This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 15%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
I'm struggling to work out how I might enable HTTPS for a Windows container hosted on ACI. I thought a sidecar (Nginx or Caddy) sounded like a good way forward, but unfortunately multi-container groups are not supported for Windows containers. Also, deployment of Windows containers into a virtual network isn't supported either, so I don't know if that rules out using Application Gateway as an option? Sadly, Container Apps doesn't support Windows containers either. Can anyone recommend a viable way forward?
Many thanks in advance.
@ CliveW-1898,
What if you create container registry and deploy container into App Services - it should allow you to use HTTPS for your container:
https://learn.microsoft.com/en-us/azure/app-service/quickstart-custom-container?tabs=dotnet&pivots=container-windows-azure-portal
Thank you for your suggested alternative @rafalzak
I did wonder whether Azure App Service might be the way forward, but hadn't got around to trying it out. I've just created a Web App deployed via a Docker container image (Windows-based) and it works a treat - thank you. HTTPS seemed to be enabled by default which is good.
This is definitely a viable way forward whilst we wait for the Windows-based container limitations of ACI and Container Apps to be addressed.
I'm not sure if you tested this before but I was able to run docker container (Windows) and expose 443 on it. I used IIS in my env. and it works very well.
Hi @rafalzak
Were you running the container locally, or had you deployed to an Azure service?
Hi @Clive-1898,
Both, now I have it running with 443 on Azure Container Instance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Clive Wickham
Apologies on delay on this, I was checking it internally.
This article shows one way to expose a static, public IP address for a container group by using an Azure application gateway. Follow these steps when you need a static entry point for an external-facing containerized app that runs in Azure Container Instances.
As long as the application gateway runs and the container group exposes a stable private IP address in the network's delegated subnet, the container group is accessible at this public IP address. Please check if this is something that might help your scenario.
I am checking with ACI product group to see if we have any ETA for - Windows container in ACI support virtual network and multiple-container groups in the near future. I will share it here when I have an update.
Let me know if you have further questions.
Thanks for your reply @KarishmaTiwari-MSFT
I followed the steps in the article ("Expose a static IP address for a container group") you provided a link to. Unfortunately, the az container create statement failed (with --os-type Windows parameter supplied), presumably because of the limitation I previously mentioned, detailed here: "At this time, deployments with Windows container groups are not supported in an Azure virtual network deployment."
When I removed the --vnet and --subnet parameters, the az container create command succeeded, but this obviously means that the container group isn't part of the virtual network which makes this approach unworkable.
Are the ACI product group able to provide an ETA for Windows container support in a virtual network deployment? And for Windows multiple-container groups?
In the meantime, is there a viable way forward today using alternative Azure services?
Many thanks.