I have an Azure App Service hosting an asp.net website. I have a custom domain via GoDaddy, which I manage via a DNS Zone in Azure. I can't find any documentation on how to support traffic to the root, or "naked" domain.
I have a Standard managed certificate from Azure--my understanding is I don't need a wildcard certificate for what I'm trying to do:
The issued certificate secures both the root domain and the www subdomain.
The custom domain and certificate work for "www.mydomain.com", but resolve to 404 errors when hitting "mydomain.com".
MY DNS Zone has the following records:
(plus NS and SOA)
I have found articles with references to using domain forwarding (from GoDaddy), Front Door ($35/month), and Traffic Manager (also not free). How do I support handling traffic to my "root" domain?
You don't need to purchase domain forwarding.
When your client (web browser) requests the website, it sends the host address with the request. This is so that the server is able to host multiple websites, and differentiate your request from users requesting a different website, in a shared hosting scenario.
GET / HTTP/1.1
Host: mywebsite.azurewebsites.com
User-Agent: Mozilla/5.0
Accept: text/html
When you request your GoDaddy root domain, the Azure Web Server Farm receives Host: www.mydomain.com
, and it doesn't know what application to serve.
To resolve this, you must add www.mydomain.com
as a custom domain to your Web App. Judging by your DNS records, it appears that you have already verified your domain in Azure, so you can skip a few of the usual steps.
Navigate to Web App in Azure Portal:
Add Custom Domain:
Secure with SSL (Optional): In order for the client to establish TLS/SSL, it must verify the remote certificate's Common Name (CN) or Subject Alternative Names (SAN) against the requested fully qualified domain name (FQDN) as specified in the browser address bar. If they do not match then you will get an error/warning displayed in the browser.
In your case you will likely receive a MS/Azure certificate with CN *.azurewebsites.com
. This does not match mydomain.com
, and so you will get an error when using the https://...
scheme.
To resolve this, you must obtain a certificate for mydomain.com
. Most certificate authorities will sell you one which also includes the www
subdomain as a SAN for free; An Azure App Service Managed Certificate does.
After adding the custom domain to your Web App in Azure, it should be accessible using your custom domain name.