英文:
Azure Durable Function run via Docker Container returns 403 over HTTPS (but works OK over HTTP)
问题
I'm trying to get a Durable Function to run in a Docker container. I'm only able to get it to work when I call my orchestration starter function using HTTP. If I try to kick off the orchestration over HTTPS, I get a 403 unauthorized error; in the portal, my app is published with an HTTPS URL, and I also get a 403 trying to access that.
More context: I'm deploying the function through Azure DevOps using Terraform. This is a function that we've had running successfully for over a year before we started the conversion to Docker containers.
I think this could at least partly be due to Docker + Azure Functions + TLS termination. We were able to get around this with our dockerized Web App by creating an app setting "Kestrel__Endpoints__Http__Url" and setting the value of that to the port specified in the Dockerfile. For this function, I'm setting the port to 80 in the Dockerfile.
Let me know if more details are needed.
I've tried "Kestrel__Endpoints__Http__Url" app setting trick, that doesn't do anything. And to clarify my earlier point: If I initiate the orchestration using http://example.azurewebsites.net/api/OrchestrationStarter everything works fine, but if I do it over https://example.azurewebsites.net/api/OrchestrationStarter I get a 403 error. And I want to run it over HTTPS.
英文:
I'm trying to get a Durable Function to run in a Docker container. I'm only able to get it to work when I call my orchestration starter function using HTTP. If I try to kick off the orchestration over HTTPS, I get a 403 unauthorized error; in the portal, my app is published with an HTTPS URL, and I also get a 403 trying to access that.
More context: I'm deploying the function through Azure DevOps using Terraform. This is a function that we've had running successfully for over a year before we started the conversion to Docker containers.
I think this could at least partly be due to Docker + Azure Functions + TLS termination. We were able to get around this with our dockerized Web App by creating an appseting "Kestrel__Endpoints__Http__Url" and setting the value of that to the port specified in the Dockerfile. For this function, I'm setting the port to 80 in the Dockerfile.
Let me know if more details are needed.
I've tried "Kestrel__Endpoints__Http__Url" appsetting trick, that doesn't do anything. And to clarify my earlier point: If I initiate the orchestration using http://example.azurewebsites.net/api/OrchestrationStarter everything works fine, but if I do it over https://example.azurewebsites.net/api/OrchestrationStarter I get a 403 error. And I want to run it over HTTPS.
答案1
得分: 0
我的问题是这样的:我之前使用了错误的Azure Functions Docker镜像。之前,我使用的是azure-functions/dotnet:4
,但我需要使用azure-functions/dotnet:4-dotnet6-appservice
。自从在我的Dockerfile中做了这一个改变后,一切都按预期在HTTPS上运行。
英文:
For anyone else who may run into this issue in the future, my problem was this: I was using the incorrect azure functions docker image. Previously, I was using azure-functions/dotnet:4
, when I needed to be using azure-functions/dotnet:4-dotnet6-appservice
. Everything runs as expected over HTTPS since making that one change in my Dockerfile.
答案2
得分: -3
以下是您可以尝试的一些事项:
确保在您的Docker容器中正确配置了HTTPS端点:验证Dockerfile和容器配置是否已设置为正确处理HTTPS流量。确保适当的证书和绑定已经准备就绪。
验证Azure Functions中的HTTPS配置:确保Azure Functions应用程序具备处理HTTPS请求所需的配置。检查Azure门户中SSL绑定是否正确设置。
检查防火墙和网络设置:确保Azure Functions应用程序的防火墙和网络设置允许入站HTTPS流量。您可能需要配置网络安全组或访问控制列表以允许必要的流量。
验证身份验证和授权设置:检查Azure Functions应用程序中的身份验证和授权配置。确保必要的身份验证机制已经准备就绪,并且已授予访问编排所需的适当权限。
检查是否在您的Docker容器前面有反向代理或负载均衡器:如果您的设置中有反向代理或负载均衡器,请确保它已正确配置以将HTTPS流量传递给您的Docker容器。
检查Terraform部署配置:验证Terraform部署脚本是否正确处理了Azure Functions应用程序的HTTPS配置。确保任何必要的配置选项已正确设置。
审查应用程序代码:仔细检查应用程序代码和任何授权中间件,确保它们正确处理HTTPS请求。可能存在一些条件逻辑或配置错误导致HTTPS请求出现403错误的情况。
英文:
Here's a few things you can try:
Ensure the HTTPS endpoint is correctly configured in your Docker container: Verify that the Dockerfile and the container configuration are set up to handle HTTPS traffic correctly. Make sure the appropriate certificates and bindings are in place.
Verify the HTTPS configuration in Azure Functions: Ensure that the Azure Functions app has the necessary configuration to handle HTTPS requests. Check that the SSL binding is correctly set up in the Azure portal.
Check the firewall and networking settings: Ensure that the firewall and networking settings for your Azure Functions app allow inbound HTTPS traffic. You might need to configure network security groups or access control lists to allow the necessary traffic.
Verify the authentication and authorization settings: Check the authentication and authorization configuration in your Azure Functions app. Ensure that the necessary authentication mechanisms are in place and that the appropriate permissions are granted to access the orchestration.
Check if there's a reverse proxy or load balancer in front of your Docker container: If you have a reverse proxy or load balancer in your setup, ensure that it is correctly configured to pass the HTTPS traffic to your Docker container.
Check the Terraform deployment configuration: Verify that the Terraform deployment scripts correctly handle the HTTPS configuration for your Azure Functions app. Make sure that any necessary configuration options are set correctly.
Review the application code: Double-check the application code and any authorization middleware to ensure they are correctly handling HTTPS requests. It's possible that there might be some conditional logic or misconfiguration that causes the 403 error for HTTPS requests.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论