Skip to content

Deploy ASP.NET 5 WebAPI container to Azure web App service

In the previous article : , we went through the steps of generating ASP.NET 5 Web API image and pushing it to Azure Container Registry (ACR).

In today’s tutorial, I will show you how we can deploy ASP.NET 5 WebAPI to Azure web App from ACR and running SSH server in the container.

Before moving forward to our topic, it’s is important to note that accessing containers in Azure App service requires a SSH server running in the container itself. It is not a mandatory step, but it is the only way to access the Docker container remotely. However, the logs are still available in the Log Stream in the portal, or the advanced tools (Kudu).
The port that should be opened, for security matters, is port 2222. It’s not the default port for SSH connection, but Azure enforce accessing the container by establishing an Authentication to Azure AD. You can find more information in this link :

So, let’s start!

1- Create SSHD Config file

As I stated before, executing a SSH server in the container will ensure a SSH connection to our container remotely for debugging, executing scripts etc.

IMPORTANT : It is highly recommended to use port 2222 for exposing the SSH server, in order to take advantage of Azure AD authentication over port 2222.

Create a sshd_config file with the following content, and save it in the same folder where you created your Dockerfile (This is the configuration file that will be used by the SSH server in the container).

 # This is ssh server systemwide configuration file.
 # /etc/sshd_config
 Port                            2222
 LoginGraceTime                  180
 X11Forwarding                   yes
 Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
 MACs hmac-sha1,hmac-sha1-96
 StrictModes                     yes
 SyslogFacility                  DAEMON
 PasswordAuthentication          yes
 PermitEmptyPasswords            no
 PermitRootLogin                 yes
 Subsystem sftp internal-sftp

2- Update the Docker file

In this Step, I assume you have already the ASP.NET 5 Web API project as well as the Docker file. If you don’t have these items yet, I recommend you to have a look in my previous article :

The final Docker file will look something like :

 FROM AS build-env
 EXPOSE 2222 80
 # Restore
 COPY . .
 RUN dotnet restore "WebApi/WebApi.csproj"
 # Build
 WORKDIR "/src/WebApi"
 RUN dotnet build "WebApi.csproj" --no-restore -c Release -o /app/build
 # Publish
 RUN dotnet publish "WebApi.csproj" -c Release -o /app/publish
 # Runtime image
 COPY --from=build-env /app/publish .
 # SSH
 RUN apt update \
       && apt install -y --no-install-recommends openssh-server \
       && mkdir -p /run/sshd \
       && echo "root:Docker!" | chpasswd
 COPY sshd_config /etc/ssh/sshd_config
 ENTRYPOINT ["/bin/bash", "-c", "/usr/sbin/sshd && dotnet WebApi.dll"] 

I will not go over all the entries of the Docker file, as I did it in my last article. I will focus more in the lines that covers the SSH server :

 EXPOSE 2222 80 

In addition to port 80, expose port 2222

 # SSH
 RUN apt update \
       && apt install -y --no-install-recommends openssh-server \
       && mkdir -p /run/sshd \
       && echo "root:Docker!" | chpasswd
 COPY sshd_config /etc/ssh/sshd_config
 ENTRYPOINT ["/bin/bash", "-c", "/usr/sbin/sshd && dotnet WebApi.dll"] 

A- Run the apt update to install openssh-server
B- Copy the sshd_config created earlier
C- The entry point will execute the SSH server as well as the application

3- Test the container locally

Before deploying to Azure, It is recommended that you test the application locally in your Docker engine, to make sure that the configuration is working as expected.

First of all, build the docker image with the command :

 docker build -t salah/webapi:1.0 .

Run the container locally with the command:

 docker run -d -p 8099:80 -p 2222:2222 --name webapi_instance salah/webapi:1.0

Check your browser in port 8099, to make sure the application is running

And make a telnet to localhost to test if the container is listening to port 2222

That’s perfect ! The container is set-up correctly.

4- Create Azure Container Registry and PUSH the image

I will be using Azure CLI to create Azure resources:

Login to Azure :

 az login

Create the resource group :

 az group create --name deploy-aspnet5api-ssh-rg --location westeurope

Create the ACR :

az acr create --name demodeployingaspnet5ssh --resource-group deploy-aspnet5api-ssh-rg --sku Basic --admin-enabled true

Once the resource group and the ACR are created, we will push the image to the repository :

Make a connection to the ACR:

 az acr login --name demodeployingaspnet5ssh

Make a tag to the container with ACR name as prefix

docker tag salah/webapi:1.0

Push the image to ACR :

 docker push

Execute the command below, to check if the repository is updated to ACR :

 az acr repository list --name demodeployingaspnet5ssh

5- Create the plan App service and Web App

Create the plan app service that will host our web application. The sku used is B1 for our test, but you can choose any sku depending on your needs.

az appservice plan create --name deploy-aspnet5api-ssh-ps  --resource-group deploy-aspnet5api-ssh-rg --is-linux --sku B1

Create the web app service for containers as follows :

az webapp create --resource-group deploy-aspnet5api-ssh-rg --plan deploy-aspnet5api-ssh-ps --name deploy-aspnet5api-ssh-wa --deployment-container-image-name

6- Assign managed identity for Web App

This step consists of creating a managed identity of the web application and assign it the role to pull images from ACR.

Create the managed identity, and save it to a local variable

$principal_id=(az webapp identity assign --resource-group deploy-aspnet5api-ssh-rg --name deploy-aspnet5api-ssh-wa --query principalId --output tsv)

Get the subscription id :

 $subsc_id=(az account show --query id --output tsv)

Create the role assignment to the managed identity :

az role assignment create --assignee $principal_id --scope /subscriptions/$subsc_id/resourceGroups/deploy-aspnet5api-ssh-rg/providers/Microsoft.ContainerRegistry/registries/demodeployingaspnet5ssh --role "AcrPull"

Finally, update the config setting to point to the image :

az webapp config container set --name deploy-aspnet5api-ssh-wa --resource-group deploy-aspnet5api-ssh-rg --docker-custom-image-name --docker-registry-server-url

7- Check the container in Azure portal

Connect to Azure portal and access the application in the URL : , and make sure the application is running.

Then under Development tools, go to SSH and open the Web SSH console :

You will be prompted to select your account

After authentication, you will have access to the container through Web SSH console :

Final words …

In this article, we deployed an ASP.NET 5 WebAPI image to Azure app service for containers, and we added a SSH server in the container to access it remotely over port 2222.

Leave a comment if you find this article useful, and I will be pleased to answer your questions if you have any problem.


Published in.NETAzureAzure App ServiceDocker

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *