Nginx Reverse Proxy To Azure Web App (Source:
Nginx Reverse Proxy To Azure Web App (Source:


Eigene Domain-Namen bei Azure Web Apps sind nicht kostenlos möglich. Durch einen Nginx Reverse Proxy von einem externem Server/Anbieter zu Azure Cloud kann man das Problem umgehen.


Eigene Domain auf Server mit nginx (inklusive Letsencrypt, kostenlose SSL-Zertifikate)
nginx reverse proxy
Azure Web App (zb. ASP.NET) –> proxy –>

Nginx Config (Reverse Proxy zu Azure Web App)

server {
     listen 80;
     location /.well-known/acme-challenge { 
     default_type "text/plain";
     root /var/www/letsencrypt;
     location / {
     return 301 https://$server_name$request_uri;

upstream app_webappname {                           
 server {
     listen 443 ssl http2;
     ssl on;
     keepalive_timeout 300;
     # letsencrypt
     ssl_certificate /etc/letsencrypt/live/;
     ssl_certificate_key /etc/letsencrypt/live/;
     # Cipher
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;
     ssl_dhparam /etc/ssl/private/dhparam.pem; ssl_ecdh_curve secp384r1;
     ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
     # OSCP
     ssl_stapling on; ssl_stapling_verify on;
     resolver valid=300s;
     resolver_timeout 5s;
     ssl_trusted_certificate /etc/letsencrypt/live/;

     # proxy to upstream
     location / { proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host;
     proxy_set_header X-Forwarded-Proto $scheme;
     #proxy_set_header X-NginX-Proxy true;
     proxy_ssl_session_reuse off;
     proxy_pass https://app_webappname/;
     proxy_redirect off;

Azure Web App Einstellungen

Networking –> Access Restrictions
Nur Traffic von Reverse Proxy Server zulassen.
Neue Regel (Add rule) –> allow IP (IP vom nginx proxy Server)

TLS/SSL settings –> Bindings
HTTPS Only –> auf „On“

Quellen und weitere Informationen:

Last modified: September 26, 2019



Write a Reply or Comment

Your email address will not be published.