Azure 204 [Part 1] : Create Azure App Service Web Apps
Azure App Service key components
- Built-in auto scale support - Continuous integration/deployment support (Azure DevOps, GitHub, Bitbucket, FTP, or local Git repository) - Deployment slots (live apps with their own host names) - App Service on Linux (App Service can also host web apps natively on Linus for supported application stacks)
application logging for Windows
1. To enable __________ ___ _________ in the Azure portal, navigate to your app and select App Service logs. 2. Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both. The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to. 3. You can also set the Level of details included in the log (Disabled, Error, Warning, Information, Verbose) 4. When finished, select Save.
Azure App Service
An HTTP-based service for hosting web applications, REST APIs, and mobile back ends.
Azure National Clouds
App Service Certificates are not supported in _________ _________ _________ at this time.
Development; testing
App Service Free and Shared (preview) hosting plans are base tiers that run on the same Azure virtual machines as other App Service apps. Some apps might belong to other customers. These tiers are intended to be used only for ___________ and __________ purposes.
az webapp list-runtimes --linux
App Service on Linux. Supported languages include: Node.js, Java (JRE 8 & JRE 11), PHP, Python, .NET Core, and Ruby. You can retrieve the current list by using what command in the Cloud Shell?
scale unit
App Service plan is the _______ ______ of the App Service apps. If the plan is configured to run five VM instances, then all apps in the plan run on all five instances. If the plan is configured for autoscaling, then all apps in the plan are scaled out together based on the auto-scale settings.
True
App Service supports both automated and manual deployment (True or false)
Configuration > Application Settings
Application settings can be accessed by navigating to your app's management page and selecting what setting?
Windows; Linux
Azure App Service web applications run and scale with ease on both ___________ and __________-based environments
Federal identity
Azure Services uses ________ _________, in which a third-party identity provider manages the user identities and authentication flow for you.
directly to your network
Because there are many different customers in the same App Service scale unit, you can't connect the App Service network _____________ ____ ______ ______________
TLS/SSL
By default, anyone can still access your app using HTTP. You can redirect all HTTP requests to the HTTPS port by navigating to your app page and, in the left navigation, select _____/____ settings. Then, in HTTPS Only, select On.
App Service Plan
Defines a set of compute resources for a web app to run.
Pricing tier
Determines what App Service features you get and how much you pay for the play
default root path
Each app has the _______ ______ ______ (/) mapped to D:\home\site\wwwroot, where your code is deployed by default. (Configuration > Path mappings)
web server logging
Enable _____ ______ _______ 1. Select Storage to store logs on blob storage, or File System to store logs on the App Service file system. 2. In Retention Period (Days), set the number of days the logs should be retained. 3. When finished, select Save.
application logging for Linux/Container
Enable ___________ __________ ____ _________/________ 1. In App Service logs set the Application logging option to File System. 2. In Quota (MB), specify the disk quota for the application logs. In Retention Period (Days), set the number of days the logs should be retained. 3. When finished, select Save.
App Service
For ASP.NET and ASP.NET Core developers, setting app settings in App Service are like setting them in <appSettings> in Web.config or appsettings.json, but the values in _____ ________override the ones in Web.config or appsettings.json.
--env
For Linux apps and custom containers, App Service passes app settings to the container using the _____ flag to set the environment variable in the container.
variable keys
For language stacks other than ASP.NET and ASP.NET Core, it's better to use app settings instead, because connection strings require special formatting in the _________ ______ in order to access the values. Connection strings are always encrypted when stored (encrypted-at-rest).
Access log files
If you configure the Azure Storage blobs option for a log type, you need a client tool that works with Azure Storage. For logs stored in the App Service file system, the easiest way is to download the ZIP file in the browser at: - Linux/container apps: https://<app-name>.scm.azurewebsites.net/api/logs/docker/zip - Windows apps: https://<app-name>.scm.azurewebsites.net/api/dump For Linux/container apps, the ZIP file contains console output logs for both the docker host and the docker container. For a scaled-out app, the ZIP file contains one set of logs for each instance. In the App Service file system, these log files are the contents of the /home/LogFiles directory.
App Service Certificate
If you purchase an ___ ________ _________ from Azure, Azure manages the following tasks: - Takes care of the purchase process from GoDaddy. - Performs domain verification of the certificate. - Maintains the certificate in Azure Key Vault. - Manages certificate renewal. - Synchronize the certificate automatically with the imported copies in App Service apps
private
If you want to use a ________ certificate in App Service, your certificate must meet the following requirements: - Exported as a password-protected PFX file, encrypted using triple DES. - Contains private key at least 2048 bits long - Contains all intermediate certificates in the certificate chain
environment variables
In App Service, app settings are variables passed as _____________ ____________ to the application code.
run in-process
In Linux and containers the authentication and authorization module runs in a separate container, isolated from your application code. Because it does not ___ ____________, no direct integration with specific language frameworks is possible.
ApplicationInsights__InstrumentationKey (In other words, any : should be replaced by __ (double underscore).)
In a default, or custom, Linux container any nested JSON key structure in the app setting name like ApplicationInsights:InstrumentationKey needs to be configured in App Service as _________________________________ for the key name.
Configuration > General settings
In the ___________ > ________ ________ section you can configure some common settings for your app. Some settings require you to scale up to higher pricing tiers.
Configuration > Path mappings
In the section ___________ > ________ _______ you can configure handler mappings, and virtual application and directory mappings. The page will display different options based on the OS type.
Publicly available home page
Restricting access in this way applies to all calls to your app, which may not be desirable for apps wanting a ________ ____________ ______ ______, as in many single-page applications.
encrypted-at-rest
Term for when app settings are always encrypted when stored
Client-directed flow (or client flow)
The application code manages the sign-in process.
HTTP request
The authentication and authorization module runs in the same sandbox as your application code. When it's enabled, every incoming _____ ______ passes through it before being handled by your application code.
SDK
The authentication flow is the same for all providers, but differs depending on whether you want to sign in with the provider's ___.
App Service; Azure Functions
The built-in authentication feature for _____ _______ and ______ __________can save you time and effort by providing out-of-the-box authentication with federated identity providers, allowing you to focus on the rest of your application.
App Service managed certificate
The free ___ ______ _______ _________ is a turn-key solution for securing your custom DNS name in App Service. It's a TLS/SSL server certificate that's fully managed by App Service and renewed continuously and automatically in six-month increments, 45 days before expiration. You create the certificate and bind it to a custom domain, and let App Service do the rest.
front ends
The roles that handle incoming HTTP or HTTPS requests are called ______ ______.
workers
The roles that host the customer workload are called _____.
Server-directed flow (or server flow)
The server code manages the sign-in process.
App Service
The worker VMs are broken down in large part by the ____ __________ plans.
properties
There are a number of addresses that are used for outbound calls. The outbound addresses used by your app for making outbound calls are listed in the __________ for your app. These addresses are shared by all the apps running on the same worker VM family in the App Service deployment.
debugging
There are built-in diagnostics to assist with ________ an App Service app
connection strings
There is one case where you may want to use ________ _______ instead of app settings for non-.NET languages: certain Azure database types are backed up along with the app only if you configure a connection string for the database in your App Service app.
Basic, Standard, Premium, Isolated
To create custom TLS/SSL bindings or enable client certificates for your App Service app, your App Service plan must be in the ______, ______, ______, or ______, tier. Custom SSL is not supported in the F1 or D1 tier.
1. Git 2. CLI 3. Zip Deploy 4. FTP/S
What are four ways you can manually push your code to Azure?
1. Stack 2. Platform 3. Debugging 4. Incoming client certificates
What are the four currently available settings for general settings?
1. Region 2. Number of VM instances 3. Size of VM instances 4. Pricing tier
What are the four definitions that make up an App Service Plan?
1. Sign user in 2. Post-authentication 3. Establish authenticated session 4. Serve authenticated content
What are the four steps to the authentication flow?
1. Azure DevOps 2. GitHub 3. Bitbucket
What are the three options that Azure supports to automate deployment?
1. Multitenant public service 2. Single-tenant App Service Environment (ASE)
What are the two main deployment types for Azure App Service?
Software development kit
What does SDK stand for?
/.auth/login/google
What does the sign-in endpoint look like for Google as a provider? Note: the endpoint can be customized for the individual provider
Outbound IP addresses
What will this command tell you about what currently used by your app? az webapp show \ --resource-group <group_name> \ --name <app_name> \ --query outboundIpAddresses \ --output tsv
All possible outbound IP addresses
What will this command tell you currently used by your app? az webapp show \ --resource-group <group_name> \ --name <app_name> \ --query possibleOutboundIpAddresses \ --output tsv
outbound addresses
When you change the VM family, you get a different set of __________ _____________.
Authentication token
When you enable authentication and authorization with a provider (Google, Facebook, Microsoft Identity Platform, etc.), its sign-in endpoint is available for user authentication and for validation of _____________ _____ from the provider
deployment slots
Whenever possible, use _________ ______ when deploying a new production build.
Multitenant public service
Which deployment type hosts App Service plans in the Free, Shared, Basic, Standard, Premium, PremiumV2, and PremiumV3 pricing SKUs?
Single-tenant App Service Environment
Which deployment type hosts Isolated SKU App Service plans directly in your Azure virtual network?
Consumption
Which of the following App Service plans supports only function apps? Dedicated, Isolated, or Consumption?
Hybrid Connections
Which of the following networking features of App Service can be used to control outbound network traffic? App-assigned address, Hybrid Connections, or Service endpoints?
Detailed error logging
Which type of logging fits this description? Platform: Windows Location: App Service file system Description: Copies of the .html error pages that would have been sent to the client browser. For security reasons, detailed error pages shouldn't be sent to clients in production, but App Service can save the error page each time an application error occurs that has HTTP code 400 or greater.
Failed request tracing
Which type of logging fits this description? Platform: Windows Location: App Service file system Description: Detailed tracing information on failed requests, including a trace of the IIS components used to process the request and the time taken in each component. One folder is generated for each failed request, which contains the XML log file, and the XSL stylesheet to view the log file with.
Web server logging
Which type of logging fits this description? Platform: Windows Location: App Service file system or Azure Storage blobs Description: Raw HTTP request data in the W3C extended log file format. Each log message includes data like the HTTP method, resource URI, client IP, client port, user agent, response code, and so on.
Deployment logging
Which type of logging fits this description? Platform: Windows, Linux Location: App Service file system Description: Helps determine why a deployment failed. Deployment logging happens automatically and there are no configurable settings for deployment logging.
Application logging
Which type of logging fits this description? Platform: Windows, Linux Location: App Service file system and/or Azure Storage blobs Description: Logs messages generated by your application code. The messages can be generated by the web framework you choose, or from your application code directly using the standard logging pattern of your language. Each message is assigned one of the following categories: Critical, Error, Warning, Info, Debug, and Trace.
New Azure Storage Mount
You can add custom storage for your containerized app. Containerized apps include all Linux apps and also the Windows and Linux custom containers running on App Service. Click ____ _______ ________ _______ and configure your custom storage. (Configuration > Path mappings)
handler mappings
You can customize ___________ _________ to let you add custom script processors to handle requests for specific file extensions. (Configuration > Path mappings)
Certificate
You have been asked to help secure information being transmitted between your companies app and the customer. Azure App Service has tools that let you create, upload, or import a private or public __________ into App Service.
pricing tier
Your App Service plan can be scaled up and down at any time. It is as simple as changing the _______ _________ of the plan
Establish authenticated session
[Authentication Flow Step] Without provider SDK: App Service adds authenticated cookie to response. With provider SDK: App Service returns its own authentication token to client code.
Serve authenticated content
[Authentication Flow Step] Without provider SDK: Client includes authentication cookie in subsequent requests (automatically handled by browser). With provider SDK: Client code presents authentication token in X-ZUMO-AUTH header (automatically handled by Mobile Apps client SDKs).
Post-authentication
[Authentication Flow Step] Without provider SDK: Provider redirects client to /.auth/login/<provider>/callback. With provider SDK: Client code posts token from provider to /.auth/login/<provider> for validation.
Sign user in
[Authentication Flow Step] Without provider SDK: Redirects client to /.auth/login/<provider>. With provider SDK: Client code signs user in directly with provider's SDK and receives an authentication token. For information, see the provider's documentation.
Without
[Authentication flow] With or without the provider's SDK? The application delegates federated sign-in to App Service. This is typically the case with browser apps, which can present the provider's login page to the user. The server code manages the sign-in process.
With
[Authentication flow] With or without the provider's SDK? The application signs users in to the provider manually and then submits the authentication token to App Service for validation. This is typically the case with browser-less apps, which can't present the provider's sign-in page to the user. The application code manages the sign-in process. This applies to REST APIs, Azure Functions, JavaScript browser clients, and native mobile apps that sign users in using the provider's SDK.
Allow unauthenticated requests
[Authorization behavior] This option defers authorization of unauthenticated traffic to your application code. For authenticated requests, App Service also passes along authentication information in the HTTP headers. This option provides more flexibility in handling anonymous requests. It lets you present multiple sign-in providers to your users.
Require authentication
[Authorization behavior] This option will reject any unauthenticated traffic to your application. This rejection can be a redirect action to one of the configured identity providers. In these cases, a browser client is redirected to /.auth/login/<provider> for the provider you choose. If the anonymous request comes from a native mobile app, the returned response is an HTTP 401 Unauthorized. You can also configure the rejection to be an HTTP 401 Unauthorized or HTTP 403 Forbidden for all requests.
Inbound
[Multitenant Appl Service networking feature] Inbound or outbound features? App-assigned addressAccess restrictionsService endpointsPrivate endpoints
Outbound
[Multitenant Appl Service networking feature] Inbound or outbound features? Hybrid ConnectionsGateway-required virtual network integration Virtual network integration
worker
[all the same word] If you have a Standard App Service plan, all the apps in that plan will run on the same _______. If you scale out the ________, all the apps in that App Service plan will be replicated on a new ________ for each instance in your App Service plan.
certificate
[one term applicable to each fill in the blank] A ___________ uploaded into an app is stored in a deployment unit that is bound to the app service plan's resource group and region combination (internally called a webspace). This makes the ___________ accessible to other apps in the same resource group and region combination.
Stream logs
[one term applicable to each fill in the blank] Azure portal - To _____ _____ in the Azure portal, navigate to your app and select Log stream. Azure CLI - _____ _____ live in Cloud Shell, use the following command: Bash - az webapp log tail --name appname --resource-group myResourceGroup Local console - To _____ _____ in the local console, install Azure CLI and sign in to your account. Once signed in, follow the instructions for Azure CLI above.
Merge(d)
[one term applicable to each fill in the blank] If your certificate authority gives you multiple certificates in the certificate chain, you need to _____ the certificates in order. Then you can Export your ______ TLS/SSL certificate with the private key that your certificate request was generated with
Create a free App Service managed certificate
[option for adding certificates in App Service] A private certificate that's free of charge and easy to use if you just need to secure your custom domain in App Service.
Purchase an App Service certificate
[option for adding certificates in App Service] Create a free App Service managed certificate
Upload a private certificate
[option for adding certificates in App Service] If you already have a private certificate from a third-party provider, you can upload it.
Import a certificate from Key Vault
[option for adding certificates in App Service] Useful if you use Azure Key Vault to manage your certificates.
Upload a public certificate
[option for adding certificates in App Service]Public certificates are not used to secure custom domains, but you can load them into your code if you need them to access remote resources.
Shared compute
[pricing tier] Both Free and Shared share the resource pools of your apps with the apps of other customers. These tiers allocate CPU quotas to each app that runs on the shared resources, and the resources can't scale out.
Dedicated compute
[pricing tier] The Basic, Standard, Premium, PremiumV2, and PremiumV3 tiers run apps on dedicated Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the tier, the more VM instances are available to you for scale-out.
Consumption
[pricing tier] This tier is only available to function apps. It scales the functions dynamically depending on workload.
Isolated
[pricing tier] This tier runs dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.
App Service on Linux
_____ _________ ___ _____ has the following limitations: - Not supported on Shared pricing tier. - You can't mix Windows and Linux apps in the same App Service plan. - The Azure portal shows only features that currently work for Linux apps. As features are enabled, they're activated on the portal.
Isolate
_______ your app into a new App Service plan when: - The app is resource-intensive. - You want to scale the app independently from the other apps in the existing plan. - The app needs resource in a different geographical region. This way you can allocate a new set of resources for your app and gain greater control of your apps.
Feature management; feature flags
_________ _________ is a modern software-development practice that decouples feature release from code deployment and enables quick changes to feature availability on demand. It uses a technique called _________ ______ (also known as feature toggles, feature switches, and so on) to dynamically administer a feature's lifecycle.
Automated deployment
____________ ___________, or continuous integration, is a process used to push out new features and bug fixes in a fast and repetitive pattern with minimal impact on end users.
SDK
a set of tools for third-party developers to use in producing applications using a particular framework or platform
Feature flag
a variable with a binary state of on or off; also has an associated code block. The state of the ______ _____ triggers whether the code block runs or not.
False
you are required to use App Service for authentication and authorization (True or false)
