azurehttpnginxnginx-reverse-proxyazure-container-apps

Azure Container App with Nginx reverse proxy returns connection failure


I have a Nginx reverse proxy configured in front of a service. They are both Docker images, and I uploaded them as Azure Container Apps.

I have the following configuration for the reverse proxy:

location /api/my-service/ {
    access_log /var/log/nginx/my-service_api.log main;
    proxy_http_version 1.1;
    proxy_set_header "Connection" "";
    proxy_pass http://my-service/;    
}

If I run curl -ik -X GET 'https://localhost/api/my-service/some-endpoint' from inside the Nginx container console, I get the expected response from my proxied service. I get the same expected result if I use the public URL of the Contaier App while inside the container (instead of localhost). The problem is that if I try to execute the request from my computer, I get a 503 error with a response saying upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: delayed connect error: 111

I was previously getting the same error when executing the request from inside the Nginx container, but it got fixed after I added proxy_http_version 1.1; to the Nginx location configuration for my service. This makes me think something between my external request and the Nginx Container App might be doing something with the HTTP version, but I haven't found any configuration or log to confirm this.

Since from inside the container the reverse proxy works, am I right to assume the problem is related to the Container App configuration? What could the problem be?

Extra information

The ingress is enabled for accepting traffic from anywhere, ingress type HTTP, and transport auto. I'm using a certificate from Cloudflare, used to secure the traffic between Cloudflare and the Container App. At one point I though maybe Cloudflare was doing something when proxying the request, but if I access direcly to the Container App URL (skipping Cloudflare), I still get the same error.


Solution

  • I finally fixed the issue, so I'll leave my solution here in case someone else has something similar happening to them.

    My Container App is configured so it doesn't accept insecure connections, so in my Nginx configuration I was listening only to the 443 port:

    server {
        ...
        listen 443 ssl;
        ...
    }
    

    For some reason, adding listen 80; fixed the error and now the reverse proxy is working in the Container App.

    I'm using http internally to connect to my proxied service (instead of https), so maybe that's something to consider.