Can I use azure container instance of caddy ( which enables SSL on the server) behind application gateway to use its SSL certs?

Question

Hi,

I have a sever launched in a container instance, which is not SSL enabled. I came across caddy2 which automatically provides and maintains the certificates.
I was able to successfully create this infra using just azure container instance and FQDN provided by azure container group (public), But I can't use that FQDN as its too long, I wanted to map this FQDN to a meaningful domain name, which did not work, I thought I will have to have a static public ip for container group, for that I went for application gateway.

My question is, whether I can use the certificates given by caddy container inside one of the acis?

This worked without application gateway.
<dns_label>.francecentral.azurecontainer.io -> caddy_container@443 or 80 -> portainer @ 9000

Can I achieve the same with azure application gateway, just that I want to use static IP in place of <dns_label>.francecentral.azurecontainer.io? if so, some tips on how to do will be much appreciated.

Thanks,
Prabhu

Answer 1

With Application Gateway backends and SSL, you can configure it with TLS Termination(Application Gateway terminates the SSL connection and establishes an unencrypted session with the backend) or End to End SSL (Application Gateway terminates the SSL connection and establishes a second encrypted session with the backend).

As long as you can get the certificate that caddy uses and whitelist it with Application Gateway (there are differences between the Application Gateway SKUs) this should be possible. This will most likely be a self-signed certificate scenario.