Today we’ll be going through the process of putting Azure FrontDoor in front (pun intended!) of a web app.
Step One) Adding the custom domain
The first step is to add a new custom domain to your Frontend hosts ;
Now if you go through this, you’ll see that AFD expects you to link the custom domain to the azurefd.net domain in order to proceed.
Continue reading “Putting Azure FrontDoor in front of your webapp”
To, without shame, grab the introduction of the “Static website hosting in Azure Storage” page ;
As deployments shift toward elastic, cost-effective models, the ability to deliver web content without the need for server management is critical. The introduction of static website hosting in Azure Storage makes this possible, enabling rich backend capabilities with serverless architectures leveraging Azure Functions and other PaaS services.
Which, to me, sounds great! As one of my projects (VMchooser) is actually a static site (VueJS based Single Page App) that could just as well run on Azure Storage (thus reducing my cost footprint). So today we’re going to test that one out, and afterwards integrate it into our existing CI/CD pipeline (powered by Azure DevOps).
Continue reading “Using Azure DevOps to deploy your static webpage (SPA) to Azure Storage”
In an earlier blog post I discussed the decision criteria in selecting a VM. In that post I also showed a tool called “VMchooser“. Today’s post will be on the architecture I used to build this one. As you might have guessed, it’s built on Azure components. Let’s get to it and check the anatomy of this application.
High Level Architecture
VMchooser has the following high level architecture ;
- Web App : The front-end of the application is hosted on an Azure Web App.
- Azure Functions : The back-end API & batch parser are built with Azure Functions. Which unlocks insane scaling possibilities.
- Storage Account : The storage account serves as decoupled/central storage component for the batch parsing. And it could also be used for hosting the “database” (flat file).
- Application Insights : Application insights is used to have the needed insights into the usage & other metrics.
- Github : All code for this project is open-source and publically hosted. You can run your own VMchooser if you want… 😉 Every change is immediately pushed towards the front-end, back-end & database.
- API Management : As the back-end API is decoupled from the application, I’ve also linked this api with api management. This would provide me with the option to allow 3th party application integrations via an API subscription plan.
Continue reading “The anatomy of “vmchooser”… Adding some serverless into the architecture!”
In my previous post I talked about integrating Azure MySQL with a PHP webapp. Today we’ll elaborate on that one a bit further and see how we can setup CodeIgniter to use the Azure MySQL.
Prep the webapp
First thing, set all your database variables as app settings (read: environment variables) ;
That’s it as preparation 😉
Continue reading “Setting up Azure MySQL with CodeIgniter by having SSL enforced”
Sometimes we come across applications that needed some basic form of protection, but (sadly enough) the code base did not allow it. Today we’ll see how we can enable authentication / authorization on your web app, -without- altering any code! We’ll be doing this capability from the web app service itself, without the code noticing anything of this.
Enable / Configure the Azure Active Directory Authentication
Let’s start by doing to our web app and looking for the “Authentication / Authorization” section.
We’ll enabling the “App Service Authentication”. As we do not want guests, we’ll select “Log in with Azure Active Directory” as a way to force authentication. Next up we’ll configure the Azure Active Directory ;
Continue reading “Protecting your webapp with Azure Active Directory WITHOUT adjusting any code…”
As a hobby effort, I wanted to create a small poc where any user would be able to login with their AAD user, grant access to an application, after which that application could query their subscriptions.
In all honesty, I’ve been struggling more than I like to admit with getting this working… So this post will cover all the steps that you need to do to get this working!
Oauth & Azure AD
Before getting our hands dirty, read up on the following post ; Authorize access to web applications using OAuth 2.0 and Azure Active Directory
Ready it thoroughly! To be honest, I didn’t at first and it cost me a lot of time. 😉
Anyhow, the flow looks as follows…
- We’ll redirect the user to sign-in (and if this hasn’t been done, grant our application access)
- If all went well, we’ll receive an authorization code
- We’ll use this code to get a bearer (and refresh) token
- Next up we’ll use the bearer code to connect to the Azure REST API for getting the list of subscriptions for that user.
Continue reading “Azure : Using PHP to go all oauth2 on the management API!”
Ever heard of the azure application gateway? No… I understand. It is (strangely enough) a component that is often overlooked. In essence, what does it do? Look at it as a load balancer on security steroids. The basic form will help you in terms of SSL offloading, where the advanced form will turn it into a WAF.
Continue reading “Azure Application Gateway : Often overlooked…”