Fix Azure Virtual Network App Gw Errors
When working with Azure Virtual Network, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with app gw and shows the exact fix.
A Common Mistake
Using a basic load balancer instead of Application Gateway for web applications that need SSL termination, URL-based routing, or WAF.
The incorrect command:
az network lb create --name my-lb --resource-group my-rg --sku Standard --public-ip-address lb-pip
az network lb rule create --name https-rule --lb-name my-lb --resource-group my-rg --protocol Tcp --frontend-port 443 --backend-port 443
Error output:
Load balancer created.
SSL termination must happen on backend VMs:
- Each VM needs SSL certificate
- Certificate management is complex
- CPU overhead for SSL decryption on each VM
- No URL-based routing (/api vs /app)
- No WAF protection
The Correct Approach
The right way to configure app gw in Azure Virtual Network:
az network application-gateway create --name my-appgw --resource-group my-rg --sku WAF_v2 --capacity 2 --vnet-name my-vnet --subnet appgw-subnet --public-ip-address appgw-pip --servers 10.100.1.4 10.100.1.5 --ssl-certificate mycert.pfx --ssl-cert-password p@ss --http-settings-cookie-based-affinity Enabled --routing-rule-type PathBasedRouting --url-path-map '{"paths":{"/api/*":{"backend-pool-name":"api-pool","backend-http-settings-name":"api-http-settings"},"/*":{"backend-pool-name":"app-pool","backend-http-settings-name":"app-http-settings"}}'
Successful result:
Application Gateway created.
Features: SSL termination at gateway, URL-based routing, cookie-based affinity, WAF protection. Backend VMs receive HTTP traffic (no SSL overhead). Different paths route to different backend pools.
How to Prevent This
Use Application Gateway for web applications. Supports: SSL termination, URL-based routing, multi-site hosting, rewrite rules, WAF, autoscaling. Backend pools can be VMs, VMSS, App Service, or AKS. Costs: ~$0.20/hour + data processing (Standard_v2).
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro