Configure Container App with Front Door

Azure Container Apps is a fully managed environment that enables you to run microservices and containerized applications on a serverless platform. When you host your apps or microservices in Azure Container Apps, you may not always want to publish them directly to the internet. Instead, you may want to expose them through a reverse proxy, a content delivery network (CDN) or any other similar device.

Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that can help you deliver higher availability, lower latency, greater scale, and more secure experiences to your users accessing your container apps.

In this article, you learn to configure a Container App with Front Door. (For configuring with Custom Domain, see Configure Container App behind Front Door with Custom Domain - Microsoft Community Hub)

PREREQUISITES

• Front Door
• Container App with Ingress enabled (Configure Ingress for your app in Azure Container Apps | Microsoft Learn)

Note: This article uses Front Door Standard/Premium.

This configuration involves the Front Door accessing the Container App using its default domain, suffixed as ".azurecontainerapps.io".

When Container App doesn't have a custom domain associated with it, the host header on the incoming request on the application will need to be set to the default domain, suffixed with ".azurecontainerapps.io" or else the platform won't be able to properly route the request.

I. CREATE A NEW AZURE FRONT DOOR ENDPOINT

The Front Door profile must have at least one or more endpoints.

1. In the Front Door Manager tab, select Add an endpoint and give your endpoint a globally unique name. You can create more endpoints in your Azure Front Door profile after you complete the deployment.
2. Select Add to add the endpoint.
   

II. ADD A ROUTE

1. To add a Route, first expand an endpoint from the list of endpoints in the Front Door manager.
2. Next, select + Add a route to configure routing to your Container App origin.
   On the Add a route page, enter, or select the following information and select Add to add the route to the endpoint configuration.
   

   Setting	Description
   Name	Enter a name to identify the mapping between domains and origin group.
   Domains	A domain name has been auto-generated for you to use.
   Patterns to match	Set all the URLs this route will accept.
   Accepted protocols	Select the protocol the route will accept. (NOTE: If you choose HTTP as an accepted protocol, ensure that you allow insecure connections on your Container Apps Ingress configuration)
   Redirect	Enable this setting to redirect all HTTP traffic to the HTTPS endpoint.
   Origin group	Select Add a new origin group. Then select + Add an origin. Enter <originname> for the Name and then for the Origin Type select Custom. In the Host name, type the Container Apps URL. Select Add to add the origin to the origin group. Once the origin has been added, select Add to save the origin group configuration.
   Origin path	Leave blank.
   Forwarding protocol	Select the protocol that will be forwarded to the origin group.

   
   
   
   
   
   

Lastly, validate that your application content is getting served using a browser.

CONSIDERATIONS

1. While configuring Ingress for the container app, ensure that the option "Limited to Container Apps Environment" is not selected. Otherwise, you will not be able to access the container app outside the environment (ie) through the front door. 
2. If you have deployed your container app environment in a custom VNET, ensure that the DNS is configured accordingly so that the Front door will be able to access the container app (https://learn.microsoft.com/en-us/azure/container-apps/networking#dns)

REFERENCES

Configure an endpoint with Front Door manager - Azure Front Door | Microsoft Learn

How to configure origins - Azure Front Door | Microsoft Learn