ASP.net core docker https on Azure App Service Containers
After searching everywhere I was able to put together a bunch of obtuse references and come up with the solution.
Kestrel will be in HTTP mode, but will be told that it's in HTTPS mode by way of ForwardedHeaders from the reverse proxy. In the case of Azure there is a specific set that you must use. Others will require other options and may require additional setup. This documentation will help you in the generic case but doesn't have what's necessary for Azure: ASPNet Core Reverse Proxy and Load Balancer Configuration
If you're using IIS, it just works because it's built in, or you've added the UseIIS in the past versions of Core.
For Azure Web Services on a container OR base Linux you need to add the following Nuget package:
Microsoft.AspNetCore.HttpOverrides
Once that is added in the Configure in Startup.cs as the very first thing you need to add the following:
var forwardOptions = new ForwardedHeadersOptions{ ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, RequireHeaderSymmetry = false};forwardOptions.KnownNetworks.Clear();forwardOptions.KnownProxies.Clear();app.UseForwardedHeaders(forwardOptions);Note that without the KnownNetworks and KnownProxies Clear() it won't work. And it won't work without RequireHeaderSymmetry = false so you need all of it.
On the ForwardedHeaders you'll want to try and avoid .All or the other option that is listed because it has a security vulnerability.
Then in application settings you need to add WEBSITES_PORT=80, ASPNETCORE_URLS=http://+:80 and ASPNETCORE_HTTPS_PORT=443. Until all of these are in you will continue to get a slightly different error.
Note: This won't fix Swagger's validator. It has other issues because the validator is wrong. The json is still valid but the domain is different so it freaks out. The easy way to solve that is in UseSwaggerUi set options.EnableValidator(null);
app.UseSwaggerUI( options => { options.EnableValidator(null); });