Azure Container Apps - 404 / cannot find well-known configuration paradox
Hey folks, i have Zitadel running within an azure container app and cant seem to make calls to its api suite from my dotnet application. I'm using Terraform to provision my Zitadel instance with the following (abstract) configuration:
where container app name is the name of my running container, and
var.domain is the default_domain of my container app environment (funnelled into my module using the azurerm provider https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_app_environment#default_domain-2) . Zitadel_ExternalSecure is set to true and tlsmode is set to external.
Within my app, i have https://<containername>.<cae_domain> as my base url for Zitadel (e.g. this will yield https://zitadel.somecustomdomain.azurecontainerapp.io). I do not have the port suffixed as part of the configuration within the app here. Using the Smartive package for dotnet, when i make a call to the get organizations endpoint, I get a 404 back. When I add the port number (which works with my local docker setup) to my applications configuration, i get a "well-known config cant be found" error. Which I also get back when navigating in the browser to endpoint with the port number attached. My ACA replica is running green and I can navigate to the console, I just cant seem to call any APIs from my application.
I am no doubt missing something glaringly obvious here. Does anyone know what has to be set as the external domain for Zitadel in relation to container apps, and what the configuration should be within any calling application in order to call the Zitadel apis?2 Replies
Hi @Andy, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
Based on the sources, there are a few issues with your Azure Container Apps setup:
Azure Container Apps Command Configuration Issue
Your deployment might be failing due to incorrect command configuration. For Azure Container Apps, you should use
args instead of command (1) :
External Domain Configuration
Your ZITADEL configuration appears correct for Azure Container Apps. However, ensure your external domain matches exactly what's accessible from your .NET application (2) . The configuration should be:
- ZITADEL_EXTERNALDOMAIN: Your container app's FQDN (without protocol)
- ZITADEL_EXTERNALPORT: 443 for HTTPS
- ZITADEL_EXTERNALSECURE: true
API Client Configuration
For .NET API integration, the client should be configured with the complete API URL (3) :
Where apiUrl should be your complete ZITADEL domain (e.g., `https://zitadel.somecustomdomain.azurecontainerapp.io%60) .
Common Issues Behind Reverse Proxies
The 404 errors and "well-known config can't be found" suggest ZITADEL might not be correctly identifying the external domain. This is similar to reverse proxy issues where the API endpoints return incorrect URLs (4) .
If you continue experiencing issues, click the "Ask for help" button to tag a team member for more specific Azure Container Apps guidance.
To learn more, see the sources I considered:
[1] Deployment of Zitadel to Azure Container apps is failing
[2] Expose Zitadel UI to AWS ALB
[3] Integrate ZITADEL APIs into a .NET Application
[4] environment.json has wrong API endpoints behind reverse proxy and I can't log in
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.Hm what does the zitadel container print to stdout? You should be able to see if it picks up on the config there.