Can I use azure container instance of caddy ( which enables SSL on the server) behind application gateway to use its SSL certs?

Chawandi Prabhu 21 Reputation points


I have a sever launched in a container instance, which is not SSL enabled. I came across caddy2 which automatically provides and maintains the certificates.
I was able to successfully create this infra using just azure container instance and FQDN provided by azure container group (public), But I can't use that FQDN as its too long, I wanted to map this FQDN to a meaningful domain name, which did not work, I thought I will have to have a static public ip for container group, for that I went for application gateway.

My question is, whether I can use the certificates given by caddy container inside one of the acis?

This worked without application gateway.
<dns_label> -> caddy_container@443 or 80 -> portainer @ 9000

Can I achieve the same with azure application gateway, just that I want to use static IP in place of <dns_label> if so, some tips on how to do will be much appreciated.


Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
608 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
913 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. TravisCragg-MSFT 5,676 Reputation points Microsoft Employee

    With Application Gateway backends and SSL, you can configure it with TLS Termination(Application Gateway terminates the SSL connection and establishes an unencrypted session with the backend) or End to End SSL (Application Gateway terminates the SSL connection and establishes a second encrypted session with the backend).

    As long as you can get the certificate that caddy uses and whitelist it with Application Gateway (there are differences between the Application Gateway SKUs) this should be possible. This will most likely be a self-signed certificate scenario.

    0 comments No comments