Share via

Spring boot container With truststore in Azure App Service

Aravind Rajasekharan Pillai 21 Reputation points
2021-12-16T12:56:20.64+00:00

I have a legacy spring boot Application that uses a common library that injects a RestTemplate which is default configured to make some HTTPS calls, Meaning it is always looking for a trust-store in the classpath. Spring boot by default needs a key store when we enable trust-store

Issue

I successfully containerized and deployed this app in the App service however App service is failing with the below error 

Bad Request This combination of host and port requires TLS.

Most of the comments out there suggest App service containers need to run on HTTP with port 80 and not HTTPS.

Questions 

Is there a way to deploy this container running HTTPS to be deployed on the App service and get a call at an endpoint?
How are people deploying spring boot apps in Azure app service if there is a requirement for trust-store as in trusting the third party servers?

Any help is appreciated

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,939 questions
0 comments
Accepted answer
  1. ajkuma 28,036 Reputation points Microsoft Employee Moderator
    2021-12-17T20:39:59.263+00:00

    AravindRajasekharanPillai-8474, Thanks for the good question.

    You may integrate outbound SSL certificates for Spring Boot with Azure Key Vault. Kindly take a look at this doc for a detailed steps on the approach.

    Steps to Call external service via TLS/SSL using Azure Spring Cloud provided feature

    Sample - Spring Boot - Secure Communications Using End-to-end TLS/SSL

    This guide explains how to secure communications for Spring Boot apps using end-to-end TLS/SSL and SSL certificates managed in Azure Key Vault.
    Azure Spring Cloud is used for illustration. You can apply the same approach to secure communications when you deploy Spring Boot apps to Azure Kubernetes Service, App Service or Virtual Machines.

    Additionally,
    App Service terminates TLS/SSL at the front ends.
    That means that TLS/SSL requests never get to your app. You don't need to, and shouldn't implement any support for TLS/SSL into your app.
    The front ends are located inside Azure data centers. If you use TLS/SSL with your app, your traffic across the Internet will always be safely encrypted.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vidya Narasimhan 2,126 Reputation points Microsoft Employee
    2021-12-17T20:31:28.933+00:00

    Hi @Aravind Rajasekharan Pillai ,

    You need to disable TLS in Spring Boot app. App Service Front ends terminate SSL connection for all HTTPS requests and then forward the request to your application instance as described here https://learn.microsoft.com/en-us/archive/msdn-magazine/2017/february/azure-inside-the-azure-app-service-architecture#scale-unit-network-configuration

    For outbound HTTPS call , you can add the private certificate required by the 3rd party app to App Service as per this link https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate .

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.