集成到VNET后无法连接到Azure Function App [英] Unable to connect to Azure Function App after integrating into VNET

问题描述

问题概述

Azure功能应用程序一旦集成到VNET中且WEBSITE_VNET_ROUTE_ALL设置为1，便无法访问.

Azure Function App can not be accessed once it is integrated into a VNET and WEBSITE_VNET_ROUTE_ALL is set to 1.

这是必需的，这样Function App可以安全地连接到SQL，而不必使SQL公开可用.

This is required so that the Function App can securely connect to SQL without making the SQL publicly available.

错误:

无法列出功能应用程序键.

Unable to list Function App keys.

来自同一网络中VM的HTTP请求(CURL)失败:504网关超时

HTTP Request (CURL) from within VM in same network fails: 504 Gateway Timed out

建筑图

复制步骤

1. 创建资源组
2. 创建具有10.20.11.0/26地址空间的VNET
3. 为Function App创建一个子网以与地址集成范围10.20.11.0/27
4. 创建一个Linux Function App，并将其集成到您创建的VNET中在第2步中.
5. 看到App键仍然可以正常加载.
6. 为地址范围为的数据库创建一个子网10.20.11.32/27
7. 创建SQL Server和SQL数据库.
8. 在数据库上创建带有DNS区域的专用链接并进行限制公共访问.
9. 将DNS区域链接到步骤2中创建的VNET.
10. 功能应用将SQL专用链接解析为公共IP地址.
11. 在Function App配置中，添加一个Application设置WEBSITE_VNET_ROUTE_ALL并将其设置为1.
12. 请参阅功能"应用程序现在将SQL专用链接解析为专用IP地址
13. 请确保未加载Function App键.
14. 尝试通过来自网络或公共链接.
15. 看到Function应用程序网关超时.

通过到Function App的SSH连接并使用nslookup，我们确定到私有链接的连接可以按预期解析SQL数据库的本地IP地址.

Through an SSH connection into the Function App and with nslookup we determined that the connection to the private link resolves the local IP address of the SQL database as expected.

将WEBSITE_VNET_ROUTE_ALL标志设置为0，nslookup解析SQL数据库的公共IP.

Setting the WEBSITE_VNET_ROUTE_ALL flag to 0, nslookup resolves the public IP of the SQL database.

由于SQL数据库受到限制并且仅在网络上可用，因此将WEBSITE_VNET_ROUTE_ALL设置设置为1非常重要.

As the SQL database is restricted and only available on the network, it is vital that the WEBSITE_VNET_ROUTE_ALL setting is set to 1.

WEBSITE_VNET_ROUTE_ALL = 1

WEBSITE_VNET_ROUTE_ALL = 1

WEBSITE_VNET_ROUTE_ALL = 0

WEBSITE_VNET_ROUTE_ALL = 0

参考

https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet

推荐答案

此问题通过添加"Microsoft.Storage"解决.服务端点到Function App子网.

This was resolved by adding a "Microsoft.Storage" service endpoint to the Function App subnet.

所有流量都发送到vnet时，它需要一个服务端点到Storage，以便可以读取Function App的配置和功能.

When all of the traffic is sent into the vnet, it needs a service endpoint to Storage so that it can read the Function App configuration and functions.

1. 导航到您的虚拟网络资源
2. 在侧面菜单中的设置"下，选择服务端点"
3. 点击添加"
4. 选择"Microsoft.Storage"从服务下拉列表中
5. 根据需要添加策略(我在这里没有选择任何策略)
6. 关联Function App子网
7. 添加.

这篇关于集成到VNET后无法连接到Azure Function App的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！