I am trying to expose my Front End and Function Web Apps using App Gateway. Both of those apps belong to one app service plan. They are also private endpoint enabled and VNET integrated.
I have databricks in another tenant which needs to feed data to my Function App So for that reason i need to expose my Function App. As for the Front End App, it needs to be accessed by all the employees belonging to a particular business unit.
So my question is , when i am configuring listeners, and the backend pool, should i be using the *.privatelink.azurewebsites.net FQDN or the normal *.azurewebsites.net FQDN as the backend pool ? When you are using Private Endpoint, you already have a CNAME which maps *.privatelink.azurewebsites.net to *.azurewebsites.net and you also have an 'A' record for your private endpoint.
So while configuring App Gateway with Private Endpoint enabled web apps, what is it that you should be using as your backend
You have to use the normal *.azurewebsites.net FQDN instead of the private link one. This normal FQDN automatically resolves to the private link FQDN. The normal FQDN will throw an error when called from a public network when a private endpoint is attached to it because it cannot resolve the private address so your service isn't exposed anymore for the outside world (unless they have public access through your application gateway of course)