stackoom
  简体   繁体   中英

How to path-based reverse proxy app service behind application gateway?

 原文  2022-02-02 20:47:16       azure/ asp.net-core/ azure-web-app-service/ azure-application-gateway

Question

I have an application gateway configured with my wildcard certificate that I want to use to proxy myapp.azurewebsites.net (an ASP.NET core application) behind myapp.mywebsite.net/mypath.

I have an existing site running on myapp.mywebsite.net configured in the gateway, but I want just the /mypath route to point to the app service. How can I accomplish this?

1 answers

solution1
 0  2022-02-02 20:47:16

Step 1 - Configuring the Gateway

  1. Add a new backend target for myapp.azurewebsites.net
  2. Add a new http setting, enable hostname override with specific domain name for myapp.azurewebsites.net . Don't add the path override, we want the /mypath to be passed to the app service.
  3. Edit the existing path-based rule for the site:
    1. Add new path-based rule
      1. path= /mypath/*
      2. name= mypathname // can be whatever
      3. httpsetting=the one we just made
      4. backendpool=the one we just made

This will point myapp.mywebsite.net/mypath to the site

Step 2 - Configuring the Application

Startup.cs - Configure

See here for more info.

Add the following to the very start of the Configure method. We want headers to be adjusted before all other middleware happens.

app.UseForwardedHeaders(); // Enable hostname to be derived from headers added by app gateway
app.UsePathBase("/mypath"); // Tell ASP.NET that we have a base path

See here for debugging help.

Startup.cs - ConfigureServices

We need to tell ASP.NET to trust the gateway headers 

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
    options.AllowedHosts.Add("myapp.mywebsite.net");
    options.KnownProxies.Add(IPAddress.Parse("10.my.gateway.ip"));
});

If you are using

services.AddMicrosoftIdentityWebAppAuthentication(config);

for auth, we need to override the reply url so it points to myapp.mywebsite.net/mypath/signin-oidc instead of myapp.azurewebsites.net/signin-oidc . This can be done with:

if (!env.IsDevelopment())
{
    services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
    {
        // options.SaveTokens = true; // this saves the token for the downstream api
        options.Events = new OpenIdConnectEvents
        {
            OnRedirectToIdentityProvider = async ctxt =>
            {
                ctxt.ProtocolMessage.RedirectUri = "https://myapp.mywebsite.net/mypath/signin-oidc";
                await Task.Yield();
            }
        };
    });
}

We only run this in dev so that running our stuff locally does the default behaviour of filling the replyurl with localhost.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Single Page Application Azure gateway path-based routing to Function App Route traffic to container using Azure Application Gateway Path-based How do I create path-based routing rules for Azure Application Gateway in C#? Multi-site application gateway path-based routing not sending traffic to Apache on VMs Application gateway URL path-based routing always redirect to default backend pool Azure App Service behind Azure Application Gateway How to setup Azure Application Gateway as reverse proxy Azure App Service authentication behind a reverse-proxy How do you change the MSAL Reply URL when the Azure APP Service is behind a reverse proxy like NGINX? Provisioning Service Fabric behind Application Gateway
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM