Azure App Service

Home » Azure Cheat Sheets » Azure Compute Services » Azure App Service

Azure App Service

Last updated on July 3, 2023

Azure App Service Cheat Sheet

  • A fully managed platform (PaaS) for building, deploying, and scaling your web apps.
  • Different types of App Services: Web Apps, Web Apps for Containers, and API Apps
  • Automatically patches and maintains the OS and language frameworks.
  • App Service can scale up or out manually or automatically.
  • App Service supports the following languages:
    • .NET
    • .NET Core
    • Java
    • Ruby
    • Node.js
    • PHP
    • Python

  • An App Service plan is a collection of compute resources needed for a web app to run.
  • Tutorials dojo strip
  • Each App Service plan consists of a region, number & size of virtual machines and pricing tier.
  • App Service plan pricing tier: 
    • Shared Compute Free and Shared are the two base tiers. These tiers allocate CPU quotas to every app running on the shared resources, but the resources cannot scale-out.
    • Dedicated Compute – It is composed of Basic, Standard, Premium, and PremiumV2 tiers. As the tier gets higher, you will have more VMs to scale-out.
    • Isolated – A dedicated virtual machine that provides maximum scale-out capabilities.

App Services Types

  • Web Apps
    • Website and online applications hosted on Azure’s managed platform.
    • Build and deploy mission-critical web applications that scale with your business.
    • It supports auto-scaling and load balancing for resilience and high availability.
  • Web Apps for Containers
    • Deploy and run containerized applications in Azure.
    • All dependencies are shipped inside the container.
  • API Apps
    • Expose and connect your backend data.
    • Connect other applications programmatically.

Deployment

  • Deployment components in App Service:
    • Deployment Source – it is where the application code is stored.
    • Build Pipeline – reads your code and takes the application in a running state
    • Deployment Mechanism – enables you to put your application in the /wwwroot directory. It also supports Kudu endpoints, FTP, and WebDeploy.
  • Deployment Center lets you choose the location of your code, as well as build and deploy to the cloud. It also has built-in continuous delivery for containers.
  • When creating an App Service plan, there are runtime stacks that will only run on Windows or Linux but not on both operating systems. For example, ASP.NET (Windows), Ruby (Linux), and Java (Windows & LDeploymentinux).
  • Swap app content and configuration elements with deployment slots.
    • The deployment slots allow you to create a staging slot for your application.
    • When you perform the swap operation, the following settings are swapped: General settings, App settings, Connection strings, Handler mappings, Public certificates, and WebJobs content.
  • App Service supports the continuous deployment of code and containers.
  • You can use local cache and deployment slots to prevent downtime.
  • App Service diagnostics will help you in troubleshooting your application.

Monitoring

  • Diagnostics logging helps you access the information logged by Azure.
    • Application logging 
      • The generated log messages by your application. Each message has the following level and categories:
        • Disabled: None
        • Error: Error, Critical
        • Warning: Warning, Error, Critical
        • Information: Info, Warning, Error, Critical
        • Verbose: Trace, Debug, Info, Warning, Error, Critical
      • You can also specify the disk quota (MB) and retention period (days) for the application logs.
      • The logs can be found on the App Service file system or Azure Storage blobs.
    • Web server logging
      • This log message contains an HTTP method, resource URI, client IP, client port, user agent, and response code.
      • You can set the retention period (days) for the web server logs.
      • The logs are stored in Azure Storage blobs or App Service file system.
    • Detailed Error Messages
      • A copy of the .htm error page. The page contains the information on why the server returns an error code (HTTP code 400 or greater).
      • The logs are stored in the App Service file system.
    • Failed request tracing
      • Detailed information on failed requests. The information you can find here helps you improve the site performance and isolate a specific HTTP error.
      • For each failed request, one folder is generated which contains the XML log file and XSL stylesheet.
      • The logs can be found on the App Service file system.
    • Deployment logging
      • This log is created when you publish content to your app.
      • You can also use this log to determine why the deployment failed. For example, if you use a custom deployment script and it fails, you can determine why the script is failing through deployment logs.
      • Like Detailed Error Messages and Failed request tracing, the logs are also stored in the App Service file system only.

Security

  • App Service protocols: HTTPS, TLS 1.1/1.2 and FTPS
  • The default domain name is using HTTPs. You can also secure your custom domain using an SSL/TLS certificate.
  • Service endpoints allow you to restrict access from a virtual network.
  • The first IP restriction rule has an explicit Deny all rule with a priority of 2147483647.
  • Service-to-service authentication:
    • Service Identity – you can use the identity of the app to access the remote resource.
    • On-behalf-of (OBO) – allows you to access a remote service using a delegated sign-in.

VNet Integration

  • It allows your app to access resources in your virtual network.
    • Regional VNet Integration 
      • You need to have a dedicated subnet to the services that you integrate with.
      • Block outbound traffic using network security groups.
      • Route table allows you to send outbound traffic.
    • Gateway-required VNet Integration 
      • Allows access to resources in the target virtual network.
      • Sync network allows you to sync certificates and network information.
      • You can also add routes for outbound traffic.

Hybrid Connections

  • Uses host:port combination.
  • It provides network access to your application using a TCP endpoint.
  • Supports access to multi-networks from a single app.
  • Host your hybrid connection endpoint using a relay agent or Hybrid Connection Manager (HCM).
  • You can run multiple HCMs on a separate machine to achieve high availability.

Azure App Service Pricing

  • You are charged on a per-second basis in the App Service plan.
  • You are charged for the applications while they are in a stopped state.
  • You are charged for data egress when using VNet Integration.
  • You are charged for each listener in a Hybrid Connection

Validate Your Knowledge

Question 1

Question Type: Single choice

You created a web app named webapp-prod using Azure App Service.

Several users are complaining that they received HTTP 500 errors whenever they try to connect to webapp-prod.

You must grant the developers real-time access to the application in order to view the connection error details.

What should you do?

  1. Enable the Web Server Logging feature.
  2. AWS Exam Readiness Courses
  3. Create a security playbook.
  4. Enable the Application Logging feature.
  5. Create resource health alerts.

Correct Answer: 1

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

Since you are dealing with raw HTTP requests data, you need to enable Web Server Logging in Azure App Service. Each log message includes data such as the HTTP method, resource URI, client IP, client port, user agent, response code, and so on. For web server logging, you can store the logs in a storage or file system and set the number of days the logs should be retained.

Hence, the correct answer is: Enable the Web Server Logging feature.

The option that says: Create a security playbook is incorrect because this is just a collection of procedures that can be run from Microsoft Sentinel in response to an alert. Take note that web server logging is not directly supported in Microsoft Sentinel.

The option that says: Enable Application Logging feature is incorrect because HTTP 500 is an internal server error. This means that there is a problem with the web server itself. To help you find the root cause, you can enable the Web Server Logging feature in Azure App Service.

The option that says: Create resource health alerts is incorrect because this option only sends resource health notifications. If you need to find information about HTTP requests in your web app, you need to enable web server logging.

 

References:

https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
https://azure.microsoft.com/en-in/services/app-service/

Note: This question was extracted from our AZ-104 Microsoft Azure Administrator Practice Exams.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Microsoft Azure Practice Exams Tutorials Dojo

Azure App Service Cheat Sheet Resources:

https://azure.microsoft.com/en-us/services/app-service/
https://docs.microsoft.com/en-us/azure/app-service/overview

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?