Web Apps
Web Apps in Azure App Service provides a scalable, reliable, and easy-to-use environment for hosting web applications. Select from a range of frameworks and templates to create a web site in seconds. Use any tool or OS to develop your site with .NET, PHP, Node.js, Python and more. Choose from a variety of source control options including TFS, GitHub, BitBucket and others to set up continuous integration and develop as a team.
More details about the services are available in the App Service documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow or MSDN.
Products that we listen to in this space include: App Service, Web Apps, API Apps and Web App for Containers.
-
A method to allow folks to access the FTP transfer logs when ftp is used to deploy code changes to their azure web apps.
Allow site admins to access the ftp transfer logs when ftp is the selected method used to make web site deployment updates. We use ftp to allow site updates, and we've had an incident where having access to those logs would be very helpful.
26 votesWe’re looking into to see what is currently supported here.
Thanks
Oded -
Rewriting to /public is absolutely not the right way to change the document root
After doing some reading, I'm seeing Azure actually suggesting to people running Laravel (and any others that don't host out of the root project structure) applications to use mod_rewrite to rewrite requests to point to "/public".
This is an absolutely ridiculous suggestion and is effectively some of the worst advice you could give. Forcing people to have "/public" in their URL structure because you guys didn't take the time to research the bare-minimum configuration options for your offering is not in any way acceptable.
I suggest you urgently add support for the ability to configure the document root. Not only…
25 votes -
Disaster Recovery for Azure WebApp
Currently, we have to deploy the Azure WebApp twice, one in West Europe and other in North Europe to support Disaster Recovery.
It means that we need to update the both WebApps if we want to deploy new artifacts in WebApp.
It is very difficult to sync artifacts in both WebApps.
It would be great if Azure provides the RA-GRS(Read-access geo-redundant storage) feature for WebApp like Azure SQL Database.
With this feature the synching of artifacts between both WebApps done by RA-GRS feature.
So we will not deploy the new artifacts in both web app, when we deploy the artifacts…24 votesThanks fort the feature request! We have work on the backlog for disaster recovery, but we don’t have a timeline to share at the moment.
Thanks,
Oded -
Provide access to HTTPERR logs
Currently, enabling "Web Server Logging" appears to archive only the W3C request logs. The HTTPERR logs are the only way to see any requests that failed or were rejected by the server due to TCP timeouts, idle connections, filled request queues, and similar circumstances.
24 votesJust an update that we still have this on our backlog. If it gains more user support, we will look to prioritize this and add the view to our internal support center.
Thanks,
Oded -
Version data for deployed slot
I'm using ARM template to deploy a new slot to an existing webapp, the problem is that there is no way of seeing or passing the version of the build that the slot has.
It would be really useful to have a "Version" -field in the portal where I can pass the version data of the build so that you could easily see which slot has which build version.
24 votesThanks for the feedback, we are investigating this feature request. We cannot share an ETA at this time.
Thanks,
Jason -
Better inform users of when their App Service Certificates are about to expire or have not auto renewed (7 days?)
This week another of our customer's sites went down due to an Azure App Service certificate expiring without us being notified of its pending expiry - we mark all App Service Certificates to Auto Renew and some of them do infact renew and rebind without our intervention, others certificates have got stuck on the domain validation phase (which we validated 1st time we bought the certificate ofcourse) and the latest certificate is now expired and the Manual Renew button is disabled as it seems to think its outside the 60 day renewal window.
A simple email to us (we receive…
24 votesWe are currently investigating options on improving renewal of certs and notifying customers.
-
Allow Powershell Set-AzureWebsite to toggle Always On
It seems like every option is available EXCEPT this. Seems like it could be bolted on similarly to the others, like -WebSocketsEnabled<Boolean>.
23 votesWe are planning for this work and scheduling it for a future sprint.
-
Allow to NGEN an Azure Web App
When deploying an Azure Web App, allow to NGEN some DLLs like EntityFramework to save on startup time. Currently, this requires administrator rights to which we don't have access. Even better would be to automatically NGEN it after a deployment.
23 votes -
[Linux] - Set Docker Image Tag as a slot setting in Application Settings of a Web App for Containers
When swapping between staging and production slots of a Web App for Containers, it would be really handy to have the option of keeping the tag of each image in its respective slot (e.g. image:latest for production, image:dev for staging) and not get them to swap after each slot swap.
Imagine you setup Continuous Deployment through Dockerhub. You push code changes on GitHub, and image build is triggered and then an image pull request from Azure to Dockerhub. If a swap has preceded the above flow, then newly build images would end up in the opposite from desired deployment slots. …23 votesThank you for the feature request. We will be taking a look.
Oded
-
Web App for Containers - ACR access requires admin account enabled on repository
It looks as though Web App for Containers requires the use of the admin account on the repository in ACR.
The notes on use of the admin account suggest to use that account only for testing purposes and describe some of the downsides to having it enabled.
Is there a plan to support Service Principal access to the ACR repository for Web App for Containers?
22 votes -
PowerShell and CLI support for the management of App Service Environments
Azure PowerShell and Azure CLI commands to support the management of an App Service Environments (at least v2). Hopefully this could include the ability to get management IP information, do scaling, and if it is an ILB ASE update the ILB Certificate.
22 votesCLI and Poweshell for scaling is available in ASE v2 through the same App Service commands.
We are expanding CLI and PowerShell support more down the road.
Thanks,
Oded -
Allow App Service to Access Secret without version
Currently an App Service can access Secrets App Service Identity - but the secret version must be part of this configuration.
What would be helpful is to allow the App Service to get the latest version of the secret - that way a value can be centrally changed - without having to update the App Service configuration (to use the new version of the secret).
This will allow management of the data in the Key Vault - without requiring updates to the App Service to get the new value.
22 votesThis is planned as part of the Key Vault reference work. We unfortunately do not have an ETA at the moment, but we are working in this direction.
- Matthew
-
Web App built-on CORS header Access-Control-Max-Age
Using the built-in CORS support in App Service for an API Web App, we can't specify header 'Access-Control-Max-Age' or any other headers besides 'Access-Control-Allow-Credentials' and 'Access-Control-Allow-Origin'.
We would like to use the App Service built-in CORS because it's easy to manage all the different allowed origins from there, but we need to be able to set headers like 'Access-Control-Max-Age', 'Cache-Control', and 'Vary' to optimize the OPTIONS calls.
21 votes -
Allow importing 3rd party ssl certs for use as app service certificates in app services/web apps
Currently if I have an ssl certificate being used in multiple app services, when I renew that certificate I have to update the app services one by one or via powershell. It looks like using an app service certificate would solve this by allowing me to renew in one place and have it update each of the app services automatically. The problem being that I use 3rd party issued ssl certs vs ones created as app service certs in azure.
Ideal would be to either allow uploading 3rd party ssl certs to be used as app service certs or offer…
21 votesThank you for the feature request. We will review this as part of our roadmap.
Thanks,
Oded -
Enable application logging in ILB ASE
Currently there is no way to access our applications trace logs in an ILB ASE environment. I understand the Log Stream button is greyed out in the portal, but even using Kudu, FTP, blob, or streaming in VS, none of these are working in ILB ASE, and support tells us this is a known issue. This is a huge downside for us because we depend on our customized application log messages for troubleshooting.
20 votesThanks for the request. This is under review and we will discuss internally how to support.
Thanks,
Oded -
Certificate Authentication
From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert
20 votesThank you for your feedback!
For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth
We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.
Thanks!
Alex
Azure App Service Team -
[Linux] Ability to move a Web App to a different App Service plan
Enable the 'Change App Service Plan' blade for Linux web apps in order to allow Linux apps to be moved to a different App Service plan in the way Windows apps can be moved now.
19 votesThanks for the feedback. We’re reviewing this request, and we consider to enable moving Linux app to a different App Service plan which only has Linux apps. Any feedbacks to the limitation would be appreciated.
Thanks,
Yi -
Strict-Transport-Security
With the ability now to force HTTPS, it would be nice if Strict-Transport-Security HTTP Header should also be set and knock another finding off of the security report:
Details on The Header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security19 votesWe’ll be taking a look.
Thanks,
Oded -
Limit number of accepted client certificates when doing mutual TLS
I want to be able to control the trusted issuers list sent to the web browser so that list of allowed certificates can be filtered in the browser. This was possible in IIS and with Azure Cloud Service I believe but how can we do it in a Azure web app?
What I basically want to do is set the content of the certificate_authorities field in CertificateRequest sent by the server to the browser in the TLS handshake as stated in RFC5246.
18 votesThanks for the request. We’ll be taking a look.
Oded
-
Slot swapping should check if cache is ready (applicationInitialization ignored)
After we incurred some downtime in our app service due to infrastructure updates on azure storage, we implemented the local cache feature to combat this. In doing so, this meant that we had to implement slots with preview in order to warm up the cache, ensuring that it is ready to serve before swapping. In implementing this we found that we had to also implement applicationInitialization in our web config.
Our experience shows that this configuration is being ignored. So that first applyingSlotConfig and then Slotsswap operations via powershell swaps slots without ensuring that the site is ready.
Our suggestion…
18 votes
- Don't see your idea?