How to Enable Custom Hostnames In Azure Stack Web Apps
You may have noticed that if you try to configure a custom hostname (e.g. mycoolapp.mydomain.com) for a Web App you’ll get a name validation error similar to this:
So the good news is… it is possible to setup custom hostnames for Azure Web Apps deployed in Azure Stack I can see the intent to make this feature work the same way as Azure Public to help support hosting companies, but for the enterprise it does not make sense. The enterprise will most likely not be exposing Azure Stack to internet, and will be using the application internally. This article will guide you through the process to enable this capability as well as how your developers can setup a custom dns registration for the web app and bind an SSL certificate to it.
So lets get started…
Steps To Complete
- Disable Custom Domain Verification from the App Services Configuration Settings (Operator)
- Restart the Front End Scale Set (Operator)
- Create Internal DNS Registrations for your web app (Developer)
- Upload and Bind SSL certificates to your custom hostnames (Developer)
Disable Custom Domain Verification from the App Services Configuration Settings
The first thing that needs to occur is an Azure Stack operator, will need to disable DNS validation inside the App Services configuration settings. Since Azure Stack doesn’t have the ability yet to validate DNS for internal DNS registrations, disabling is the only path.
To disable Custom Domain Verification navigate to the Admin portal for your Azure Stack region. Once in the Admin portal, navigate to Resource Groups and find and open the resource group called AppService.<region>.
Locate the Public IP Address for CN0 or CN1 (either will work). Now using this IP RDP into one of the Controller Nodes for App services. (Typically the username is .\otheradmin and password you set during deployment of the App Services resource provider).
Once you’re logged into CN0 or CN1 locate and open the “Web Cloud Management Console” icon on the desktop.
From within the Web Cloud Management Console click the Configuration -> Settings section. On the right pane find the “ CustomDomainVerificationEnabled”setting and change it from TRUE to FALSE. Save and logoff of CN0 or CN1.
Restart the Front End Scale Set
In order for this change to take effect we need to restart the Web Front End instances in the Front End Scale Set.
Back in the Admin portal go back to Resource Groups -> AppServices.<region> and click on the FrontEndsScaleSet. From the Overview blade, click Restart. *Note this will cause a disruption in service so perform these steps during a maintenance period.
This will take some time but once the restart has completed you can go back to a Web App from the User portal and test setting a custom hostname. You should see the validation succeed and the button to add the new hostname is now activated.
Adding the new hostname to the Web App will ensure, once dns is configured, it will render the web app using the new hostname. So lets get DNS setup for your Web App’s custom hostname.
Create an Internal DNS Registration for a Web App
Now this step will entirely depend on your DNS system and process for your company. For ours we have an IPAM system that we built that also controls DNS. However this is mostly irrelevant. As long as you have the ability to create a new custom DNS record (ALIAS) you are good to go.
The important part of this step is that all custom DNS entries will need to be Alias to the public IP address that is registered to your Azure Stack App Services Front End. You can get this 1 of 2 ways:
- The easiest way is to ping your existing web app dns name that was registered upon deploying the app. It will be in the format of <yourwebappname>.appservice.<region>.<domain of azurestack> it will return the IP of your Web Front End PIP. (Side note, this resolves to your app services web front end pip because during deployment of the App services resource provider you are required to setup DNS delegation from your internal DNS to Azure Stack’s App Service Web Front End PIP for *.appservice.<region>.<azurestack domain>)
- The second way is to get the IP from the FrontEndServersPublicEndpoint Public IP from the Admin portal -> Resource Groups -> AppService.<region>.
Once you’ve setup the internal DNS record for your custom hostname and you have added this hostname to your Web App as stated in the steps above, you can test.
Your web application should render using the new hostname and the original.
Binding an SSL Certificate
Now that you have a custom hostname for your Web App, you’ll also likely need to bind a new certificate.
The process is pretty much identical to Azure in the sense that you need to generate a certificate request (I use keystore explorer) and submit it to your companies SSL provider. They will provide you with a response and you’ll need to export it as a PFX. (pretty standard stuff and lots of articles out there on how to accomplish this for IIS web sites). *note: Make sure and put a password on the pfx or else the form validation in the next step will not let you proceed!
Once you have your PFX certificate for your new custom hostname, you will upload it by navigating to the User portal -> Web App -> SSL Settings.
Once the certificate is uploaded you can bind it to your host name in the Binding tab of the SSL settings.
Shew! That’s it. You now have a custom hostname enabled Azure Stack App Services environment.