I currently host a static web app on Azure Blob Storage which uses an SSL cert that I have on Azure Key Vault -- see picture below.
My question is hosting second and third static web apps -- which will also have their own SSL certs coming from Azure Key Vault. Do I need separate storage accounts for each static website I want to host on Azure Blob Storage?
All the files come from $web container and I'm not sure if there's a way to pull web site content from another container on Azure Blob Storage.
Do I need separate storage accounts for each static website I want to host on Azure Blob Storage
Yes, you would need to add new storage accounts and create custom domains and SSL certs for each account.
That's why I would propose a different solution:
Use one Azure Front Door, add one (or multiple, if you need to) custom domains to it. Either reference your custom SSL cert from KeyVault or - even better - use the FrontDoor-managed certificates. Then create one storage account and create a new container for each web site you want to host. You dont even need to enable static website for this to work if you just make the containers public-read.
Then add the storage account as a backend in Front Door and different routing rules to the different containers. The routing rules could either be based on the path or, if you add different domain names for each site to Front Door, based on the domain.
Related
I would like to host a static website over the Blob Storage of Microsoft Azure. Is it possible to have the website hosted at the root of the domain (aka http://contoso.com rather than http://www.contoso.com) while using the Blob Storage?
Custom domain mapping to an Azure Blob Storage static website works only for subdomains (for example: www.contoso.com).
If you want your web endpoint to be available on the root domain (for example: contoso.com), then you'll have to use Azure CDN Map a custom domain with HTTPS enabled or Azure Static Web Apps.
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name?tabs=azure-portal#map-a-custom-domain-with-https-enabled
I have an Azure storage account with a static website on the blob service enabled. I also have configured custom domain for my blob service. To be able to serve my website over HTTPS on the custom domain I need to somehow apply my certificate. How can I do it?
p.s.
I don't want no CDN
To be able to serve my website over HTTPS on the custom domain I need
to somehow apply my certificate. How can I do it?
Unfortunately it is not possible as of writing this answer because Azure Storage still doesn't have the ability to allow you to bring your own certificates. You will need to use CDN if you want HTTPS enabled custom domain mapped to your static website hosted in Azure Blob Storage.
From this link:
It's easier to enable HTTP access for your custom domain, because
Azure Storage natively supports it. To enable HTTPS, you'll have to
use Azure CDN because Azure Storage does not yet natively support
HTTPS with custom domains. see Map a custom domain to an Azure Blob
Storage endpoint for step-by-step guidance.
You can use an application gateway instead of CDN, here is a recipe:
https://github.com/easkerov/azure-sa-custom-domain-ssl-sample
I just need to know when to use the Origin Types in Azure CDN endpoints.
I have already created a Web App service and when I create an endpoint, i am presented with a list of Origin Types: Storage,Web App,Cloud service,Custom origin. If I choose Web App, I see my Web App. If I choose Storage, I see the storage account i created. My purpose is to have a fast web app by caching all "cachable" assets.
When creating an Azure CDN endpoint, what or when should I use the following Origin Types :Storage,Web App,Cloud service,Custom origin?
I have not seen any documentation that provides any guidance on this.
For Azure service like Storage, Web App, Cloud service, you can use that respective origin type, for other public custom name or IP address, you can select Custom origin. See the process of creating a CDN endpoint.
Especially, if you host a static website on the Azure storage account. To make your static website files available over your custom domain and HTTPS, see Using the Azure CDN to access blobs with custom domains over HTTPS. As a part of this process, you need to point your CDN to the primary static website endpoint as opposed to the primary blob service endpoint. If so, you can select primary static website endpoint in the custom origin, see details here.
Anyone can find a workaround for having custom domain pointing to azure blob? Can application gateway pointed to there? how?
Facts :
- Azure blob does not support custom domain for SSL
- Using custom domain with SSL will prompt security concern due to the assets is from different SSL cert.
No. Currently there is no support for custom domains with SSL on Azure Storage services.
Give your vote here to help get this prioritised!
I have been using Application Gateway with my custom SSL to access BLOB.
Create a Application Gateway instance.
Add your custom SSL inside the SSL Settings in the App Gateway.
Configure backend pool and listener in App gateway.
Create a container and upload an image into it, copy the image URL. Replace the image domain BLOB URL with the Application Gateway IP. Request the image.
For retrieving sensitive files: Once you get the image, remember to turn off the Allow Blob public access toggle in your Storage Account settings.
Is there any way to host static website (HTML + CSS + JS) in Azure? Like we do Amazon S3 Static Website hosting, they charge only for storage.
UPDATE: 29-June-2018
It is now possible to host static websites in Azure Storage. You can read more about it here: https://learn.microsoft.com/en-gb/azure/storage/blobs/storage-blob-static-website
As of today, no. Azure doesn't have an equivalent of that. You can however host static sites as Web Apps and for free as well if you're comfortable with the restrictions with free tier.
It's not officially supported, but if you hosted your site in Azure Blob Storage's root container and made the container publicly accessible, you could probably achieve the same affect. You can even give the blob storage account a custom domain name.
Only downside is that you'll have to figure out a good deployment story. Two of your options are to use an FTP-like client such as CloudBerry to manually deploy your site, or write your own deployment script using the blob storage api
I found a way to host a static website in an Azure blob, using a subdomain and an http re-direct
I do the following
1) In Azure I create a storage account with a container ( called docs ) that has Blob access policy.
2) I upload my static website to the docs container using the storage explorer. This includes some PHP files in a sub folder.
3) In the DNS I set up a cname record for a subdomain ( called info say) with alias myblob.blob.core.windows.net ( where myblob is the name of my blob)
4) In the DNS I create an Http redirect for record to a file on the subdomain for www with url http://info.mydomainname.com/docs/index.html
5) In Azure I create a custom domain for info.mydomainname.com
My website then works however if someone knows the location of the PHP files then they can download them which means I must not store secrets in them.
I have asked if there is a work around here