I’m trying to get a Durable Function to run in a Docker container. I’m only able to get it to work when I call my orchestration starter function using HTTP. If I try to kick off the orchestration over HTTPS, I get a 403 unauthorized error; in the portal, my app is published with an HTTPS URL, and I also get a 403 trying to access that.
More context: I’m deploying the function through Azure DevOps using Terraform. This is a function that we’ve had running successfully for over a year before we started the conversion to Docker containers.
I think this could at least partly be due to Docker + Azure Functions + TLS termination. We were able to get around this with our dockerized Web App by creating an appseting "Kestrel__Endpoints__Http__Url" and setting the value of that to the port specified in the Dockerfile. For this function, I’m setting the port to 80 in the Dockerfile.
Let me know if more details are needed.
I’ve tried "Kestrel__Endpoints__Http__Url" appsetting trick, that doesn’t do anything. And to clarify my earlier point: If I initiate the orchestration using http://example.azurewebsites.net/api/OrchestrationStarter everything works fine, but if I do it over https://example.azurewebsites.net/api/OrchestrationStarter I get a 403 error. And I want to run it over HTTPS.
2
Answers
For anyone else who may run into this issue in the future, my problem was this: I was using the incorrect azure functions docker image. Previously, I was using
azure-functions/dotnet:4, when I needed to be usingazure-functions/dotnet:4-dotnet6-appservice. Everything runs as expected over HTTPS since making that one change in my Dockerfile.Here’s a few things you can try:
Ensure the HTTPS endpoint is correctly configured in your Docker container: Verify that the Dockerfile and the container configuration are set up to handle HTTPS traffic correctly. Make sure the appropriate certificates and bindings are in place.
Verify the HTTPS configuration in Azure Functions: Ensure that the Azure Functions app has the necessary configuration to handle HTTPS requests. Check that the SSL binding is correctly set up in the Azure portal.
Check the firewall and networking settings: Ensure that the firewall and networking settings for your Azure Functions app allow inbound HTTPS traffic. You might need to configure network security groups or access control lists to allow the necessary traffic.
Verify the authentication and authorization settings: Check the authentication and authorization configuration in your Azure Functions app. Ensure that the necessary authentication mechanisms are in place and that the appropriate permissions are granted to access the orchestration.
Check if there’s a reverse proxy or load balancer in front of your Docker container: If you have a reverse proxy or load balancer in your setup, ensure that it is correctly configured to pass the HTTPS traffic to your Docker container.
Check the Terraform deployment configuration: Verify that the Terraform deployment scripts correctly handle the HTTPS configuration for your Azure Functions app. Make sure that any necessary configuration options are set correctly.
Review the application code: Double-check the application code and any authorization middleware to ensure they are correctly handling HTTPS requests. It’s possible that there might be some conditional logic or misconfiguration that causes the 403 error for HTTPS requests.