Skip to content

Update deploy_private.md docs to reflect new feature #2666

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 4, 2025
Merged

Update deploy_private.md docs to reflect new feature #2666

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions docs/deploy_private.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,11 @@ urlFragment: azure-search-openai-demo-private-access

The [azure-search-openai-demo](/) project can set up a full RAG chat app on Azure AI Search and OpenAI so that you can chat on custom data, like internal enterprise data or domain-specific knowledge sets. For full instructions on setting up the project, consult the [main README](/README.md), and then return here for detailed instructions on configuring private endpoints.

⚠️ This feature is not yet compatible with Azure Container Apps, so you will need to [deploy to Azure App Service](./azure_app_service.md) instead.

If you want to disable public access when deploying the Chat App, you can do so by setting `azd` environment values.
If you want to disable public access for the application so that it can only be access from a private network, follow this guide.

## Before you begin

Deploying with public access disabled adds additional cost to your deployment. Please see pricing for the following products:
Deploying with private networking adds additional cost to your deployment. Please see pricing for the following products:

* [Azure Container Registry](https://azure.microsoft.com/pricing/details/container-registry/): Premium tier is used when virtual network is added (required for private links), which incurs additional costs.
* [Azure Container Apps](https://azure.microsoft.com/pricing/details/container-apps/): Workload profiles environment is used when virtual network is added (required for private links), which incurs additional costs. Additionally, min replica count is set to 1, so you will be charged for at least one instance.
Expand All @@ -46,7 +44,7 @@ The pricing for the following features depends on the [optional features](./depl
either by deleting the resource group in the Portal or running `azd down`.
You might also decide to delete the VPN Gateway when not in use.

## Recommended deployment strategy for private access
## Deployment steps for private access

1. Configure the azd environment variables to use private endpoints and a VPN gateway, with public network access disabled. This will allow you to connect to the chat app from inside the virtual network, but not from the public Internet.

Expand Down