azurenginxreverse-proxyazure-container-apps

Nginx reverse proxy to FastAPI Azure Container App returns 404

I'm trying to setup an nginx reverse proxy on Azure Container Apps. I have an nginx container and a FastAPI container in a Container App Environment with simple manual virtual network + subnet + private DNS zone. The nginx ingress is set to external and the API ingress to internal.

When I go to the public URL for the nginx container I get the blue Azure screen:

"Error 404 - This Container App is stopped or does not exist."

I can reach the nginx container itself because I included an /nginx location in the nginx config that serves a html file, which I can access.

I can also reach the API container from within the nginx container: when I attach to the nginx Container App on Azure, I can curl the API at http://api-container:80 and get the expected response.

This makes me think there's an (Azure-specific?) problem with the nginx configuration. The nginx reverse proxy also works locally with Docker Compose.

Some advice would be much appreciated! The nginx config looks as follows:

error_log /var/log/nginx/error.log debug;

worker_processes auto;

events {
    worker_connections 1024;

}

http {

    upstream chat_api_group {
        server chat-api:80; # Container name
    }
    
    server {
        listen 80;

        # Forward all requests to the chat api webserver
        location / {
            proxy_pass http://chat_api_group/;

            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            
            proxy_http_version 1.1;
            proxy_ssl_server_name on;

            # For some people these lines helped, for me they don't
            proxy_pass_request_headers on;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_redirect off;
            proxy_buffering off;

        }


        # To verify that the nginx server is running regardless of its proxy forwarding
        location /nginx {
            alias /usr/share/nginx/html/;
            index index.html;
        }
    }
}
Solution

  • I had to manually set the Host header to the hostname (the container name in my case):

    proxy_set_header Host chat-ui;  # Set Host header explicitly to chat-ui

    When I ran a nslookup <api-container-name> from within the nginx container, I noticed that curl <resolved-ip-address> gave a 404, while a curl <api-container-name> got me a 200.

    I don't entirely understand what's going on, but it seems Azure's internal routing system uses the Host header to find the right service, and the internal IP of that service is not meant to be used directly. I guess nginx sets the Host header to itself rather than the container it's forwarding to.

    If anyone has a better explanation, let me know!