Getting bad gateway in app gateway which is connecting to private container apps

Question

Getting bad gateway in app gateway which is connecting to private container apps

nishan Pa 0

Hi Support,

We are configuring azure container apps with ingress internal - (nginx contanier).
This is integrated to vnet and subet and container env is assigned with subnet ip.

We are now trying to connect to this via application gateway configured in same subnet.

But we are facing dns resolution issue as well as bad gateway.

We try to use backend pool with fqdn of container apps as well as the private ip of container apps environment, but nothing worked. We are also see that the fqdn is resolving within the container and it is poiniting to k8s internal ip.

Let us know what is the right configuration to do this configuration to private container apps exposed to http/https only via app gateway or if you have any other suggestion, let us know.

G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-07-21T20:46:30.35+00:00

Hello nishan Pa

I am following up on this thread and wanted to check if you had a chance to review the information we posted in the comments.

Please let me know if you have any questions.
G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-07-22T18:17:58.87+00:00

Hello nishan Pa

Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.

Please let us know if you have any questions or concerns. We are happy to assist you.

1 answer

Your answer

G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-07-21T20:46:30.35+00:00

Hello nishan Pa

I am following up on this thread and wanted to check if you had a chance to review the information we posted in the comments.

Please let me know if you have any questions.
G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-07-22T18:17:58.87+00:00

Hello nishan Pa

Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.

Please let us know if you have any questions or concerns. We are happy to assist you.

Answer 1

Hello nishan Pa

It appears you're experiencing a 502 Bad Gateway error when connecting your Azure Application Gateway to your private Azure Container Apps. This usually means the Application Gateway can't reach the backend service. Possible reasons include incorrect backend pool configuration, failing health probes, or DNS resolution issues leading to an unreachable IP address.

Please review the following information:

To expose internal Azure Container Apps through Application Gateway, follow these steps:

Use a Private DNS Zone: Internal ingress for Azure Container Apps registers their FQDN in a private DNS zone (*.internal.azurecontainerapps.io). Ensure that your Application Gateway subnet is linked to this private DNS zone or uses a custom DNS server that can resolve it.
Configure Application Gateway with Private Link or IP: Instead of the FQDN, set the backend pool to use the private IP address of the Container App environment.

Note that Container Apps provide a stable IP per environment, not per app, so you may need to route traffic to the environment and use path-based routing.

Set up custom health probes: Make sure the probes match the required path and headers for your container app and use HTTP/HTTPS with the correct port (typically 80 or 443).

I hope this helps! If these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.

If the above is unclear or you are unsure about something, please add a comment below.

Share via

Getting bad gateway in app gateway which is connecting to private container apps

1 answer

Your answer