Lesson Learned #316: Connecting to Private Endpoint of Azure SQL from OnPremise using NGINX

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Today, I got a question from a customer that they want to connect from their OnPremise environment to Azure SQL Database Private Endpoint. I would like to share with you some details and how NGINX helped us in this point. 



  • We have installed a NGINX in an Azure Virtual Machine.
    • The public IP address assigned by Azure DNS of this machine will be
  • We created a Private Endpoint in the VNET/Subnet of this Virtual Machine. The private IP address assigned by Azure Private DNS zone will be
  • Working from home/office my public IP will be
  • The Azure SQL Server:
    • Name will be servername.database.windows.net.
    • Connection policy will be PROXY.
    • Public access will be disabled.



Network configuration


  • I added a new NSG rule in the VNET of my Azure Virtual Machine allowing the inbound connection from the IP to this Azure Virtual Machine with IP to the port 9030, I would like to use this one, instead using 1433. 
  • I added as a DNS of this Azure Virtual Machine ServerName.northeurope.cloudapp.azure.com (ServerName will be the same of Azure SQL Server).


NGINX configuration


  • I modified the nginx.conf file with the following parameters and I re-started the service. 


  stream {
   upstream servername.northeurope.cloudapp.azure.com
         server servername.database.windows.net:1433;
   server {
         listen 9030;
         proxy_pass servername.database.windows.net:1433;



Testing the connection


  • Using SQL Server Management Studio:
    • Using ServerName.northeurope.cloudapp.azure.com,9030 and trust server certificate enabled. I was able to connect using NGINX TCP Proxy server. NGINX Proxy server will connect directly to Private Endpoint because is implemented in the same VNET/Subnet. 


Related articles: 




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.