I have a Dockerfile with a simple dotnet based http api endpoint. When I deployed it, it just worked! Even with https redirects! That’s great! But there are a few things I don’t understand.
I never exposed or mapped any ports from the container in the setup. Is there something happening there by default? Is there a default 80:80 mapping when running the container?
When an incoming request is received over http that’s redirected to https and 443 by Render. But is that then again mapped over to the 80 port of my container? Is there never a case where the container itself should be exposed on the 443 port of the container host?
When you deploy a web service, including those that use custom Dockerfiles, Render does port detection to figure out where it should forward incoming traffic for your service. If you’re using a particular port, you can speed up port detection by setting a PORT environment variable, but this isn’t necessary. You don’t ever need to expose port 443 or even port 80 for that matter. Render will find the open port where your server is listening for HTTP traffic.
As you picked up on, all requests to Render services go over HTTPS. HTTP requests are redirected to HTTPS, our load balancer terminates TLS for your service, and requests are forwarded on to your HTTP service inside a private network.
In other words, you can just serve everything over HTTP using whatever port you like and Render automatically encrypts all traffic.
Is there any way to force Render to pick another port?
I’m using the Hasura image hasura/graphql-engine:v1.3.3.cli-migrations-v2 which is opening two ports during its startup phase, and Render is picking the wrong one (9691 instead of 8080).
Even with https redirects! That’s great! But there are a few things I don’t understand. 
As I said, it just worked, first try for me.
