In this post, we are not going to focus on step by step guide. Here, we are in a situation where all the components like the web app, application gateway, and traffic manager have already created and we want to integrate all those to achieve routing and high availability. Below are the high-level steps, some of them might have already completed.
- Creates Web Application
- Create Application Gateway and Configure Routing
- Configure Traffic Manager
- Add DNS records in the registered domain.
- SSL binding to web application
We will consider the below diagram to visualize the concept. In the diagram, we have two web application hosted in North Europe (primary) and the same set of web applications has created on West Europe (Secondary) for DR purpose. We have application gateway in each Azure region and both web app will be only exposed to the application gateway. Both application gateway will be the endpoint of the traffic manager. Traffic manager will forward the traffic to the primary application gateway and if the primary application gateway is not healthy then the traffic manager will failover to the secondary application gateway.
Creates Web Application
Web application creation is very straight forward and here I am assuming, you have already created web applications and looking for to put behind application gateway and traffic manager.
Create Application Gateway and Configure routing
Creating Application Gateway is again very straight forward. We are focusing on routing based on the above architecture. Here consider North Europe Application Gateway, if end-user hits app1.sakaldeep.com.np then application gateway should route the traffic to app1prd.azurewebsites.net and if the end-user hits the app2.sakaldeep.com.np then it should route to app2prd.azurewebsited.net. We have to create below components for both web application.
- Backend pool – create backend pool for both web applications.
- HTTP Settings – create HTTP Settings for both web applications.
- Listeners – create Multi-site listeners for both web applications.
- Rules – create Basic rules for both web applications and delete the Rule1.
Repeat the process to configure West Europe Application Gateway. To detailed step by step guide to configure multi-site application gateway Click here for Microsoft documentation.
Configure Traffic Manager
We are assuming the priority based Traffic Manager has already created. Add the endpoints, the endpoints will be the public IP of both application gateway. The hack is here to put a Custom Header Settings. Click on Configuration and put the header in format host:contoso.com,newheader:newvalue. In this case, host:app1.sakaldeep.com.np,newheader:app2.sakaldeeep.com.np. If you don’t put these custom header settings then traffic manager will not failover in case of the primary application gateway failure and we won’t achieve the high availability. This step is also very critical.
DNS Records – CNAME Records in your Domain
Now, have to add CNAME record in your domain. Here most of us got confused that should we put the entry of traffic manager only or traffic manager and web app both or web app only. The answer is, initially we have to make the entry of both traffic manager and web app. We need the web app(*.azurewebsites.net) entry in order to prove the ownership of the domain while doing SSL binding. Once the SSL binding has done for the web app, we need to remove the web app entry from the domain.
app1.sakaldeep.com.np CNAME app1prd.azurewebsites.net
app2.sakaldeep.com.np CNAME app2prd.azurewebsites.net
app1.sakaldeep.com.np CNAME skltm.trafficmanager.net
app2.sakaldeep.com.np CNAME skl.trafficmanager.net
Custom Domain and SSL binding for Web App
SSL binding for the web app is also very straight forward. As CNAME record has added to your domain, you should be able to do it easily. Once the SSL binding has done don’t forget to remove web app record from your domain.
At the last only traffic manager, CNAME entry should have remained in your DNS registry. To verify this, do the nslookup and it should only show traffic manager entry. If you left both traffic manager and web app CNMAE entry in your DNS registry then the end-user directly routed to the web app and in this case, the traffic manager and application gateway will be bypassed. This is the most critical part as most of the official documentations miss that and we got confused.