Endpoints tab on an Azure Linux VM (resource manager)?

1
votes

I'm trying to migrate my app from Heroku to Azure. The process is turning out to be more drudgery-ridden than advertised.

After resetting quite a few approaches, I've finally settled on setting up a Ubuntu VM on Azure (resource manager VM) and handling everything myself. I now want to install IIS on this VM, set up HTTP endpoints and configure a website on it. But I'm unable to move forward on this goal because all online resources I've seen want me to start from the Endpoints tab on the Azure management console.

But there is no Endpoints tab on the Azure management console for the virtual machine I just provisioned.

I'm now guessing this is a feature of classic Azure VMs, not v2, but the documentation, unlike Heroku's, is too fragmented to clearly describe what's what.

So what's the comparable approach I need to take for my Linux Azure VM (v2), so as to start serving web traffic?

More about my app: it's a Django app, it uses a pure python WSGI webserver called waitress, it's db is postgresql. BTW, I can't use 'Azure Web Apps' because this feature doesn't support postgresql, nor can I install all the packages from my requirements.txt on it since some of them require a compiler and don't have Python Wheels yet (a compiler is not available on the machine running the web app in Azure App Service).

2
linuxpostgresqlazureherokuiaas
There are many more Azure followers here than in Server Fault, so chances of me actually being helped are realistic here (though that may not be of interest to you). Secondly, I've seen a ton of other questions which related to some aspect of server config on SO. Thirdly, it's not set-in-stone whether my question will ultimately be helped by some programming magic, or is purely a config related question. I'm open to rewording some parts of it, if you're open to reverting the downvote. - Hassan Baig
@HassanBaig - No need to justify why you posted here (or worrying about someone downvoting your question). Just know that your question here will likely be closed, which then helps nobody. There are many people watching for, and answering, Azure-related infrastructure questions on ServerFault. - David Makogon

2 Answers

2
votes

One of the big differences between v1 and v2 is the concept of a network adapter and a public IP address. as a separate entity to the VM. The thing that should sit between them is a Network Security Group

The power and flexibility of Azure v2 means that it is easy to create a solution that actually has no firewalling at all.

If you look in the resource group you have created your Network security group should be there. From there you can configure endpoints. (you can also look on the 'quick start' page of a VM, there should be a 'security group' link at the bottom right (I'm doing this from memory as I don't have access to Azure at the moment - so details might be slightly off)

ETA

v2 Security groups are software firewalls that exist at either the subnet boundary layer or at the Network card layer.

A subnet boundary SG can protect backend VMs from front end servers being compromised. So a database server only communicates via a specific port and doesn't have access to the internet (for instance)

An SG attached to a Nic is there to create application rules. For instance for HTTP you would create a single rule that allowed the destination to be port 80, allowing that to be sourced from any IP Address, with any source port.

1
votes

So what's the comparable approach I need to take for my Linux Azure VM (v2), so as to start serving web traffic?

The concept of "endpoints" apply to the classical deployment mode (aka classic portal). But in the new azure portal, where Resource Management (arm) deployment mode is preferred over classic portal/classical deployment mode (asm), you need to add "Inbound security rules" to your Network Security Group (NSG).

You can use the new Azure Portal (https://portal.azure.com), PowerShell, Azure CLI, or ARM template. I will go over Azure Portal and Azure CLI.

Method 1: Using new azure portal (https://portal.azure.com):

enter image description here 1. Navigate to your network security group for the Linux VM you created in Azure

enter image description here 2. Navigate to your Inbound security rules setting

enter image description here 1. Add a new Inbound security rule to start serving web traffic. (This is an example rule named "web-rule", which allow traffic from clients connecting from any port to port 80)

Method 2: Using the Azure CLI:

  1. Open Azure CLI
  2. Login to azure: azure login
  3. Switch to Resource Manager mode: azure config mode arm

  4. Run the azure network nsg create command:

    azure network nsg rule create -g UbuntuRG -a UbuntuVM -n web-rule -c Allow -p Tcp -r Inbound -y 200 -f Internet -o * -e * -u 80

Note: The above methods are assuming your resource group name is "UbuntuRG" and your virtual machine name is "UbuntuVM".

You can find more information:

How to manage NSGs using the Azure portal

How to create NSGs in Resource Manager by using PowerShell

How to create NSGs in the Azure CLI

How to create NSGs using a template