appservice

Question

appservice

Genet Hagos 1

I have a service with both frontend and backend components deployed on an App Service. We are transitioning to a new subscription. I have redeployed the services, but both the old and new App Services have the same custom IP. Sometimes, when I use the new frontend, it inadvertently calls the old backend, even though it's configured to use the new frontend

Luis Arias 9,536 Reputation points Volunteer Moderator

2023-11-23T19:13:32.8433333+00:00
Hi Genet Hagos,

Can you share more context? :

Are you talking about publics or private IPs?

Did you already try to modify in the new frontend the code to point to a new IP address?

Did you try to change to IP address of the new Backend?

Let me know in order to help you.

Luis
Genet Hagos 1 Reputation point

2023-11-24T12:49:45.2133333+00:00

I have different domains for all four of them, and I'm recalling the backend using the domain name https://backendxxx.azurewebsites.net. However, my problem is that since all the domains are using the same custom IP address, sometimes it redirects to the old backend https://old-backend.azurewebsites.net.
Anonymous

2023-11-24T13:02:13.7033333+00:00

I am not sure I understand :) As far as I know you can only have one IP SSL binding (more than one SNI) and the underlying inbound IP are shared

Can you expand more on exactly what you're doing? an IP address lookup on the default name would either return one of the stamp inbound IP , or for IP SSL , a new dedicated IP

If you've changed subscription you've also changed resource group , assuming both are in the same region- it is VERY unlikely the new web app you created ended up on the same stamp , but even if it did an ip ssl address would need to be unique

Are you using IP SSL here? Is it the case that you are observing the two default app CNAMES are returning the SAME public IP?

Note: The IP address should be irrelevant if (as you say) you're using the FQDN - because App service routes based on the default FQDN subdomain value

1 answer

Your answer

Luis Arias 9,536 Reputation points Volunteer Moderator

2023-11-23T19:13:32.8433333+00:00

Hi Genet Hagos,

Can you share more context? :

Are you talking about publics or private IPs?

Did you already try to modify in the new frontend the code to point to a new IP address?

Did you try to change to IP address of the new Backend?

Let me know in order to help you.

Luis
Genet Hagos 1 Reputation point

2023-11-24T12:49:45.2133333+00:00

I have different domains for all four of them, and I'm recalling the backend using the domain name https://backendxxx.azurewebsites.net. However, my problem is that since all the domains are using the same custom IP address, sometimes it redirects to the old backend https://old-backend.azurewebsites.net.
Anonymous

2023-11-24T13:02:13.7033333+00:00

I am not sure I understand :) As far as I know you can only have one IP SSL binding (more than one SNI) and the underlying inbound IP are shared

Can you expand more on exactly what you're doing? an IP address lookup on the default name would either return one of the stamp inbound IP , or for IP SSL , a new dedicated IP

If you've changed subscription you've also changed resource group , assuming both are in the same region- it is VERY unlikely the new web app you created ended up on the same stamp , but even if it did an ip ssl address would need to be unique

Are you using IP SSL here? Is it the case that you are observing the two default app CNAMES are returning the SAME public IP?

Note: The IP address should be irrelevant if (as you say) you're using the FQDN - because App service routes based on the default FQDN subdomain value

Answer 1

Anonymous

Hi - I am not sure I understand either ... but i can offer some advice:

When you create an app service resource (app service plan) within a resource group you're pinned to a specific App service stamp - this influences the inbound and outbound ip address list in properties for each app on the plan as these are the shared IPs available

Irrespective you're also given a default name "<your app service resource name>.azurewebsites.net" which allows you to address each web app (and for which you can override with a custom name with backing SSL cert if you wish)

So when you call other apps (in your case front end calls backend) it should be either via the default FQDN (ending in azurewebsites.net) or your custom name. You should not try and use the IP address

It is possible to use IP SSL with App service and this is a way to create a dedicated inbound IP (as opposed to shared). But even here app to app should still be using the FQDN and public DNS (not the IP) REF https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#2-remap-records-for-ip-based-ssl

Genet Hagos 1 Reputation point

2023-11-24T12:50:15.7233333+00:00

I have different domains for all four of them, and I'm recalling the backend using the domain name https://backendxxx.azurewebsites.net. However, my problem is that since all the domains are using the same custom IP address, sometimes it redirects to the old backend https://old-backend.azurewebsites.net.
Ajay Kumar N 28,261 Reputation points Microsoft Employee Moderator

2023-11-30T04:52:17.5166667+00:00

Apologies for the delayed response. If you're still seeing this issue, as Ben pointed out, for a deeper investigation, we would need additional info about your subscription and Azure resource/config (to check internal logs), if you have a support plan, you may raise a support ticket or let us know.

Share via

appservice

1 answer

Your answer