Deployment issues for new customers
Currently, all new-customer deployments are non-functional. Existing customers deploying into a new region are also affected. See Known Issues for updates.
List of known issues in the latest release of NGINX as a Service for Azure
Support for System Assigned Managed Identity has not been fully enabled yet. Please use User Assigned Identity instead.
Due to a known issue caused by a networking regression, creating deployments will fail for:
- new customers
- existing customers deploying in a new region
Users will see the following error message:
timed out waiting for instance to connect
The root cause is a regression in the registration process for activating the necessary Azure networking features for a subscription in a region. If you’ve received this error message when creating a deployment, raise a support ticket with your subscription id and desired azure regions, and we’ll apply a mitigation which will allow subsequent attempts to succeed.
The issue is currently being investigated by the NGINXaaS and Microsoft teams. We will update with further info by 2022-11-28.
When creating a new deployment or exposing a new port for traffic, there might be a lag time of 5-10 seconds, during which the Azure Load Balancer does not recognize the new ports, thus preventing making new connections to the NGINX deployment.
Workaround: Wait 5-10 seconds to make requests, or make multiple requests to the instance with low connect timeout times after creating a new deployment or exposing a new port to the deployment (80/443) for the first 10 seconds after the deployment reaches the Completed state.
Files not listed with an include directive get an API 400 error response. NGINX configuration files are accepted if their filename matches an include directive using a glob pattern/mask (e.g.
Due to Azure Marketplace limitations, NGINXaaS for Azure SKUs have a random suffix.
Workaround: When creating deployments via ARM templates, the correct SKU to use is
NGINXaaS for Azure resources appear with a random suffix, and clicking the link does not lead to the NGINXaaS for Azure resource overview page. The charge details show “Unassigned” for all fields, but the charge amount is accurate.
If a configuration update request uses a certificate that is in failed
provisioningState, the configuration update is rejected.
Workaround: Update the referenced certificate before updating the configuration. Make sure the certificate provisioning is successful and retry the configuration update.