Having difficulty configuring TLS passthrough for Azure Container Apps

Kieran Hardwick 0 Reputation points
2024-12-08T10:03:42.69+00:00

Hi,

I'm working on a small test project deploying a Golang app pulled directly from the docker hub and attempting to host this with Azure Container Apps. The application requires me to mount a volume to the container and requires TLS to terminate inside the container. When using the container app's HTTPs ingress we get TLS handshake errors such as "Client sent an HTTP request to an HTTPs server", as expected with ingress as this is terminated at the edge.

I have already looked into using Application Gateway but this appeared to be out of budget for this small project. Then, tried to use Azure Load Balancer, but I couldn't find many tutorials on how to set this up with container apps, only a tutorial for VMs that didn't work once followed.

I have no experience with Kubernetes so I have not looked into that yet, but our goal is to try to do this with minimal costs.

Am I using the wrong tool here and completely missing something or are there any guides on hosting a container that terminates HTTPs inside the application rather than at the edge?

Thanks

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
486 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Khadeer Ali 1,400 Reputation points Microsoft Vendor
    2024-12-09T12:49:25.55+00:00

    Hi Kieran Hardwick,

    Welcome to the Microsoft Q&A Platform! Thank you for your inquiry about configuring TLS passthrough in Azure Container Apps.

    It seems you're encountering a common challenge with TLS termination in this context. For a small project aiming to minimize costs, utilizing a sidecar container to handle TLS termination within the container group might be a practical and cost-effective approach. This method eliminates the need for additional Azure services while providing secure communications.

    You can refer to the following documentation for detailed steps on enabling a TLS endpoint in a sidecar container: Enable a TLS endpoint using a sidecar container

    I hope this helps! If you have further questions or need assistance, feel free to ask.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.