Hello @Matthijs van Zetten
You are using your app on https://0.0.0.0:5001 and it has target Port on 5001 in your Container App config, which looks good, but the error upstream connect error or disconnect/reset before headers usually means the ingress cannot talk to with your app.
ACA ingress only supports HTTP over TCP, it terminates TLS at the ingress not inside your container. So when your app listens for HTTPS, the ingress can't speak HTTPS to your container, it expects plain HTTP on the target Port. That’s why it resets the connection.
To fix please follow the below steps:
You can change app to listen on plain HTTP inside the container (e.g., http://0.0.0.0:5000)
Also you have to Set the
ASPNETCORE_URLS=http://0.0.0.0:5000
in your Dockerfile, Then Update your Docker EXPOSE 5000 and set targetPort: 5000 in the Container App.
After that you can redeploy and test it using your custom domain. Azure ingress will handle HTTPS externally, and your app just needs to serve HTTP internally.
Let me know if you want to keep HTTPS inside the container, but you would need to bypass ingress and expose the container differently, which is not recommended.
This is only feasible in specific scenarios, such as when using TCP-based ingress instead of HTTP, utilizing Azure Container Apps jobs with private networking or direct IP routing, or building an internal mesh where containers communicate via mTLS though often still HTTP at the ingress. For most use cases like public web APIs and apps, it is best to let ACA manage HTTPS at ingress.