YARP configured with Azure AD authentication and Let's Encrypt certificates
Components combined:
- YARP
- Azure AD authentication
- Let's Encrypt using LettuceEncrypt
Follow these instructions
and set redirect uri to be: https://<youraddress>/signin-oidc
and remember to enable ID tokens
under authentication.
Uses DefaultAzureCredential for authentication towards Azure Key Vault.
Important environment variables:
- AZURE_CLIENT_ID
- AZURE_TENANT_ID
- AZURE_CLIENT_SECRET
# Build container image
docker build . -t yarp-aad-le:latest
# Run container using command
docker run -p "2001:8080" yarp-aad-le:latest
- Ability to create DNS record e.g.,
app.contoso.com
or alternative use ACI provided e.g.,<aci>.<location>.azurecontainer.io
- Access to Azure DNS Zone (or other provider)
- Register Azure AD App to match DNS record
- Set redirect uri to be:
https://<your-domain>/signin-oidc
- Enable
ID tokens
under authentication - Take note of following variables:
AZURE_CLIENT_ID
: Application (client) ID of app registrationAZURE_TENANT_ID
: Directory (tenant) ID of app registration
- Set redirect uri to be:
- After deployment create
A
record to point to deployed IP Address (if using custom DNS hostname)
See step-by-step instructions from deploy.sh.