问题
I trying to assign a static ip-address ,or at least control the out bound traffic, for an azure app service with out having to invest in app service environment (it’s very expensive and not very flexible option). Reading up on "vnet integration"( https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet )
in the offical azure doc there exist options to force traffic to the vnet. From there it should be possible to route the all traffic using UDRs through NAT-gateway. Has any one here been able to make this work? I have read conflicting reports.
UPDATE Details of the scenario is as following. I want to communicate with a system behind an internet facing firewall that have rules based on internet routable ips. I want to leaverge app services and PaaS services in azure.
回答1:
This it not possible with azure NAT Gateway or any other native PaaS servie in azure. There are several open feedback items related to this issue (fixed outbound ip and Nat gateway with function app
I have created a ticket ticket in the microsoft documention hoping that they will clarify this in their offical doc on vnet integration.
One solution would be to leverage IaaS and install a custom reverse proxy on VM or container such as nginx. This is not a option in my scenario due to the maintenance this wil requiere over time.
UPDATE
This is now supported https://azure.github.io/AppService/2020/11/15/web-app-nat-gateway.html. Microsoft announced support last week! I have tested the solution and it works great.
回答2:
It is possible, here is how to do it: https://sakaldeep.com.np/1159/azure-nat-gateway-and-web-app-vnet-integration-to-get-static-outbound-ip
The route rule should have the vnet range in the address prefix and the outbound ip in the Next hop address.
Also answered here: Web App outbound response not going through application gateway
来源:https://stackoverflow.com/questions/64182662/static-ip-for-azure-app-service-using-vnet-integration