IIS ARR Reverse proxy running in Docker under Azure VM returns 404

Question

Using an Azure Server Core 2019 VM I've set up a number of docker containers with ISS/ARR 3.0 as the reverse proxy.

When I access the host url: "http://[hostname]/deploy" i expect the RP to redirect to http://[docker ip]:81

81 is the exposed port of the separate internal docker container that "deploy" runs on. FYI: This is mapped to host port 1322... accessing hostname:1322 via an external browser works fine.

(I've also tried using a rewrite rule to [hostname]:1322 and [docker ip]:1322)

No matter what i do, I always get 404 (not found)

I can't figure out why. Is there something in Azure itself messing this up? The only networking I appear to have available to docker in windows is NAT (via docker network ls). I've got the correct IP address of the target docker container via "docker inspect [container]" but I think this is the IP address as exposed to the host, not that can be seen by other containers running on the host.

How do I know what the internal docker IP is that is available to other running docker containers for the ARR rule (or is there another way to set this up so it knows the rule dynamically?)

my ARR web.config is:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="deploy" stopProcessing="true">
                    <match url="^(.*)/deploy" />
                    <action type="Rewrite" url="http://172.23.60.148:81" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

My reverse proxy docker file is:

FROM mcr.microsoft.com/windows/servercore/iis

# Download and install the required URL rewrite and Application Request Routing modules. Clean up after!
ADD http://go.microsoft.com/fwlink/?LinkID=615137 /install/rewrite_amd64.msi
ADD http://go.microsoft.com/fwlink/?LinkID=615136 /install/ARRv3_setup_amd64_en-us.msi
RUN msiexec.exe /i C:\install\rewrite_amd64.msi /qn /log C:\ms_install.log & \
    msiexec.exe /i C:\install\ARRv3_setup_amd64_en-us.msi /qn /log C:\arr_install.log & \
    rd /s /q c:\install

# Enable proxy feature for IIS. Allows us to act as a reverse proxy
RUN .\Windows\System32\inetsrv\appcmd.exe set CONFIG -section:system.webServer/proxy /enabled:"True" /commit:apphost

# The web config should contain our routing to other containers
ADD ./web.config /inetpub/wwwroot/web.config

Answer 1

So, it turns out that the problem is not docker at all but ARR.

When you add the rewrite rule, it's logical to expect this "^(.*)/deploy" to be the match criteria, i.e. "ending with /deploy". The rewrite rule tester in IIS even works correctly when you try it out.

Turns out, IIS doesn't pass the / to the rewrite rules engine. It only passes the text "deploy"... so the rule never matches and it then passes it onto the underlying IIS site instead of the the target... and of course /deploy doesn't exist in the underlying site, hence the 404.

Related ARR issues here

• URL rewrite in IIS 8.5 is not working I'm getting 404 instead
• Url Rewrite in IIS get 404

---