Integrate Azure with Strapi

These integration guides are not official documentation and the Strapi Support Team will not provide assistance with them.

This is a step-by-step guide for deploying a Strapi project to Azure using Platform-as-a-Service (PaaS). If you're interested in using Infrastructure-as-a-Service (IaaS) refer to IaaS deployment guide.

PaaS Deployment Guides

There are 3 ways which you can deploy the Azure resources:

• via the Azure Portal,
• via the Azure CLI,
• or via an Azure Resource Manager template.

When Strapi is running in a PaaS hosting model, a custom storage provider will be required to avoid the transient disk of the PaaS model, which is covered towards the end.

Required Resources

There are three resources in Azure that are required to run Strapi in a PaaS model, AppService to host the Strapi web application, Storage to store images/uploaded assets, and a database, Azure has managed MySQL and Postgres to choose from (for this tutorial, we'll use MySQL, but the steps are the same for Postgres).

Creating Resources via the Azure Portal

In this section we'll use the Azure Portal to create the required resources to host Strapi.

1. Navigate to the Azure Portal

2. Click Create a resource and search for Resource group from the provided search box.

3. Provide a name for your Resource Group, my-strapi-app, and select a region.

4. Click Review + create then Create.

5. Navigate to the Resource Group once it's created, click Create resources. and search for Web App

6. Ensure the Subscription and Resource Group are correct, then provide the following configuration for the app:

   • Name - my-strapi-app
   • Publish - Code
   • Runtime stack - Node 16 LTS
   • Operating System - Linux
   • Region - Select an appropriate region

7. Use the App Service Plan to select the appropriate Sku and size for the level of scale your app will need (refer to the Azure docs for more information on the various Sku and sizes).

8. Click Review + create then Create.

9. Navigate back to the Resource Group and click Create then search for Storage account and click Create.

10. Ensure the Subscription and Resource Group are correct, then provide the following configuration for the storage account:

    • Name - my-strapi-app
    • Region - Select an appropriate region
    • Performance - Standard
    • Redundancy - Select the appropriate level of redundancy for your files

11. Click Review + create then Create

12. Navigate back to the Resource Group and click Create then search for Azure Database for MySQL and click Create.

13. Select Single server for the service type.

14. Ensure the Subscription and Resource Group are correct, then provide the following configuration for the storage account:

    • Name - my-strapi-db
    • Data source - None (unless you're wanting to import from a backup)
    • Location - Select an appropriate region
    • Version - 5.7
    • Compute + storage - Select an appropriate scale for your requirements (Basic is adequate for many Strapi workloads)

15. Enter a username and password for the Administrator account, click Review + create then Create.

Configuring the Resources

Once all the resources are created, you will need to get the connection information for the MySQL and Storage account to the Web App, as well as configure the resources for use.

Configure the Storage Account

1. Navigate to the Storage Account resource, then Data storage - Containers.
2. Create a new Container, provide a Name, strapi-uploads, and set Public access level to Blob, then click Create.
3. Navigate to Security + networking - Access keys, copy the Storage account name and key1.
4. Navigate to the Web App you created and go to Settings - Configuration.
5. Create new application settings for the Storage account, storage account key and container name (these will become the environment variables available to Strapi) and click Save.

Configure MySQL

1. Navigate to the MySQL resource then Settings - Connection security.
2. Set Allow access to Azure services to Yes and click Save.
3. Navigate to Overview and copy Server name and Server admin login name.

4. Open the Azure Cloud Shell and log into the mysql CLI:

   • mysql --host <server> --user <username> -p

5. Create a database for Strapi to use CREATE DATABASE strapi; then close the Cloud Shell.

   • (Optional) - Create a separate non-server admin user (see Azure documentation for guidance)
6. Navigate to the Web App you created and go to Settings - Configuration.
7. Create new application settings for the Database host, username and password (these will become the environment variables available to Strapi) and click Save.

Creating Resources via the Azure CLI

In this section, we'll use the Azure CLI to create the required resources. This will assume you have some familiarity with the Azure CLI and how to find the right values.

1. Create a new Resource Group.

   rgName=my-strapi-app
   location=westus
   az group create --name $rgName --location $location

2. Create a new Linux App Service Plan (ensure you change the number-of-workers and sku to meet your scale requirements).

   appPlanName=strapi-app-service-plan
   az appservice plan create --resource-group $rgName --name $appPlanName --is-linux --number-of-workers 4 --sku S1 --location $location

3. Create a Web App running Node.js 16.

   webAppName=my-strapi-app
   az webapp create --resource-group $rgName --name $webAppName --plan $appPlanName --runtime "node|16-lts"

4. Create a Storage Account.

   saName=mystrapiapp
   az storage account create --resource-group $rgName --name $saName --location $location
   
   # Get the access key
   saKey=$(az storage account keys list --account-name $saName --query "[?keyName=='key1'].value" --output tsv)
   
   # Add a container to the storage account
   container=strapi-uploads
   az storage container create --name $container --public-access blob --account-key $saKey --account-name $saName

5. Create a MySQL database.

   serverName=my-strapi-db
   dbName=strapi
   username=strapi
   password=...
   
   # Create the server
   az mysql server create --resource-group $rgName --name $serverName --location $location --admin-user $username --admin-password $password --version 5.7 --sku-name B_Gen5_1
   
   # Create the database
   az mysql db create --resource-group $rgName --name $dbName --server-name $serverName
   
   # Allow Azure resources through the firewall
   az mysql server firewall-rule create --resource-group $rgName --server-name $serverName --name AllowAllAzureIps --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0

6. Add configuration values to the Web App.

   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting STORAGE_ACCOUNT=$saName
   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting STORAGE_ACCOUNT_KEY=$saKey
   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting STORAGE_ACCOUNT_CONTAINER=$container
   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting DATABASE_HOST=$serverName.mysql.database.azure.com
   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting DATABASE_USERNAME=$username@$serverName
   az webapp config appsettings set --resource-group $rgName --name $webAppName --setting DATABASE_PASSWORD=$password

Deploy with an Azure Resource Manager template

To deploy using an Azure Resource Manager template, use the button below, or upload this template as a custom deployment in Azure.

Configure Strapi for Azure AppService

Azure AppService can be deployed to using CI/CD pipelines or via FTPS, refer to the Azure docs on how to do this for your preferred manner.

As AppService is a PaaS hosting model, an upload provider will be required to save the uploaded assets to Azure Storage. Check out this community provider for more details on using Azure Storage as an upload provider.

To start the Node.js application, AppService will run the npm start command. As there is no guarantee that the symlinks created by npm install were preserved (in the case of an upload from a CI/CD pipeline) it is recommended that the npm start command directly references the Strapi entry point:

1"scripts": {
2    "start": "node node_modules/@strapi/strapi/bin/strapi.js start"
3}

IaaS Deployment Guide

Databases can be on a Azure Virtual Machine, hosted externally as a service, or via the Azure Managed Databases.

Create a Virtual Machine

You will want to use an Azure Virtual Machine for Strapi deployments, the Azure web-app (IIS) deployments are not recommended.

1. Log in to your Azure Portal

2. Create a VM by clicking on Create a resource

3. Basics

Virtual machines are listed under the Compute category. You will need the following options:

Project Details:

• Subscription: Can be left as the default
• Resource Group: If you have none, simply hit Create new

Instance Details:

• Virtual machine name: This name is used as a resource identifier and the VM's hostname so try to keep it simple
• Region: Select the nearest region to you, or your target area
• Availability options: Leave as default
• Image: Ubuntu Server 18.04 LTS
• Azure Spot instance: No
• Size: B1ms (1vCPU / 2 GiB of Ram) is the recommended minimum as you need at least 2 GiB of RAM to build the Admin panel

Administrator Account:

• Authentication type: It's recommended you use SSH public key
• Username: This is the SSH user, it can be set to whatever you like except root

Inbound port rules:

More configuration for this will be done when we get to the Networking tab of the VM creation for now just leave these as the defaults.

4. Disks

It is entirely up to you which OS Disk type you use, for the cheapest option you should select Standard HDD with no encryption. You can also add additional disks to the virtual machine if you need additional space (such as for uploads).

5. Networking

For the networking configuration you will want to leave the following as defaults:

• Virtual network
• Subnet
• Public IP
• Accelerated networking
• Load Balancing (off/no)

However for the NIC network security group we will want to select Advanced and Create New. You can name this whatever you like but for inbound rules we want to allow:

• SSH (TCP/22) - Already on be default
• HTTPS (Any/443)
• HTTP (Any/80)
• Strapi (Any/1337)

For each of the ports to allow, you will hit create new and enter the following information:

• Source: Any
• Source port ranges: *
• Destination: Any
• Destination port ranges: The port from above (80, 443, or 1337)
• Protocol: Any
• Action: Allow
• Priority: This should be auto-filled for you
• Name: something to easily describe this rule such as HTTPS_Port or Strapi_Port

6. Management

Entirely optional but you can enable the OS guest diagnostics to configure alerting later on, everything else on this tab is also entirely optional. For now let's leave everything as the default options.

7. Advanced

If you are familiar with standard Linux Cloud init you are welcome to add in any configuration script to jump-start your virtual machine with some pre-configured packages, however we will leave everything here as default.

8. Tags, Review + Create

You are welcome to tag this virtual machine to easily identify it and others part of your "Project" later on.

Finally review you configuration and wait for Azure to validate the configuration, on this page you will also see the price of your VM per hour. This price will vary based on the region and size of virtual machine you selected (along with any additional options).

Once you have finished verifying your config hit the Create button. It may take a few minutes for your deployment to complete, you will see a log of the deployment on the next page. When it's finished you will see Your deployment is complete, simply hit Go to resource.

Logging in and installing Strapi dependencies

These next steps will help you set up a production server and setup a non-root service account for managing your Strapi instance. You will need the administrator account you created previously and the public IP listed on your resource page.

1. SSH to your Administrator account created previously

You will use the admin user created previously as well as the SSH key you added to your Azure account. For Linux/Mac users you can use your terminal, likewise for Windows users you can use the built -in SSH tool in Powershell or use an SSH client like Putty.

ssh yourAdminUser@yourAzureVMPublicIP

# ssh strapiAdmin@10.0.0.1

2. Updating packages and installing dependencies

After you login via SSH we need to update the container and install any packages that Strapi may need. The following packages have been identified to be required to run Strapi on Ubuntu 18.04 LTS:

• libpng-dev
• build-essential
• nodejs (v12 thus we will use an external apt repo)
• yarn (optional but recommended)

First we need to update existing packages, you will use the apt package manager to do this:

sudo apt update
sudo apt upgrade -y

After the updates have installed, we will move on to installing required dependencies from the existing apt repos before we add any additional ones:

sudo apt install libpng-dev build-essential -y

For Node.js it is recommended you use the official source, per the instructions we will use the following commands:

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - &&\
sudo apt-get install -y nodejs

Likewise for Yarn we will use the instructions from the Yarn documentation:

corepack enable
yarn set version stable
yarn install

To verify you have everything installed properly you can run the following:

node -v && npm -v && yarn -v

This should print out the versions of each.

3. Creating the Strapi service user and creating/cloning your project

A service user is defined as a user who has limited permissions and access, this user typically does not have access to sudo nor can modify anything else on the system.

We will create the service user with a disabled login to ensure it cannot be accessed via SSH.

sudo adduser --shell /bin/bash --disabled-login --gecos "" --quiet strapi

We will be making the /srv/strapi directory to hold our project. From here we can either create a new project or clone an existing one from say a Github or Gitlab repository. For private repositories, you will likely need to setup additional SSH keys and access.

First we will make the directory, then we will give the strapi service user access to read/write.

sudo mkdir /srv/strapi
sudo chown strapi:strapi /srv/strapi

4. Choosing and installing a database

Strapi will need a database in order to save data to, you have multiple options for this.

• Using Azure managed databases
• Installing a database on this virtual machine
• Using SQLite on this virtual machine (does not require any additional software)

For Azure managed databases you can use the following:

• Azure Database for MySQL
• Azure Database for PostgreSQL
• Azure Database for MariaDB

Likewise you can use any of the following installed locally on the virtual machine:

In our example we will be using MariaDB 10.4 LTS using the MariaDB apt repo. Per the documentation we will use the following commands:

sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main'

sudo apt update
sudo apt install mariadb-server-10.4 -y

Then we will need to create our Strapi database, database user, and grant the user access. We will need to enter a MySQL shell to perform these commands. MariaDB 10.4+ no longer has a root password and instead the root user is granted access via sudo

sudo mysql -u root

You should now see the following prompt MariaDB [(none)]>, this is the MySQL shell that allows us to give commands to the MariaDB server.

# Create the database
create database strapi_dev;

# Create the database user
create user strapi@localhost identified by 'mysecurepassword';

# Grant the database user permissions
grant all privileges on strapi_dev.* to strapi@localhost;

# Flush Privileges to reload the grant tables
FLUSH PRIVILEGES;

# Exit the MySQL shell
exit

And we now have everything we need to create/start our Strapi project.

Creating or cloning our Strapi Project

If you are cloning a project from Git your configuration steps may be different depending on how you store private information such as database information, JWT secret keys, and various other secrets. In our case we will be creating a new project.

1. Create the new project

You will first need to change users into the service user created previously, and change directories to the service directory

# Change users
sudo su strapi

# Change directory
cd /srv/strapi

Now we can use Yarn to create our project, this does not require you to install any global packages much like npx.

yarn create strapi-app mystrapiapp

This will bring you to an interactive command shell to enter the following information:

• Choose your installation type: Custom (manual settings)
• Choose your default database client: mysql
• Database name: strapi_dev
• Host: Keep the default of 127.0.0.1
• Port: Keep the default of 3306
• Username: strapi
• Password: mysecurepassword
• Enable SSL connection: Keep the default of N

Yarn will now install the project and install all the Node.js dependencies, we can now change directory again and start the project.

# Change directory
cd mystrapiapp

# Temporary start (will build the Admin panel)
yarn develop

Now you should be able to access your Strapi application on the public IP of your virtual machine via the default Strapi port of 1337. Naturally if we close the SSH session the Strapi server will also be killed so we need to run it as a service.

2. Modifying configurations to be more secure

By default Strapi will predefine environment variables to use with your database config.

If we edit the ./config/database.js file using nano we can replace a few key settings:

nano /srv/strapi/mystrapiapp/config/database.js

Using the following example we will remove any private information:

1  // path: /srv/strapi/mystrapiapp/config/database.ts
2
3  export default ({ env }) => ({
4  connection: {
5    client: 'mysql',
6    connection: {
7      host: env('DB_HOST'),
8      port: env.int('DB_PORT'),
9      database: env('DB_NAME'),
10      user: env('DB_USER'),
11      password: env('DB_PASS'),
12      ssl: {
13        rejectUnauthorized: env.bool('DATABASE_SSL_SELF', false), // For self-signed certificates
14      },
15    },
16    debug: false,
17  },
18});

3. Installing PM2 and running Strapi as a service

Now we will install PM2 to run Strapi as a service, and using the PM2 ecosystem config file we can define our environment variables.

Using Yarn, we will install PM2 globally, and adjust our .bashrc file to allow us to use global Yarn packages:

# Install PM2
yarn global add pm2

# Edit our ~/.bashrc file for global Yarn packages
nano ~/.bashrc

You will want to paste the following at the end of the `.bashrc file:

export PATH="$PATH:$(yarn global bin)"

From here you can either exit the service user and log back in for the changes to take effect or simply run:

source ~/.bashrc

And we will create our ecosystem.config.js using the pm2 init command, you should run this in your Strapi project directory

# Create the ecosystem file
pm2 init

You should get the message File /srv/strapi/mystrapiapp/ecosystem.config.js generated, lets go ahead and edit this file using nano and add our config settings.

nano /srv/strapi/mystrapiapp/ecosystem.config.js

Replace the boilerplate information with something like the following:

1module.exports = {
2  apps: [
3    {
4      name: 'strapi-dev',
5      cwd: '/srv/strapi/mystrapiapp',
6      script: 'npm',
7      args: 'start',
8      env: {
9        NODE_ENV: 'development',
10        DB_HOST: 'localhost',
11        DB_PORT: '5432',
12        DB_NAME: 'strapi_dev',
13        DB_USER: 'strapi',
14        DB_PASS: 'mysecurepassword',
15        JWT_SECRET: 'aSecretKey',
16      },
17    },
18  ],
19};

You can also set your environment variables in a .env file in your project like so:

DB_HOST=localhost
DB_PORT=5432
DB_NAME=strapi_dev
DB_USER=strapi
DB_PASS=mysecurepassword
JWT_SECRET=aSecretKey

We recommend you continue setting the NODE_ENV variable in the ecosystem.config.js file.

Then use the following command to start the Strapi service:

pm2 start ecosystem.config.js

The Strapi PM2 service is now set-up to use an ecosystem.config.js to manage your application.

OPTIONAL: You may see your project and set-up your first administrator user, by creating an admin user.

4. Starting Strapi on boot and persisting service between reboots

Follow the steps below to have your app launch on system startup.

• Generate and configure a startup script to launch PM2, it will generate a Startup Script to copy/paste, do so:

pm2 startup systemd

[PM2] Init System found: systemd
[PM2] To setup the Startup Script, copy/paste the following command:
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u your-name --hp /home/your-name

For the following command we want to be using your virtual machine admin user not the service user, to exit from the service user you can simply run the command exit to return to your admin user.

• Copy/paste the generated command as the virtual machine admin user (DO NOT use the below command as you need to replace the service user name, the previous command will give you exactly what you need):

sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u your-name --hp /home/your-name

[PM2] Init System found: systemd
Platform systemd

. . .


[PM2] [v] Command successfully executed.
+---------------------------------------+
[PM2] Freeze a process list on reboot via:
   $ pm2 save

[PM2] Remove init script via:
   $ pm2 unstartup systemd

Now as the service user run the following (again use sudo su yourserviceuser to change back)

• Next, Save the new PM2 process list and environment.

pm2 save

[PM2] Saving current process list...
[PM2] Successfully saved in /home/your-name/.pm2/dump.pm2

• OPTIONAL: You can test to see if the script above works whenever your system reboots with the sudo reboot command. You will need to login again with your service user and then run pm2 list and systemctl status pm2-your-name to verify everything is working.

Optional additions

Below are some optional additions to secure your virtual machine and Strapi service.

1. Securing your virtual machine with a firewall

Azure virtual machines come with a firewall at the host level (see previous instructions here). However it is recommended that you use the built in Ubuntu firewall as well known as UFW or Uncomplicated Firewall.

See the following DigitalOcean guide to see some examples of using UFW.

2. Installing a proxy for SSL

There are many different types of proxy services you could use, anything from load balancing, offloading SSL, to fault tolerance. You can view a few examples based around Strapi and basic SSL offloading.

3. File upload providers

There are many options for storing files outside of your virtual machine, Strapi have built a few and the community is constantly building new ones. See the following guide on searching for options as well as installing them.