Know about configuration settings in Azure App Service

Configuration settings in Azure App Service are critical for managing how your web app behaves in different environments (e.g., development, staging, production).

These settings can influence your app’s performance, security, connectivity, and behavior.

Here are the key aspects of Azure App Service configuration settings that you should know.

Application Settings

App Settings

These are key-value pairs that allow you to store configuration data for your application.

App settings can be accessed by your app as environment variables.

Use cases:

Store things like connection strings, API keys, feature flags, or other environment-specific variables.

How to set:

These can be set directly in the Azure Portal or using tools like Azure CLI or ARM templates.

Environment variables:

Each key-value pair you add becomes an environment variable accessible within your app code.

Example:

1
"MY_API_KEY": "123456",
2
"ENVIRONMENT": "production"

Application settings in different environments

You can set different values for different deployment slots (e.g., Production, Staging) by configuring them per slot.

Overrides for Local Development

You can use the Azure App Service local development tools (like Azure Functions Core Tools or Visual Studio Code extensions) to work with your app settings locally.

Connection Strings

What are Connection Strings

Connection strings are special settings that store database connection details, such as the server address, database name, user credentials, and other connection parameters.

Types of Connection Strings

1. SQL Database: For Azure SQL, MySQL, or PostgreSQL connections.

2. Storage Accounts: For connecting to Azure Blob Storage, Queue Storage, etc.

3. Custom Databases: For any other custom databases your app uses (e.g., MongoDB, Redis).

Security

Connection strings are sensitive and can be encrypted in Azure.

For better security, consider using Azure Key Vault for storing sensitive connection strings and secrets.

How to Set

You can add or modify connection strings in the Application settings section under Configuration in the Azure Portal.

3. General Settings

Platform Settings:

These are configuration options related to the platform your app is running on (e.g., OS type, framework version).

1. Operating System: Choose between Windows or Linux for your App Service.

2. Stack (Runtime): Choose the runtime stack for your application (e.g., .NET Core, Node.js, Java, Python, PHP, etc.).

3. PHP Version: For PHP apps, select the PHP version.

4. Always On: Keep the app running even when there are no incoming requests. This helps ensure faster startup times and reliable background tasks. It’s typically used in production environments.

5. Platform Architecture: Choose between 32-bit or 64-bit for your app's architecture (this is important for certain dependencies).

Diagnostic Settings

Logging

You can enable various types of logging for monitoring and diagnostics:

1. Application Logging (Filesystem): Logs generated by your app are saved to the filesystem (useful for debugging and troubleshooting).

2. Application Logging (Blob Storage): Store logs in Azure Blob Storage for long-term storage or external processing.

3. Web Server Logging: Logs related to HTTP requests and responses.

4. Detailed Error Messages: Enables more detailed error messages (for development or troubleshooting).

5. Failed Request Tracing: Tracks failed HTTP requests, providing detailed traces to help identify issues.

Log Level

Adjust the log level (e.g., Error, Warning, Information, Verbose) to control the verbosity of logging.

How to Set:

Go to Diagnostics settings in the App Service configuration pane to configure logging.

Custom Domains and SSL

Custom Domain Setup

You can configure a custom domain for your app (e.g., www.example.com).

You must validate the domain by adding a TXT or CNAME record in your domain registrar’s DNS settings.

SSL Certificates

Azure App Service allows you to secure your custom domain with SSL certificates (either managed by Azure or uploaded by you).

1. Azure-managed SSL: Free SSL certificates for custom domains.

2. Custom SSL: You can upload and manage your own SSL certificates for more control over the encryption.

3. TLS/SSL Bindings: Define the specific binding for your custom domain (ensure HTTPS is enabled).

Scaling Settings

Manual Scaling

You can scale the number of instances your app uses (e.g., 1, 2, 3, etc.) based on your expected load.

Autoscale

Azure App Service allows you to automatically scale the number of instances based on metrics such as CPU usage, memory usage, or request count.

You can define scaling rules in the Scale Out section, including the minimum and maximum number of instances and the metrics to trigger scaling.

Scaling by Time

You can scale your app during specific times of day or days of the week (e.g., scale up during working hours and scale down at night).

Networking Settings

VNet Integration

Use Virtual Network (VNet) integration to allow your app to connect securely to other resources in your Azure virtual network, such as databases or private APIs.

Private Endpoints

Azure App Service supports Private Link and Private Endpoints for securely accessing your web apps over a private network, ensuring that traffic doesn’t traverse the public internet.

IP Restrictions

Configure IP-based access restrictions to limit which IP addresses or ranges can access your app.

This can enhance security by preventing unauthorized access.

Access Restrictions

You can create custom rules based on the IP address ranges, protocols, or geographic locations that can access your app.

Slots and Deployment Configuration

1. Deployment Slots: App Service lets you create deployment slots (e.g., staging, production) to deploy and test your app before moving it to production.

2. Configuration per Slot: Each deployment slot can have its own settings, like environment variables or connection strings. This allows you to safely test new versions without affecting the production environment.

3. Swap Slots: After testing a new version in a staging slot, you can swap it with the production slot to make the new version live with zero downtime.

App Service Environment (ASE) Settings

Private Environment

If you are using an App Service Environment (ASE), you have more control over your app’s network security and isolation.

ASE allows for deploying your app into a virtual network with tighter controls over the app's networking, scaling, and security.

Custom Virtual Network Integration

In ASE, you can configure your app to connect to your private Azure network for enhanced security and compliance.

App Service Plan Settings

Scaling and Resources

The App Service Plan defines the region and pricing tier for your app.

You can change the plan if you need more resources, such as CPU, RAM, or more features (e.g., auto-scaling, high availability).

Pricing Tier

Select the appropriate pricing tier (e.g., Free, Basic, Standard, Premium, Isolated) based on your resource needs, expected traffic, and budget.

Region

The region where your App Service Plan is located can affect the performance and latency for users of your app.

Consider deploying to regions that are closer to your user base.

Identity and Access Management (IAM) Settings

Managed Identity

Enable Managed Identity for your App Service to authenticate securely to other Azure services like Azure Key Vault, Azure Storage, and Azure SQL Database without needing to store credentials in the app.

Role-Based Access Control (RBAC)

Set up RBAC to manage access to your app and its resources based on roles.

You can restrict who can view, edit, or deploy to your App Service.

Authentication and Authorization

Azure App Service supports Azure Active Directory (AAD) integration for authenticating users and managing authorization for your app.

Environment Variables and Secrets

Environment Variables

Store and access configuration data like API keys, tokens, or environment-specific settings in the form of environment variables.

Secrets Management

Use Azure Key Vault to securely store sensitive configuration values, such as database credentials, API keys, or SSL certificates.

App Service can access these secrets securely without hardcoding them in the application.

Summary

Configuration settings in Azure App Service are central to managing the behavior, performance, security, and deployment of your web app.

Key areas to consider include:

1. Application settings and connection strings for configuring app-specific values and database connections.

2. Scaling options (manual and autoscale) for handling varying levels of traffic.

3. Security settings like SSL certificates, authentication, and access control to protect your app.

4. Networking configurations like VNet Integration and IP restrictions to secure communication.

5. Deployment slots for safely testing and promoting new versions of your app.

These settings provide the flexibility to configure your app for different environments, ensure secure communication, and optimize resource usage based on app needs.