Support for HTTP 2.0 Proxy in Azure App Service

algompluecker commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Azure App Service now supports gRPC over http2. In order to use this feature, you need to follow the instructions provided at How-to deploy a .NET 6 gRPC app on App Service.

These steps include enabling the HTTP 2.0 proxy on the app service settings. This is not yet possible using Terraform.

The API for configuring the app service has a field for enabling the HTTP 2.0 proxy: http20ProxyFlag = 1

New or Affected Resource(s)/Data Source(s)

azurerm_linux_web_app, azurerm_linux_web_app_slot, azurerm_windows_web_app, azurerm_windows_web_app_slot, azurerm_windows_function_app, azurerm_windows_function_app_slot, azurerm_linux_function_app, azurerm_linux_function_app_slot

Potential Terraform Configuration

resource "azurerm_linux_web_app" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {
    http2_proxy_enabled = true
  }
}

References

No response

xiaxyi commented 1 year ago

Thanks @algompluecker for raising this request, I tried to search for the property http20ProxyFlag in service swagger docs, but failed to locate it. Is it possible to share the link here?

xiaxyi commented 1 year ago

@algompluecker Good day, just would like to follow up with you to see if you can help me to locate the property definition in service api? Swagger that I mentioned above means API, in case there are some confusions.

algompluecker commented 1 year ago

@xiaxyi I was also not able to locate it in the swagger docs. By inspecting what the portal does when configuring it in the configurations I found the following:

PUT .../providers/Microsoft.Web/sites/app_service_name?api-version=2018-11-01

As you can see the property is placed next to the property http20Enabled.

Property paths: properties.siteConfig.http20Enabled properties.siteConfig.http20ProxyFlag

I wonder why this is not documented in the swagger. As you can see the portal is using API version 2018-11-01

xiaxyi commented 1 year ago

Thanks @algompluecker , yes, I was only able to locate this property in fiddler trace when updating the resource via Azure portal.

I need to confirm with the corresponding service team to see if it's supported via API update, but please understand that I can't guarantee anything.

algompluecker commented 1 year ago

Thanks @xiaxyi for your efforts!

Since the official support for this is quite new (I think the feature is in GA since mid of August) I hope it is just a matter of updating the API documentation of the app service APIs.

I have been waiting for gRPC support for a long time now and it would be great to have the support also in Terraform.

nlappe commented 1 year ago

I'm writing this comment to help the all mighty ecosia / google / bing algorithm to find this issue.

We have a gRPC use case and manage the azure infra via terraform. i searched like crazy and it took me about 2.5hrs to find this.

until support is added, i guess we have to manage this option manually. For anyone reading this with a deadline, the option in the Azure UI is called: Settings -> Configuration -> "HTTP 2.0 Proxy"

Thanks for raising this. 🎔

eobecerra commented 1 year ago

I can't see "HTTP 2.0 Proxy" in Azure Configurations (Under Settings) I can see HTTP version to flick it to 2.0 but nothing with Proxy...

algompluecker commented 1 year ago

Maybe it is not available in your region, yet?

It should look like this:

jonathanantoine commented 1 year ago

Any update :) ?

xiaxyi commented 1 year ago

Thanks team for updating this thread, the property is not available from api perspective yet, unfortunately, since our code are based on rest api, there seems no way to support it until it gets available in rest api. I think we can raise an issue in Azure rest api repo so the service team will know about it.

jameswoodley commented 1 year ago

@xiaxyi

This would really help me too. I understand that it needs to be added to the Azure REST Api first, is there an issue or any pressure us as the customer base could put on to Microsoft? Would you like me to open an issue on the REST Api repo?

xiaxyi commented 1 year ago

@jameswoodley That would be great if you can help to open an issue to rest api repo asking for this property to be added, once api supports it, we can move forward to add Terraform support. Thanks!

mildronize commented 1 year ago

@eobecerra We've try create Windows App Service, the Http 2.0 Proxy in General Settings doesn't exist, but after we create a new Linux App Service, the http 2.0 Proxy is appeared!.

Windows App Service

Linux App Service

CleanShot 2566-03-02 at 14 44 14

algompluecker commented 1 year ago

@jameswoodley Could you please link the issue you have created on the REST API repo so we can track it?

jameswoodley commented 1 year ago

Apoligies, hadn't got round to it, but have now: https://github.com/Azure/azure-rest-api-specs/issues/22876

jameswoodley commented 1 year ago

@algompluecker Microsoft have replied: https://github.com/Azure/azure-rest-api-specs/issues/22876#issuecomment-1460100547

I could see that the Azure Portal invoked the below 2 APIs while setting the http20Enabled and http20ProxyFlag properties.

[Web Apps - Create Or Update](https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update)
[Web Apps - Update Slot Configuration Names](https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/update-slot-configuration-names)

properties.siteConfig.http20Enabled=true
properties.siteConfig.http20ProxyFlag=1

Please try the same and let me know if that helps.

xiaxyi commented 1 year ago

@jameswoodley Thanks for the update, I will check and test the property, then add it to our backlog once confirmed it's working.

jameswoodley commented 1 year ago

Hi @xiaxyi Azure are chasing for an update, anything I can tell them, or can I tag you on that ticket so you can provide feedback directly?

xiaxyi commented 1 year ago

Thanks @jameswoodley for the update and sorry for the late response. I still can't find the http20ProxyFlag in the 2021-02-01 api

nor from the https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update

I will ask for more information in the azure repo.

algompluecker commented 1 year ago

@xiaxyi is it maybe just a documentation issue?

As you can see in my reply https://github.com/hashicorp/terraform-provider-azurerm/issues/18883#issuecomment-1291628407 the portal is using API api-version=2018-11-01 and successfully setting properties.siteConfig.http20ProxyFlag=1

Can you just try to set it?

Hightham commented 1 year ago

Using the API-version mentioned by @algompluecker worked for me in the bicep file

valakson commented 1 year ago

@Hightham would you mind sharing a code snippet? For me it doesn't work, tried different api versions.

Hightham commented 1 year ago

@valakson This is working for me and getting deployed just fine, even though there is a cli warning saying that the key "http20ProxyFlag" does not exist.

resource webApp 'Microsoft.Web/sites@2021-01-01' = {
  name: 'name'
  location: resourceLocation
  tags: {}
  properties: {
    siteConfig: {
      appSettings: [

        {
          name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
          value: "registrySecret"
        }
        {
          name: 'DOCKER_REGISTRY_SERVER_URL'
          value: '${registryName}.azurecr.io'
        }
        {
          name: 'DOCKER_REGISTRY_SERVER_USERNAME'
          value: "registryClientId"
        }
        {
          name: 'HTTP20_ONLY_PORT'
          value: 'XXX'
        }
      ]
      http20Enabled: true
      http20ProxyFlag: 1

      linuxFxVersion: 'DOCKER|${registryName}.azurecr.io/${stage}/container_name:latest'
    }
    serverFarmId: appServicePlan.id

  }
}

algompluecker commented 1 year ago

@xiaxyi Can we do anything to move this forward? I urgently need this for my current project.

Thanks!

algompluecker commented 1 year ago

@xiaxyi I really need this for a project which should go into production. Can I do anything to help you implementing this?

bohdan-parkh commented 1 year ago

Is there any plan to add support for this flag? We started using GRPC services and it is a bit time consuming to have to worry about setting up this flag manually on each new service deploy. Thanks!

xiaxyi commented 1 year ago

@bohdan-parkh Thanks for the comment, current the property is not added to the api. The only http20 related property is http20Enabled, we need to wait the service team to support it in api then we can move forward to support it in Terraform.

xiaxyi commented 1 year ago

@algompluecker Thanks for helping us to track this property proactively! The property seems still not available in api - 2022-09-01, we still need service team to add it in the api first then we can move forward from Terraform's perspective. Have you checked the workaround that was made by @Hightham ?

bohdan-parkh commented 1 year ago

If someone finds this issue and needs another workaround, you can switch the flag with Azure CLI Rest call after the deployment:

az rest \
--method PUT \
--uri https://management.azure.com/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.Web/sites/{app_name}/config/web?api-version=2022-03-01 \
--body '{\"properties\":{\"http20ProxyFlag\":1}}'

xiaxyi commented 1 year ago

we can also use azapi provider to update this resource, like below example

resource "azapi_update_resource" "example" {
  type        = "Microsoft.Web/sites@2022-09-01"
  resource_id = azurerm_linux_web_app.test.id

  body = jsonencode({
    properties = {
      siteConfig = {
        http20ProxyFlag = 1
        http20Enabled   = true
      }
    }
  })
}

tombuildsstuff commented 1 year ago

@xiaxyi would you mind sending a PR to the Azure/azure-rest-api-specs repository adding this missing field, so this can get added?

xiaxyi commented 1 year ago

@tombuildsstuff Thanks for the suggestion, I reached out to the corresponding service team via internal channel, and will update the progress here.

Another new swagger issues:https://github.com/Azure/azure-rest-api-specs/issues/25013

a-priestley commented 1 year ago

we can also use azapi provider to update this resource, like below example

resource "azapi_update_resource" "example" {
  type        = "Microsoft.Web/sites@2022-09-01"
  resource_id = azurerm_linux_web_app.test.id

  body = jsonencode({
    properties = {
      siteConfig = {
        http20ProxyFlag = 1
        http20Enabled   = true
      }
    }
  })
}

I'm not totally sure how to get this to work. Applying the block returns no errors, but the portal setting is showing false, and the json view is showing null. If I change the value via the portal setting, changing the value in terraform with http20ProxyFlag = 0 also does not affect it.

Can anyone else confirm that this workaround is valid?

Edit: It's come to my attention that this may not be working yet due to the lack of REST exposure to the property in question as brought up here.

We are eagerly awaiting resolution.

ogysha commented 11 months ago

@a-priestley I can confirm it still doesn't work. I was configuring AppService to support Web gRPC and one of the necessary settings was to turn on HTTP 2.0 Proxy. So, from Terraform HTTP 2.0 Proxy is not set, even by using the code snippet from @xiaxyi. The explanation is as you've mentioned: there is no field to set HTTP 2.0 Proxy via Azure Resource Management API which can be found here

mizrael commented 10 months ago

tried this one and doesn't seem to be working properly. Or at least I don't see the property set to "ON" on the portal

bohdan-parkh commented 10 months ago

Any error response from Api? It keeps working well for us. Make sure you properly replace variables (subscription_id, resource_group, app_name). The way you replace them depends on your environment

mizrael commented 10 months ago

API returned a success and in the payload I see http20ProxyFlag being set to 1. On the portal however, both the radio buttons are empty, none of them is selected.

algompluecker commented 10 months ago

Have you checked my early posts regarding the API which is used by the portal? The property path is properties.siteConfig.http20ProxyFlag so I guess you might try this as payload in your request: '{\"properties\":{\"siteConfig\": {\"http20ProxyFlag\":1}}}'

mizrael commented 10 months ago

just tried. Api call came back with

"http20ProxyFlag": 1,

buy the Portal shows this:

bohdan-parkh commented 10 months ago

Ok, this is something new. We have same thing, the radio button is empty for us as well, but the service works as expected :/

algompluecker commented 10 months ago

Have you checked the API version and set it to ?api-version=2018-11-01? Maybe in later versions you need to povide a trueinstead of the 1?

bohdan-parkh commented 10 months ago

Looks like Microsoft changed "enabled" state to be 2 (screenshot from inspecting Portal calls): I changed our command to set property to 2 and now it is displayed correctly on Portal.

mizrael commented 10 months ago

this worked for me too, thanks!

xiaxyi commented 8 months ago

still block, property is not added in azure rest api specs

mracket commented 6 months ago

It can be done with terraform by using the code below.

resource "azurerm_linux_web_app" "res-1" {
  app_settings = {
    WEBSITES_ENABLE_APP_SERVICE_STORAGE = "false"
  }
  https_only          = true
  location            = "westeurope"
  name                = "appdemo"
  resource_group_name = "rg-demo"
  service_plan_id     = "/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg-demo/providers/Microsoft.Web/serverFarms/asp-demo"
  site_config {
    always_on           = false
    ftps_state          = "FtpsOnly"
    http2_enabled       = true
    minimum_tls_version = "1.2"
  }
}
resource "azapi_update_resource" "example" {
  type      = "Microsoft.Web/sites/config@2023-01-01"
  name      = "web"
  parent_id = azurerm_linux_web_app.res-1.id
  body = jsonencode({
    properties = {
        http20ProxyFlag = 1    
    }
  })
}

hashicorp / terraform-provider-azurerm