Azure Container Apps is a fully managed serverless container service that enables you to deploy and run containerized applications without having to manage the infrastructure.
By default, HTTP apps in Azure Container Apps are accessible via a public URL that is unique to the app. However, you can create a container app to use a reverse proxy like NGINX to control how traffic is routed to multiple apps based on the path or hostname.
In this tutorial, you'll learn how to use Azure Container Apps to configure path and hostname-based routing for a set of containerized applications using NGINX as a reverse proxy. You'll deploy 4 applications: 1 NGINX container which will be publicly exposed and 3 container apps which will only be accessible from within the environment and that traffic will be routed to from the NGINX container.
Architecture Diagram
Configure environment variables for the various resources you'll deploy:
RESOURCE_GROUP_NAME=path-based-routing-rg
LOCATION=northeurope
STORAGE_ACCOUNT_NAME=pathbasedrouting$RANDOM
ENVIRONMENT_NAME=path-based-routing
Note: $RANDOM
is a bash variable that returns a random number and is used here to generate a storage account that is globally unique within Azure. If it's not available in your shell, use another unique value for the STORAGE_ACCOUNT_NAME
variable.
Create a resource group:
az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
Create an Azure Container Apps environment:
az containerapp env create --name $ENVIRONMENT_NAME \
--resource-group $RESOURCE_GROUP_NAME --location $LOCATION
Create two container apps in the environment:
az containerapp create --name app1 --environment $ENVIRONMENT_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--ingress internal --target-port 80
az containerapp create --name app2 --environment $ENVIRONMENT_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--ingress internal --target-port 80
This will create two container apps, app1
and app2
. Both apps are configured to not be publicly accessible and are only accessible within the environment. The only exposed public endpoint is from the NGINX app.
Create a container app running NGINX:
az containerapp create --name nginx --environment $ENVIRONMENT_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--ingress external --target-port 80 --image nginx
This will create a container app running NGINX. The app is publicly accessible and is accessible from the internet. The NGINX app will be used as a reverse proxy to route traffic to the other two apps.
Now that the Container Apps resources are created, you can proceed to configure the path-based routing.
To configure path-based routing, you'll create an NGINX configuration file that defines the routing rules and upload it to an Azure File Share. Then you'll mount the file share to the NGINX container app.
Create a storage account to store the NGINX configuration file:
az storage account create --name $STORAGE_ACCOUNT_NAME \
--resource-group $RESOURCE_GROUP_NAME --location $LOCATION \
--sku Standard_LRS
Create a file share in the storage account:
az storage share create --name nginx-config --account-name $STORAGE_ACCOUNT_NAME
In the current directory, create a new file called nginx.conf
with the following content:
events {
}
http {
server {
listen 80;
location /app1/ {
proxy_http_version 1.1;
proxy_pass http://app1/;
}
location /app2/ {
proxy_http_version 1.1;
proxy_pass http://app2/;
}
}
}
This NGINX configuration file defines two locations, /app1/
and /app2/
, and routes traffic to the app1
and app2
container apps respectively using their internal URLs, http://app1/
and http://app2/
.
Upload the NGINX configuration file to the file share:
az storage file upload --account-name $STORAGE_ACCOUNT_NAME --share-name nginx-config \
--source nginx.conf --path nginx.conf
Get the access key for the storage account:
STORAGE_ACCOUNT_KEY=$(az storage account keys list --account-name $STORAGE_ACCOUNT_NAME \
--resource-group $RESOURCE_GROUP_NAME --query "[0].value" --output tsv | tr -d '\r')
Configure the file share in the Container Apps environment:
az containerapp env storage set \
--name $ENVIRONMENT_NAME --resource-group $RESOURCE_GROUP_NAME \
--storage-name nginx-config \
--account-name $STORAGE_ACCOUNT_NAME \
--azure-file-account-key $STORAGE_ACCOUNT_KEY --azure-file-share-name nginx-config \
--access-mode ReadOnly
Export the YAML from the NGINX container app:
az containerapp show --name nginx --resource-group $RESOURCE_GROUP_NAME \
--output yaml > nginx.yaml
Open nginx.yaml
in a text editor. Add the volumes
array to the template
section to mount the Azure File Share to the NGINX container app. Then add the volumeMounts
array to the containers
array to mount the volume to the NGINX container. The modified YAML should look like this snippet:
// ...
properties:
// ...
template:
containers:
- image: nginx
name: nginx
resources:
cpu: 0.5
memory: 1Gi
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumeName: nginx-config
scale:
maxReplicas: 10
minReplicas: 0
serviceBinds: null
terminationGracePeriodSeconds: null
volumes:
- name: nginx-config
storageType: AzureFile
storageName: nginx-config
// ...
Update the NGINX container app with the modified YAML:
az containerapp update --name nginx --resource-group $RESOURCE_GROUP_NAME \
--yaml nginx.yaml
This will update the NGINX container app to use the NGINX configuration file from the Azure File Share.https://[your nginx's fqdn]/
.az containerapp ingress show --name nginx --resource-group $RESOURCE_GROUP_NAME
/app1/
and /app2/
to the URL to verify that the traffic is being routed to the app1
and app2
container apps respectively (Ex: [your NGINX Application URL]/app1/
).
Now that you've deployed your NGINX container and are routing based on paths to your container apps, you'll learn how to update the routing configuration in your NGINX container.
In order to change how the NGINX container handles routing, you'll need to follow steps 3-4 in Configure path-based routing to modify the nginx.conf and reupload it to the file share.
You'll need to restart the NGINX container app to apply the updated routing changes.
az containerapp revision restart --name nginx --resource-group $RESOURCE_GROUP_NAME \
--revision $(az containerapp revision list -n nginx -g $RESOURCE_GROUP_NAME --query '[0].name' -o tsv | tr -d '\r')
In addition to routing traffic based on paths, you can also configure NGINX to route traffic based on the hostname. To do this, use multiple server blocks in the NGINX configuration file, each with a different server_name
directive. This example builds off the previous Configure path-based routing section.
az containerapp create --name app3 --environment $ENVIRONMENT_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--ingress internal --target-port 80
To configure your NGINX container for hostname-based routing, you'll need to update the nginx.conf and upload it to your file share like you did in steps 3-4 from the Configure path-based routing section by updating the nginx.conf and uploading it to your file share. The steps are shown below.
nginx.proudgrass-abcdefgh.northeurope.azurecontainerapps.io
is routed to app1
and app2
, while traffic to path-based-routing.anthonychu.dev
is routed to app3
.
Note the server_names_hash_bucket_size 128;
directive. This is sometimes required when using a large number of server names, or in this case, when using a long domain name like the default one provided by Azure Container Apps.
events {
}
http {
server_names_hash_bucket_size 128;
server {
listen 80;
server_name nginx.proudgrass-abcdefgh.northeurope.azurecontainerapps.io;
location /app1/ {
proxy_http_version 1.1;
proxy_pass http://app1/;
}
location /app2/ {
proxy_http_version 1.1;
proxy_pass http://app2/;
}
}
server {
listen 80;
server_name path-based-routing.anthonychu.dev;
location /app3/ {
proxy_http_version 1.1;
proxy_pass http://app3/;
}
}
}
az storage file upload --account-name $STORAGE_ACCOUNT_NAME --share-name nginx-config \
--source nginx.conf --path nginx.conf
az containerapp revision restart --name nginx --resource-group $RESOURCE_GROUP_NAME \
--revision $(az containerapp revision list -n nginx -g $RESOURCE_GROUP_NAME --query '[0].name' -o tsv | tr -d '\r')
server_name
for app3 and provide the path /app3/
.path-based-routing.anthonychu.dev
instead of the default hostname for the NGINX app.
You have now successfully setup both path and hostname-based routing with an NGINX container for your container apps! Please comment below to let us know what you think of the experience.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.