stackoom
  简体   繁体   中英

Expose TSL/SSL server on azure app service

 原文  2022-09-14 16:10:44       azure/ ssl/ azure-web-app-service

Question

I'm trying to deploy a custom server on an APP Service on Azure that only accepts requests on HTTPS instead HTTP.

My idea is deploying using the APP Service for avoid deploying on myself any SSL certificate.

I have found this on the documentation of the APP Service:

App Service terminates TLS/SSL at the front ends. That means that TLS/SSL requests never get to your app. You don't need to, and shouldn't implement any support for TLS/SSL into your app.

The front ends are located inside Azure data centers. If you use TLS/SSL with your app, your traffic across the Internet will always be safely encrypted.

So when I try to access via HTTPS on the 443 port the requests are being sent to port 80 and by HTTP. I tried to expose the port 443 directy using the config WEBSITES_PORT but result is that as that port doesn't accept HTTP request, the APP Service is not starting and keeps rebooting some time.

2022-09-14T16:05:22.335Z ERROR - Container xxxx_3_4a82d922 didn't respond to HTTP pings on port: 443, failing site start. See container logs for debugging.

My question is, is there any possibility to resend those HTTPS requests to the 443 as HTTPS on the APP Service in any way?

Thanks!

1 answers

solution1
 1  2022-09-15 03:46:45

So your App Service essentially runs on a VM in isolated regions of Azure Data Centers often referred to as Stamps or Scale Units.

Unless you are on an ASE, your App Services live on these stamps which are multi tenant environments sharing a few incoming load balancers and the later is where TLS/SSL is terminated and is the entry point for your app. From the load balancer, the traffic is routed to a proxy (for linux apps) such as Nginx on a VM, over http and forwarded from there to the port exposed by your app service app(docker containers in linux). The defaults are 80 or 8080 but you could change this using the setting WEBSITES_PORT (note the use case here).

So you wouldn't really need end to end TLS given the above architecture. You could turn on the HTTPS only flag in your App Service->Configuration->General settings blade and this would redirect all http requests at the front end to https. This still would not result in end to end TLS.

TLS is often terminated outside the applications in the infrastructure (API gateway or Traffic Managers for instances) and this is by design and offer many benefits (less overhead, certificate management etc).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Renewing - Azure App Service SSL Certificate Azure App Service Suddenly SSL Certificate is invalid Pending Issuance - Azure SSL App Service Certificate Azure App Service For Containers SSL Termination Assign an SSL certificate to an Azure App Service SSL for redirected domain to Azure app service SSL Certificate Not Working for my Azure App Service Problem with SSL WIldcard Certificate on Azure App Service Mutual SSL Authentication in Azure App Service Azure App Gateway SSL Offloading to a Datacentre server?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM