![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 96%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 23%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Hello ramprasad.r, Thanks for reaching out on Microsoft Q&A and really appreciate your patience while we looked into this.
YES, you can do this by deploying a dedicated NGINX container app that acts as a reverse proxy to all your other services inside the same ACA environment.
The Solution: NGINX as a Reverse Proxy
The recommended solution is to deploy a dedicated NGINX container app that acts as a reverse proxy for all your other services within the same ACA environment.
Steps:
1.Deploy NGINX as a Container App:
- Deploy a new container app using the nginx image.
- Enable ingress on this NGINX app and set it to external.
- Bind your custom domain dev1.*********.to this specific NGINX container app. You will need to create a DNS record (typically a CNAME) pointing to the NGINX app's FQDN.
- Optionally, use Azure File share to mount a persistent configuration file for easier updates.
2.NGINX Configuration (nginx.conf):
- Create a configuration file to define your path-based routing rules. The
proxy_passdirective will route traffic to the internal FQDNs of your other services. - Example nginx.conf:
server { listen 80; server_name dev1.*********.com; location /api/ { proxy_pass http://api-service.internal:80/; } location /reports/ { proxy_pass http://reports-service.internal:80/; } location /webapp/ { proxy_pass http://webapp-service.internal:80/; } } - The. internal suffix is used to address other container apps within the same ACA environment, regardless of their public ingress status.
3.Disable External Ingress on Other Services:
- For your 18 other services (e.g., api-service, reports-service), set their ingress to internal. This is a critical step to ensure they are not publicly accessible and that all traffic is funneled through your NGINX proxy.
4.Custom Domain and TLS:
- Custom Domain Binding: The custom domain dev1.*********.com should be bound only to the NGINX container app.
- TLS Support: You can use Azure's managed certificates to handle TLS termination for the custom domain. This is the simplest way to secure the connection between the client and the NGINX gateway.
Official Documentation:
- Reverse Proxy in Container Apps (Custom Ingress Pattern): This guide provides an excellent overview of using NGINX as a reverse proxy.
- Internal Communication Between Container Apps: Essential for understanding how the NGINX proxy communicates with backend services using their internal FQDNs.
- Custom Domains with ACA: Explains the process of binding a custom domain to a container app.
- Secure Ingress with TLS Support: Details how to manage TLS certificates for a custom domain in ACA.
Let me know if this helps. Happy to assist further. Thank You!