Azure API Managment NSG setup when configuring with Service Fabric
Question
My Azure API Management and Service Fabric are in same Vnet but is 2 different subnet.
They both have the same NSG. API management need to contact Service Fabric in port 19080
service-fabric-backend (0.038 ms)
{
"message": "Resolving partition",
"resourceId": "https://dev-myservicefabric-sf.ukwest.cloudapp.azure.com:19080",
"managementEndpoint": [
"https://dev-myservicefabric-sf.ukwest.cloudapp.azure.com:19080"
],
"serviceName": {},
"partitionKey": {
"kind": "Singleton"
}
}
This is the NSG Rule I have set. But when I set this i am not able to communicate with the service fabric. What is the correct rule configuration other than putting Any (*).
1 answers
solution1
0 2018-12-02 01:05:32
The SF NSG must be configured to allow access to the default ports used by Service Fabric, not only 19080.
In your cluster configuration these values are defined like below:
"nodeTypes": [{ "name": "NodeType0", "clientConnectionEndpointPort": "19000", "clusterConnectionEndpointPort": "19001", "leaseDriverEndpointPort": "19002" "serviceConnectionEndpointPort": "19003", "httpGatewayEndpointPort": "19080", "reverseProxyEndpointPort": "19081", "applicationPorts": { "startPort": "20575", "endPort": "20605" }, "ephemeralPorts": { "startPort": "20606", "endPort": "20861" }, "isPrimary": true }]
In the cluster configuration tutorial, it explains they used a pre-configured NSG: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-create-vnet-and-windows-cluster#virtual-network-subnet-and-network-security-group
Based on your settings, you have to open ports 19000, 19080, to publish new applications and manage the cluster. Also these ports must be accessible from source * (internet) or from your company IP, Not just API Mgmt IPs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.