traffic manager for https azure website - azure

I read quite a lot documents and other questions on stackoverflow about this, and I have to admit that it just makes me much more confused.
I have a site that hosted both in EU west and EU north azure. Say their urls are:
exampleeuw.azurewebsites.net
exampleeun.azurewebsites.net
Then I bought a ssl certificate for www.example.com.
On both sites, I added www.example.com to custom domain.
On both sites, I uploaded the certificate.
Then created the traffic manager site and its dns name is "example.trafficmanager.net", I have both web app added as end point.
But should I access https://www.example.com or https://example.trafficmanager.net?
If I access https://www.example.com, how can that traffic go to the traffic manager first?
Also when I created Traffic Manager profile, I have to select a Resource group location (north Europe for example), if North Europe azure is down, will it impact the access?
Really hope that I can find some step by step examples on how Microsoft wants us to use this, as it has been a quite frustrating learning process.

Requests should go to the traffic manager. It will be the one redirecting to both of your App Services no matter where they are.
Prior configuring your Traffic Manager and DNS, make sure both of your web application are working and configured with custom domains and SSL certificates.
Then, in your DNS, point your www.example.com website to the traffic manager as shown here:
https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-point-internet-domain/
That's all you have to do.

Related

Azure traffic manager behind Cloudflare CDN

As we use Cloudflare, I'm trying to setup Azure Traffic manager to redirect traffic for specific regions based on the user location.
As for Configurations on Cloudflare and Azure traffic manager, I have:
Cloudflare DNS Records
Type
Name
Content
A
service-eu.domain.com
EU firewall IP
A
service-us.domain.com
US firewall IP
CNAME
service.domain.com
redacted.trafficmanager.net
Traffic manager Configurations:
pretty standard, nothing was changed
Endpoint setup:
EU endpoint:
US endpoint:
So far, everything seems to be in place with the guides that I'm following, but when i try to hit service.domain.com, cloudflare returns:
r/CloudFlare - Cloudflare and Azure Traffic manager, how to get it working?
This would be what we have i'm planning to achieve:
Similar issue that i found, but solution doesn't work for my scenario, so i believe this question cant be considered as duplicate.
Azure Traffic Manager with Cloudflare CDN
Any help would be deeply appreciated since I'm currently out of ideas on how to put those two guys together.

Azure Traffic Manager, custom domain and 404

I got lost with Traffic Manager setup and custom domain name.
First I had two mobile apps in 2 regions (westeuropeapp.azurewebsites.net and brazilapp.azurewebsites.net) as endpoints of Traffic Manager (trafficmanager.trafficmanager.net). It was Working.
Then I wanted to use a custom domain name with subdomains: westeurope.mydomain.com, brazil.mydomain.com and trafficmanager.mydomain.com. So I followed Azure doc instructions and created CNAME for my subdomains pointing to the two mobile apps and to traffic manager. Then I added westeurope.mydomain.com (resp. brazil.mydomain.com) as hostname for my west europe mobile app (resp. brazil mobile app).
But when I navigate to trafficmanager.mydomain.com I got a 404.
I checked the DNS resolution with Dig, I can see that trafficmanager.mydomain.com has a cname to trafficmanager.trafficmanager.net which has a cname to westeuropeapp.azurewebsites.net which resolve to ip xxxx.This looks good.
If I type that ip into my browser I got 404. But if I type westeuropeapp.azurewebsites.net I got my app running. I also checked westeuropeapp.azurewebsites.net in Dig and it resolves to the same ip as above.
What am I missing? (I don't even talk about SSL, it will be next post.)
You also need to add trafficmanager.mydomain.com to the Mobile Apps as a custom domain.
App Service shares IP addresses across apps, so the only way for it to identify which app your request is bound for is the Host header. By adding the custom domain App Service knows to route requests for that domain to that app.
Once you add the mobile apps to the traffic manager, trafficmanager.mydomain.com will automatically gets added to the mobile app, in the host name assigned to site(App->Custom domain). Wait for sometime for the changes to propagate. After the trafficmanager is propogated, You need to add custom domain to both of your mobile apps.
This video has the details for adding custom domain for the traffic manager. https://www.youtube.com/watch?v=1ggz9qZpVHo

Can a Domain Name purchased through another vendor be used with an SSL Certificate purchased from Azure?

We purchased a domain name from Network Solutions, and set up our website as two App Services in Azure (one within US East and one within US West). Our domain name purchased from Network Solutions is assigned as a hostname in Azure, and a traffic manager balances the traffic between the two App Services. I have two questions...
Azure offers SSL Certficates. If I purchase an SSL Certificate from Azure, is there anything I need to do in Network Solutions to update the site?
Do I need to purchase two SSL Certificates since I am using two App Services?
I have looked at these articles, but unfortunately, they did not answer my questions:
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-purchase-ssl-web-site
Thank you!
If you already have a custom domain associated with your Web Apps (both deployments Region #1 and #2), then no. You're all set.
E.g. www.example.com pointing to {TrafficManagerName}.trafficmanager.net
No. Just one TLS certificate valid for www.example.com or *.example.com
See my answer here for more:
https://stackoverflow.com/a/40399500/4148708

Why won't root domains in Azure Traffic Manager load balance or fail over?

Simply put:
I have a domain called erik.com, two azure websites (east and west), and one traffic manager that is setup to manage the two azure websites.
When I take east offline (by throwing a non-2** status code) erik.com goes offline. This should not be the case! Right?
However, when I add a sub domain to the two azure websites (www.erik.com) then it works! I take one or the other offline and the traffic manager resolves to the available website.
I'm hearing/reading things that tell me that Traffic manager doesn't work with root domains like that... Say what?! Why?
As explained in the FAQs at https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-how-traffic-manager-works/#faq , Traffic Manager does not support 'naked' / apex domain names.
*Can I use Traffic Manager with a ‘naked’ (www-less) domain name?
Not currently.
The DNS CNAME record type is used to create a mapping from one DNS name to another name. As explained in the Traffic Manager example, Traffic Manager requires a DNS CNAME record to map the vanity DNS name (e.g. www.contoso.com) to the Traffic Manager profile DNS name (e.g. contoso.trafficmanager.net). In addition the Traffic Manager profile itself returns a second DNS CNAME to indicate which endpoint the client should connect to.
The DNS standards do not permit CNAMEs to co-exist with other DNS records of the same type. Since the apex (or root) of a DNS zone always contains two pre-existing DNS records (the SOA and the authoritative NS records), this means a CNAME record cannot be created at the zone apex without violating the DNS standards.
To work around this issue, we recommend that services using a naked (www-less) domain that want to use Traffic Manager should use an HTTP re-direct to direct traffic from the naked domain to a different URL, which can then use Traffic Manager. For example, the naked domain ‘contoso.com’ can re-direct users to ‘www.contoso.com’ which can then use Traffic Manager.
Full support for naked domains in Traffic Manager is tracked in our feature backlog. If you are interested in this feature please register your support by voting for it on our community feedback site.*

Azure Websites - Masking Azure domain name

In the next several months we will be going live with a web app ('MyApp') that is being hosted on Azure. We have purchased the MyApp.com domain and our Azure domain name is MyApp.azurewebsites.net.
We do not want our users to ever see the azure domain name in any form. We want them to see www.MyApp.com or www.MyApp.com/Sales/ViewSale etc.
I think I know how to map www.MyApp.com to MyApp.azurewebsites.net based on this article. We won't be able to set this up for a while, so I'd like to know what the user will see in their browser URL when they go to www.MyApp.com. Will they see www.MyApp.com or MyApp.azurewebsites.net? And then what will they see as they navigate various pages in the app?
Your azure website needs to be at least at the 'shared' level. This is the first tier of 'paid' azure website hosting. You do this under website > scale.
app service plan pricing tier = shared.
then you would choose 'configure' and look for 'domains' and add your www.myapp.com domain.
Then you head out to your DNS manager and add a CNAME record that directs traffic from www.myapp.com to myapp.azurewebsites.com, OR you can lookup up the Virtual (public) IP of your azure website and update the A record in your DNS manager.
Either route, your visitors will see www.myapp.com/mypage, www.myapp.com/mypage2, etc.
Once you have the proper hosting level (the control panel will tell you, look for custom domains) and configuration, they can access it as www.myapp.com. You may need to provide your own SSL cert in order to configure it as well.
When it comes time to SSL, check out this post (Azure SSL Certificate) that I made regarding uploading of SSL certs in the control panel. It will save you a headache.
The article you linked appears to have solid information based upon my recent experiences. One thing to note: It has screen shots from the old configuration panel, so some things may look different in the new one.
I haven't found a way to hide the myapp.azurewebsites.com method to access a page, other than maybe doing a redirect inside your code. However, until you have your DNS setup it might be nice to see things working under that domain to start.

Resources