Enabling HTTPS with custom domains on Azure Container Apps
TypeScriptTo enable HTTPS with custom domains on Azure Container Apps, you will need to work with several resources. First off, you will create an Azure Container App. Then, you will create a custom domain for it, and finally, you will configure the custom domain to use HTTPS, which typically involves a TLS/SSL certificate.
Below is a Pulumi program written in TypeScript that accomplishes this. The program uses the following main resources:
ContainerApp
: This resource represents the Azure Container App that we will deploy. It includes details about the container image, environment, and other configurations.CustomDomain
: This resource associates a custom domain with an Azure Container App. It requires the name of the custom domain and a reference to a certificate for enabling HTTPS.
In this example, I will assume that the certificate is already available within Azure and that we have its information, such as the name or ID. The actual steps to create a certificate, which often involves requesting it from a Certificate Authority (CA), are not included in this example due to their complexity and because the specifics can vary greatly depending on the CA and the domain registrar.
Here is the TypeScript program:
import * as azure from "@pulumi/azure-native"; // A unique name for the Azure resource group in which resources will be placed. const resourceGroupName = "myResourceGroup"; // The Azure Container Apps environment to host your app. const containerAppEnvironment = new azure.app.ContainerAppEnvironment("myEnvironment", { resourceGroupName: resourceGroupName, location: azure.Locations.WestEurope, // It's best to choose a location that is close to your users. }); // The actual Container App. const containerApp = new azure.app.ContainerApp("myContainerApp", { resourceGroupName: resourceGroupName, environmentId: containerAppEnvironment.id, template: { containers: [{ name: "mycontainer", image: "my-container-image:latest", // The path to the container image in a registry, must be publicly accessible or you'll need to configure registry credentials. resources: { cpu: 1.0, memory: "1.5Gi", }, }], scale: { minReplicas: 1, maxReplicas: 3, // configure rules for auto-scaling if needed }, // configure other settings like environment variables, volumes, etc. }, }); // Custom domain for the container app // For simplicity, we're assuming you've already created and verified your domain with Azure // and have a certificate available for HTTPS. const customDomain = new azure.app.CustomDomain("myCustomDomain", { resourceGroupName: resourceGroupName, appName: containerApp.name, domainName: "www.example.com", // Your custom domain properties: { thumbprint: "certificate-thumbprint", // The thumbprint of a previously uploaded certificate to Azure service for HTTPS }, }); // Export the resulting hostname of the container app. export const hostname = containerApp.configuration.apply(config => config.ingress.fqdn);
Make sure to replace the placeholders (such as
my-container-image:latest
,www.example.com
, andcertificate-thumbprint
) with your specific details.The
containerApp
resource creates an Azure Container App instance, and it's here that you define your container image, resources requirement, and scaling criteria.The
customDomain
resource associates a custom domain with your Azure Container App. ThedomainName
property should be set to the custom domain you wish to attach to your app, and thethumbprint
is the thumbprint of a certificate which you have previously uploaded to Azure. This certificate will be used to enable HTTPS.Finally, we export the fully qualified domain name (fqdn) of the container app which will get updated once the custom domain is successfully attached and configured.
This program doesn't handle the purchase of a domain name or the initial registration/verification process in Azure. It assumes that you have taken care of these prerequisites. That process typically involves creating a DNS record to prove ownership of the domain to Azure and is dependent on your domain registrar. Additionally, the certificate management aspect is simplified in this example by assuming the certificate already exists in Azure.
In a real-world scenario, you will also need to address aspects such as certificate renewal (when the certificate is near expiration) and potentially the automation of domain validation. These are advanced topics and would typically be catered to based on your specific operational requirements.