I have a containerized Docker ASP.NET Core application created with
mcr.microsoft.com/dotnet/core/runtime:3.1.3-alpine
When launched the only reference to the port is this ENV variable from the base image
ASPNETCORE_URLS http://+:80
I deployed the app to Azure, setuped the registry and created a new Web Application.
I setup the TLS/SSL settings for working with https only.
Everythings works.
Question:
I want to know how this is possible since I don't config the certificate on my container, I suppose the Kudu service (the reverse proxy) rebind the 443 port to the 80 of the container. Is this true ? The plain http traffic between Kudu and the container on port 80 can cause a possible security hole ?
If I deploy a container with NGINX as a reverse-proxy for ASP.NET Core I must configure the TSL/SSL into NGINX ? On ASP.NET Core ? None at all ?
I want to understand how Kudu, NGINX, and the reverse proxy in general works with and without SSL/TSL
With a Reverse Proxy the client never connects to the HTTP server in your application, in your case Kestrel. The connections you get are requests coming from the Reverse Proxy, and you send your responses back to the Reverse Proxy. Most HTTP stuff is copied from the incoming client request and passed along to your application, but the Reverse Proxy can terminate the SSL tunnel, offload the Authentation, and perform other request transformations.