none
ASE Internal ISE / Subdomain has disappeared RRS feed

  • Question

  • I've been creating several ASE with an Internal ISE in preparation for a production deployment...and today I feel it's reacting differently.  I had an ASE, but the subdomain was wrong.  I deleted the ASE, waiting some 20 min to ensure that there would be no name conflicts and tried to create it again.  This time however, the subdomain field does not appear when "Internal Type"  is selected see below... clicking through the "wizard" the review shows the domain to be the Azure domain, as opposed to the subdomain as in previous attempts - is the internal domain using Azure DNS in the same way as external???  I have not found any documentation, nor is the current document current withe screen shots in this documentation:

    https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase

    Thursday, May 23, 2019 2:38 PM

All replies

  • One of the blockers to adopting ILB ASE was the ILB ASE cert. To simplify the setup process and adoption, we are moving to where we create an ILB ASE with the DNS suffix of <asename>.appservicenvironment.net  The apps made against this ASE will not be in the public DNS and you still have the ability to configure custom domain names as you see fit.  By using a domain name under our control, you will no longer have to fret over setting the ILB ASE cert up. This means you only need to provide certs for your individual apps, rather than a wildcard cert for the entire ILB ASE.

    If you prefer the old experience, you should be able to click the banner on the top of your screenshot to go back to the classic experience.

    Doc updates/blogs should be rolling out shortly to highlight these changes.


    Thursday, May 23, 2019 5:48 PM
    Moderator
  • This is a good step forward - but how do I configure the HTTPS listener from an Azure application gateway? It wants the Certificate for the configuration of the port 443... https://docs.microsoft.com/en-ca/azure/app-service/environment/create-ilb-ase#couple-an-ilb-ase-with-a-waf-device ??? 
    Thursday, May 23, 2019 9:31 PM
  • appservicenvironment.net is a Microsoft owned domain so you will not be able to get a cert for that domain.

    You should be able to proceed as normal by setting up an app in the ILB ASE. In the below example, a web app with the name test.appgwtestase.com was added to the ILB ASE. You should be able to create the probe for that specific app and use the cert for that app's domain (standard SSL cert or wild card if you'll have more than one app in the ILB ASE with that domain).

    Listener: Multi-site
    Port: 443
    Hostname: test.appgwtestase.com
    SSL Certificate: CN=test.appgwtestase.com
    Backend Pool: IP address or FQDN
    IP Address: 10.1.5.11
    HTTP Settings: HTTPS
    Port: 443
    Custom Probe: Hostname – test.appgwtestase.com
    Authentication Certificate: .cer of test.appgwtestase.com



    Friday, May 24, 2019 1:23 AM
    Moderator