I have an Azure VM which is using a cloud service. The URL is e.g. Mydomain.cloudapp.net. I have used a CName alias so my domain is mapped on to it so e.g. www.mydomain.com goes to it. However I can still get to it via the cloudapp.net url. Can I disable the cloudapp.net url so only my domain is used. I want to route it through cloudflare. I have a team city server on there and I thought it would be an easy way to implement SSL.
You don't have option to remove the cloudapp.net domain. You can configure your custom domain with your own SSL and start using it (for end users). Unless you are using cloudapp.net domain explicitly, you don't have any risk of using the azure wildcard SSL certificate, and since you normally won't communicate the .cloudapp.net domain to end users, there won't be any risk as such.
If you want to protect the VM, you can use whitelisting so that authorized users only can connect
Related
I'm changing domain registrars for a custom domain that has 4 sub-domains each pointing to a azure web app via a CNAME.
I don't have any access to this azure web app.
Does anybody know if I can just copy the subdomain cname dns and replicate it on the new domain registrar and then everything will continue to work as normal. Or if azure somehow detects the change and requires you to revalidate the domain after you have switched registrars.
If you are not changing sub-domain / domain ONLY the registrar, there should't be any problem with that. Azure App Service doesn't care what register you are using as long as CNAME is properly configured.
In the azure tutorial for setting up a custom domain for the azure front door, few areas got me confused
A brief period of downtime for the domain can occur.
A custom domain and its sub-domain can be associated with only a single Front Door at a time.
The custom domain also must have routing rule with a default path ('/*') associated with it
We have a production site running that has multiple subdomains. I need to map one subdomain with one front door. For example, we have https://web.contoso.com, https://api.contoso.com, https://admin.constoso.com. We have created a frontend for APIs services. https://busymonk.azurefd.net.
Now we need to CNAME only api.contoso.com with busymonk.azurefd.net. Is the said domain downtime going to occur for the main domain and other subdomains?
How I should add the routing for the custom domain. Even this example got me confused. Do I need to add routing between custom domain and my backend pool, or do I need to make a backend pool of https://busymonk.azurefd.net and then add routing between api.contoso.com to busymonk.azurefd.net?
When you need only api.contoso.com with your CDN endpoint, only the subdomain api.contoso.com may have downtime.
To avoid interruption of web traffic, you could first map the temporary afdverify sub-domain. With this method, users can access your domain without interruption while the DNS mapping occurs.
Source Type Destination
afdverify.api.contoso.com CNAME afdverify.busymonk.azurefd.net
If you have verified that the afdverify subdomain has been successfully mapped to your Front Door. Then you could map the permanent custom domain. After this, you could delete the temporary afdverify subdomain CNAME record.
Once you add the custom domain for api.contoso.com with the front door. It's up to you. You only need to make sure there is a path from the frontend hosts to the backend pools via valid routing rules.
For example, to make the custom domain api.contoso.com work, you need to add a new routing rule or change existing routing rule to point to the domain api.contoso.com as the frontend hosts with a default path /* associated with it and select the existing the backend pool of your backend web app host like app service xxx.azurewebsites.net.
Hope this could help you.
Be aware that if you use the afdverify approach and enable HTTPS using an AFD managed certificate, you'll be waiting an excessive amount of time for Digicert to validate the domain for certificate provisioning (24+ hours). It appears to be a manual process on their end, and if your domain's WHOIS registrant email is not displayed b/c it's private, then you'll need to receive email at X#customdomain where X = admin, administrator, hostmaster, postmaster, or webmaster. You'll be better off opening a ticket with Microsoft support over it, they'll work directly with Digicert to get your certificate provisioned.
the company I’m working for provided me a subdomain. test.mycomp.com . I want to add it to my azure web app via custom domain.
The azure system recommends a CNAME delegation and provided me the information to enter web-zeudz-staging.azurewebsites.net in the dns management as CNAME.
After doing so and verifiying via DNS Lookup, Azure always gives me „Domain Ownership Error“. What can I do to make this work?
Is your DNS provider also a CDN provider, for example cloudflare? If so, turn off the CDN/proxy function so it's a DNS only record and try again.
If you don't have any control over the CDN function you can use txt record validation.
Create your TXT record awverify.subdomain.test.mycomp.com with value web-zeudz-staging.azurewebsites.net and validate again. It should succeed.
There's also a CNAME awverify method but you need CDN disabled for that too.
I find it strange that your company doesn't have the option to enable/disabled CDN for any given DNS entry though.
I have a couple of web applications on an Azure server. A client allowed the domain to lapse, and I can no longer access the DNS settings for this domain. The domain's DNS settings (A records, CNAMES) are still authorized in Azure to control traffic for the server's IP address. So, any app I create on this server now resolves to the domain that is no longer under my control.
How do I get myself out of this pickle? Can I change the server's IP address? I have not been able to find out how to do that. Can I de-authorize the DNS settings that now control access to this IP address?
If you want to remove access to the app from a domain, you just remove the domain from the App Service.
DNS tells users where to go for a particular domain name.
If your app doesn't mention it as a domain, the request won't be routed to it.
Remember that addresses in Azure App Service are shared so it requires that you actually explicitly mention the domain in the app service's configuration.
Ugh. Ok, my issue was that I was redirecting to the domain in my web.config.
A client of ours has the domain client.com
Our application is at superapp.mycompany.com
We want the client to be able to access our application via their own subdomain, like: superapp.client.com.
Normally we'd just tell the client to add a cname for superapp and point it to superapp.mycompany.com. Then on our server (IIS) we'd bind their domain to our app and everything would work as intended.
However, we can't replicate this functionality when our mycompany.com domain is managed via cloudflare.
When we navigate to superapp.client.com we get the following error page:
Error 1001
What happened?
You've requested a page on a website (superapp.client.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (superapp.client.com).
Is there any way that Cloudflare can be used in this fashion?, this seems like a pretty standard set up for a multi tenant application that supports custom domains.
We don't need all the protection that Cloudfront offers for these client domains, but we want to use the Cloudfront nameservers for out application (mainly for fast switching of DNS records in the event we migrate servers, etc).
Any help is appreciated.
I hope it's not too late. But just found a way to do so.
You just need to add your client's domain (Add site in Cloudflare) to your account.
You don't need to change client domain's NS. So in your Cloudflare panel this domain will showing as "Pending Nameserver Update".
Next step is add the CName record to this domain.
Although the NS of client domain is not changed to CF, but CF has a lookup record as CName for it.
Hope it helps.
Just in case someone arrived here with same issue as me. Here is the answer. For short, no that won't work.
Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn't know where to send the traffic to.
Ref: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-CanICNAMEadomainnotonCloudflaretoadomainthatisonCloudflare
If you don't need the CDN benefits, you can still use Cloudflare nameservers to manage your DNS zone and keep your current configuration. Just make sure the CDN is deactivated for the target subdomain in your zone (superapp.mycompany.com in your case).
You can tell if the CDN is activated or deactivated for a subdomain by looking at the cloud icon on the right of each DNS entry: if the cloud is orange the CDN is active, if it is gray, it isn't.
Cloudflare also supports external CNAME resolution in their CDN infrastructure, but it's only available for its Enterprise customers:
https://support.cloudflare.com/hc/en-us/articles/217371987-Managed-CNAME