Create a Blob Storage Static Web Site with SSLs enabled
Covering how to create an Azure Blob Storage Static Web Site. The second part shows how to configure https for a custom domain for the site.
- Create Blob Storage (djtemp in my case) Standard Performance, Hot Tier (you might want Cool later), Ignore Replication for now, Azure AD disabled, Data Lake Storage disabled (Some of these features are deafult but can be cahnged later through the Blob-Configuration page)
- In Storage account select Static Web site (on left)
- Enable it
- Set index and error pages (eg index.html and 404.html
- Save
- Note primary endpoint eg https://djtemp.z26.web.core.windows.net/
- Click on Blobs (on left) then select $web
- Create index.html and 404.html
- Open browser and enter the url from 6
- eg https://djtemp.z26.web.core.windows.net/
- eg https://djtemp.z26.web.core.windows.net/index.html
- eg https://djtemp.z26.web.core.windows.net//404.html
- eg https://djtemp.z26.web.core.windows.net/rubbish.html
-
Go to your DNS provider and create a cname zone record for your custom domain, eg:djtemp.z26.web.core.windows.net
- Go back to the Storage Account (djtemp in this case)
- Click on Custom Domain (on left)
- Enter your custom domain (mysite.mydoain.com in my case)
- Use CNAME validation. Save (If that fails save without CNAME validation checked .. that worked for me).
- Test yhe custom domain in broswer eg http://mysite.mydomain.com Will get “The account being accessed does not support http”
- Test custom domain in broswer eg https://mysite.mydomain.com
You will get certificate error warning but can click through this. Click on Details then on Go to the web page.
You may experiment with the Configuration setting for the Blob Storage: Configuration- Secure transfer required:
- Try disabling it and then try http with refresh, new browser etc.
- The note says , “Because Azure Storage doesn’t support HTTPs for custom domains, this option is not applied when using a custom domain.
- Try eg http://djtemp.z26.web.core.windows.net/ with it disabled that works
- Also the Custom Domain does work for http with it is enabled, in my case http://mysite.mydomain.com works
My conclusions for the Static Web Site:
- The azure url for the site works with https regardless but http requires Secure transfer required to be disabled.
- http works for a Custom Domain if Secure transfer required is disabled.
- https works for a Custom Domain regardless but you wil get a certificate error warning, that can be ignored.
CDN Managed https on Azure
You can get https onAzure without purchasing an external SSL cert. You only pay for the volume of content transfers.
This makes it economic for early starters.
Nb: On Microsoft Docs it says:
Because Azure Storage doesn’t support HTTPS for custom domain names, this option is not applied when you’re using a custom domain name. And classic storage accounts are not supported. (Confusing)
But this is how I did it with an Azure CDN Standard Subscription!:
- Click Azure CDN (on left) to create a New Endpoint
- Give it a name, MySiteEP in my case (need some uniqueness here).
- Select Standard Microsoft
- Enter a CDN Enpoint name (make it up) , in my case MySiteEndpoint
- For Origin enter your Custom Domain from above, in case mysite.mydomain.com
- Click [Create]
- Once done, create a second CNAME entry for the Endpoint
- Give it a name mysiteSSL in my case
- Host is the Enpoint, MySiteEndpoint.azureedge.net in my case
-
Try the new Url in a new browser, you will get a Certificate error at this stage. If you click through you will get “Our services aren’t available right now”
- Back in the Azure CDN click on the created endpoint
- Add the (+) Custom Domain, leave the Enpoint hostname, add the new Custom domain, mysiteSSL in my case.
- Click on [Add]
- When done click on the new custom domain, mysiteSSL.mysite.com in my case
- Turn on Custom domain HTTPS with CDN managed
- [Save]
- When done, step 2 onwards, in my case any way, take some time, an overnight job.
- So I leave it running (not the browser/porta!) and go to bed!
- At this stage 20 will work, but still with the cert error warning.
-
Next morning: The process is complete and https now works without cert error warnings.
About CDN Managed TLS/SSL
“Custom Domain HTTPS feature enables you to deliver content to your users securely over your own domain. This is done by encrypting the data between the CDN and your users’ clients (typically web browsers) via TLS protocol (which is a successor of the SSL protocol) using a certificate. Using our “CDN managed certificate” capability, you can enable this feature with just a few clicks and have Azure CDN completely take care of certificate management tasks such as its renewal. You can also bring your own certificate (stored in Azure Key vault ) or even purchase a new certificate through Key vault and have Azure CDN use that certificate for securing the content delivery.”
*More:*
[1] Integrate an Azure storage account with Azure CDN.
This article walks you through creating a storage account in the Azure portal, if you haven’t already done so.
Note
To add your storage web endpoint during the preview of static websites support in Azure Storage, select Custom origin in the Origin type drop-down list. In the Azure portal, you need to do this from your Azure CDN profile instead of directly in your storage account.
[2] Map Azure CDN content to a custom domain
[3] Enable HTTPS on an Azure CDN custom domain.
Topic | Subtopic | |
Next: > | ClickOnce Hosting on Azure | |
This Category Links | ||
Category: | Web Sites Index: | Web Sites |
Next: > | Jekyll | Next and Previous Post Links |
< Prev: | Creating this Blog Site |