Search code examples
azureasp.net-corednsazure-web-app-service

How Do I Configure Azure App Service Support for Root/Naked Domain?

I have an Azure App Service hosting an asp.net website. I have a custom domain via GoDaddy, which I manage via a DNS Zone in Azure. I can't find any documentation on how to support traffic to the root, or "naked" domain.

I have a Standard managed certificate from Azure--my understanding is I don't need a wildcard certificate for what I'm trying to do:

https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-app-service-certificate?tabs=portal#buy-and-configure-an-app-service-certificate

The issued certificate secures both the root domain and the www subdomain.

The custom domain and certificate work for "www.mydomain.com", but resolve to 404 errors when hitting "mydomain.com".

MY DNS Zone has the following records:

  • A => @ => my web azure IP address
  • TXT => @ => v=spf1 include:spf.protection.outlook.com -all
  • CNAME => www => my azure web address
  • CNAME => selector1-azurecomm-prod-net._domainkey => selector1-azurecomm-prod-net._domainkey.mydomain.com
  • CNAME => selector2-azurecomm-prod-net._domainkey => selector2-azurecomm-prod-net._domainkey.mydomain.com*
  • TXT => asuid => (some kind of guid)

(plus NS and SOA)

I have found articles with references to using domain forwarding (from GoDaddy), Front Door ($35/month), and Traffic Manager (also not free). How do I support handling traffic to my "root" domain?

Solution

  • You don't need to purchase domain forwarding.

    When your client (web browser) requests the website, it sends the host address with the request. This is so that the server is able to host multiple websites, and differentiate your request from users requesting a different website, in a shared hosting scenario.

    GET / HTTP/1.1
Host: mywebsite.azurewebsites.com
User-Agent: Mozilla/5.0
Accept: text/html

    When you request your GoDaddy root domain, the Azure Web Server Farm receives Host: www.mydomain.com, and it doesn't know what application to serve.

    To resolve this, you must add www.mydomain.com as a custom domain to your Web App. Judging by your DNS records, it appears that you have already verified your domain in Azure, so you can skip a few of the usual steps.

    Navigate to Web App in Azure Portal:

    Add Custom Domain:

    • In the left-hand menu, under the "Settings" section, click on "Custom domains".
    • Click on "Add custom domain".
    • Enter your custom domain name that you've already verified and click on "Add".

    Secure with SSL (Optional): In order for the client to establish TLS/SSL, it must verify the remote certificate's Common Name (CN) or Subject Alternative Names (SAN) against the requested fully qualified domain name (FQDN) as specified in the browser address bar. If they do not match then you will get an error/warning displayed in the browser.

    In your case you will likely receive a MS/Azure certificate with CN *.azurewebsites.com. This does not match mydomain.com, and so you will get an error when using the https://... scheme.

    To resolve this, you must obtain a certificate for mydomain.com. Most certificate authorities will sell you one which also includes the www subdomain as a SAN for free; An Azure App Service Managed Certificate does.

    • If you want to secure your custom domain with SSL, go to the "TLS/SSL settings" section of your Web App.
    • Configure the SSL settings and bind the SSL certificate to your custom domain. If you're using Azure App Service Managed Certificates, Azure will handle this for you.

    After adding the custom domain to your Web App in Azure, it should be accessible using your custom domain name.