question

SuryaPrakash-3880 avatar image
0 Votes"
SuryaPrakash-3880 asked ·

How to deploy war files from azure DevOps private build agents to azure web app (Private Endpoint is raised already for the web app)

HI All,

I have two web apps in my subscription for which two Private endpoints are raised for preventing the public access. Now When I am trying to deploy the application war files to these web apps from my azure DevOps pipeline with self hosted build agents, I am getting the following error:
[error]Failed to deploy web package to App Service.
[error]Error: Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403)

How to enable my pipelines to deploy war files to these web apps? Is there any workaround for this scenario?

usually after configuring DNS for the web app, I should able to connect from pipeline. But we don't have that chance to wait till this happens.
Please note that we haven't configured any custom DNS as of now. So I am not even able to open webapp.scm from my browser. I am getting 403 error not found.

azure-webappsazure-virtual-networkazure-webapps-developmentazure-private-linkazure-webapps-vnet
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ryanchill avatar image
0 Votes"
ryanchill answered ·

@SuryaPrakash-3880,

I'm assuming that the Private Endpoint you're referring to is https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint. Whether your build agent is hosted on-prem with configured VPN or hosted in an Azure VM that's part of your configured vnet or peered, make sure your firewall is configured to allow traffic from document endpoints:

*.visualstudio.com:
- https://login.microsoftonline.com
- https://app.vssps.visualstudio.com
- https://{organization_name}.visualstudio.com
- https://{organization_name}.vsrm.visualstudio.com
- https://{organization_name}.vstmr.visualstudio.com
- https://{organization_name}.pkgs.visualstudio.com
- https://{organization_name}.vssps.visualstudio.com

dev.azure.com:
- https://dev.azure.com
- https://*.dev.azure.com
- https://login.microsoftonline.com
- https://management.core.windows.net
- https://vstsagentpackage.azureedge.net

EDIT: Furthermore, you can check https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment?view=azure-devops#web-app-deployment-on-app-service-environment-ase-is-not-working for additional troubleshooting steps that may be preventing deployment to your Private Endpoint. Even though this doc is referring to ASE, it also applies to Private Endpoint.






· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi @ryanchill I am using azure vmss as build agents and from Build agents side, everything is configured. And I was able to deploy the war files to web app before private endpoint is created for webapp. Only after the linking, my azure pipelines are unable to connect to web app.

0 Votes 0 ·

Send me an email to AzCommunity[at]microsoft[dot]com ATTN Ryan so we can continue offline and take a closer look at your current configuration. Include your subscription id, build agent VMs, app service name, and the vnet you associated your app service to when you enabled the private endpoint.

0 Votes 0 ·