HTTPS Container Instance on Azure

In this guide, we will do a short demo on deploying a docker container on Azure as a container group with caddy as a proxy server.

Using Container Register for docker images

A convenient way of deploying docker images is by creating a container register where you can push your built Docker image to and then easily pull into a container instance.

az acr login --name ACRACCOUNT
docker push ACRACCOUNT.azurecr.io/YOUR_IMAGE

Deploying your Docker container with HTTPS support

You can just deploy a container with your image right form the ACR dashboard. You can assign a DNS name and make it Public so then it is easily accessible online but it is not possible to set up a certified HTTPS connection. The solution is to use a container group and add a server to handle incoming requests and signing the secure connection. We cna do this by a .yml file like the example below.

There is some setup required for the Caddy server. I would recommend pulling, tagging, and pushing a version of Caddy so that way you don't need to pull from docker.io each time. You will also want to set up an azure shared storage so the Caddy server has somewhere to store it's files.

apiVersion: 2021-10-01
location: westus
name: CONTAINERGROUPNAME
properties:
  containers:
    - name: app-server
      properties:
        environmentVariables:
          - name: 'VAR1'
            value: 'my_var'
          - name: 'VAR2'
            value: 'my_var'
          - name: 'VAR3'
            value: 'my_var'
          - name: 'VAR4'
            value: 'my_var'
        image: ACRACCOUNT.azurecr.io/YOUR_IMAGE
        ports:
          - protocol: TCP
            port: 5959
        resources:
          requests:
            cpu: 1.0
            memoryInGB: 1.5
    - name: reverse-proxy
      properties:
        image: ACRACCOUNT.azurecr.io/caddy:latest
        command:
          [
            'caddy',
            'reverse-proxy',
            '--from',
            'DNSNAME.westus.azurecontainer.io',
            '--to',
            'localhost:5959',
          ]
        environmentVariables: []
        ports:
          - protocol: TCP
            port: 80
          - protocol: TCP
            port: 443
        resources:
          requests:
            memoryInGB: 1
            cpu: 1
        volumeMounts:
          - name: proxy-data
            mountPath: /data
  osType: Linux
  restartPolicy: OnFailure
  ipAddress:
    type: 'Public'
    dnsNameLabel: 'DNSNAME'
    ports:
    - protocol: TCP
      port: 80
    - protocol: TCP
      port: 443
    - protocol: TCP
      port: 5959
  imageRegistryCredentials:
    - server: ACRACCOUNT.azurecr.io
      username: ACRACCOUNT
      password: ACRACCOUNTPASSWORD
  volumes:
    - name: proxy-data
      azureFile: 
        shareName: proxy-data
        storageAccountName: ACRACCOUNT
        storageAccountKey: ACRACCOUNTSTORAGEKEY
tags: null
type: Microsoft.ContainerInstance/containerGroups

Now run the following command to set up your server.

az container create --resource-group innovation-test-westus --file https-deploy.yml

That is all, enjoy!

Next Article: Deploying a front end to S3

Comments or questions?

Please contact us! We are excited to hear from you.