Search code examples
c#azureendpointazure-cloud-servicesftp-server

Azure cloud service embedded FTP server

I want to host an embedded FTP server inside an Azure cloud service worker role.

To provide passive access to the FTP server, it uses port range 20000-21000. Inside the ServiceDefinition.csdef I define all needed ports (see screenshot).

ServiceDefinition.cscfg

The main problem is the huge number of ports. If I try to upload the service into the cloud I get the following error.

Validation error: Invalid number of input endpoints - current 1002, max. 25

How can I get this work with cloud service?

Solution

  • Here is a solution based on Azure support answer.

    You will need to define a public IP in the .cscfg file and upload it the cloud service. 

    <?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="ILPIPSample" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-01.2.3">
  <Role name="WebRole1">
    <Instances count="1" />
      <ConfigurationSettings>
    <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
      </ConfigurationSettings>
  </Role>
  <NetworkConfiguration>
    <AddressAssignments>
      <InstanceAddress roleName="WebRole1">
    <PublicIPs>
      <PublicIP name="MyPublicIP" domainNameLabel="WebPublicIP" />
        </PublicIPs>
      </InstanceAddress>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

    More info: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-instance-level-public-ip#manage-an-ilpip-for-a-cloud-services-role-instance

    After that you can use nslookup to get the public IP assigned to the instance. If you have multiple instances, you need to change the 0 to 1, 2, 3 etc.

    nslookup WebPublicIP.0.<Cloud Service Name>.cloudapp.net

    Then you can open the local ports in Windows Firewall of the instance and you will be able to connect the local ports directly from the internet.

    You can create a startup task to open the local ports in the cloud service firewall. Following is an example of how to configure firewall rules. The startup task is executed every time the instance is rebooted/reimaged.

    https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks-common#add-firewall-rules

    Something like below:

    netsh advfirewall firewall add rule name="TCP ports" protocol=TCP dir=in localport=1000-2000 action=allow