Can I protect on Azure Container Apps the ingress upstream communication to my container with TLS (end-to-end encryption)

Marco Vergari 21 Reputation points
2022-11-15T23:04:56.187+00:00

I want to use Azure Container Apps with a web application in a container. With the ingress feature I can expose this web application to the public. The traffic from client to ingress is protected by HTTPS however the communication from ingress to container (web application) is not protected, because ingress supports only HTTP.

Is there a possibility after TLS offloading on ingress to re-encrypt the traffic? I want the following (end-to-end encryption): 

browser ---- HTTPS ---> ingress ---- HTTPS ---> container (web app)

What I have now running is the following: 

browser ---- HTTPS ---> ingress --- HTTP ---> container (web app)
Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
633 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,194 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
255 questions
0 comments
Accepted answer
  1. MughundhanRaveendran-MSFT 12,411 Reputation points
    2022-11-22T09:39:58.03+00:00

    Hi @Marco Vergari ,

    Traffic inside the environment's vnet between the ingress and app is not encrypted today. This is because tls is terminated at envoy proxy which is used by Azure container app. End to End protection is being worked upon by the Azure container apps team however I dont have an ETA for this feature release.

    You can explore this sample as this might help to some extent even though you cant achieve end to end protection.
    https://github.com/Azure-Samples/dotNET-FrontEnd-to-BackEnd-with-DAPR-on-Azure-Container-Apps

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest