azure-nodejs-production

# Express/Node.js Production Configuration for Azure

## Overview

When deploying Express/Node.js apps to Azure (Container Apps, App Service), you MUST configure production settings that aren't needed locally.

## Required Production Settings

### 1. Trust Proxy (CRITICAL)

Azure load balancers and reverse proxies sit in front of your app. Without trust proxy, you'll get:
- Wrong client IP addresses
- HTTPS detection failures
- Cookie issues

```javascript
// app.js or server.js
const app = express();

// REQUIRED for Azure - trust the Azure load balancer
app.set('trust proxy', 1);  // Trust first proxy

// Or trust all proxies (less secure but simpler)
app.set('trust proxy', true);
```

### 2. Cookie Configuration

Azure's infrastructure requires specific cookie settings:

```javascript
// Session configuration
app.use(session({
  secret: process.env.SESSION_SECRET,
  resave: false,
  saveUninitialized: false,
  cookie: {
    secure: process.env.NODE_ENV === 'production',  // HTTPS only in prod
    sameSite: 'lax',  // Required for Azure
    httpOnly: true,
    maxAge: 24 * 60 * 60 * 1000  // 24 hours
  }
}));
```

**Key settings:**
- `sameSite: 'lax'` - Required for cookies to work through Azure's proxy
- `secure: true` - Only in production (HTTPS)
- `httpOnly: true` - Prevent XSS attacks

### 3. Health Check Endpoint

Azure Container Apps and App Service check your app's health:

```javascript
// Add health check endpoint
app.get('/health', (req, res) => {
  res.status(200).json({ status: 'healthy', timestamp: new Date().toISOString() });
});

// Or minimal version
app.get('/health', (req, res) => res.sendStatus(200));
```

**Configure in Container Apps:**
```bash
az containerapp update \
  --name APP \
  --resource-group RG \
  --health-probe-path /health \
  --health-probe-interval 30
```

### 4. Port Configuration

Azure sets the port via environment variable:

```javascript
// Listen on Azure's port or default to 3000
const port = process.env.PORT || process.