Azure Web Swaps Warmup Pings Do Not Support HTTPS

[Mike-E-angelo]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

This probably does not belong here, or maybe it does. It is based on a Twitter thread with several ASP.NET developers from this repository, and not Azure developers, so I am posting it here and we can take it from there. :)

The issue appears to be that when a swap occurs in Azure, it only sends an HTTP request, not an HTTPS request. This is not configurable. The result in an HTTPS-only App Service is that a redirect occurs and the warmup never happens. In order to make this work, the directions from this well-written blog post must be followed:
https://haacked.com/archive/2020/09/28/azure-swap-with-warmup-aspnetcore/

One of the steps is to turn off HTTP-only, which reduces security posture and accordingly creates an alert from Azure Advisor when runs its security checks:
https://stackoverflow.com/questions/55706533/azure-how-to-fix-web-application-should-only-be-accessible-over-https-warnin

Expected Behavior

When the warmup ping pings, it pings as a ping is supposed to ping, resulting in a proper warmup. :)

Steps To Reproduce

Spend several days setting up swapping and wonder why your application is taking as much time warming up after a "warmup" as it does with a direct deployment:
https://docs.microsoft.com/en-us/answers/questions/807835/swap-warmup-takes-same-time-as-straight-deployment.html

Exceptions (if any)

NA

.NET Version

NA

Anything else?

I <3 you all. :) :) :) Really nice work out there regardless of this issue.

[JamesNK]

@bradygaster

[bradygaster]

Adding @btardif here to comment from the App Service team. Is there an alternative, or guidance for customers who run into this situation?

[btardif]

@JasonFreeberg might be able to help

[JasonFreeberg]

@btardif since it's only ever been HTTP, if we change it now that could be a breaking change for existing apps. So I suppose we would need this to be implemented with a site property so it's opt-in, then update the UI and CLI to surface the new property as an option?

[bradygaster]

@JasonFreeberg - could we move this over to the App Service repo since this is more a service feature to implement? It'd help our customers to have a tracking link for an issue on your side, too, so that move would be helpful. Thanks immensely.

[btardif]

@btardif since it's only ever been HTTP, if we change it now that could be a breaking change for existing apps. So I suppose we would need this to be implemented with a site property so it's opt-in, then update the UI and CLI to surface the new property as an option?

Yes, that makes sense to me. Would also be interesting to if we can make it respect the HTTPS only setting.

[JasonFreeberg]

@JasonFreeberg - could we move this over to the App Service repo since this is more a service feature to implement? It'd help our customers to have a tracking link for an issue on your side, too, so that move would be helpful. Thanks immensely.

AFAIK we don't have a well-moderated GitHub repo for feature requests, but there is the feedback site: https://feedback.azure.com/d365community/forum/b09330d1-c625-ec11-b6e6-000d3a4f0f1c

Thank you for contacting us. Due to a lack of activity on this discussion issue we're closing it in an effort to keep our backlog clean. If you believe there is a concern related to the ASP.NET Core framework, which hasn't been addressed yet, please file a new issue.

This issue will be locked after 30 more days of inactivity. If you still wish to discuss this subject after then, please create a new issue!