to navigate

to select

to close

On this page

Azure App Service

Azure App Service is a fully managed platform for hosting web applications, REST APIs, and mobile backends. Deploy code in .NET, Node.js, Python, Java, PHP, or containers — Microsoft handles OS patching, load balancing, and scaling.

App Service Components

Component	Description
App Service Plan	Compute resources (CPU, RAM) shared by apps
Web App	Individual application instance
Deployment Slot	Staging environment (blue/green deployments)
App Settings	Environment variables and connection strings
Custom Domain + SSL	Branded URL with managed certificates

Create a Web App

  # Create App Service Plan (Linux, B1 for dev)
az appservice plan create \
  --name plan-webapp-dev \
  --resource-group rg-webapp-dev \
  --sku B1 \
  --is-linux

# Create Web App (Node.js)
az webapp create \
  --resource-group rg-webapp-dev \
  --plan plan-webapp-dev \
  --name my-webapp-dev \
  --runtime "NODE:20-lts"

# Deploy code from local directory
az webapp up \
  --name my-webapp-dev \
  --resource-group rg-webapp-dev \
  --runtime "NODE:20-lts"

# Or deploy from Git
az webapp deployment source config \
  --name my-webapp-dev \
  --resource-group rg-webapp-dev \
  --repo-url https://github.com/org/myapp \
  --branch main \
  --manual-integration

App Service Plan Tiers

Tier	vCPU/RAM	Features	Use Case
Free/Shared	Shared	No custom domain SSL, limited	Learning
Basic (B1-B3)	1-4 cores	Custom domains, manual scale	Dev/test
Standard (S1-S3)	1-4 cores	Auto-scale, slots, backups	Production
Premium (P1v3-P3v3)	2-8 cores	More slots, VNet integration	High-traffic production
Isolated	Dedicated	VNet injection, compliance	Enterprise/regulated

  # Scale up (change plan tier)
az appservice plan update \
  --name plan-webapp-prod \
  --resource-group rg-webapp-prod \
  --sku P1v3

# Scale out (more instances)
az appservice plan update \
  --name plan-webapp-prod \
  --resource-group rg-webapp-prod \
  --number-of-workers 3

Deployment Slots (Blue/Green)

  # Create staging slot
az webapp deployment slot create \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --slot staging

# Deploy to staging
az webapp deployment source config-zip \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --slot staging \
  --src deploy.zip

# Swap staging → production (zero downtime)
az webapp deployment slot swap \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --slot staging \
  --target-slot production

Configure auto-swap for CI/CD pipelines that deploy to staging and automatically swap after health check passes.

App Settings and Connection Strings

  # Set environment variables
az webapp config appsettings set \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --settings \
    NODE_ENV=production \
    API_URL=https://api.example.com \
    LOG_LEVEL=warn

# Reference Key Vault secret (no plaintext in settings)
az webapp config appsettings set \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --settings DATABASE_PASSWORD="@Microsoft.KeyVault(SecretUri=https://my-kv.vault.azure.net/secrets/db-password/)"

Enable Managed Identity on the web app so it can access Key Vault without credentials.

Custom Domains and SSL

  # Add custom domain
az webapp config hostname add \
  --webapp-name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --hostname www.example.com

# Enable free managed SSL certificate
az webapp config ssl bind \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --certificate-thumbprint THUMBPRINT \
  --ssl-type SNI

App Service Managed Certificates provide free SSL for custom domains on Basic tier and above.

Auto-Scaling Rules

  az monitor autoscale create \
  --resource-group rg-webapp-prod \
  --resource my-webapp-prod \
  --resource-type Microsoft.Web/serverfarms \
  --name autoscale-webapp \
  --min-count 2 --max-count 10 --count 2

az monitor autoscale rule create \
  --resource-group rg-webapp-prod \
  --autoscale-name autoscale-webapp \
  --condition "CpuPercentage > 70 avg 5m" \
  --scale out 1

az monitor autoscale rule create \
  --resource-group rg-webapp-prod \
  --autoscale-name autoscale-webapp \
  --condition "CpuPercentage < 30 avg 10m" \
  --scale in 1

VNet Integration

Connect App Service to private Azure resources (databases, internal APIs):

  # Enable regional VNet integration
az webapp vnet-integration add \
  --name my-webapp-prod \
  --resource-group rg-webapp-prod \
  --vnet vnet-webapp \
  --subnet subnet-app-integration

Requires Standard tier or above. Traffic to VNet resources routes through the integrated subnet.

Container Deployment

Run custom Docker containers on App Service:

  az appservice plan create \
  --name plan-containers \
  --resource-group rg-webapp-prod \
  --is-linux \
  --sku P1v3

az webapp create \
  --resource-group rg-webapp-prod \
  --plan plan-containers \
  --name my-container-app \
  --deployment-container-image-name myregistry.azurecr.io/myapp:latest

# Configure ACR credentials or managed identity
az webapp config container set \
  --name my-container-app \
  --resource-group rg-webapp-prod \
  --docker-custom-image-name myregistry.azurecr.io/myapp:v1.2.0 \
  --docker-registry-server-url https://myregistry.azurecr.io

Real-World Scenario: Production API

Component	Configuration
App Service Plan	P1v3, 3 instances, auto-scale 2-10
Web App	.NET 8 API, deployment slots (staging + production)
Domain	api.example.com with managed SSL
VNet Integration	Access Azure SQL via private endpoint
Key Vault	Database credentials via Managed Identity
CI/CD	GitHub Actions → deploy to staging → swap
Monitoring	Application Insights integrated

App Service vs VMs vs Container Apps

Feature	App Service	VMs	Container Apps
Management	Fully managed	Self-managed OS	Managed containers
Scaling	Built-in auto-scale	VMSS required	KEDA-based scaling
Deployment	Git, ZIP, containers	Manual/scripted	Container images
Cost	Tier-based	VM hourly	Per vCPU-second
Best for	Web apps, APIs	Legacy/custom OS	Microservices, event-driven

Common Mistakes

Free tier for production — no SLA, shared resources, no custom SSL
Secrets in app settings as plaintext — use Key Vault references
No deployment slots — deploy directly to production without testing
Single instance — no redundancy; minimum 2 for production
Ignoring Always On — disabled on Basic causes cold starts
Wrong runtime stack — verify runtime version matches local development

Troubleshooting

Issue	Diagnosis	Fix
503 Server Unavailable	App crashed or starting	Check Log Stream; verify startup command
502 Bad Gateway	App not listening on correct port	Set `WEBSITES_PORT` to your app’s port
Deployment failed	Build error or wrong runtime	Check deployment logs in Kudu (`https://<app>.scm.azurewebsites.net`)
Slow cold start	Always On disabled	Enable Always On (Standard+ tier)
Can’t reach database	VNet integration not configured	Add VNet integration; verify NSG rules

Best Practices

Use deployment slots for zero-downtime releases
Enable Application Insights for APM and logging
Store secrets in Key Vault with Managed Identity access
Run minimum 2 instances in production for redundancy
Configure auto-scale based on CPU, memory, or HTTP queue length
Enable Always On and HTTPS Only
Use App Service Managed Certificates for free SSL
Set up health check path for auto-healing and slot swap validation

Next: Azure SQL Database.

Virtual Machines

Azure SQL Database

Azure App Service

App Service Components link

Create a Web App link

App Service Plan Tiers link

Deployment Slots (Blue/Green) link

App Settings and Connection Strings link

Custom Domains and SSL link

Auto-Scaling Rules link

VNet Integration link

Container Deployment link

Real-World Scenario: Production API link

App Service vs VMs vs Container Apps link

Common Mistakes link

Troubleshooting link

Best Practices link