Docker Https With Azure Key Vault using DevOps Release Pipeline

0
votes

Background:

I am serving an auth server from a normal app service plan and switching to serve the auth server as a docker container. I use CI with dockerfile and azure-pipelines.yaml to push an image to the registry. This triggers my CD which I use Azure Web App on Container Deploy task to deploy. This all seemed fine until I tried to verify my api against an Authorize attribute. It appears that even though I am using a custom domain with https enabled. The tokens generated are still referencing http instead of https.

In order to circumvent this I tried, adding a configuration file or "docker-compose.yaml". However, when I do this my app is breaking. So my two questions are:

-Am I running this correctly to use Https in my docker instance?

-Also, how do I appropriately pass key vault secrets to the docker compose?

Here is my yaml:

version: '3.4'
variables:
    - group: VKVAPI
services:
    webapp:
        image: vkv.azurecr.io/vkvauth:latest
        ports:
            - '8000:80'
            - '8001:443'
        environment:
            - ASPNETCORE_HTTPS_PORT=443
            - 'ASPNETCORE_URLS=https://+;http://+'
            - ASPNETCORE_Kestrel__Certificates__Default__Password=Variable!@#
            - ASPNETCORE_Kestrel__Certificates__Default__Path=$(variable)

Also in my log stream I am getting:

2020-08-27T23:14:29.758256402Z: [ERROR]  Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
2020-08-27T23:14:29.758271702Z: [ERROR]     at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
2020-08-27T23:14:29.758398002Z: [ERROR]     at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
2020-08-27T23:14:29.758404102Z: [ERROR]     at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
2020-08-27T23:14:29.758408302Z: [ERROR]     at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
2020-08-27T23:14:29.758412302Z: [ERROR]     at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
1
azuredockerhttpsazure-devopsazure-keyvault
Hi @James, Is the answer below helpful for you? Or if you have any concern, feel free to share it here. Thanks. - Vito Liu

1 Answers

0
votes

Am I running this correctly to use Https in my docker instance?

There is no problem you run the docker container with HTTPS via the docker-compose. See the details Starting a container with https support using docker-compose.

Also, how do I appropriately pass key vault secrets to the docker compose?

The possible reason caused the error is the supported Docker Compose options in the Azure Web App for Container does not contain the variables. So when you set the variables block and use the variable in it, then it causes the error. I suggest you use the absolute value without the variables.