none
Front Door and SSL and A Records? RRS feed

  • Question

  • We have SSL enabled on a prod-tier Azure Website, single instance, DNS hosted by Godaddy, and after adding Front Door we now have this level of success:

    Connect to website via HTTP to AFD with custom domain http://mydomain.com - works

    Connect to website via HTTPS to AFD with custom domain https://mydomain.com - works

    Connect to website via HTTPS to AFD with custom domain https://www.mydomain.com - bad 

    <h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>

    Frontend hosts configuration:

    mydomain.azurefd.net

    www.mydomain.com

    Custom Domain SSL is configured using Azure Key Vault with green checkmarks for "Importing certificate" and "Certificate provisioning" and "Complete". Certificate management type is set for [use my own certificate].

    Backend pools configuration:

    config1: host name:(ip number), priority:1, weight:50. Health probe and lead balancing set at default.

    Routing rule:

    routing1: frontend hosts: mydomain.azurefd.net and also www.mydomain.com. backend pool: config1. accepted protocols: http and https

    I don't know what is wrong. Help!

    Tuesday, February 12, 2019 7:34 PM

All replies


  • Greetings

    Thanks for posting here,

    Hope you have gone through this. If not please have a look.

    1. Azure Front Door Service currently only supports Key Vault accounts in the same subscription as the Front Door configuration. Choosing a Key Vault under a different subscription than your Front Door will result in a failure.

    2. Azure Front Door Service currently only supports Key Vault certificates stored under the Secrets section. Your certificate import will fail if you store it under Certificates section instead of Secrets section.

    3. Azure Front Door Service currently only supports certificates uploaded with a PFX without a password.

    If you think your question has been answered click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
    ________________________________________________________________________________
    Best regards

    Subhash


    Wednesday, February 13, 2019 9:55 AM
    Moderator
  • Our Key Vault config is fine. The website is now accessible over HTTP and HTTPS using the www.mydomain.com. But there is still a problem.

    First issue is that the docs do not specifically state how to use an Azure App Service website with SSL enabled. An IP number is required for the back end host name, using the automatically populated website name does not work. That IP number needs a backend host header of the mydomain.azurewebsites.net name, not the www.mydomain.com name.

    Second issue is that docs do not make it clear that there should be two frontend hosts, the mydomain.azurefd.net and also www.mydomain.com and that the custom domain HTTPS bits must be changed there.

    Name propagation took a very long time to complete. When the portal GUI said AFD was ready, it was not really ready for several hours after that.

    So the current issue is that Azure Front Door did not change website responsiveness at all. 4 days later, after we would expect AFD to have fully propagated across Azure, page speed tests from various vendors give the same rating. In the single only routing rule established for the site, URL Rewrite is disabled, Caching is enabled, Caching is set for "Cache every unique URL", Dynamic compression is enabled. However, page speed has not changed.

    The actual website is in US West 2. Page speed tests have been tried from geographies across the globe.

    Thanks.

    Thursday, February 14, 2019 2:11 PM
  • Thank you for your feedback. 

    Azure Front Door has POP Servers across the globe and it helps your to cache the unique URL and next time when you try accessing the same URL, it reduces the latency.(According to your Cache settings) 

    We need more data to see why this is happening. I would suggest you to enable diagnostic settings and enable FrontDoorAccessLogs to check all the request hitting AFD. 

    You can also take a look at the metric to check the latency. With the data, we can try to understand the nature of request, origin of the request and why AFD is behaving this way. 

    Let me know if you have any further questions. 

    Regards, 

    Msrini

    Thursday, February 14, 2019 3:44 PM
    Moderator
  • Hi , 

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Msrini

    Saturday, February 23, 2019 5:44 AM
    Moderator
  • Azure Front Door is designed to increase the performance of multi region applications (your app is physically hosted in several regions throughout the globe, and customers are directed to the closest regional server), not increase the speed of an application hosted in one region. 

    If speed increases are what you are looking for, you might want to consider deploying your application in multiple regions, and setting up a CDN to deliver frequently accessed resources quickly

    Saturday, March 2, 2019 1:56 AM
    Moderator
  • Hi , 

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Subhash.V

    Tuesday, March 12, 2019 3:17 PM
    Moderator