I have an Azure Blob Storage static site that I am trying to add a custom subdomain for (such that mysite.example-company.com points to my static site). I am following this documentation page.
The static site's firewall is configured in the Azure Networking page to only allow connections from the company's VPN (i.e., it is an internal-only site). With that in mind, I am only interested in creating an internal CNAME record -- one that can only be seen by users on the VPN.
When I enter my custom domain in the Azure Networking page, I am getting an error message:
Failed to update storage account 'example'. Error: The custom domain name could not be verified. CNAME mapping from mysite.example-company.com to any of example.blob.core.windows.net,example... does not exist
I imagine that this process is failing because Azure is attempting to look for a public CNAME record. Is there any way to add a custom domain for an Azure static site without a public CNAME record?
Azure Blob Storage requires domain verification for custom domains, to ensure that you own the domain and to prevent others from using domains they don't own. If your DNS is internal-only (not accessible from the public internet), Azure won't be able to verify the custom domain because it checks from the public internet.
Below is how I would have tried to tackle this situation:
The easiest way seems to temporarily create a public CNAME record for the domain verification. Once Azure has verified the custom domain, you can remove the public CNAME and rely on your internal DNS.
Or
Another approach will be to use service like Azure Front door or Azure CDN and Route your traffic to azure blob static website. You'd still need to handle domain validation (typically done with a verification code), but it might be more acceptable than a CNAME pointing directly to your blob storage.