0

I have dockerized asp.net core application that I'm deploying on azure app service for containers.

The app listens on port 80 for http and port 443 for https:

FROM mcr.microsoft.com/dotnet/aspnet:5.0-alpine as runner
ENV ASPNETCORE_URLS=https://+:443;http://+:80
WORKDIR /app
COPY --from=builder /publish .

ENTRYPOINT dotnet MyServer.dll

In azure, I set the 'Https only' option to 'on' ('TLS/SSL settings' in the menu then turn 'HTTPS Only' switch to 'on').

Azure should now allow only https requests, and it does this correctly. However, when I log the requests from my app, I see that the requests' scheme is always 'http'. Is there a way to forward https requests as they come and not let azure turn them to http?

I have tried to set the 'WEBSITES_PORT' environment variable to '443' instead of the default 80. But this just makes the site not working. The initial request is in 'pending' state for few seconds and then a '502' error is displayed.

May be I can figure out a fix if I know how azure is running the container, ie, what are all the arguments that azure is giving to the 'docker run' command to launch my container. Is there a way to find this command in the portal or anywhere else ?

Note: An https certificate for development is provided so https is correctly enabled on the app level (in kestrel).

Abdelhakim
  • 815
  • 1
  • 5
  • 19

1 Answers1

0

This is expected behaviour.

App Service terminates TLS/SSL at the front ends. That means that TLS/SSL requests never get to your app. You don't need to, and shouldn't implement any support for TLS/SSL into your app.

https://learn.microsoft.com/en-us/azure/app-service/configure-custom-container?pivots=container-linux#detect-https-session

Marky
  • 269
  • 2
  • 8