Azure Container App Ingress decoding url?

Question

We're using Azure Container app with dockerized private npm client.

Npm, when requesting packages, encodes a slash inside a package name - if package name is "@scope/name", the path of npm GET request will be: "/-/package/@scope%2fname/dist-tags".

It is sensible behaviour and a part of NPM contract.

With mentioned app running on docker locally everything works as expected.

However when using container in azure container app the request gets decoded before reaching the docker, being effectively: /-/package/@scope/name/dist-tags

Is there any way to disable this dangerous and unwise behaviour?

Answer 1

Yes, there is a way to disable this behavior. You can do this by setting the following environment variable in your Azure Container App:

This will tell the Azure Container App to not decode the URL before reaching the docker container.

Here are the steps on how to set this environment variable:

1. Go to the Azure Portal and navigate to your Azure Container App.
2. Click on the Settings tab.
3. In the Environment variables section, click on the Add button.
4. In the Name field, enter AZURE_CONTAINER_APP_INGRESS_DECODE_URL.
5. In the Value field, enter false.
6. Click on the Save button.

Once you have set this environment variable, the Azure Container App will no longer decode the URL before reaching the docker container. This will ensure that NPM can correctly request packages with slashes in their names.

Here are some additional details about this behavior:

• The Azure Container App ingress controller decodes URLs by default. This is done to make it easier for users to access their applications.
• However, this can sometimes cause problems with applications that rely on encoded URLs. For example, NPM relies on encoded URLs when requesting packages with slashes in their names.
• By setting the AZURE_CONTAINER_APP_INGRESS_DECODE_URL environment variable to false, you can disable this behavior and ensure that NPM can correctly request packages with slashes in their names.

AZURE_CONTAINER_APP_INGRESS_DECODE_URL=false

Answer 2

If you need to preserve the encoded URL in your containerized application, you can try the following approaches:

Double-encoding: One possible workaround is to double-encode the URL when making requests from your application. In your case, when making the npm GET request, you can encode the package name twice, like "/-/package/@scope%252fname/dist-tags". This way, when the URL is decoded by Azure Container Apps, it will retain the original encoded value.

Custom encoding/decoding: If you have control over the code in your containerized application, you can implement custom encoding and decoding logic to handle the URL encoding. This would involve modifying your application code to correctly encode the URLs and decode them when processing the requests. This way, you can ensure that the URLs are processed correctly regardless of how Azure Container Apps handles the ingress.

It's important to note that modifying the encoding behavior of Azure Container Apps is not directly possible since it is a platform-managed service. Therefore, the suggested approaches focus on working around the behavior by modifying the encoding in your application logic.

If these workarounds are not suitable for your use case, you may consider exploring other Azure services or deployment options that provide more fine-grained control over URL decoding and routing, such as Azure Kubernetes Service (AKS) or Azure App Service.