Why I am unable to add domain to azure web app for a domain coming via Cloudflare proxy even though I have configured the URL to resolve to azurewebsites.net URL via CNAME?
Here are the steps to get through Cloudflare proxy:
First you need to turn off proxy in Cloudflare.
Configure the URL to point to azurewebsites.net URL in DNS
Then add the custom domain.
Once the domain is added, enable the proxy again.
Related
I'm changing domain registrars for a custom domain that has 4 sub-domains each pointing to a azure web app via a CNAME.
I don't have any access to this azure web app.
Does anybody know if I can just copy the subdomain cname dns and replicate it on the new domain registrar and then everything will continue to work as normal. Or if azure somehow detects the change and requires you to revalidate the domain after you have switched registrars.
If you are not changing sub-domain / domain ONLY the registrar, there should't be any problem with that. Azure App Service doesn't care what register you are using as long as CNAME is properly configured.
Say, I have two app service (HTTPS only is enabled):
https://myapp1.azurewebsites.net
https://myapp2.azurewebsites.net
I can call both app service endpoints using HTTPS successfully.
Then I created a traffic manager and add above two endpoints to traffic manager, say:
myapps.trafficmanager.net
After the traffic manager is created and endpoint added, the trafficmanger host name myapps.trafficmanager.net is also automatically added into custom domains of two app services. But without SSL binding to traffic manager host name.
Then if I call traffic manager endpoint using HTTPS: https://myapps.trafficmanager.net, I will got untrusted SSL cert error/warning. That is expected.
Since traffic manager just works on DNS level, the real request is actually send to the app service endpoint which has correct SSL cert binding. My question is:
From security point of view, is it safe to call the non-cert binding traffic manager endpopint using HTTPS in my code (say, using .NET HttpClient) but just ignore the cert error?
I recently set one of these up as well and fought with it for a bit. The short answer is that it is probably safe, but it sounds like you may be using the Traffic Manager incorrectly. You shouldn't be using the URL in the Traffic Manager as your end point if you want to use SSL. Instead configure your vanity domain name, mycoolsite.com to point to myapps.trafficmanager.net, using a DNS CNAME record.
If you want to use SSL and a single URL you should configure the custom URL and install an SSL cert at the service level. It should be same custom URL on both app services. This must be configured at in the app service, not in Traffic Manager.
I had to read this a few times to understand how it works under the hood, but it was helpful.
So in summary, to set it up properly, the steps would be:
Configure custom/vanity domain on both app services
Install the SSL cert on both app services
Setup and configure the Traffic Manager
Point the custom/vanity URL to the traffic manager using a DNS CNAME record
There is no need to bind a cert with traffic manager since the server certificate is not validated when using traffic manager health probes via HTTPS. Moreover, the traffic manager works at the DNS level. The clients connect directly to the selected endpoint, not through Traffic Manager.
In this case, you could use HTTPS for endpoints and use health probe via HTTPS. Even you could not bind a cert with traffic manager, you could make sure that the monitoring port is configured correctly in Traffic Manager (e.g. 443 instead of 80) and also your monitoring path points to a valid page for your service.
Another SO answer explains this more details. If you still want to make this warning disappearing, you can get a free SSL from letsencrypt.org and add that to your custom domain with the *.trafficmanager.net.
I am newbie in web hosting. I have a domain name on GoDaddy www.mydomain.com.
My web app is hosted on Azure App Service myapp.azurewebsites.net.
Now, I have configured my GoDaddy domain to point to azure web app. Azure app service is configured to accept request from www.mydomain.com, so anyone accessing my domain www.mydomain.com can see the app hosted on azure. This thing is working fine.
For example, I enter a URL www.mydomain.com, I get the expected result - web app hosted on azure with the www.mydomain.com URL in browser. The issue is, if I enter only subdomain name i.e. mydomain.com - without WWW prefix, I get the web app running on azure, but the URL gets replaced by azure app service URL myapp.azurewebsites.net.
What could be wrong here? My domain is configured for CNAME, and Azure App is also configured to accept custom domain with CNAME. Should I use A Record settings so that if I enter mydomain.com it gets replaced by www.mydomain.com instead of myapp.azurewebsites.net?
Thanks in advance!
As per the documentation , it is recommended that you use a CNAME for all custom DNS names except a root domain (for example, contoso.com). You can also add/register your url without the "www." prefix, to set up another record in order for Azure to verify.
For more details, refer to the blog post in case if you haven’t checked earlier.
A client of ours has the domain client.com
Our application is at superapp.mycompany.com
We want the client to be able to access our application via their own subdomain, like: superapp.client.com.
Normally we'd just tell the client to add a cname for superapp and point it to superapp.mycompany.com. Then on our server (IIS) we'd bind their domain to our app and everything would work as intended.
However, we can't replicate this functionality when our mycompany.com domain is managed via cloudflare.
When we navigate to superapp.client.com we get the following error page:
Error 1001
What happened?
You've requested a page on a website (superapp.client.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (superapp.client.com).
Is there any way that Cloudflare can be used in this fashion?, this seems like a pretty standard set up for a multi tenant application that supports custom domains.
We don't need all the protection that Cloudfront offers for these client domains, but we want to use the Cloudfront nameservers for out application (mainly for fast switching of DNS records in the event we migrate servers, etc).
Any help is appreciated.
I hope it's not too late. But just found a way to do so.
You just need to add your client's domain (Add site in Cloudflare) to your account.
You don't need to change client domain's NS. So in your Cloudflare panel this domain will showing as "Pending Nameserver Update".
Next step is add the CName record to this domain.
Although the NS of client domain is not changed to CF, but CF has a lookup record as CName for it.
Hope it helps.
Just in case someone arrived here with same issue as me. Here is the answer. For short, no that won't work.
Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn't know where to send the traffic to.
Ref: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-CanICNAMEadomainnotonCloudflaretoadomainthatisonCloudflare
If you don't need the CDN benefits, you can still use Cloudflare nameservers to manage your DNS zone and keep your current configuration. Just make sure the CDN is deactivated for the target subdomain in your zone (superapp.mycompany.com in your case).
You can tell if the CDN is activated or deactivated for a subdomain by looking at the cloud icon on the right of each DNS entry: if the cloud is orange the CDN is active, if it is gray, it isn't.
Cloudflare also supports external CNAME resolution in their CDN infrastructure, but it's only available for its Enterprise customers:
https://support.cloudflare.com/hc/en-us/articles/217371987-Managed-CNAME
I have an Azure Web App on the Standard App Service. I am able to access the site by going to http://www.websitename.com but unable to access the website via http://websitename.com.
How can I get the web address with the non www. to go to the www. version?
In my DNS Configuration for the domain my A Name record is pointing at the IP Address of the Web App in Azure, and the CName record at the Azurewebsites.net domain.
In the Azure portal, you will need to add both www.websitename.com and websitename.com as host names for the Web App, so that Azure knows to send traffic to it.