Nginx – Azure app service (linux) with ASP.NET Core 8 Web API results in http 403 error

For a school project, I’m making a CI/CD pipeline using bicep and github actions.

The bicep file is pretty basic and creates 3 resources.

• an app service
• an server farm
• app insights

@description('Specifies the location for resources.')
param location string = resourceGroup().location

var envResourceNamePrefix = 'staging-testwebsite'

@description('Deployment name id.')
param deploymentNameId string = '0000000000'

// create azure insights
resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
  name: '${envResourceNamePrefix}-app-insights'
  location: location
  kind: 'web'
  properties: {
    Application_Type: 'web'
    publicNetworkAccessForIngestion: 'Enabled'
    publicNetworkAccessForQuery: 'Enabled'
  }
}

var appInsightsKey = appInsights.properties.InstrumentationKey

resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
  name: '${envResourceNamePrefix}-app-sp'
  location: location
  kind: 'linux'
  sku: {
    name: 'B1'
  }
  properties: {
    reserved: true
  }
}

resource webApp 'Microsoft.Web/sites@2023-01-01' = {
  name: '${envResourceNamePrefix}-app'
  location: location
  kind: 'web'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    httpsOnly: true
    serverFarmId: appServicePlan.id
    clientAffinityEnabled: true
    reserved: true
    siteConfig: {
        // alwaysOn: true cant be set for free tier
        linuxFxVersion: 'dotnet|3.1'
    }
  }  
}

output deploymentNameId string = deploymentNameId
output appInsightsInstrumentionKey string = appInsightsKey
output webAppName string = webApp.name

Then using a github actions workflow, I’m publishing and deploying my web app to Azure.

This all done successfully, and the pipeline completes without errors, and the code has been deployed to my app service.

However, whenever i go to the site, it returns a 403 forbidden nginx/1.24.0

The weird thing, is very rarely, it does work and actually lets me call an endpoint.

I have an endpoint called website-url/test which just returns test. And I’ve had instances that it actually returns this. But most of the times, when I go to that endpoint in the browser, it gives me a 404.

Within azure, the app service is configured for networking :

• Public network access
  Enabled with no access restrictions

because it should be publicly available, I don’t understand why I get a http 403 forbidden error.

The project I am publishing is an ASP.NET Core 8 Web API.

EDIT:
The log files of the app service logstream:

2024-03-08T09:52:24.661209363Z: [INFO]  Note: Any data outside '/home' is not persisted
2024-03-08T09:52:27.264971290Z: [INFO]  Starting OpenBSD Secure Shell server: sshd.
2024-03-08T09:52:27.303758390Z: [INFO]  Running oryx create-script -appPath /home/site/wwwroot -output /opt/startup/startup.sh     -bindPort 8080 -startupCommand 'php-fpm;'
2024-03-08T09:52:27.513169309Z: [INFO]  Could not find build manifest file at '/home/site/wwwroot/oryx-manifest.toml'
2024-03-08T09:52:27.513220809Z: [INFO]  Could not find operation ID in manifest. Generating an operation id...
2024-03-08T09:52:27.540329219Z: [INFO]  Build Operation ID: 7d8f3084-eed3-4166-a5ff-381919ea0532
2024-03-08T09:52:28.951354426Z: [INFO]  Writing output script to '/opt/startup/startup.sh'
2024-03-08T09:52:29.818185526Z: [INFO]  Starting nginx: nginx.
2024-03-08T09:52:30.993719813Z: [ERROR]  [08-Mar-2024 09:52:30] NOTICE: fpm is running, pid 82
2024-03-08T09:52:31.021318926Z: [ERROR]  [08-Mar-2024 09:52:31] NOTICE: ready to handle connections