The following forum(s) have migrated to Microsoft Q&A (Preview): Azure App Service - Web Apps!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Linux App Service VNet Integration Preview PORT setting RRS feed

Answers


  • However, if the port number is dynamic and not known until the application is deployed, how can this be set within the Dockerfile, it does not appear to be possible set this to an environment variable?


    Azure App Service for Linux injects the PORT / SSH_PORT environment variables into the docker container's environment when it is created.  So, scripts and processes executing inside your container should automatically have the PORT / SSH_PORT environment variables set to the dynamic port on which is should listen for HTTP / WebSSH traffic.

    This is demonstrated in the example provided on GitHub, which was referenced in the App Service Linux VNET Integration documentation.

    • Marked as answer by MarkBowler Friday, August 16, 2019 1:24 PM
    Thursday, August 15, 2019 4:18 PM

All replies


  • However, if the port number is dynamic and not known until the application is deployed, how can this be set within the Dockerfile, it does not appear to be possible set this to an environment variable?


    Azure App Service for Linux injects the PORT / SSH_PORT environment variables into the docker container's environment when it is created.  So, scripts and processes executing inside your container should automatically have the PORT / SSH_PORT environment variables set to the dynamic port on which is should listen for HTTP / WebSSH traffic.

    This is demonstrated in the example provided on GitHub, which was referenced in the App Service Linux VNET Integration documentation.

    • Marked as answer by MarkBowler Friday, August 16, 2019 1:24 PM
    Thursday, August 15, 2019 4:18 PM
  • Thanks.  PORT is passed through, however SSH_PORT isn't, as per below:

    2019-08-15 13:23:08.347 INFO  - docker run -d -p 17908:17908 --name dude-vnet-linux-uks-poc_0 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=true -e WEBSITE_SITE_NAME=dude-vnet-linux-uks-poc -e WEBSITE_AUTH_ENABLED=False -e PORT=17908 -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=dude-vnet-linux-uks-poc.azurewebsites.net -e WEBSITE_INSTANCE_ID=74a00607285d883b7d8bba56c6442a95e1c75f2e7e55bc860a2aed31d56ba255 dudevnetpoc.azurecr.io/dude/vnetpoc:v3 

    I've configured Apache to listen on PORT, however it doesn't seem to be working.  Within my Dockerfile, I normally need to add `EXPOSE 80` as well.  I'll have another crack at it when I'm back in the office tomorrow.

    Thursday, August 15, 2019 6:07 PM
  • Got this bit to work.  My Apache configuration wasn't quite right, once I corrected this my container is now starting up and I can send HTTP traffic to it.

    Thanks for your response.

    Friday, August 16, 2019 1:24 PM
  • I'm seeing the same; SSH is not working with VNet integration.

    Specifically the 'docker run' command that App Service automatically builds to include parameters ('-p xxxxx:xxxxx' and '-e PORT=xxx') works as expected. However it does not automatically specify the '-e SSH_PORT=yyyyy' parameter. So the container image does not receive the $SSH_PORT environment variable with which to start the ssh service, even though the image is correctly configured to use that environment variable.

    What are we missing here?


    Roger Sass

    Friday, October 4, 2019 10:59 PM
  • The SSH_PORT doesn't seem to get passed on the docker run command line, but rather is passed using whatever mechanism is used for the app settings.  I made the following changes to get it to work:

    Amended the sshd_config file as follows:

    #
    # /etc/ssh/sshd_config
    #
    
    Port                    SSH_PORT
    ListenAddress           0.0.0.0
    LoginGraceTime          180
    X11Forwarding           yes
    Ciphers                 aes128-cbc,3des-cbc,aes256-cbc
    MACs                   hmac-sha1,hmac-sha1-96
    StrictModes             yes
    SyslogFacility          DAEMON
    PrintMotd               no
    IgnoreRhosts            no
    # Deprecated options
    #RhostsAuthentication   no
    #RhostsRSAAuthentication yes
    #RSAAuthentication      no
    PasswordAuthentication  yes
    PermitEmptyPasswords    no
    PermitRootLogin         yes

    Then changed the startup script to perform the following before the ssh daemon is started:

    sed -i "s/SSH_PORT/$SSH_PORT/g" /etc/ssh/sshd_config
    

    I found the VNet integration to be quite flaky, it often needed to be removed and re-added before it would take effect.  The functionality is in preview, so hopefully they'll resolve the issues before it goes live.

    Also note that the SSH_PORT doesn't seem to be passed when VNet integration isn't enabled, which needs accounting for and means you can't use a consistent deployment.

    Hope this helps.

    Regards,

    Mark.



    • Edited by MarkBowler Monday, October 7, 2019 8:04 AM
    Monday, October 7, 2019 8:01 AM
  • Thank you Mark Bowler. The technique you provided does work for me too. Agree the VNet integration sometimes is not reliable, as I needed to stop/start the App Service and/or disassociate/re-associate the VNet integration to make it work. It is Preview so I guess that is to be expected.

    Roger Sass

    Monday, October 7, 2019 4:04 PM