Azure App Service accept all domain names - azure

Is it possible to have an App Service respond to all domain names that it receives? I would really like to be able to deploy to an App Service plan, rather than a VM. Note I am not trying to do wildcard subdomains - these require adding them through the Azure console. I am trying to accept any domain name that the app service receives. Adding and verifying each domain is not practical.
I have a multitenant app, so this is really important to me so that customers can use their own domain names.
I've tried adding the domain * and ., but it fails validation.

I don't think you can do this because Azure requires validation of domain ownership by adding specific records to DNS. Here is a discussion as to why they do that.
The best you might be able to do is to automate or script the binding, but even then you would need assistance from your third party partners/customers to verify their DNS ownership.
An alternative would be to transfer your DNS to Azure and use subdomains. I know you've said you're not looking at that solution, but using the Azure DNS offering would allow you to fully script out the onboarding process for a new customer.

Could you ensure that the changes to your DNS settings have been confirmed and validated from your DNS provider’s end. For certain providers, such as GoDaddy, changes to DNS records don't become effective until you select a separate Save Changes link.
For more details, refer "Map an existing custom DNS name to Azure Web Apps".
You may refer MSDN thread, which addresses similar issue.

Related

Hundreds of Azure Functions under common domain

I have a deployment of several hundred Azure Functions that I would like to have accessible under my domain. I can see in the Azure Portal that for each function, I can individually hook it up with a custom domain by adding an A and TXT record to point to that specific function. This works great but does not scale at all.
What I would like to achieve is that I can freely start and stop functions (named let's say a,b,c,d etc.) and have them automatically accessible under a subdomain of the domain I have. Like for example: a.my.domain, b.my.domain, etc. From what I see I would have to add A and TXT records for each a.my.domain, b.my.domain...
Is there any way I can solve it in some generic fashion? Like adding A and TXT record for just my.domain and have the Azure do the magic to route {name}.my.domain to function named {name}?
Thanks in advance for any help.
As per my understanding, multiple function app domains should be under a common domain.
For this, Application Gateway helps to configure multiple domains in single domain with the help of Path based routing concept.
You can configure the different Azure Function Apps URLs/domains with different paths under the same domain name which redirects every azure function app domain to its respective site.
As #Skin Suggested to look into APIM:
From the Domain Registrar, Configure the APIM Gateway IP Address with the A record or any other Azure DNS Server.
References:
MS Q&A #1065676 for more information provided by #MayankBaragali-MSFT
MS Tutorial for configuring the multiple function apps under one domain (APIM).

Azure Traffic Manager for switching to different API Management Service

So I'm working on building scripts to deploy Azure resources using the Az modules in PowerShell. I am new to Azure Traffic Manager, so I'm wondering if what we are looking to do is even possible, and if so, how.
We have an API Management Service (APIMS) with a handful of APIs in it that point to a few different web apps within Azure. So the way it works currently is we have a client application that will post to a specific API operation via its APIMS URL.
We are looking at the idea of using Traffic Manager purely for moving traffic from one APIMS to a another in the event that we need to create a new APIMS. I can add the existing APIMS as an endpoint to the Traffic Manager as an external endpoint using its public IP address. But beyond that, here's what I'm unsure of:
How exactly would traffic actually get routed through the traffic manager, through the APIMS, to the specific API post? (as in, what would the client application need to specify as where it's sending its post?). Or would this even work??
If we create a new APIMS, can we then simply add that as a new endpoint to the traffic manager (again, as an external endpoint via its IP address), and then delete the old APIMS endpoint?
I did find this question that's similar, but that answer is using Add-AzureTrafficManagerEndpoint as opposed to New-AzTrafficManagerEndpoint, which is what I'm using and apparently does not support -DomainName as a parameter.
Traffic manager does not route traffic, it only does domain name resolution. You could use TM for that. For your custom domain in traffic manager (say contoso.com) you can add CNAME record pointing to contoso.azure-api.net (it's preferable to use CNAME instead of A and APIM service IP may change in certain scenarios). And add SSL certificate in APIM for contoso.com. What will happen in that setup:
Client wants to make request to https://contoso.com/myapi
Client will perform DNS lookup for contoso.com and see CNAME record pointing to contoso.azure-api.net
Client will perform DNS lookup for contoso.azure-api.net and see APIM IP address
Client will try to open SSL connection to APIM
APIM having SSL certificate available will accept the connection
Client will send request.
All this does not require any special configuration from your client apart from setting it up to use "contoso.com" as a hostname for your API. Later if you want to switch to a different APIM service you could go and update TM. Client will not require any changes.
The one thing to know is that this particular setup does not require TM per se. As all you really need is a custom domain from any DNS provider because all you need to do to switch traffic from one APIM to another is update CNAME record.

Adding custom domain names to an Azure webapp in a Nested traffic manager profile

I want to have the following setup in Azure.
* Main Traffic manager
        - WebAppA (West Europe)
        - Nested Endpoint
                 * WebAppB (West Europe)
WebappA has a custom domain name linked with a CName to the main traffic manager.
Now WebAppB also needs this custom domain name, but I'm not possible to add this.
I receive the message "Hostname is already being used in the following App WebAppA".
What I want to achieve is to have 2 WebApps running in the same datacenter with a Traffic manager on top to have better control control over the setup while doing BlueGreen deployments.
We currently have a setup spread over 2 datacenters, but we experience a lot of latency while hopping to the SQL server in WestEurope from UKSouth?
Is there any setup what can make this work?
I would suggest you to raise a support ticket where MS engineers can force add the Custom Domain if you are able to prove your Domain ownership.
The error which you are getting has nothing to do with the Traffic Manager Nested configuration. Since you have added the Custom Domain to the WebApp A, you are not able to add it to the Web App B due to some validation check.
There are probably two methods.
You could associate the same hostname to multiple web apps regardless of subscription (or even AAD tenant!) using the awverify method of validating domains. That is to create two TXT records for your two web app services.
Hostname — awverify.targethostname.yourdomain.com
Set type = TXT
value = <yourwebappname>.azurewebsites.net
TTL — short. Like seconds or minutes.
You could get more details from this blog: Azure Traffic Manager with Web Apps in different subscriptions.
Another option is to assign the same hostname to Web Apps in different app service plans. Bear in mind that if you're using IP addresses/A records in your DNS, you'd need both web apps to have different IP addresses for the DNS to be able to differentiate between your web apps. Read the details in the the SO answer.

Sendgrid "Sender Authentication" on Azure

I have an Azure SendGrid account that works great. I can send e-mails no problem with the usual API. I need to setup Sender Authentication (2 reasons, first it will help with receiver finding it in their junk and more importantly it will allow me to setup an Inbound Parse).
I have consulted the Sendgrid Documentation (https://sendgrid.com/docs/User_Guide/Settings/Sender_authentication/How_to_set_up_domain_authentication.html), which has explicit instructions, which involve DNS Records (more soon), but unfortunately this isn't working. I have also gone through their troubleshooting. I think it may be an issue with my domain actually being a sub-domain, but I can't figure out how to fix the DNS records to make it work.
I have a "DNS Zone" setup for my site, lets call the site "fake.azurewebsites.net".
Sendgrid instructed me to add the following CNAME records (numbers are scrambled):
em1879.fake.azurewebsites.net > u7381760.wl261.sendgrid.net
(..as well as two others)
So I made those records, and waited over 48 hours for DNS refresh, but Sendgrid will still not verify. I get the error: Expected CNAME for "em1879.fake.azurewebsites.net" to match "u7381760.wl261.sendgrid.net". I also tried their troubleshooting and wasn't able to get an "answer" using the DIG command. I am not using whitelisting or any of the other features that are known to interfere.
In all the documentation, the records usually take the form:
em1879.usersDomain.com and not em1879.userSub.Domain.com, so that could be part of the issue, but I could of course be missing something.
I wanted to copy the answer that I got from Microsoft Tech support. Based on #mdeora comment, I contacted Azure and below was the response. It seems that the SubDomain is the problem, but only specifically for these azurewebsites.net subdomains, it may work fine for other subdomains if you can setup delegation.
"I suspect a delegation issue.
As I understand it, you have created a DNS zone name 'geic.azurewebsites.net'. This has been assigned name servers in Azure DNS (e.g. ns1-08.azure-dns.com etc). You have then created a DNS entry 'em8849' of type CNAME.
The problem is that there is no DNS delegation in place from the parent DNS zone to your DNS zone. In this case, the parent DNS zone is 'azurewebsites.net'. This is owned by Microsoft, and they do not support customers setting up delegations from this domain.
You should:
Purchase your own domain name (e.g. myapp.com). You can do this using the App Service Domains service in Azure (currently in Preview). See https://azure.microsoft.com/blog/app-service-domain/
Create a corresponding DNS zone in Azure DNS
Set up DNS delegation for your DNS zone. See https://learn.microsoft.com/azure/dns/dns-delegate-domain-azure-dns
Create your DNS record. For a Web App, use either a CNAME to the 'xxx.azurewebsites.net' or an A record directly to the site IP address.
For Web Apps, you will also have to register your domain name as a custom domain for the Web App. See https://learn.microsoft.com/azure/app-service/web-sites-traffic-manager-custom-domain-name
If you use App Service Domains to complete step 1, then steps 2 and 3 should be completed for you, automatically.
Good luck!
Jonathan (www.opsgility.com)"
Proposed as answer by Jonathan TulianiModerator Friday, June 15, 2018 9:00 AM
For me, the problem was that Azure automatically includes domain name in the records: Sendgrid asks to add a CNAME record "s1.domainkey.yourcustomdomain.com"; You shoudn't include ".yourcustomdomain.com" in the name because azure automatically includes it. You can check that by editing a record and seeing that it ends up as: "s1.domainkey.yourcustomdomain.com.yourcustomdomain.com". So the record should be only: "s1.domainkey";
It worked for me, but i have a custom domain acquired from azure; maybe it works for azurewebsites subdomains, i'm not sure.

How to perform third party Domain setup on Microsoft Azure?

I have set up AD Azure and since I have a domain from a third party hosting provider(re-seller) i needed to assign MX and TX values in order to verify the Domain.
Re-seller refused to manually setup the records in the domain registrar and provided a free shared hosting package for me to setup those values in the control panel which i did with no effort and successfully verified the domain name within Azure portal.
I had made all the wire up within azure portal to use the domain i had verified but when i browse y.com i get responses from the Re-seller server instead of Azure.
The only thing i had left to do is to change the NS records which the Re-Seller refused to do so - so far.
Please provide some details of how the request travels in this kind of Domain name setup and what measures should i take in order to use my domain in Azure hosted environment?
To bind a custom domain for your Azure app, you need to do three main steps to map the custom domain to your app( more detail refer here):
And if you also want to add a custom domain for Azure AD, you can refer this document.

Resources