Suvrajeet Banerjee

Posted on Oct 14

⚡️ Surviving Azure’s Cloud Maze: DevOps Disaster Recovery, Network Wizardry & Bare-Metal Deployments [Week-6] 🌩️

#devops #azure #virtualmachine #cloud

This week marked a pivotal moment in my DevOps journey - diving deep into yet another Public Cloud Provider a.k.a. Microsoft Azure's cloud ecosystem and tackling complex infrastructure challenges that pushed my technical skills to new heights. From deploying React applications to architecting three-tier networks along-side managing full-stack applications with databases, Week 6 delivered hands-on experience bridging the gap between theoretical knowledge and real-world production environments that too using yet another Cloud Provider other than AWS.

🎯 Understanding Azure's Cloud Computing Foundation 🏗️

What Makes Azure Special in the Cloud Landscape?

Microsoft Azure represents one of the world's leading cloud computing platforms, offering Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions. Unlike traditional on-premises infrastructure, Azure provides on-demand computing resources that scales dynamically based on application requirements & needs.

🧵 Key Azure Advantages:

🌍 Global Infrastructure: Over 60 regions worldwide with multiple availability zones
💰 Pay-as-you-use model: Only pay for resources consumed
🔒 Enterprise Security: Built-in compliance and security frameworks
🚀 Rapid Scaling: Auto-scaling capabilities for varying workloads

🧵 Azure Compute Services Ecosystem

Azure offers diverse compute options, each serving specific use cases:

Virtual Machines (IaaS)

Virtual machines provide the maximum control and flexibility, allowing complete customization of the operating system and applications. They're ideal for:

📊 Legacy Application Migration: Lift-and-shift scenarios
🔧 Custom Configurations: Specific software requirements
💾 Full OS Control: Complete administrative access

App Services (PaaS)

Platform-as-a-Service offerings that abstracts infrastructure management:

🎯 Focus on Code: No requiremetnt for infrastructure management
🔄 Auto-scaling: Built-in scaling capabilities
🛡️ Security Updates: Automatic patching and updates

🚀 Deploying React Applications on Azure VMs 💻

🧵 The React Deployment Challenge

React applications require a specific deployment strategy because they're Single Page Applications (SPAs) that need proper web server configuration for client-side routing. This section demonstrates & imitates production React deployments on Azure infrastructure.

Step 1: Azure VM Provisioning

Creating an Ubuntu 24.04 LTS virtual machine involved several critical decisions:

VM Configuration Analysis:

Size Selection: B1s (1 vCPU, 1 GB RAM) - cost-effective for learning environments
Authentication: SSH keys provide better security than passwords
Storage: Premium SSD for faster I/O operations

Step 2: Development Stack Installation

The deployment requires a complete development environment setup:

# System updates
sudo apt update && sudo apt upgrade -y

# Node.js 18.x LTS installation via NodeSource
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejs

# Nginx web server installation
sudo apt install -y nginx

Step 3: React Application Build Process

Understanding the React build process is crucial for production deployments:

# Clone the application
git clone https://github.com/suvrajeetbanerjee/my-react-app.git
cd my-react-app

# Install dependencies
npm install

# Create production build
npm run build

Why Building is Essential:

📦 Code Optimization: Minification and bundling reduce file sizes
🚀 Performance: Optimized assets load faster
🔒 Security: Source code is compiled and obfuscated

Step 4: Nginx Configuration for SPAs

Single Page Applications(SPA) requires special web server configuration to handle client-side routing:

server {
    listen 80 default_server;
    root /home/azureuser/my-react-app/build;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }
}

Critical Configuration Elements:

🎯 try_files directive: Enables client-side routing by falling back to index.html
📁 root directive: Points to the React build directory
🌐 index directive: Specifies the default file to serve

🧵 Overcoming the 500 Internal Server Error Challenge

The most valuable learning experience came from troubleshooting a critical production error. The application was built successfully, Nginx was running, but the dreaded 500 Internal Server Error appeared.

Root Cause Analysis:

# Error log investigation revealed
sudo tail -f /var/log/nginx/error.log
# Output: stat() "/home/azureuser/my-react-app/build" failed (13: Permission denied)

The Permission Problem:
Nginx runs as the www-data user, but couldn't access files in the user's home directory due to restrictive permissions. This helps revisit concepts about Unix file permissions and web server security models.

Solution Implementation:

# Fix directory permissions
sudo chmod 755 /home
sudo chmod 755 /home/azureuser
sudo chmod 755 /home/azureuser/my-react-app

# Add www-data to user group
sudo usermod -a -G azureuser www-data

# Verify access
sudo -u www-data stat /home/azureuser/my-react-app/build

💡 This challenge reinforces the importance of understanding Linux permissions, web server architecture, along with systematic troubleshooting approaches.

🏗️ Three-Tier Network Architecture with Load Balancer 🌐

🧵 Understanding Network Architecture Fundamentals

Three-tier architecture represents a fundamental design pattern in enterprise applications, providing separation of concerned layers across presentation, application, and data layers.

Network Design Principles

Subnet Planning Strategy:
Azure reserves 5 IP addresses per subnet, making proper CIDR planning essential:

VNet: 10.0.0.0/16 (65,536 available addresses)
├── Web Subnet: 10.0.1.0/24 (251 usable addresses)
├── App Subnet: 10.0.2.0/25 (123 usable addresses) 
└── DB Subnet: 10.0.3.0/26 (59 usable addresses)

Network Security Groups (NSG) Deep Dive

NSGs function as virtual firewalls, controlling traffic at the subnet and network interface level. Understanding NSG rule evaluation is crucial for security:

Rule Processing Logic:

Priority-based: Lower numbers are processed first (100-4096)
First Match Wins: Processing stops at first matching rule
Default Deny: Implicit deny rules at the end

Critical NSG Best Practices:

IP Address Range Configuration:
One of the most important lessons involves NSG source IP configuration. Instead of using /32 (single IP), it's better to use /24 ranges for dynamic IP scenarios:

# Problem: Dynamic ISP IP changes break SSH access
Source: 185.43.167.32/32  # ❌ Breaks when ISP changes IP

# Solution: Use broader range for ISP dynamic allocation
Source: 185.43.167.0/24   # ✅ Accommodates ISP IP changes

Why /24 is Superior:

🔄 Dynamic IP Resilience: ISPs often allocate IPs within the same /24 range
📊 Usable Address Range: /24 provides 254 usable addresses vs. 0 for /32
🛡️ Operational Reliability: Reduces connection failures due to IP changes

💡 *This insight came directly from experiencing SSH connection failures when my ISP changed my dynamic IP address.(

Azure Load Balancer Implementation

Azure Load Balancer operates at Layer 4 (TCP/UDP), distributing incoming traffic across healthy backend instances:

Load Balancer Components:

🎯 Frontend IP: Public IP address receiving traffic
🔗 Backend Pool: Collection of VMs receiving distributed traffic
🏥 Health Probe: Monitors backend instance health
⚖️ Load Balancing Rules: Defines traffic distribution logic

Health Probe Configuration:

Protocol: TCP
Port: 80
Interval: 5 seconds
Unhealthy Threshold: 2 failures

Health probes ensure traffic only routes to functional instances, providing automatic failover capabilities.

📚 EpicBook Full-Stack Application with MySQL 🗄️

🧵 Full-Stack Application Architecture

The EpicBook application represents a complete three-tier architecture implementation:

Frontend: Static files served by Nginx
Backend: Node.js API server (port 3001)
Database: MySQL server for data persistence

Application Deployment Strategy

Node.js Backend Configuration:

// Database connection configuration
{
  "development": {
    "username": "epicbooksadmin",
    "password": "EBAdmn123",
    "database": "bookstore",
    "host": "127.0.0.1",
    "dialect": "mysql"
  }
}

Nginx Reverse Proxy Setup:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    # Frontend (React build)
    root /home/azureuser/theepicbook/frontend/build;
    index index.html;

    location / {
        try_files $uri /index.html;
    }

    # Backend API proxy (change 3001 if your backend uses a different port)
    location /api/ {
        proxy_pass http://127.0.0.1:3001/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Connection "";
    }
}

MySQL Database Management

Database Setup Process:

# MySQL security configuration
sudo mysql_secure_installation

# Database and user creation
mysql -u root -p
CREATE DATABASE bookstore;
CREATE USER 'epicbooksadmin'@'localhost' IDENTIFIED BY 'EBAdmn123';
GRANT ALL PRIVILEGES ON bookstore.* TO 'epicbooksadmin'@'localhost';
FLUSH PRIVILEGES;

Azure MySQL Flexible Server Challenge

A significant learning experience involved attempting to deploy Azure Database for MySQL Flexible Server. Despite extensive troubleshooting, I encountered persistent provisioning errors:

Error Encountered:

Code="ProvisionNotSupportedForRegion" 
Message="Provisioning in requested region is not supported."

Root Cause Analysis:
The issue stemmed from Azure free tier limitations and regional restrictions for MySQL Flexible Server resources. Even after 30+ hours of debugging and submitting support tickets, the service remained unavailable.

Solution Adaptation:
Instead of abandoning the project, I pivoted to installing MySQL directly on the VM:

# Local MySQL installation
sudo apt install -y mysql-server mysql-client
sudo systemctl start mysql
sudo systemctl enable mysql

This challenge taught valuable lessons about:

🔄 Solution Adaptability: Finding alternatives when cloud services aren't available
🛠️ Local vs. Managed Services: Trade-offs between convenience and control
💰 Cost Management: Understanding service limitations in free tiers

🔒 Security and Best Practices Reflections 🛡️

🧵 Network Security Implementation

NSG Rule Optimization:

✅ Principle of Least Privilege: Only open required ports
🎯 Source Restriction: Use specific IP ranges instead of "Any"
📊 Rule Documentation: Clear naming conventions for maintainability

SSH Key Management:

🔑 Key-based Authentication: More secure than passwords
🛡️ Proper Permissions: chmod 400 for private keys
🔒 Key Rotation: Regular key updates for enhanced security

Application Security Considerations

File Permissions Management:
Understanding Unix permissions is crucial for web application deployment:

📁 Directory Permissions: 755 allows read/execute access
📄 File Permissions: 644 provides read access for web servers
👥 Group Management: Adding web server users to appropriate groups

💰 Cost Management and Resource Optimization 💡

🧵 Azure Cost Control Strategies

Resource Lifecycle Management:

🗑️ Immediate Cleanup: Delete resources after testing
📊 Resource Monitoring: Use Azure Cost Management tools
⏰ Scheduled Shutdowns: Auto-shutdown for non-production VMs

Cost-Effective Configurations:

💻 VM Sizing: B1s instances for learning environments
💾 Storage Optimization: Standard SSD instead of Premium when appropriate
🌐 Region Selection: Choose regions with lower pricing

Resource Group Strategy

Using resource groups effectively enables:

🧹 Bulk Deletion: Remove all related resources simultaneously
🏷️ Cost Tracking: Monitor spending by project or environment
🔐 Access Control: Apply RBAC policies consistently

🔧 Troubleshooting Methodologies Developed 🔍

🧵 Systematic Problem-Solving Approach

1. Error Log Analysis:

# Nginx error logs
sudo tail -f /var/log/nginx/error.log

# System logs  
sudo journalctl -u nginx -f

# Application logs
node server.js 2>&1 | tee app.log

2. Network Connectivity Testing:

# Test local connectivity
curl http://localhost

# Test external access
curl http://VM-PUBLIC-IP

# Port availability check
netstat -tlnp | grep :80

3. Permission Verification:

# Test file access as web server user
sudo -u www-data stat /path/to/files

# Verify directory permissions
ls -la /home/azureuser/

🎓 Key Learning Outcomes for Technical Growth 🚀

🧵 Infrastructure Skills Acquired

Azure Platform Mastery:

☁️ Resource Management: Creating and configuring VMs, NSGs, Load Balancers
🌐 Network Architecture: Three-tier design patterns and security groups
🔧 Service Integration: Connecting multiple Azure services effectively

Linux System Administration:

🖥️ Server Management: Package installation, service configuration
🔐 Permission Management: Unix file permissions and user groups
🔍 Troubleshooting: Log analysis and systematic problem resolution

Application Deployment Expertise

Web Server Configuration:

🌐 Nginx Mastery: Reverse proxy setup, static file serving
⚙️ Process Management: Service startup, monitoring, and debugging
🔧 Performance Optimization: Gzip compression, caching strategies & PM2 (production-ready process manager for Node.js applications.

Database Integration:

🗄️ MySQL Administration: Installation, user management, security
🔗 Application Connectivity: Database connection configuration
🛠️ Troubleshooting: Connection issues and permission problems

DevOps Practices Internalized

Infrastructure as Code Mindset:

📋 Documentation: Comprehensive step-by-step procedures
🔄 Reproducibility: Scripted deployments and configurations
🧹 Resource Management: Proper cleanup and cost control

🔮 Next Steps and Advanced Concepts 🌟

🧵 Upcoming Learning Objectives

Based on this week's foundation, the next learning phase will focus on:

Automation and Orchestration:

🤖 Infrastructure as Code: ARM templates and Terraform
🔄 CI/CD Pipelines: Azure DevOps and GitHub Actions
🐳 Containerization: Docker and Azure Container Instances

Advanced Networking:

🌐 Virtual Network Peering: Cross-region connectivity
🛡️ Azure Firewall: Advanced threat protection
📊 Network Monitoring: Traffic analysis and optimization

Scalability and Performance:

📈 Auto-scaling: VM Scale Sets and Application Gateway
💾 Caching Strategies: Redis and CDN implementation
📊 Monitoring: Application Insights and Azure Monitor

🧵 Production Readiness Considerations

Security Enhancements:

🔐 Key Vault Integration: Secure secret management
🌐 SSL/TLS Configuration: HTTPS implementation
🛡️ WAF Deployment: Web Application Firewall protection

High Availability Design:

🌍 Multi-Region Deployment: Geographic redundancy
💾 Database Replication: Master-slave configurations
🔄 Backup Strategies: Automated backup and recovery

🏁 Conclusion: Building Production-Ready Skills 💪

Week 6 of the DevOps journey provided invaluable hands-on experience with Microsoft Azure's cloud ecosystem. From deploying React applications to architecting three-tier networks & managing full-stack applications with databases — each blogs, documentations & posts that builds upon previous knowledge while introducing new challenges building an unshakeable foundation.

The most significant learning came not from successful deployments, but from overcoming obstacles like permission issues, MySQL service limitations, and network configuration challenges. These real-world problems teaches systematic troubleshooting approaches, adaptability, and the importance of understanding underlying infrastructure concepts.

Key Takeaways:

🎯 Practical Experience: Hands-on learning beats theoretical knowledge
🔍 Problem-Solving: Systematic approaches to complex issues
📚 Documentation: Detailed records enable knowledge retention
💰 Cost Awareness: Cloud resource management is crucial
🔒 Security First: Proper configuration prevents vulnerabilities

🎯 This blog marks the end of Week 6 of 12 of the free DevOps cohort organized by Pravin Mishra sir 🙏, building upon 🏗️ Infrastructure as Code Mastery: From Manual Chaos to CloudFormation Symphony [Week-5]☁️⚡ from the DevOps Series — documenting my complete leanring journey from fundamentals to advanced implementations.

🔗 You can start your DevOps journey for free from Pravin's comprehensive YouTube Playlist.

🏷️ Tags:

#Azure #DevOps #MySQL #CloudComputing #ProblemSolving #NodeJS #WebDevelopment #CloudArchitecture #TechnicalChallenges #LearningJourney #DatabaseManagement #CloudSolutions #TechStruggles #DevOpsCommunity #Networking #VirtualMachines #React #TechnicalLearning #CloudSecurity #LoadBalancers #NSG #SystemAdministration #ProfessionalDevelopment #TechSkills #ContinuousLearning #CloudArchitecture