I have an Azure Media Service set up with a Premium subscription. I made an Android app which uses VideoView player and requests the multi-bitrate video files over HTTPS using the following format for asset links:
https://example.streaming.mediaservices.windows.net/c2234567-be1a-123c-ca25-e90bfca246da/1227_e3337f7-35ac-43e0-b55c-223e3333662.ism/QualityLevels(421811)/Manifest(video,format=m3u8-aapl)
Until now, I had CDN integration disabled. This worked fine and I never had issues using HTTPS.
However, now I want to enable CDN integration with default settings. When this feature is enabled, it automatically attaches the media service subdomain as a custom domain under the CDN (in this case example.streaming.mediaservices.windows.net). From what I understand, this means I should be able to continue making requests from my Android app to the same URLs as before, except now it will direct those requests to the CDN instead of the media service.
However, what I'm not sure of is whether or not I'll still be able to call those URLs over HTTPS. I see that Azure has a feature for Custom Domains with HTTPS in the works but it doesn't appear to be available yet.
So does the ability to call media service asset URLs over HTTPS carry over after CDN integration, and especially if I'm using the default media service subdomain as my custom domain?
If not, what will happen to the HTTPS calls? Will they receive no response or will they just bypass the CDN?
you should have no issues using HTTPS on CDN enabled Media Services Endpoints.
The Custom Domain HTTPS primarily refers to vanity urls like "blizz.com", which is not currently supported.
Related
I use Static website feature of Azure storage account to host React.js application. There is also a CDN endpoint enable for the site (Microsoft Standard CDN pricing tier), so the site URL looks like https://xxx.azureedge.net/. The problem: when I try to access the site via HTTP protocol, it says:
The account being accessed does not support http.
HttpStatusCode: 400
ErrorCode: AccountRequiresHttps
RequestId : 46959fc9-a01e-006d-2bc5-6b781e000000
TimeStamp : 2020-08-06T07:48:01.6590412Z
I would like the user to be redirected to HTTPS version.
You can allow HTTP without CDN:
Under "Settings"->"Configuration" set "Secure tranfer required" to "Disabled".
However, for redirecting to HTTPS you need for example CDN.
The solution was found in Microsoft documentation https://learn.microsoft.com/en-us/azure/cdn/cdn-standard-rules-engine#redirect-users-to-https
It says that the redirection from HTTP to HTTPS can be configured in the Rules engine of CDN endpoint.
It makes sense to keep in mind that:
the rules will not be applied immediately, in my case it started to work in 10 minutes.
the Rules engine is available for Standard Microsoft and Premium Verizon.
I have hosted a static website in azure mainly by following the Microsoft tutorials. The process has been to create a storage account, create a CDN endpoint, map my custom domain to the endpoint and then enable HTTPS using an SSL certificate managed by azure.
The custom domain is working but the problem is firstly that although in Azure CDN it says that both HTTP and HTTPS are enabled, I can only access the website via HTTPS and when I try with HTTP the error I get says 'The account being accessed doesn't support HTTP'. The other thing is that in order to navigate to the secure site I have to put the entire URL in the search bar, starting with the https or the website can't be found. I'm not sure if this is normal but if I think of web browsing in general, this isn't usually necessary.
Any ideas on how to fix this would be greatly appreciated.
Default is that Azure only Allows HTTPS.
On App Service go to TLS/SSL settings and switch to HTTPS Only to Off.
On Storage Account go to Configuration and change Secure transfer
required to disabled.
How can I secure the on-demand streaming from Azure Media Services to a specific domain only?
E.g. if you are using the Azure Media Player on www.domain1.com - you can watch the videos, but if you are on www.whatever.com then the video should not play.
Here is what I tried:
Setting CORS on the assigned Azure Storage account - didn't help. All responses seem to have a * cors header.
Setting up IP restrictions on the Streaming Endpoint - didn't help.
I could still stream a video from different machines using the azure media player demo page.
https://ampdemo.azureedge.net/azuremediaplayer.html?url=my_url_to_ism_manifest
UPDATE on the IP restrictions - it seems it needs some time to take effect. But now I realize it is not a good option, because there is no way to know the IP addresses of all the users of my site.
As far as I understood, the other content protection mechanisms (like fairPlay, widivine, etc.) that AMS support, require having a token, meaning the users should authenticate to my site first.
But I do not want to authenticate the users on my site, I just want the videos to be playable only if you are on my site.
One simple solution would be to enable Azure CDN from Verizon Premium and then use the rules engine capabilities to create a rule that only allows access from your domain. Your second solution of of using IP restrictions on the streaming endpoint would work as long as you aren't enabling Azure CDN for the streaming endpoint. If you aren't able to get this solution to work, I would recommend opening up a support case for further investigation.
I'm trying to serve my cloud storage content using custom domain over https. Currently, I'm using Amazon S3 with CloudFront to deliver the content using custom domain over https. But S3 with CloudFront is costly, So I'm now searching for an alternative.
Is Azure or Google Cloud natively support to serve content using custom domain over https. Without using CDN?
At the moment, google cloud storage only support HTTP. As per documentation To serve your content through a custom domain over SSL, set up a load balancer, use a third-party Content Delivery Network with Cloud Storage, or serve your static website content from Firebase Hosting instead of Cloud Storage.
I was able to find this blog which might help you on the setup.
With that being said, if you are looking for functionality like this you may also try with App Engine, as by default, HTTPS connections on your custom domain will automatically be enabled using managed SSL certificates. You can visit this link for more details. Also, there is a there is a feature request submitted to support auto managed SSL with GCLB.
Is Azure or Google Cloud natively support to serve content using
custom domain over https. Without using CDN?
Azure allows you to map a custom domain to your blob storage endpoint. Using this, you can serve the content stored in blob storage using a custom domain. You can read more about it here: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name
However please note that this will not work over https. For https, you will need to use Azure CDN.
The OP's needs will be met by using Firebase as mentioned in passing by #KarthickN.
Firebase is a Google product which deploys your own domain name site automatically through SSL (https). You can first push your site onto one of the remote git repositories and use CI/CD for Firebase to deploy. You don't need to worry about CDN as firebase will use Google's global edge servers. Small usage is free then move onto paid plans as your needs grow plans
I answered a similar question here.
As mentioned in the title above I have a cloudservice with a WebRole that runs a web app www.myappname.com. I have taken all necessary steps to enable serving of CDN content from my app using url rewrite module on IIS. This works fine but:
The requests coming in from CDN are forwarded to .cloudapp.net instead of my custom hostname binding. I cannot find any place to change this in my configuration. When I create a new CDN endpoint my options for setting the ORIGIN DOMAIN are limited to my cloud service endpoints
Say I got a custom domain name for my cloud service CDN endpoint (ex. static.appnamecdn.com). What happens when I make request with https? I don't see any place to register the "static.appnamecdn.com" 's ssl certificate. Isn't something like this required?
From the help icon on the Create CDN Endpoint screen (Azure Management Portal) I got my answer to the second point above:
If you choose to enable HTTPS for your CDN endpoint, keep in mind the
following points:
You must use the certificate provided by the CDN. Third party certificates are not supported.
You must use the CDN domain to access content. HTTPS support is not available for custom domain names (CNAMEs) since the CDN does
not support custom certificates at this time.
HTTPS is from the CDN to the client only. Requests from the CDN to the content provider (Storage Account or hosted service) are
still made using HTTP.
Regarding your first question, I don't think that is possible...Azure's CDN unfortunately is somewhat limited in its options.
As to the 2nd, as was said in the other answer, it's not possible to use HTTPS with a custom domain name :/