How to expose internal azure app service to publicly available

Question

I have created an Azure App Service inside an Internal App Service Environment. I want to make API App publicly available using Application Gateway.

Can anyone suggest me how to do it?

Answer 1

App Service environment (ASE)

internal load balancer (ILB)

• Layer 7 load balancing, TLS/SSL offloading, and web application firewall (WAF) protection are all provided by the Azure Application Gateway, which is a virtual appliance. It can listen on a public IP address and send communication to the endpoint of your application.
• Check if a virtual network link to a private DNS zone exists to access ILB ASE from the application gateway. Add a virtual network link to your application gateway's VNet if it doesn't already exist.
• The OWASP (Open Web Application Security Project) core rules are used by Application Gateway to secure any apps that are deployed behind it. See Introduction to the Azure web application firewall for additional information on Application Gateway.

prerequisites

• A custom domain name will need to be purchased.
• A TLS certificate to use one for all our custom domains. You could also procure a self-signed certificate for Dev Test scenarios.

It is not a good practise to utilise the same APIM services URL for internal and external endpoints. App Gateway WAF v2, which enables http redirection and much more, might be used if we wanted to have multiple URLs for internal and external endpoints.

• Consider creating your own Hosted Agent on a VM inside the Virtual Network if you're utilising CI/CD pipelines to deploy Internal APIs.

Please refer Publish internal APIs to external users and Integrate ILB ASE with the Azure Application Gateway for more information