Search code examples
azureazure-web-roles

Multiple Azure WebRoles Using SSL - How do I setup the solution?

I have a solution that will end up looking like this:

http://www.test.com - Public marketing website (port 80)

https://www.test.com - MVC Web application for authenticated users (port 443)

https://api.test.com - WebAPI layer that all clients will use (port 443 hopefully)

Initially the application will be an MVC website but we also plan on developing native clients for Windows Phone, Windows 8, etc. All clients, including the MVC application website will use the WebAPI service layer for data operations. All clients will take advantage of portable class libraries too.

I registered two SSL certificates. One for www.test.com and one for api.test.com.

When I configure the roles (WebRole.Public, WebRole.Application and WebRole.WebAPI) I am told that port 443 is already assigned to another WebRole (the application WebRole in this case) and I need to use the next available port which is 8443.

My concern is that if I use port 8443 it is not firewall friendly which means future clients (Windows Phone, Win8, etc.) will not work without opening up firewalls. I would really like to use 443 on both the application and the webapi WebRoles.

If I setup multiple Azure projects to allow port 443 to be used on WebRole.WebAPI and WebRole.Application will it be possible to debug locally?

What is the recommended solution configuration? We are using Visual Studio 2013.

Solution

  • If you want to use the same port for two sites on the same service, you need to have just one role and set it up with two sites and set a host header for the second site (in your case I'd recommend api.test.com). There is full documentation on MSDN. So your service definition should look something like this:

    <WebRole name="Test" vmsize="Small">
    <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="Endpoint1" endpointName="HttpInput" />
          <Binding name="Endpoint1" endpointName="HttpsInput" />
        </Bindings>
      </Site>
      <Site name="Api" physicalDirectory="[Relative Path to Published API">
        <Bindings>
          <Binding name="ApiEndpoint" endpointName="HttpsInput" hostHeader="api.test.com" />
        </Bindings>
      </Site>
    </Sites>
    <Endpoints>
      <InputEndpoint name="HttpInput" protocol="http" port="80" />
      <InputEndpoint name="HttpsInput" protocol="https" port="443" certificate="SSL" />
    </Endpoints>