How to add SSL to Azure Container Instance App?

After going through the pain of researching around this, we finally figured how to use Caddy Docker image as sidecar to add SSL to Container Instances. Caddy makes it easy to auto renew and verify the ownership to issue SSL.

We wrote a blog post to help others who have same problem. Hope this helps.

https://www.antstack.io/blog/how-to-enable-tls-for-hasura-graphql-engine-in-azure-caddy/


As far as I know, currently, there is still no built-in support for enabling SSL on Azure Container Instances refer to this.

However, you could have multiple choices for enabling SSL connections for your ACI application.

  • Use SSL provider in a sidecar container---such as Ngnix or Caddy

If you deploy your container group in an Azure virtual network, you can consider other options to enable an SSL endpoint for a backend container instance, including:

  • Azure Functions Proxies
  • Azure API Management
  • Azure Application Gateway - see a sample deployment template.

The standard SSL certificate maps to a unique domain name, so you need separate certificates for each domain.

You can get started to set up Nginx as an SSL provider in a sidecar container and you need an SSL certificate for the domain api.myApp.com. If you want separate secure access with domain myApp.northamerica.azurecontainer.io, you could configure extra server block in the Nginx config file. Refer to configuring HTTPS server in Nginx.

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}