Friday, March 6, 2020

Hosting front-end applications on Azure

I have a catalog of small front-end Javascript apps built with Angular (ng) and React (CRA and Next) I would like to host on Azure.

Hosting on Azure

Azure provides features for a web host:

* Options from big to small - full VM, container, web app, or host static website
* HTTPS and URL - every Azure resource is served via HTTPS with a dedicated URL - no need to buy a certificate or domain name until needed.

No Configuration changes

In order to reduce hidden problems, each front-end app should be installed and running with no configuration change away from the development environment such as a to change the routing of assets from absolute to relative, or folder and subfolder naming.

Consistent & immediate deployment

Once the app is ready to deploy as a collection of static files, there shouldn't be a need to spend time preparing the hosting environment. The front-end system deployment steps should be consistent regardless of which front-end framework the project uses. Deployment failure and debugging should be minimized considering it is just a static front-end app.

Reverse proxy considerations

One solution I've used in previous years requires a reverse-proxy like Nginx and domain name control. This violates the configuration and immediate deployment goals but is a strong consideration when the project is ready for production deployment - the cost and control of an Azure VM makes that an easy choice.

Azure Storage versus Azure Web app

This narrowed the choices to:
* Azure Blob Storage static website - would only handle front-end apps completely disconnected from the back-end
* Azure Web app allows both front and back-end apps.

Both are easy to configure with minimal changes in the Azure portal.

Pricing and availability

* Azure Blob Storage is priced by data storage and throughput
* Azure Web app comes with a monthly charge. Since these are very small hobby apps, Azure Blob Storage seems the best choice for now.

Preparing a test app

To test Azure Blob storage, use the NextJS static export process to build a static app to a local out directory in the local project folder.

How to deploy static files 

After creating an Azure Storage resource, in the Azure portal, configure the Static website. This creates a Blob container named $web in the Storage account.

Copy one of the endpoints to use later to test that the static website works.

Upload files to the $web container. 

Download and use the storage explorer to move the front-end website files and folders to the new $web container. 

Test the static website

Use the URL endpoint provided (when you configured the static website) to verify your website works.

View usage metrics

Azure provides metrics to see how the website is doing.


Hosting more sites

Azure Storage builds out containers with URL routes: domain / container / file.  The route includes the container name and doesn't, by default, make assumptions about the content type to return when serving the file.

In order to host more than 1 static website from the same Azure Storage resource, all the of the configuration I'm trying to avoid would need to be done for each site and I would need to manage content types.

Creating a new Storage account is easy, cheap, and very simple so each new site will be hosted in its own Azure Storage resource. When it is time to assign a custom domain name, create a CDN then map the name to that resource.

CLI to create static website

Now that basic usage through the portal is done, use the Azure CLI to create Azure Storage and configure a static website.

Further investigation

The solution needs to solve for management takes such as listing all Static Websites and updating static websites via GitHub hook. Building the automation is a next step.

Friday, February 28, 2020

OSS @Microsoft - Docs

Open source software (OSS) at Microsoft allows everyone to see, comment, and contribute to the products, services, documentation, sample code, and SDKs they use. I work at Microsoft and my opinions are my own.

The Microsoft documentation set is not a single GitHub repository. It is many repositories, all with active writers, support engineers, and SLAs.

When you see an issue in the docs or you think a concept or technique is unclear, GitHub repositories allow you to:

  • Add an issue, via an Edit button, that is sent directly to the Product group or Content Developer. 
  • Create a pull request (PR), that is sent directly to the Product group or Content Developer. 

Is this open source though? Absolutely. You can immediately impact all users of the docs in a positive way.

2 things you can do when logging an issue against the docs:

  1. Be specific. Your comment is attached to the entire doc. Be specific where in the doc the issue is and what wording, image, or sample code is problematic. 
  2. Be available. Some times an issue is deeper than a simple fix. If someone has a followup question, respond with information if you have it. 

Can you make the fix via a pull request? Yes. That speeds up the process.

Wednesday, May 1, 2019

Fetching a Private Key From An Azure Key Vault Certificate

If you create a private certificate in Azure Key Vault and use the fancy features like auto rotation, you might like to be able to fetch the private key from the vault and rehydrate it as a X509Certificate2 class in your C# code.

Here is how you do that:

KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
var certificateBundle = await keyVaultClient.GetCertificateAsync(certificateIdentifier);
var certficiateSecret = await keyVaultClient.GetSecretAsync(certificateBundle.SecretIdentifier.Identifier);
byte[] certificateDecoded = Convert.FromBase64String(certficiateSecret.Value);
var certificate = new X509Certificate2(certificateDecoded, password: "");

The Certificate Bundle passed back from the GetCertificateAsync call has a .Cer property, however that is just the bytes for the pubic key, if you do this:

var publicCertificate = new X509Certificate2(certificateBundle.Cer);

The X509Certificate2 instance will only contain the public key.  Instead you need to fetch the full secret and decode it to bytes, once you do that the only other thing you need to know is that Azure Key Vault stores the private certificate with a blank password.

GetToken is a method above, that the Key Vault Client uses to fetch the authication that will be used to access both the certificate and the secrets.  Notice the caller needs both secrets Get, and certificate Get access policy set in the portal for the Azure Key Vault.  

For More Information About How GetToken Works


Sunday, June 24, 2018

Regex to search VSCode for Azure subscription keys

Before you check in code, make sure the Azure subscription keys are removed or replaced with obvious markers.

In VSCode, select the magnifying glass, the select the last icon on the line, "*." indicating the search is by regular expression. Enter [a-z0-9]{32} in the search text box and select enter.

The search results appear below the search text box. Scan the results for any highlighted keys that are real key values.

Wednesday, May 16, 2018

Changing TLS setting for Azure web apps including Bot Framework

If you need to change the TLS setting for you Azure web apps, including Bot Framework apps, go to the Azure portal. In the left navigation, select All Resources, sort the table by the type column.

Any row with the type of app service may need the TLS setting updated based on on the service announcement here.

On each service, select the SSL section, and change the Minimum TLS Version.

Tuesday, January 16, 2018

Curl command for Microsoft Cognitive Services product QnA Maker

This is the curl command to send QnA Maker a question and receive the answer:

curl -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key:<subscriptionKey>" -X POST -d '{"question":"<question>"}'<appID>/generateAnswer

<subscriptionKey> found on
<appID> found in url when view app, ?kbid=<appID>
<question> question such as "How do I ...?"