my team and I are currently exploring using Azure static site blobs and CDN endpoints to host several web apps.
We have successfully deployed our static files to the blog storage and our entire test app loads on both the primary (name.abc.web.core.windows.net) and CDN (name.azureedge.net) endpoints. When it comes to mapping a custom subdomain via the “cdnverify” temporary step, however, I am unsuccessful.
I have very carefully followed and quintuple-checked all steps in the support doc "Tutorial: Add a custom domain to your Azure CDN endpoint" (here).
This is my current DNS config (via Namecheap).
When I skip the cdnverify step, e.g. assign the azureedge CNAME value directly to a host called “v2”, and add that as a custom domain in my Azure portal CDN blade, the subdomain begins loading the CDN endpoint and can even have a CDN-managed HTTPS cert deployed with no manual verification. A dig command to this host (v2.ourdomain.org) finds an expected response (view here).
Here's the rub, though. If I assign a CNAME host of “cdnverify.static” to “cdnverify.name.azureedge.net.” and add it as a custom domain in the portal’s CDN blade, however, this secondary subdomain never loads our endpoint, and cannot deploy an HTTPS cert. The Azure portal verified this host when added to the endpoint and a dig command to “cdnverify.static.ourdomain.org” shows this answer, which looks good.
A dig command to “static.ourdomain.org” returns no answer and a ping command says “unknown host”. This is expected since I’ve not created such a record yet, and so I am wondering how we’re meant to ensure this subdomain is verified as per the “Verify the custom domain” section in the above-mentioned doc.
It’s very important for us that the cdnverify host works and can be assigned a certificate before we permanently re-locate our domains as these apps are already in production. At this point, I am at a loss over what to try next. If possible, I’d love to know what step(s) I am missing, or what can further be done to diagnose the issue.
Many thanks to anybody who might have some advice!
The cdnverify subdomain is to create a temporary CNAME mapping to avoid interruption of web traffic. With this method, users can access your domain without interruption while the DNS mapping occurs. If you have not any existing web app work, you can skip the cdnverify step.
From your description, "a dig command to cdnverify.static.ourdomain.org shows this answer, which looks good." It indicates that the cdnverify host works and you have verified that. You just need to associate the custom domain with your CDN endpoint.
In this step, you enter your custom domain like static.ourdomain.org, including the subdomain. Do not use the cdnverify subdomain name.
After you have added the custom domain static.ourdomain.org successfully in the CDN endpoint.
At this point, your custom domain has been verified by Azure, but
traffic to your domain is not yet being routed to your CDN endpoint.
After waiting long enough to allow the custom domain settings to
propagate to the CDN edge nodes (90 minutes for Azure CDN from
Verizon, 1-2 minutes for Azure CDN from Akamai), return to your DNS
registrar's web site and create another CNAME record that maps your
subdomain to your CDN endpoint. For example, specify the subdomain as
www or cdn, and the hostname as .azureedge.net. With
this step, the registration of your custom domain is complete.
After you have completed the registration of your custom domain, verify that custom domain references your CDN endpoint.
Finally, you could freely remove the cdnverify CNAME record in your domain provider as it was necessary only as an intermediary step..
Ref: https://github.com/uglide/azure-content/blob/master/articles/cdn/cdn-map-content-to-custom-domain.md#how-to-map-custom-domain-to-content-delivery-network-cdn-endpoint
Related
I have an Azure web app to which I have mapped a custom domain from another registrar. The root domain works fine and is secured with a (free) Azure SSL cert. I have not been able to get the www. subdomain to work. (It is also secured with an Azure SSL cert.)
I have followed these three articles that detail the method to Map an existing custom DNS name to Azure App Service, Add a TLS/SSL certificate in Azure App Service, and Secure a custom DNS name with a TLS/SSL binding in Azure App Service.
When I browse to the example web app, astroguru.com, it displays a simple blazor server starter page as it should. If I browse to www.astroguru.com, I get a page not found with info icon in the address bar that says the site is not secure, as shown below:
Below are the DNS records that I have created exactly as described in the first article ref'd above, which include (and see image below):
an A record pointing to the IP address of the web service.
a TXT record containing the verification ID
a CNAME record for the www subdomain that the tutorials say must
point to the original site name (e.g. astroguru.azurewebsites.net)
along with another TXT record with the hostname asuid.www and the
same verification ID.
The image below shows the two secured URLs from the Azure portal.
The image below shows the two private key certs in the Azure portal that secure the two URLs above:
Can someone tell me what I've done wrong here?
Had to recreate the certificate and rebind.
I have a domain registered through GoDaddy.
Currently there is an A record where:
Host: #
Points To: IP Address
This is pointing to a server that is currently serving the site.
I also have the site in an Azure Storage static web blob, and the endpoint is serving up the site and all is good.
I have tried registering a custom domain via the "asverify" method (see below), and Azure reports that it works. My custom domain "example.com" is accepted and all appears good except, navigating to https://example.com never works (after disabling the A record above).
Create a CNAME record with your DNS provider that points from the "asverify" subdomain (like asverify.www.contoso.com) to asverify.staticweb.blob.core.windows.net or asverify.staticweb.z5.web.core.windows.net. After this step completes, enter your domain below (exclude the 'asverify' subdomain). This method does not incur any downtime. To use this method, select the 'Use indirect CNAME validation' checkbox.
I have done something similar previously with AppServices. I have another domain that I have added to an AppService that is not a subdomain (so it is https://anotherexample.com NOT https://www.anotherexample.com). That was done with adding a TXT record to the DNS at GoDaddy, and works perfectly.
Does Azure Storage allow you to do this with a non-subdomain? That is the only way that I want to access the site.
Does Azure Storage allow you to do this with a non-subdomain?
Unfortunately, Azure Storage does not allow you to use non-subdomains to perform this operation. The subdomain is required, root domains are not supported.
please see:here.
While Azure Storage doesn't allow it as stated by the other anwser. You could very easily place an Azure CDN infront of it that does. To do this from the portal just go to the storage resource and search for the Azure CDN blade. From there you can create an endpoint to the storage or its static website. After creating the endpoint you can go to the resource and use the Custom Domain blade to set it up using a CNAME record.
I have static website on azure storage, it's connected to azure cdn to have https, and i have my custom domain folla.com.pl I want this domain to point to https://companywebsitecdn.azureedge.net/ which is address of my website on azure cdn. I chose custom domain on cdn configuration site, it asks me to make dns mapping to verify ownership, so i make CNAME cdnverify.folla.com.pl to cdnveriy.companywebsitecdn.azureedge.net and it get me to other window with custom doamin https config. And here's my problem, it get's stuck on second step
How I'm suppouse to configure another mapping to make it work, what i mean is to make folla.com.pl to point to https://companywebsitecdn.azureedge.net/ with https. I can't proivde what i already tried with my dns because it was a lot and i don't remember all of it. Also it's already second try and everytime after failure I have wait 8 hours for another try. Thanks in advance
This is my DNS config
When you try to add your custom domain folla.com.pl in the custom domains settings of Azure CDN endpoint. Before this step, you should have a CNAME record in the following format in the DNS zone.
When you turn on the custom domain https, you don't need to make a CNAME cdnverify.folla.com.pl to cdnveriy.companywebsitecdn.azureedge.net. Read here.
If that CNAME record still exists and does not contain the cdnverify
subdomain, the DigiCert CA uses it to automatically validate ownership
of your custom domain.
If the CNAME record entry contains the cdnverify subdomain, follow the rest of the instructions in this step.
DigiCert sends a verification email to the following email addresses. Verify that you can approve directly from one of the following addresses and read here.
admin#<your-domain-name.com>
administrator#<your-domain-name.com>
webmaster#<your-domain-name.com>
hostmaster#<your-domain-name.com>
postmaster#<your-domain-name.com>
Automatic validation typically takes a few hours. If you don’t see your domain validated in 24 hours, open a support ticket.
When we tried to add a custom domain to our current Azure CDN endpoint, the CDN was down while it was trying to verify and issue an SSL certificate for the custom domain. I cancelled the process and everything came back after a few minutes.
I know that in the instructions it states to map the custom domain to the temporary cdnverify subdomain,https://learn.microsoft.com/en-us/azure/cdn/cdn-map-content-to-custom-domain#map-the-temporary-cdnverify-subdomain, but I think this is only if the URL we are using for the custom domain is in use. Is this correct?
Is there any way to avoid this downtime or should this not happen?
but I think this is only if the URL we are using for the custom domain
is in use. Is this correct?
Correct. The link states that when you map an existing domain that is in production. First map your custom domain to your CDN endpoint hostname with the Azure cdnverify subdomain to create a temporary CNAME mapping. so you can access your custom domain URL without interruption while the DNS mapping occurs.
Is there any way to avoid this downtime or should this not happen?
If you have verified that the cdnverify subdomain has been successfully mapped to your endpoint, you can then map the custom domain directly to your CDN endpoint hostname. After creating CNAME for your custom domain, you can delete the temporary cdnverify subdomain CNAME record. It should avoid this downtime.
I have an site hosted on Azure that I am trying to point a domain from Google Domains to.
My current configuration is as follows:
Name Type Data
# A XXX.XXX.XXX.XXX
www CNAME history-podcasts.azurewebsites.net
awverify CNAME awverify.history-podcasts.com
I am following the instructions from here: Configuring a custom domain name for an Azure Website.
When I go to the Azure portal to Manage Domain and attempt to enter the url in DOMAIN NAMES, I get the following message:
A CNAME record pointing from history-podcasts.com to history-podcasts.azurewebsites.net was not found. Alternative record awverify.history-podcasts.com to awverify.history-podcasts.azurewebsites.net was not found either
When I go to the URL for the domain, I get the following message:
The website you have attempted to reach is not available in this Microsoft Azure Web Sites region. This could be due to one of several reasons:
The web site owner has registered a custom domain to point to the Microsoft Azure Web Site, but has not yet configured Azure to recognize it. Click here to read more.
When a site owner wants to use a custom domain with a Microsoft Azure Web Sites website, Azure needs to be configured to recognize the custom domain name, so that it can route the request to the appropriate server in the region. After registering the domain with a domain provider and configuring a DNS CNAME record to point to the site's Azurewebsites.net address (for example, contoso.azurewebsites.net), the website owner also needs to go to the Azure Portal and configure the site for the new domain. Click here to learn more about configuring the custom domains for a web site.
This is the same configuration settings I am currently using for several domains through Namecheap with Azure hosting and they work as intended.
EDIT:
To summarize, here are the steps you need to take:
1) Create CNAME record redirecting user from your domain to Azure specified domain using tools provided by your DNS hosting service
This step will ensure that when going to www.history-podcasts.com user will transparently be taken to history-podcasts.azurewebsites.net
Type: CNAME
Name: www
Value: history-podcasts.azurewebsites.net
IMPORTANT: Please note that it takes time for DNS servers to update their records therefore you should wait around 30 minutes before continuing.
2) Redirect your naked domain to subdomain using DNS hosting service tools
This step will ensure that when going to history-podcasts.com user will be redirected to www.history-podcasts.com
For Google Domains you can follow this guide here.
3) Add your domain to Azure Website
This step will assure Azure that you own the domain and you want your site to be reachable using specified domain name.
Login into https://manage.windowsazure.com/
Navigate Websites -> [Your Website] -> Configure
Scroll down to Domain names
Click Manage Domains (note that custom domains can only be used when in the Shared, Basic, or Standard modes)
Add your domain www.history-podcasts.com
At this point you should be able to reach your web site using both history-podcasts.com and www.history-podcasts.com domain names.
If your website requires HTTPS, you will have to take extra steps:
http://azure.microsoft.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/