Hi All! I'm working on getting a Linux VM in Azure to host a prefect 2.0 server for POC/Dev purposes. I've followed the tutorial I've linked here but have gotten to a roadblock when trying to connect to the UI from my local computer. I've enabled Firewall rules successfully enough to allow SSH access into the vm via port 22 and have also added ports 8080 and 4200 as described in the tutorial. My issue comes when trying to bind the server to the public IP address for the vm. I've added the config.toml file as shown in the tutorial and have also tried to bind the IP using the "prefect orion start --host" command. Any thoughts on what I'm missing? Thanks! Will https://mortimer.xyz/prefect-on-azure/

Did you set

PREFECT_ORION_UI_API_URL

from you local to point your local UI to the VM?

Hi Will, There is a terraform azure vm recipe here; I can’t say I have tested running Orion locally just yet, so I can certainly test that and see if I can reproduce this issue and get back to you https://github.com/PrefectHQ/prefect-recipes/tree/main/azure/prefect-agent-on-avm

You’ll want to bind the host to

0.0.0.0

To be more clear, The screen shot above is an ssh connection into the VM in azure. (not sure if that was understood or not).

No file being created. It would just have more verbose logs with Orion and the Flow (potentially)

Didn't really get anything more than the first time, assuming I enabled it correctly.

HI Will, For setting the PREFECT_ORION_UI_API_URL, it looks like you are blocking out your IP address (presumably because it’s the public) but that should be listening on 0.0.0.0 to listen on all interfaces (--expose does this for 1.0, but this is for 2.0 as you mentioned)

Thanks @Christopher Boyd, Lots of different places, it appears, to apply settings. Here is what I've got going now. Still no connection from my local PC into Azure.

Are you able to curl this endpoint locally through a 2nd ssh session? That way we can verify it’s actually running and returning data locally, then move onto exposing it publicly

so... sudo curl "http://publicip:8080" ? or port 4200?

All good - from the azure ssh session, something like :

curl -I localhost:4200

Ok that’s good - give me a few moments to review and I can circle back

10-4. Thank so much!

Sorry Will, circling back - from your localhost (your actual desktop / laptop) assuming Mac based, you can run:

curl <http://ifconfig.co|ifconfig.co>

I'm using a Windows Desktop, but I know what my IP is that gets presented when connected outside of our network. Do I need to run those curl statements on the ssh or my local host?

You would run those commands from your localhost, and test against the azure VM once the rule forwarding is in place (for your public IP on the localhost)

I have rule forwarding in place and it is working successfully for ssh via port 22. (I'm connected via Windows cmd ssh) Running curl against the public IP and port 22 returns a "Received HTTP/0.9 when not allowed" response... port 4200 Fails with "Connection refused"... The rule on port 22 is the same as port 4200.

I was able to get this working successfully in our Azure environment; can you send me a screenshot of your inbound network rule?

Yes, Looks like our corporate firewall isn't allowing traffic on those ports to Azure. Forwarding works with traffic from my home network. Thanks so much for your help!