question

erossini avatar image
0 Votes"
erossini asked MikeUrnun edited

Azure API Management service with external virtual network to Docker

I want to use the Azure API Management Service (AMS) to expose the API created with R/Plumber hosted in a Docker container and runs in an Ubuntu machine.


Scenario

With R/Plumber I created some APIs that I want to protect. Then, I created a virtual machine on Azure with Ubuntu and installed Docker. The APIs are in a container that I published on the virtual machine by Docker. I can access them via internet.

On Azure I created an API Management service and added the APIs from the Swagger OpenAPI documentation.

YXcty.png


Problem

I want to secure the APIs. I want to expose to the internet only the AMS. Then, my idea was to remove the public IP from the virtual machine and via a virtual network using the internal IPs to connect the API Management Service to the API with the internal IP (http://10.0.1.5:8000).

So, I tried to set a Virtual Network. Clicked on the menu, then External and then on the row, I can select a network. In this virtual network, I have one network interface that is the one the virtual machine is using.

3pHc3.png

When I save the changes, I have to wait a while and then I receive an error

Failed to connect to management endpoint at azuks-chi-testapi-d1.management.azure-api.net:3443 for a service deployed in a virtual network. Make sure to follow guidance at https://aka.ms/apim-vnet-common-issues.

8ZgrK.png

I read the following documentation but I can't understand how to do what I wanted
- Azure API Management - External Type: gateway unable to access resources within the virtual network?
- How to use Azure API Management with virtual networks

Is there any how-to to use? Any advice? What are I doing wrong?


Update


I tried to add more Address space in the Virtual network.

Up7NO.png

One of them (10.0.0.2/24) is delegate for the API Management.

ssv88.png

Then, in the Network security group I added the port 3443.

OSHmN.png

From the API manager I can't reach the server with the internet IP (10.0.2.5). What did I miss?


azure-virtual-machinesazure-virtual-networkazure-api-management
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @erossini - I'm sorry for the delay. I'm currently reviewing this issue now and will update you here with my findings soon.

0 Votes 0 ·

1 Answer

MikeUrnun avatar image
0 Votes"
MikeUrnun answered MikeUrnun edited

Hello @erossini - My apologies for the late response. I implemented your scenario and everything worked fine for me. In the NSG rule, the required protocol for port 3443 is of type TCP but you seem to have it as Any. This might fix the issue for you. Also, instead of importing the Swagger spec over public IP from the VM at the time of when the VNET configuration work for APIM wasn't completed, I opted to upload the Swagger file after both services were fully configured individually and then looked to establish connectivity between them. At that point, it was a matter of specifying the private IP in APIM to make it all work:
93129-image.png




image.png (23.6 KiB)
image.png (23.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.