Is there a way with Azure Functions to force connections to be over HTTPS?
I'm not seeing it in the App Settings, and I don't see any reference to web.config for Azure Functions.
Update November 2017
In the Azure portal, go to your function app.
Platform features > Custom Domains > toggle HTTPS Only to 'On'.
Anyone using HTTP will receive a 301 Moved Permanently and be redirected to the HTTPS endpoint. You do not need to actually add a new hostname/domain to toggle this feature. This appears to work with both consumption and app service plans.
I don't think there is a way today, but I could see making a case for enforcing this globally (or at least as an option).
Please open an issue https://github.com/Azure/azure-webjobs-sdk-script/ so it can get properly tracked.
You can do it by going to your function app in azure portal.
Under the settings section you will see the "custom domains" as a selection option.
Now on the new page you will see the toggle called HTTPS Only, On it and you will be able to access you api endpoint with "https". Like this as below.
Related
I have a set of Azure functions, that are built on the durable function pattern, which is probably contributing to my problem. I am connecting to them from a logic app http action. This worked fine until I decided to try to secure the functions using AD. I followed this guide exactly - https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions but when I do, get a 301 error. I messed with toggling the https settings in the function app and that changes the error to a 302 temporary redirect which makes me assume that something is redirecting the calls between https and http. That is just an assumption since I have zero visibility into what logic apps is actually doing behind the scenes. Has anyone had experience with this an solved the problem? I have checked all of my urls, they are all https, I have https only enabled in the function apps. If I remove the azure ad authentication on the function app, everything works fine (connecting with key). Thanks!
Ok, after a bit more digging once I figured out that it was the https piece that wasn't being returned properly, it turns out Azure handles things incorrectly when using a linux premium app service plan. The details are here https://github.com/Azure/azure-functions-durable-extension/issues/1446 but the short answer is that I needed to set the app setting ASPNETCORE_FORWARDEDHEADERS_ENABLED = true.
I have hosted a static website in azure mainly by following the Microsoft tutorials. The process has been to create a storage account, create a CDN endpoint, map my custom domain to the endpoint and then enable HTTPS using an SSL certificate managed by azure.
The custom domain is working but the problem is firstly that although in Azure CDN it says that both HTTP and HTTPS are enabled, I can only access the website via HTTPS and when I try with HTTP the error I get says 'The account being accessed doesn't support HTTP'. The other thing is that in order to navigate to the secure site I have to put the entire URL in the search bar, starting with the https or the website can't be found. I'm not sure if this is normal but if I think of web browsing in general, this isn't usually necessary.
Any ideas on how to fix this would be greatly appreciated.
Default is that Azure only Allows HTTPS.
On App Service go to TLS/SSL settings and switch to HTTPS Only to Off.
On Storage Account go to Configuration and change Secure transfer
required to disabled.
I started using Google Cloud Platform and been testing some things on it. After deploying the web services (node.js), the GCP provides a URL which actually redirects to a preview URL. Ex- project.appspot.com to project.appspot-preview.com. Due to this, our client side throws 307 status code but not if I use the preview URL directly.
All I want to know is, is it safe to use the preview URL straight away or is there anyway to disable the forwarding?
Need help, thanks in advance.
This is the current behavior of the latest GAE flex environment. From Domain update:
Traffic is now served from the appspot-preview.com domain instead of
the appspot.com domain. All traffic from the App Engine flexible
environment will be automatically redirected to the new domain. All
App Engine Standard traffic will continue to be through appspot.com.
When the App Engine flexible environment is generally available (GA),
users will be able to use the appspot.com or appspot-preview.com
domains for routing traffic.
For users who want to use the latest App Engine Flexible release with
a custom domain, please fill out this form to contact us.
I created an API app for MS Azure, but it runs on url like: https://microsoft-apiapped89163604714d21b7e4a3424ed82d50.azurewebsites.net/...
Can I switch it to my own domain name somehow?
You can, but unfortunately there is currently a limitation that will prevent the API App from working properly. There is a list of known limitations and issue which you can find here. The fix will be available quite soon but I don't have a specific ETA to share.
Once this is fixed, you can customize the domain by:
Going to the API App blade.
On the blade, find the "API App host" property on the Essentials and click it.
This will open the API App host blade. Click on "Settings" from the toolbar on the top.
Then find the "Custom domains and SSL" setting and customize the domain.
Effectively, once you're done with Step 2, you can follow the guide of Customizing the domain of a Web App, as both API Apps and Web Apps share the same underlying infrastructure. The guide is available here
Hope it helps.
I would like to know if there is a way to configure a subdomain for an azure api app that I recently published.
The current url provided from azure looks like https://microsoft-apiappd2c35ca5dbc343bca7543041467c2b32.azurewebsites.net and I haven't found a way to configure a subdomain like myapi.mycompany.com as I can do it with the websites.
You can customize it on the API app host. To find that, open the API App blade and on the settings find the "API app host" and click it. On the new blade that will open, click on "All Settings" and then "Custom domains and SSL".
Just keep in mind that this likely will only be valid during the preview and might change in the future.