Hi I have a PHP application installed in the Azure web app, in that application users can add there own domain as cname alias custom domains through submission of a form which already implemented, what I need is the option to bind Azure App managed SSL certificate to that custom domain so the customers can access the website in https, I am looking for a REST API for this functionality is it possible to automate this feature.
I've listed below the REST APIs you can use:
https://learn.microsoft.com/en-us/rest/api/appservice/certificates/createorupdate
to create the app service certificate.
https://learn.microsoft.com/en-us/rest/api/appservice/domains/createorupdate
to create the domain.
https://learn.microsoft.com/en-us/rest/api/appservice/webapps/createorupdatedomainownershipidentifier
to assign the domain to the app service.
Related
We are trying to add a custom domain that integrates an Akamai edge hostname which we have already setup with our Azure App Service. The goal here is this mappping :
site.com -> site.com.edgekey.net -> site.azurewebsites.net
However in the App Service custom domain blade you can only go from :
site.com -> site.azurewebsites.net.
There is no way I can see that you can add the Akamai edge hostname. I've looked at the Azure CDN option but that only allows you to purchase CDN service from Azure, then integrate that into your App Service.
Is there a way to integrate an Akamai edge hostname into an Azure App Service custom domain?
As you know, we can add a root domain contoso.com or a subdomain www.contoso.com or a wildcard domain *.contoso.comin in the custom domain of web app service. You could follow this tutorial: Map an existing custom DNS name to Azure App Service
However, in this case, if you have custom domain site.com to the custom domain of web app service, you can add its subdomain sub1.site.com to the hostname. If you want to map site.com.edgekey.net -> site.azurewebsites.net you at least need a domain com.edgekey.net, then you can use a CNAME record name site in such domain com.edgekey.net to your web app service. I think it's impossible as the domain com.edgekey.net is not compatible.
If you want to use Azure CDN, Azure CDN support to add your custom domain to Azure CDN endpoint. You could view the details here. Let me know if you have any question.
I have put my app behind azure application gateway. I can access my app using the application gateway through this url: https://myapps.westus.cloudapp.azure.com/myapp
My app requires azure ad so I and I am prompted to login (with azure AD), after I login I am redirected to: https://myapp.azurewebsites.net/signin-oidc
But I want my app url to be masked by the gateway name: https://myapps.westus.cloudapp.azure.com/myapp
How do I configure my app to be masked by the url, after I sign in through azure AD. I am using a path based rule for my backend pool as /myapp
Based on my understanding, you want the reply URL for your web app authentication is the myapps.westus.cloudapp.azure.com instead of the *.azurewebsites.net hostname. Since it's impossible to add the Azure provided DNS name of app gateway as the hostname for your web app, you can do this with a custom domain. These will correctly redirect the client browser to the custom domain that routes through the Application Gateway after authenticating. These steps ensure the reply URL is the custom domain and you can still monitor requests through the Application Gateway.
Main steps:
Add a custom domain to your web app service.
Configure an SSL certificate for the custom domain.
Set up Azure Active Directory authentication using the Authentication / Authorization feature on the App Service.
Configure the proper reply URLs. If you configured your custom domain before setting up Azure Active Directory authentication, both your *.azurewebsites.net and custom domain URLs should be configured for the reply URLs. If your custom domain is not there, be sure to set up the reply URL as https://<custom domain>/.auth/login/aad/callback.
The default configuration for the backend HTTP setting uses -PickHostNameFromBackendAddress. By instead, you could use the -HostName <enter your custom domain i.e www.contoso.com> configuration for the backend HTTP settings.
In the end, browse to your custom domain over HTTPS, login using Azure Active Directory, and you’ll be authenticated to your site over the custom domain. You could refer to this blog: Setting up Application Gateway with an App Service that uses Azure Active Directory Authentication
I have an Azure Webapp on a Standard 1 Small App Service Plan, I deployed my application successfully to the webapp, but now I need to test it using a specific domain name that on client side could be configured using hosts file.
The problem is that the Azure webapp will only "recognize" the custom/specific domain (ex: myapp.mydomain.com) if I configure a Custom Domain that uses public DNS and I can't (at this moment) configure the existing domain name to be a CNAME to the Azure webapp because it is production environment, I can and will make the CNAME after the application is tested not before.
My application requires to be called by the specific domain name.
So how can I test my application on Azure webapp using a custom domain but without using public DNS using only my hosts file client side?
note: this problem doesn't even exist in AWS Beanstalk so why is this so complicated with Azure webapp. Its pretty basic
You can preemptively associate your custom domain name with your web app and test it via a client using the host file. To verify domain ownership, Add a TXT record. The TXT record maps from awverify.<subdomain> to <appname>.azurewebsites.net. Steps to do this are outlined here:
https://learn.microsoft.com/en-us/azure/app-service/manage-custom-dns-migrate-domain
Using App Service, I don't think you can do this.
It configures the underlying app to only listen for domains configured in the Web App.
So if you don't add the domain as a custom domain, requests won't be routed to the app.
The reason is that IP addresses are shared, so Azure relies on the Host header to route your request correctly.
You can add the custom domain without CNAME / A record by using the awverify record mentioned by Ken.
I'm developing a multitenant web app hosted in azure. Tenants point their domain to my app and this is how I distinguish between them. So client1.com and client2.com both point to myapp.azurewebsites.net but depending on which url a user came from I serve different pages.
How can I add SSL certificate(s) to that website so nobody gets an invalid domain name error?
Thanks
When you put the website in the correct pricing tier you can add custom domains and ssl certificates yourself.
After you add your domains (client1.com, etc) and after you add your certificats (for client.com,etx) you can set an ssl binding.
That way it should work.
Here are some useful links: https://azure.microsoft.com/en-us/documentation/articles/web-sites-custom-domain-name/ (to add a custom domain to the website)
And here how to add the ssl binding (check step 3) https://azure.microsoft.com/en-us/documentation/articles/web-sites-purchase-ssl-web-site/
Currently my application url coresponds to HTTP only. How can I make it compatible with HTTPS also.. Can I do that specifically to single service only.
For first you should upload your SSL certificate through Azure Management panel (.pfx with private key) and attach it to your cloud service or web site.
Then setup HTTPS endpoint for your WEB API web role within your Azure cloud project, there you should also define SSL certificate thumbprint.
Regards.