Share via

Azure App Proxy - Doesn't work with HTTPS

Mohamed Roushdy 66 Reputation points
2022-12-27T13:57:36.277+00:00

Hello,

Trying to publish an internal app, and my setup as follows:

  • two Azure proxyApp connector machines, not joined to my on-prem AD for security reasons.
  • 1 app server (NDES server).
  • Proxy app uses a different an external URL different from the internal URL.
  • using custom domain and the SSL cert was uploaded.

if I configure the Azure AppProxy to use HTTP only the app works perfectly fine,m but once I flip it to HTTPS, I get the "Bad Gateway" error in the App Proxy. From both connnectors I can reach the internal app over HTTPS (via their web browsers), however, I have the Certificate error as insecure website since these boxes aren't joined to the domain, so, not sure if I need to import the cert chain first of my internal CA into the connector machines and this would fix it, or maybe I'm missing something else. Please advise.

Thank you,

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,978 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,700 questions
0 comments
Accepted answer
  1. Marilee Turscak-MSFT 37,151 Reputation points Microsoft Employee
    2022-12-30T17:47:14.63+00:00

    Hi @Mohamed Roushdy ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue:
    You were trying to publish an internal application. Your environment had two Azure ProxyApp connector machines, one NDES app server, a proxy app that using a different external URL from the internal URL, and a custom domain with the SSL certificate uploaded. The app worked when the App Proxy was configured to use HTTP, but when switching to HTTPs, you received a "bad gateway" error. You were able to reach HTTPs from both machines via web browsers, but received insecure website certificate errors since the machines were not joined to the domain.

    Solution:
    Manually importing the Certificate Authority chain resolved the issue. Since the connector machine was not joined to the domain, the CA needed to be imported so that the website's internal CA would be detected as secure. The app proxy issue is now resolved.

    If you have any other questions or are running into more errors or certificate issues, please let me know.
    Thank you again for your time and patience throughout this issue.

    -

    Please remember to "Accept the answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mohamed Roushdy 66 Reputation points
    2022-12-30T13:12:30.783+00:00

    Hello again, I've managed to solve the issue, Since the connector machine isn't joining the domain, I've manually imported the CA chain and now the website's internal CA is detected as "secure", and the App proxy's issue is solved.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.