An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
How to quickly setup a Let's Encrypt certificate in Azure Container Apps
Azure Container Apps now supports custom domain assignment in the latest update. Now you can easily publish your own web application with your own domain without using Front Door.
Azure Container Apps@azcontainerappIT's TRUE!!! You can now add Custom Domains to your Azure Container App!
@AzContainerApp #AzureContainerApp @nthonyChu @yosoyvinisoto23:57 PM - 13 May 2022
However, it does not currently support free managed certificates, and you must upload your own certificates.
Free certificates are issued by Let's Encrypt, so I developed an application to use them. This is based on code written by @jeffhollan of the Azure Apps team.
shibayan / containerapps-acmebot
Automated ACME SSL/TLS certificates issuer for Azure Container Apps
Container Apps Acmebot
This is an application that automates the issuance and renewal of ACME SSL/TLS certificates for Azure Container Apps.
- Support for multiple Container Apps and Container Apps Environment
- Easy to deploy and configure
- Highly reliable implementation
- Ease of Monitoring (Application Insights, Webhook)
You can add multiple certificates to a single Container Apps.
Table Of Contents
Feature Support
- Issuing certificates for Zone Apex / Multi-domain / Wildcard
- Automatic binding of custom domains and certificates to Container App
- Support for multiple Container Apps in a single application
- ACME-compliant Certification Authorities
- Let's Encrypt
- Buypass Go SSL
- ZeroSSL (Requires EAB Credentials)
Requirements
- Azure Subscription
- Azure Container Apps
- Azure DNS
- Email address (required to register with Let's Encrypt)
Getting Started
1. Deploy Acmebot
2. Add application settings
Update the following configuration settings of the Function App:
Acmebot:Webhook
- Webhook destination
It has the same functionality as other Acmebot products, but supports Container Apps specific features. Azure DNS is currently required for use.
From here, I will actually use Acmebot to add a custom domain and certificate to the Container App.
Deploy Acmebot
Deploy Acmebot using the "Deploy to Azure" button in the README on GitHub.
After deployment is complete, add Azure AD authentication using App Service Authentication. Detailed instructions are provided in the README.
Setup RBAC (IAM) for Acmebot
Add the Contributor
RBAC role to the deployed Acmebot for the resource group where Container Apps and Container Apps Environment are deployed.
Currently there is no RBAC role for Container Apps, so Contributor
RBAC role must be assigned.
Since Acmebot requires Azure DNS for certificate issuance, assign the role of DNS Zone Contributor
to Acmebot for Azure DNS as well.
Issue certificate
If the setup was successful, accessing the application will show a list of DNS Zones and Container Apps Environment.
The following simple screen allows you to select a DNS zone and issue a certificate for the required domain name.
Container Apps certificates are associated with the Container App Environment, so the Container Apps Environment must be explicitly specified when the certificate is issued.
If the certificate is successfully issued, it can be found in the list of certificates in the Container Apps Environment.
Acmebot is designed to attempt to automatically renew certificates associated with the Container Apps Environment.
Bind to Container App
An additional option is to add custom domain settings to any Container App at the same time the certificate is issued.
A custom domain is added to the Container App, but the actual A or CNAME DNS record is not automatically added and must be added manually. This is by design for safety.
After manually adding the A record, the browser will be able to view the Container App hosted in the HTTPS-protected Zone apex domain, as shown below.
In this way, Acmebot greatly reduces the effort of issuing certificates for Container Apps and automates their management.
Renew certificates
The default setting is to automatically renew certificates 30 days before they expire.
Upon successful renewal of the certificate by Acmebot, Container Apps will automatically use the new certificate.
Related post
If you are interested in the App Service and Key Vault version of Acmebot, please refer to the following post.
The fastest way to use Let's Encrypt in Azure
Tatsuro Shibamura Sep 14 '20 2 min read
Enjoy Azure Container Apps and Let's Encrypt!
Original Link: https://dev.to/shibayan/how-to-quickly-setup-a-lets-encrypt-certificate-in-azure-container-apps-3nd7
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To