Join Log in
Score:1
Simao Gomes Viana avatar Server

How to map ports in Azure Container Instances via Terraform?

ua flag
Simao Gomes Viana

I have two containers in my container group on Azure using Azure Container Instances (ACI), one (container A) exposing ports 80 and 443 to the internet (reverse proxy), the other one (container B) also running on port 80. How do I map container B's port 80 to a different port, say 8080, so that the two containers don't collide with ports on localhost (on Azure, containers inside a container group can reach each other via localhost)?

I can't use 8080:80 because it needs to be a number and I don't see any other way to specify this. If I specify port 80 on container A, the reverse proxy just loops onto itself, essentially reverse proxying the reverse proxy (normally container B's port 80 would be reachable on localhost)

Example:

resource "azurerm_container_group" "main_containers" {
  name                = "containergroup"
  location            = var.location
  resource_group_name = var.rg_name
  ip_address_type     = "public"
  dns_name_label      = local.dns_name_label
  os_type             = "Linux"
  restart_policy      = "Always"
  tags                = var.tags

  container {
    name   = "nextcloud"
    image  = "nextcloud"
    cpu    = "0.8"
    memory = "0.8"

    environment_variables = {
      MYSQL_DATABASE = azurerm_mariadb_database.nextcloud_database_db.name
      MYSQL_USER     = azurerm_mariadb_server.nextcloud_database.administrator_login
      MYSQL_HOST     = azurerm_mariadb_server.nextcloud_database.fqdn
    }

    secure_environment_variables = {
      MYSQL_PASSWORD = azurerm_mariadb_server.nextcloud_database.administrator_login_password
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_nextcloud_data_share.name
      mount_path           = "/var/www/html"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_nextcloud_data_share.name
    }

    ports {
      # This is what I want to do but it fails with:
      # Inappropriate value for attribute "port": a number is required.
      port = "8080:80"
      protocol = "TCP"
    }
  }

  container {
    name   = "reverse-proxy-https"
    image  = "caddy"
    cpu    = "0.2"
    memory = "0.2"
    commands = [
      "caddy", "reverse-proxy",
      "-from", local.public_domain_name,
      # this is where I would tell to reverse-proxy to 8080
      "-to", "localhost:8080",
    ]

    ports {
      port     = 80
      protocol = "TCP"
    }

    ports {
      port     = 443
      protocol = "TCP"
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_caddy_data_share.name
      mount_path           = "/data/caddy"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_caddy_data_share.name
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_caddy_config_share.name
      mount_path           = "/config/caddy"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_caddy_config_share.name
    }
  }
}
495
0 + 0
Simao Gomes Viana avatar
ua flag
Simao Gomes Viana
This only applies to **some** images: You can use the `secret` volume type to overwrite directories in the container – example: `volume { secret = { "000-default.conf" = base64encode(<<-EOT <VirtualHost *:8080> ... </VirtualHost> EOT) } mount_path = "/etc/apache2/sites-enabled" }`. This is misusing the `secret` volume type – what it really does is mount "inline" files into the container. This allows for easy configuration without modifying the image.
0
Reply
Simao Gomes Viana avatar
ua flag
Simao Gomes Viana
Addendum to previous comment: It should be noted, that for nextcloud, just overwriting 000-default.conf is not enough. You need to do it for the entire apache2.conf and that means all files in /etc/apache2. Doable, but annoying.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.