Front Door Standard/Premium with domain and certificate

  • Code Sample
Browse code

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure Visualize Visualize

This template deploys a Front Door Standard/Premium with a custom domain and customer-managed TLS certificate.

Sample overview and deployed resources

This sample template creates a Front Door profile with a custom domain and a customer-managed TLS certificate. To keep the sample simple, Front Door is configured to direct traffic to a static website configured as an origin, but this could be any origin supported by Front Door.

The following resources are deployed as part of the solution:

Front Door Standard/Premium

  • Front Door profile, endpoint, origin group, origin, and route to direct traffic to the static website.
    • Note that you can use either the standard or premium Front Door SKU for this sample. By default, the standard SKU is used.
  • Front Door secret, which refers to a Key Vault secret containing the TLS certificate to use.
  • Front Door custom domain, which refers to the Front Door secret.

Deployment steps

You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.

Usage

Connect

After you deploy the Azure Resource Manager template, you need to validate your ownership of the custom domain by updating your DNS server. You must create a TXT record with the name specified in the customDomainValidationDnsTxtRecordName deployment output, and use the value specified in the customDomainValidationDnsTxtRecordValue deployment output. You must the validation before the time specified in the customDomainValidationExpiry deployment output.

Front Door validates your domain ownership and updates the status automatically. You can monitor the validation process, or trigger an immediate validation, in the domain configuration in the Azure portal.

Next, you should configure your DNS server with a CNAME record to direct the traffic to Front Door. You must create a CNAME record at the host name you specified in the customDomainName deployment parameter, and use the value specified in the frontDoorEndpointHostName deployment output.

You can then access the Front Door endpoint by using your custom domain name. If you access the hostname you should see a page saying Welcome. If you see a different error page, wait a few minutes and try again.

Notes

  • You must grant Front Door access to your key vault before it can access your certificate. Follow the guidance here to register the Azure Front Door application with your Azure Active Directory tenant, and grant Azure Front Door access to your key vault.

Tags: Microsoft.Cdn/profiles, Microsoft.Cdn/profiles/afdEndpoints, Microsoft.Cdn/profiles/originGroups, Microsoft.Cdn/profiles/secrets, Microsoft.Cdn/profiles/customDomains, Microsoft.Cdn/profiles/originGroups/origins, Microsoft.Cdn/profiles/afdEndpoints/routes