I have terraform code to deploy a web app. It applies just fine but the created app's SCM Kudu site is not available and shows "Application Error" page, i.e. HTTP 503 error. There is nothing deployed to the service yet. I connect from the VPN that is whitelisted to access either the main site and the SCM site.
How do I troubleshoot the Kudu site if it does not give me any access to it (HTTP 503 error)?
How do I find out the reason for the issue?
Is it the vNet integration what's wrong? Disconnecting the vNet integration on the Azure portal does not help though. Any ideas of how to go about debugging this?
The terraform code is as follows. I included the relevant resources only. Let me know if you need to know other parts also
resource "azurerm_virtual_network" "main" {
name = "${local.prefix}-vnet-${local.suffix}"
location = azurerm_resource_group.web_app.location
resource_group_name = azurerm_resource_group.web_app.name
address_space = [var.vnet_cidr]
}
resource "azurerm_subnet" "web" {
name = "${local.prefix}-web-snet-${local.suffix}"
resource_group_name = azurerm_resource_group.web_app.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = [var.web_snet_cidr]
private_endpoint_network_policies_enabled = true
delegation {
name = "Microsoft.Web/serverFarms"
service_delegation {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}
resource "azurerm_service_plan" "web" {
name = "${var.org}-web-asp-${local.suffix}"
resource_group_name = azurerm_resource_group.web_app.name
location = azurerm_resource_group.web_app.location
os_type = "Linux"
sku_name = "S1"
}
resource "azurerm_linux_web_app" "web" {
name = "${local.prefix}-web-${local.suffix}"
resource_group_name = azurerm_resource_group.web_app.name
location = azurerm_resource_group.web_app.location
service_plan_id = azurerm_service_plan.web.id
client_affinity_enabled = true
https_only = true
virtual_network_subnet_id = azurerm_subnet.web.id
storage_account {
name = "models"
share_name = "models"
mount_path = "/mnt/models"
type = "AzureFiles"
account_name = local.sta_info_name
access_key = local.sta_info_access_key
}
key_vault_reference_identity_id = local.app_identity_id
identity {
type = "SystemAssigned, UserAssigned"
identity_ids = [ local.app_identity_id ]
}
site_config {
ftps_state = "Disabled"
http2_enabled = true
scm_minimum_tls_version = "1.2"
vnet_route_all_enabled = true
application_stack {
docker_registry_url = var.acr_url
docker_registry_username = var.acr_username
docker_registry_password = var.acr_password
docker_image_name = var.docker_image_name
}
ip_restriction {
action = "Allow"
headers = []
ip_address = "${var.vpn_address}/32"
name = "VPN"
priority = 100
}
scm_ip_restriction {
action = "Allow"
headers = []
ip_address = "${var.vpn_address}/32"
name = "VPN"
priority = 100
}
}
logs {
http_logs {
file_system {
retention_in_mb = 35
retention_in_days = 30
}
}
}
app_settings = {
"WEBSITES_ENABLE_APP_SERVICE_STORAGE" = "false"
"MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" = azuread_application_password.web.value
}
sticky_settings {
app_setting_names = [
"MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
]
}
}