I need guidance on how to set up self-hosted retool on Azure VM behind Application Gateway.
Expected Architecture: Retool VM located in a subnet with full outbound access on all ports and inbound access exclusively from Application Gateway in a separate subnet. App GW listens on 80 and 443 and redirects 80 to 443. App GW holds a certificate for the domain name. Ideally, I'd expect SSL termination behind the GW, but it looks like by default Retool isn't configured for that scenario. Okay, let's do double encryption, but how?
Reality: I've configured App GW, DNS and certificate, set up the VM following the guide "Deploy Self-hosted Retool on Azure Virtual Machines" and pointed 80 to 80 and 443 to 443. The only setting when I can ever reach the backend from its own subnet is:
docker.env
DOMAINS=<local private IP>
Putting domain name or public IP in DOMAINS makes the backend inaccessible.
Besides that, the backend is never accessible from the App GW, whatever setting ends up with 502.