbound traffic of the frontend through a vnet.
  • I want to call the api of the backend but i dont want to expose it. I have already used the DNS configuration of the private link but I can't reach the backend from the frontend.

Any recomendation or additional information?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,396 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
502 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,643 questions
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 16,121 Reputation points Microsoft Employee
    2023-09-26T01:11:07.8266667+00:00

    @Andoni Garrido Albizu If you have already configured the Private DNS zone associated with the VNet and you are still unable to call the backend API from the frontend app service with VNet integration, then there might be some additional configuration required.

    Here are a few things you can check:

    1. Make sure that the VNet integration is set up correctly for the frontend app service. You can refer to the following documentation for more information on how to set up VNet integration for an app service: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

    Check if the backend API is accessible from the subnet where the frontend app service is deployed. You can do this by deploying a VM in the same subnet as the frontend app service and trying to access the backend API from there.

    Check if the backend API is accessible from the subnet where the VNet integration is set up. You can do this by deploying a VM in the same subnet as the VNet integration and trying to access the backend API from there.

    Make sure that the Private Endpoint for the backend API is set up correctly. You can refer to the following documentation for more information on how to set up a Private Endpoint for an app service: https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal

    If you have checked all of the above and are still unable to call the backend API from the frontend app service with VNet integration, then you might need to troubleshoot further. You can refer to the following documentation for more information on how to troubleshoot VNet integration issues: https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-vnet-integration-issues

    Let me know the results of what Kapil and I shared so we can assist further if necessary.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.