Simplifying the configuration of an App Service behind an Azure reverse proxy (Azure Front Door or Application Gateway) without custom domains.
Updated Jan 24, 2025
Version 2.0I'm trying to configure this via bicep and it's not happy with the clientAffinityProxyEnabled property.
I went to the portal, enabled the setting manually, exported the template, and I can't find this property in the template.
Is this not supported via ARM/ Bicep?
Hello John
We are in process of adding it to the open api spec - after that, new SDKs need to be generated for e.g. TF to adopt it. However, even if ARM/Bicep will not validate it - it will still work when sending it as part of the payload.
Gonzalo_Murilloany ETA on getting this to the spec? Specifically looking for it to appear in Terraform/Pulumi (which I believe rely on the azure api spec)
How to send it using bicep, what property to send?
Jan, this worked for me.
resource lsmawebApp 'Microsoft.Web/sites@2024-04-01'={
name: helpers.webAppName(IsProd, IsBlazor)
location: helpers.location
tags: helpers.tags(IsProd)
identity:{
type:'SystemAssigned'
}
properties:{
serverFarmId: appServicePlan.id
httpsOnly: true
virtualNetworkSubnetId: vnet::appServicesSubnet.id
// Only enable client affinity for Blazor apps
// It is not needed for the API because it is stateless
clientAffinityEnabled: IsBlazor
clientAffinityProxyEnabled: IsBlazor
siteConfig: {
alwaysOn: true
detailedErrorLoggingEnabled: true
httpLoggingEnabled: true
requestTracingEnabled: true
ftpsState: 'Disabled'
minTlsVersion: '1.3'
minTlsCipherSuite: minTlsCipherSuiteValue
linuxFxVersion: 'DOTNETCORE|8.0'
}
}
}