Web App

Overview

The Web App builder is used to create Azure App Service accounts. It abstracts the Service Plan into the same component, and will also create and configure a linked App Insights resource. If you wish to create a website that connects to an existing service plan or Web App, use the link_to_service_plan keyword and provide the resource name of the service plan or Web App to connect to.

  • Web Site (Microsoft.Web/sites)
  • Server Farms (Microsoft.Web/serverfarms)
  • Source Controls (Microsoft.Web/sites/sourcecontrols)
  • Application Insights (Microsoft.Insights/components)

Web App Builder Keywords

Applies ToKeywordPurpose
Web AppnameSets the name of the web app.
Web Applink_to_service_planInstructs Farmer to link this webapp to a Farmer service plan configuration defined elsewhere in your application, rather than creating a new one.
Web Applink_to_unmanaged_service_planInstructs Farmer to link this webapp to an existing service plan that is externally managed, rather than creating a new one.
Web Appapp_insights_nameSets the name of the automatically-created app insights instance.
Web Appapp_insights_offRemoves any automatic app insights creation, configuration and settings for this webapp.
Web Applink_to_app_insightsInstructs Farmer to link this webapp to a Farmer App Insights configuration defined elsewhere in your application, rather than creating a new one.
Web Applink_to_unmanaged_app_insightsInstructs Farmer to link this webapp to an existing app insights instance that is externally managed, rather than creating a new one.
Web Apprun_from_packageSets the web app to use “run from package” deployment capabilities.
Web Appwebsite_node_default_versionSets the node version of the web app.
Web AppsettingSets an app setting of the web app in the form “key” “value”.
Web Appsecret_settingSets a “secret” app setting of the web app. You must supply the “key”, whilst the value will be supplied as a secure parameter.
Web AppsettingsSets a list of app setting of the web app as tuples in the form of (“key”, “value”).
Web Appconnection_stringCreates a connection string whose value is supplied as secret parameter, or as an ARM expression in the tupled form of (“key”, expr), or with the connection string type (“key”, expr, SQLAzure).
Web Appconnection_stringsCreates a set of connection strings of the web app whose values will be supplied as secret parameters.
Web Appftp_stateAllows to enable or disable FTP and FTPS.
Web Apphttps_onlyDisables http for this webapp so that only HTTPS is used.
Web Appenable_http2Configures the webapp to allow clients to connect over http2.0.
Web Appdisable_client_affinityStops the webapp from sending client affinity cookies.
Web Appenable_websocketsConfigures the webapp to allow clients to connect via websockets.
Web Appdepends_onSets dependencies for the web app.
Web Appdocker_imageSets the docker image to be pulled down from Docker Hub, and the command to execute as a second argument. Automatically sets the OS to Linux.
Web Appdocker_ciTurns on continuous integration of the web app from the Docker source repository using a webhook.
Web Appdocker_use_azure_registryUses the supplied Azure Container Registry name as the source of the Docker image, instead of Docker Hub. You do not need to specify the full url, but just the name of the registry itself.
Web Appadd_identityAdds a managed identity to the the Web App. Farmer will automatically set the AZURE_CLIENT_ID application setting to the Client Id of the supplied identity.
Web Appkeyvault_identityAdds a managed identity to the the Web App and sets this identity to be used for KeyVault References. Farmer will automatically set the AZURE_CLIENT_ID application setting to the Client Id of the supplied identity.
Web Appsystem_identityActivates the system identity of the Web App.
Web Appenable_corsEnables CORS support for the app. Either specify WebApp.AllOrigins or a list of valid URIs as strings.
Web Appenable_cors_credentialsAllows CORS requests with credentials.
Web Appsource_controlGiven a github repository URI and branch name, configures the web app to automatically deploy those files to the web app
Web Appdisable_source_control_ciDisables continuous integration from source control on push
Web Appenable_source_control_ciEnables continuous integration from source control on push
Web Appadd_extensionAdds the named extension to the Web App
Web Appautomatic_logging_extensionEnables or disables automatically adding the ASP .NET logging extension for netcore apps (defaults to on unless docker_image is set).
Web Appworker_processSpecifies whether to set the web app to 32 or 64 Bitness.
Web Appalways_onSets the “Always On” flag.
Web Appadd_private_endpointAdds a private endpoint for this Webapp to a given subnet
Web Appadd_private_endpointsAdds private endpoints for this Webapp to the given subnets
Web Appadd_slotAdds a deployment slot to the app
Web Appadd_slotsAdds multiple deployment slots to the app
Web Apphealth_check_pathSets the path to your functions health check endpoint, which Azure load balancers will ping to determine which instances are healthy.
Web Appcustom_domainAdds a custom domain to the app. By default this will produce an AppService-managed SSL certificate for your domain as well. Through the overloads of this operator, you can provide a custom certificate thumbprint or choose not to use SSL. You can use this operator multiple times to add multiple custom domains.
Web Appadd_allowed_ip_restrictionAdds an ‘allow’ rule for an ip
Web Appadd_denied_ip_restrictionAdds an ‘deny’ rule for an ip
Web Appdocker_portAdds WEBSITES_PORT setting to map custom docker port to app service port 80
Web Applink_to_vnetEnable the VNET integration feature in azure where all outbound traffic from the web app with be sent via the specified subnet. Use this operator when the given VNET is in the same deployment
Web Applink_to_unmanaged_vnetEnable the VNET integration feature in azure where all outbound traffic from the web app with be sent via the specified subnet. Use this operator when the given VNET is not in the same deployment
Web Appadd_virtual_applicationsAdds list of virtualApplication definitions to the webapp
Web Appstartup_commandAdds a startup command to be run post-deployment. This is useful on Linux-based web app deployments, where your application is “implicitly” converted into a docker image and may need to be told what to do on startup.
App SlotnameSets the name for the slot
App Slotadd_identitySets the user managed identity for the slot.
App Slotsystem_identitySets the system identity to be enabled for the slot.
App Slotkeyvault_identitySets the identity for accessing key vault.
App SlotsettingSet an arbitrary setting for the slot.
App SlotsettingsSets multiple settings for the slot.
App Slotconnection_stringAdds a connection string setting for the slot
App Slotdocker_imageSets the docker image to be pulled down from Docker Hub, and the command to execute as a second argument. This enabled a new container to be staged in a slot.
App Slotadd_allowed_ip_restrictionAllows access from this IP when the slot is in production.
App Slotadd_denied_ip_restrictionDenies access from this IP when the slot is in production.
Service Planservice_plan_nameSets the name of the service plan. If not set, uses the name of the web app postfixed with “-plan”.
Service Planruntime_stackSets the runtime stack.
Service Planoperating_systemSets the operating system.
Service PlanskuSets the sku of the service plan.
Service Planworker_sizeSets the size of the service plan worker.
Service Plannumber_of_workersSets the number of instances on the service plan.
Service Planzone_redundantEnables ZoneRedundant on the service plan.

Farmer also comes with a dedicated Service Plan builder that contains all of the above keywords that apply to a Service Plan.

Use this builder if you wish to have an explicit and clear separation between your web app and service plan. Otherwise, it is recommended to use the service plan keywords that exist directly in the web app builder, and let Farmer handle the connections between them.

Post-deployment Builder Keywords

The Web App builder contains special commands that are executed after the ARM deployment is completed.

KeywordPurpose
zip_deploySupplying a folder or zip file will instruct Farmer to upload the contents directly to the App Service once the ARM deployment is complete.
zip_deploy_slotSupplying a folder or zip file will instruct Farmer to upload the contents directly to the named slot of the App Service once the ARM deployment is complete.

Configuration Members

MemberPurpose
PublishingPasswordGets the ARM expression path to the publishing password of this web app.
ServicePlanGets the Resource Name of the service plan for this web app.
AppInsightsGets the Resource Name of the service plan for the AI resource linked to this web app.
SystemIdentityGets the system-created managed principal for the web app. It must have been enabled using the system_identity keyword.

Key Vault integration

The Web App builder comes with special integration into KeyVault. By activating KeyVault integration, the web app builder can automatically link to, or even create, a full KeyVault instance. All Secret or ARM Expression-based Settings (e.g. a setting that links to the Key of a Storage Account) will automatically be redirected to KeyVault. The value will be stored in KeyVault and the system identity will be activated and provided into the KeyVault with GET permissions. Lastly, Web App app settings will remain in place, using the Azure App Service built-in KeyVault redirection capabilities.

The following keywords exist on the web app:

MemberPurpose
use_keyvaultTells the web app to create a brand new KeyVault for this App Service’s secrets.
link_to_keyvaultTells the web app to use an existing Farmer-managed KeyVault which you have defined elsewhere. All secret settings will automatically be mapped into KeyVault.
link_to_unmanaged_keyvaultTells the web app to use an existing non-Farmer managed KeyVault which you have defined elsewhere. All secret settings will automatically be mapped into KeyVault.

Virtual Applications virtualApplication

Virtual applications can be defined for a webapp which allows you to specify alternative directories for the application executables or enable a single web app to host multiple applications at once. By default, the following virtualApplication is provided for you:

virtualApplication {
    virtual_path "/"
    physical_path "wwwroot"
}
KeywordPurpose
virtual_pathProvides the virtual path mapping
physical_pathSpecifies the physical directory used (relative to the “site” directory)
preloadedEnables the “preload” feature of the virtual application

Examples

A basic web application.

open Farmer
open Farmer.Builders
open Farmer.WebApp

let myWebApp = webApp {
    name "myWebApp"
    service_plan_name "myServicePlan"
    setting "myKey" "aValue"
    sku WebApp.Sku.B1
    always_on
    app_insights_off
    worker_size Medium
    number_of_workers 3
    run_from_package
    system_identity
}

Using a managed Key Vault instance with automatic secret mapping.

open Farmer
open Farmer.Builders

// Create a basic storage account
let data = storageAccount {
    name "mystorage"
}

// Create a web application with a sensitive setting of storage key and an explicit "secret" setting
// which will be passed through by ARM parameter.
let wa = webApp {
    name "isaac"
    setting "key" "value"
    setting "storagekey" data.Key
    link_to_keyvault (ResourceName "isaacvault")
}

// Create a key vault instance and explicitly grant the web application access to it.
let v = keyVault {
    name "isaacvault"
    add_access_policy (AccessPolicy.create (wa.SystemIdentity.PrincipalId, [ KeyVault.Secret.Get; KeyVault.Secret.List ]))
}

Serving two applications simultaneously (a frontend and a backend) from one web app using virtual applications.

open Farmer
open Farmer.Builders

let wa = webApp {
    name "my-site-with-api"
    always_on
    add_virtual_applications [
        virtualApplication {
            virtual_path "/"
            physical_path "frontend"
        }
        virtualApplication {
            virtual_path "/api"
            physical_path "backend"
            preloaded
        }
    ]
}