You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/environment/networking.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: App Service Environment networking
3
3
description: App Service Environment networking details
4
4
author: madsd
5
5
ms.topic: overview
6
-
ms.date: 07/18/2024
6
+
ms.date: 08/06/2024
7
7
ms.author: madsd
8
8
---
9
9
@@ -52,10 +52,12 @@ App Service Environment has the following network information at creation:
52
52
|--------------|-------------|
53
53
| App Service Environment virtual network | The virtual network deployed into. |
54
54
| App Service Environment subnet | The subnet deployed into. |
55
-
| Domain suffix | The domain suffix that is used by the apps made. |
55
+
| Domain suffix | The default domain suffix that is used by the apps. |
56
+
| Custom domain suffix | (optional) The custom domain suffix that is used by the apps. |
56
57
| Virtual IP (VIP) | The VIP type used. The two possible values are internal and external. |
57
58
| Inbound address | The inbound address is the address at which your apps are reached. If you have an internal VIP, it's an address in your App Service Environment subnet. If the address is external, it's a public-facing address. |
58
-
| Default outbound addresses | The apps use this address, by default, when making outbound calls to the internet. |
59
+
| Worker outbound addresses | The apps use this or these addresses, when making outbound calls to the internet. |
60
+
| Platform outbound addresses | The platform uses this address, when making outbound calls to the internet. An example is pulling certificates for custom domain suffix from Key Vault if a private endpoint isn't used. |
59
61
60
62
You can find details in the **IP Addresses** portion of the portal, as shown in the following screenshot:
61
63
@@ -72,7 +74,7 @@ You can bring your own inbound address to your App Service Environment. If you c
72
74
73
75
## Ports and network restrictions
74
76
75
-
For your app to receive traffic, ensure that inbound network security group (NSG) rules allow the App Service Environment subnet to receive traffic from the required ports. In addition to any ports, you'd like to receive traffic on, you should ensure that Azure Load Balancer is able to connect to the subnet on port 80. This port is used for health checks of the internal virtual machine. You can still control port 80 traffic from the virtual network to your subnet.
77
+
For your app to receive traffic, ensure that inbound network security group (NSG) rules allow the App Service Environment subnet to receive traffic from the required ports. In addition to any ports you'd like to receive traffic on, you should ensure that Azure Load Balancer is able to connect to the subnet on port 80. This port is used for health checks of the internal virtual machine. You can still control port 80 traffic from the virtual network to your subnet.
76
78
77
79
> [!NOTE]
78
80
> Changes to NSG rules can take up to 14 days to take effect due to HTTP connection persistence. If you make a change that blocks platform/management traffic, it could take up to 14 days for the impact to be seen.
@@ -139,7 +141,7 @@ The following sections describe the DNS considerations and configuration that ap
139
141
140
142
### DNS configuration to your App Service Environment
141
143
142
-
If your App Service Environment is made with an external VIP, your apps are automatically put into public DNS. If your App Service Environment is made with an internal VIP, when you create your App Service Environment, if you select having Azure DNS private zones configured automatically, then DNS is configured in your virtual network. If you choose to configure DNS manually, you need to either use your own DNS server or configure Azure DNS private zones. To find the inbound address, go to the App Service Environment portal, and select **IP Addresses**.
144
+
If your App Service Environment is made with an external VIP, your apps are automatically put into public DNS. If your App Service Environment is made with an internal VIP, you have two options when you create your App Service Environment. If you select having Azure DNS private zones configured automatically, then DNS is configured in your virtual network. If you choose to configure DNS manually, you need to either use your own DNS server or configure Azure DNS private zones. To find the inbound address, go to the App Service Environment portal, and select **IP Addresses**.
143
145
144
146
If you want to use your own DNS server, add the following records:
0 commit comments