Don't override the hostname on the application gateway - Githubissues

Azure / aca-landing-zone-accelerator

The Azure Container Apps landing zone accelerator is an open-source collection of architectural guidance and reference implementation to accelerate deployment of Azure Container Apps at scale.

https://aka.ms/aca-lza

MIT License

168 stars 80 forks source link

Don't override the hostname on the application gateway #142

Open vermegi opened 1 month ago

vermegi commented 1 month ago

Currently these templates override the hostname on the application gateway. This is an anti-pattern which can break things like cookies and logins and stuff. The problem and why it's important NOT to do hostname override is described here: https://learn.microsoft.com/en-us/azure/architecture/best-practices/host-name-preservation

The problem in the current LZA templates is here: https://github.com/Azure/aca-landing-zone-accelerator/blob/4f6c5b29d08ccc89fce1f563a50037076c9db3b3/scenarios/aca-internal/terraform/modules/06-application-gateway/main.tf#L101C7-L101C43 (I haven't checked the bicep templates, but might be the same problem exists there as well).

I have a sample repo that configures the app gw correctly: https://github.com/Azure-Samples/azure-spring-apps-multi-zone/blob/df93abdb340323f13feb2f4231d0d0382f4031d1/tf-deploy/modules/appgw/main.tf#L62-L71 it has the ability to do this both with a self-signed and a proper cert.

vermegi commented 1 month ago

Also, didn't check whether the same problem exists on the AFD. There as well I have a sample repo that configures it correctly using TF: https://github.com/Azure-Samples/azure-spring-apps-multi-region