Azure Container Apps now supports custom domain assignment in the latest update. Now you can easily publish your own web application with your own domain without using Front Door.
However, it does not currently support free managed certificates, and you must upload your own certificates.
Free certificates are issued by Let's Encrypt, so I developed an application to use them. This is based on code written by @jeffhollan of the Azure Apps team.
shibayan / containerapps-acmebot
Automated ACME SSL/TLS certificates issuer for Azure Container Apps (Custom domain / Custom DNS Suffix)
Container Apps Acmebot
Automated ACME SSL/TLS certificates issuer for Azure Container Apps
Motivation
We have started to address the following requirements:
- Support for multiple Container Apps and Container Apps Environment
- Easy to deploy and configure
- Highly reliable implementation
- Ease of Monitoring (Application Insights, Webhook)
You can add multiple certificates to a single Container Apps.
Feature Support
- Issuing certificates for Zone Apex / Multi-domain / Wildcard
- Automatic binding of custom domains and certificates to Container App
- Support for multiple Container Apps in a single application
- ACME-compliant Certification Authorities
- Let's Encrypt
- Buypass Go SSL
- ZeroSSL (Requires EAB Credentials)
Deployment
Learn more at https://github.com/shibayan/containerapps-acmebot/wiki/Getting-Started
Thanks
- Based on containerapps-acmebot by @jeffhollan
- ACMESharp Core by @ebekker
- Durable Functions by @cgillum and contributors
- DnsClient.NET by @MichaCo
License
This project is licensed under the Apache License 2.0
It has the same functionality as other Acmebot products, but supports Container Apps specific features. Azure DNS is currently required for use.
From here, I will actually use Acmebot to add a custom domain and certificate to the Container App.
Deploy Acmebot
Deploy Acmebot using the "Deploy to Azure" button in the README on GitHub.
After deployment is complete, add Azure AD authentication using App Service Authentication. Detailed instructions are provided in the README.
Setup RBAC (IAM) for Acmebot
Add the Contributor
RBAC role to the deployed Acmebot for the resource group where Container Apps and Container Apps Environment are deployed.
Currently there is no RBAC role for Container Apps, so Contributor
RBAC role must be assigned.
Since Acmebot requires Azure DNS for certificate issuance, assign the role of DNS Zone Contributor
to Acmebot for Azure DNS as well.
Issue certificate
If the setup was successful, accessing the application will show a list of DNS Zones and Container Apps Environment.
The following simple screen allows you to select a DNS zone and issue a certificate for the required domain name.
Container Apps certificates are associated with the Container App Environment, so the Container Apps Environment must be explicitly specified when the certificate is issued.
If the certificate is successfully issued, it can be found in the list of certificates in the Container Apps Environment.
Acmebot is designed to attempt to automatically renew certificates associated with the Container Apps Environment.
Bind to Container App
An additional option is to add custom domain settings to any Container App at the same time the certificate is issued.
A custom domain is added to the Container App, but the actual A or CNAME DNS record is not automatically added and must be added manually. This is by design for safety.
After manually adding the A record, the browser will be able to view the Container App hosted in the HTTPS-protected Zone apex domain, as shown below.
In this way, Acmebot greatly reduces the effort of issuing certificates for Container Apps and automates their management.
Renew certificates
The default setting is to automatically renew certificates 30 days before they expire.
Upon successful renewal of the certificate by Acmebot, Container Apps will automatically use the new certificate.
Related post
If you are interested in the App Service and Key Vault version of Acmebot, please refer to the following post.
The fastest way to use Let's Encrypt in Azure
Tatsuro Shibamura ・ Sep 14 '20
Enjoy Azure Container Apps and Let's Encrypt!
Top comments (0)