Hosting behind Azure Application Gateway


(Ryan Adler) #1

Has anyone gotten the server working behind an Azure Application Gateway? Specifically, is it possible to get this working when using polling tentacles? I believe that this cannot work, since there is no support in the AG for client certificates. Please let me know if it’s possible to get this to work, as I would like to leverage the added security of the gateway in front of the Octopus server.


(Jim Burger) #2

Hi Ryan,

Thanks for this question, are you able to share a bit more about the topology you intend to use behind the AAG, are you just looking to use the WAF, or are you looking into load balancing?

Not being an expert in AAG, and it sounding as though it doesn’t support client certificates - I suspect you might be right, if SSL termination is something that cannot be disabled? Have you tried it and are running into a specific error?

All the best,


(Ryan Adler) #3

Dear Jim,

We were looking to leverage the WAF functionality for added security. Load balancing is not yet needed.

The AAG does not appear to support client certificates, nor does it support a direct pass-through functionality. It can do end-to-end SSL, but this means basically SSL between client<->AAG and again between AAG<->server. I have not gotten this scenario to work either.

Kind regards,
Ryan Adler


(Jim Burger) #4

Hi @Ryan_Adler

Thanks for the additional detail, we do support proxying polling tentacles, however this doesn’t quite fit the AAG use case if I understand correctly.

It is also worth mentioning that most tentacle communications aren’t done via HTTP, they use our own communication stack called Halibut which is effectively compressed JSON over TCP with TLS.

I’d love to hear more about the specific WAF features that you are interested in though if you have time to share.

Kind regards,