Oryx icon indicating copy to clipboard operation
Oryx copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add outbound dependencies documentation for oryx remote build.

Open Catastrophe1 opened this issue 3 years ago • 2 comments

Feature Request

We noticed that there are a few outbound dependencies required by oryx during remote build on app service like https://oryx-cdn.microsoft.io/

Some customers use VNet integration with firewall to control the outbound traffic of the app service. Blocking the outbound dependencies will cause the remote build fail. Can we add the documentation around what endpoints need to be opened in order for a successful build? Thank you.

Catastrophe1 avatar Jun 30 '22 02:06 Catastrophe1

@Catastrophe1 Hey there -- this is a good point to bring up, I don't believe we have documentation easily accessible to users that outline what this CDN is used for. For quick context: this CDN points to our storage account where previously package platform binaries are located so that Oryx can easily pull them down into the container to build the user's application after Oryx identifies what platform and platform version the application is targeting. I'll add a work item on our side to update our documentation, starting with the README.md at the root of our repository, but if there's another location you feel would be ideal to have this documentation accessible, please let me know.

cormacpayne avatar Jul 06 '22 20:07 cormacpayne

Hi @cormacpayne! Thanks for the explanation and it will be great to add in the readme. Appreciate your response.

Catastrophe1 avatar Jul 12 '22 10:07 Catastrophe1

bump -- ran into this exact issue building my function remotely yesterday. What endpoints do we need to allow outbound traffic? We are using Azure App Service with VENT integration as well. Thanks.

mrjacklu avatar Mar 10 '23 15:03 mrjacklu

bump -- ran into this exact issue building my function remotely yesterday. What endpoints do we need to allow outbound traffic? We are using Azure App Service with VENT integration as well. Thanks.

Hi @mrjacklu Please allow outbound HTTP/S connection to https://oryx-cdn.microsoft.io/ in the firewall settings

Catastrophe1 avatar Apr 10 '23 13:04 Catastrophe1

Hi all, we now have some documentation that outlines the network dependencies for Oryx. Pasting the blurb here as well:

When using App Service with a Virtual Network or an App Service Environment, you will need to allow outbound access from the webapp to oryx-cdn.microsoft.io on port 443. oryx-cdn.microsoft.io hosts the Oryx packages corresponding to each SDK language and version. If this network dependency is blocked, then App Service will not be able to build your application using Oryx.

pauld-msft avatar Apr 10 '23 13:04 pauld-msft