Forum Discussion
Troubleshooting Azure Function App Proxy with Private Blob Container Access for Static Web App
Recently, I shared a problem I’m facing in my testing environment with a friend. I’ve decided to bring this issue to an open forum discussion to gather additional insights. I hope you can help me fig...
Please try the below approcah.
1. Check Permissions - Ensure the Function App's Managed Identity has the Storage Blob Data Reader or Contributor role on the Blob Container.
2. Update Proxy Config - Confirm the proxy proxies.json correctly points to the private Blob Container.
{
"route": "/static/{*path}",
"backendUri": "https://<storageaccount>.blob.core.windows.net/<container>/{path}"
}
3. Private Endpoint - If Blob access is blocked, create a Private Endpoint for the Blob Storage. Integrate the Function App with the same virtual network and configure private DNS to resolve Blob URLs.
4. Test Access - Use Managed Identity to verify the Function App can list Blob contents.
Example
from azure.storage.blob import BlobServiceClient
from azure.identity import ManagedIdentityCredential
# Use Managed Identity to access storage
5. Enable Logs - Check logs for errors in Function App and Blob Storage to troubleshoot further.
This setup should enable secure access while keeping your Blob Container private.
