How to deploy a docker container using dotnet core and nginx to azure

So I’m pretty decent at using nginx and dotnetcore to setup a secure server on bare metal or a virtual machine. My new company uses Azure and I mostly use AWS at home. I’m still a little green when it comes to docker and containerizing applications. I tested a container locally that works, this is the docker file:

FROM AS base

FROM AS build
COPY ["BrandArmorRest.csproj", "./"]
RUN dotnet restore "./BrandArmorRest.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "BrandArmorRest.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "BrandArmorRest.csproj" -c Release -o /app/publish

FROM base AS final
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "BrandArmorRest.dll"]

While I was playing with containers, I needed to get something online to test with, so I have an nginx application running in the way I normally push to the cloud with an AWS EC2 instance. I configure nginx with the cert and the key, get the TLS to an A-rating, etc. Dotnet core runs as a system service behind the reverse proxy.

But now I’m not sure of the next steps. I basically am tired of manually doing this setup everytime I make a website, so I felt like containers would be a great way to reuse my configuration code. I lost my private key once to my AWS instance and then had to reconfigure everything, so it put me in the mood to upgrade my skill set.

So locally I would do

docker build -t idfk .
docker run --rm -d -p 5000:80/tcp brandarmor:latest

Then navigate to localhost:5000 and everything is good. I saw this post about just adding nginx on top of it Install nginx on an existing core docker container. But then I wasn’t sure about the security aspects. Like what about the TLS. I mainly use nginx to terminate the encryption, but maybe docker / azure / kubernetes already has a system for doing that, thereby making the need for nginx not really there. I just want to deploy a simple web api that isn’t in production yet, so the whole scaling/load balancing thing isn’t really important at this stage. I guess my question is this. How do I go from this container, developed locally, to azure without building a sky scraper. Do I need the nginx layer, or does azure have its own internal way of doing that? If I do need the nginx layer, how do I keep the RSA encryption secure? In other words, dropping the private key and cert in my git repo sounds like an awful idea, but what are the alternatives. I don’t have any DNS requirements, so it could have some generic azure name, as long as it’s https. Thanks in advance for any advice.

Source: StackOverflow