- Interact with Azure Cosmos DB with PowerShell - Tue, Sep 14 2021
- Azure health services: Track Microsoft cloud outages and maintenance - Wed, Sep 8 2021
- Powerline: Customize your PowerShell console - Tue, Aug 31 2021
When you create a new Azure App Service web application, you're required to choose a service name that's unique within Microsoft's azurewebsites.net Domain Name System (DNS) domain. For instance, if I create a web app named 4sysopsdev, I can access the site by using either of the following public uniform resource locators (URLs):
NOTE: Although this article focuses on web apps, you can use custom DNS domain names with the other Azure App Service app types, including mobile, API, and logic.
A nice benefit to using the Azure App Service is that your web apps can use HTTPS via Microsoft's azurewebsites.net wildcard SSL/TLS certificate.
Of course, the previous points are largely academic, because any business worth its salt should use its own public DNS domain for its Azure websites. I submit that this is true even for internally facing web apps.
Binding a public DNS domain to your Azure App Service web app involves three steps:
- Purchase a domain
- Create mapping DNS records with your registrar
- Associate the domain with your web app in the Azure Portal
Step 1—purchase a domain ^
In the Azure Resource Manager (ARM) portal at portal.azure.com, navigate to your target App Services web app and open the Custom domains and SSL setting, as shown below:
Let me describe each section of that blade, as it is our central focus here:
- Buy Domains: You can purchase a domain directly from the Azure portal; GoDaddy is the actual registrar in this case.
- Bring External Domains: This button starts the process of mapping your domain name to the current Azure web app.
- Managed Domains: This is where the DNS domains you've associated with Azure are listed.
- Hostnames Assigned to Site: You always have the azurewebsites.net mapping and can't delete it; your custom mapping will appear in this list as well.
- Certificates: Any uploaded SSL/TLS digital certificates reside here.
- SSL bindings: The association between your custom domain name and your SSL certificate is here, if you have both associated with this web app.
Please note that you're not required to purchase your domain through the Azure Portal. As long as you can manage your domain's DNS records, you're all set.
Step 2—create mapping records ^
From the Custom domains and SSL blade, click Bring External Domain. You'll see a user interface very similar to the following:
You'll want to make note of the (a) azurewebsites.net fully qualified domain name (FQDN) as well as your web app's assigned public IPv4 address.
Next, head over to your DNS domain registrar and access its tool for managing your domain's DNS records. The goal is to create two new resource records:
- Verification record: This IPv4 host (A) record maps the awverify hostname to your azurewebsites.net FQDN. Azure uses the awverify name to verify that you actually own your custom domain.
- Mapping record: You can either create an A record pointing to your web app's public IP address or a canonical name (CNAME) alias record mapping to your azurewebsites.net FQDN.
With regard to the verification record and my own visioitpro.com example domain, we'd create a CNAME record named awverify.visioitpro.com to map the root of the domain.
If we wanted to map a subdomain such as app.visioitpro.com, the CNAME record would be awverify.app.visioitpro.com.
The verification records are used only for that purpose and should not be used by anybody else. In fact, after verification succeeds, you can delete them.
For the mapping record, you have two choices:
- A record: This method is required to map the root (@) of your own domain to Azure. The problem is that you'll have to update the A record if your Azure web app's public IPv4 address changes.
- CNAME record: This method is convenient, because you don't have to change the record's target address if your web app shifts to a new public IPv4 address.
In the following screenshot, I show you mapping the root of my visioitpro.com DNS domain to my Azure web app's public IPv4 address. In case you're curious, I use WordPress.com and its domain manager here:
Step 3–Associate the custom domain with your Azure web app ^
Use a free service site such as digwebinterface.com to test whether calls to your Azure web app resolve to Azure or your DNS registrar. In my experience, the verification and DNS name propagation normally take less than 10 minutes.
Back in the Azure Portal, the Bring External Domain blade will show a green check mark once the domain finishes mapping successfully.
As you can see in the next screenshot, you can unassign a domain name from your web app by clicking the domain in the Hostnames assigned to site section of the Custom domains and SSL blade and selecting Unassign from the fly-out menu.
Next steps ^
As you'd expect, the Azure development team offers several other capabilities for our Azure web apps. For instance, we can enable HTTPS on our apps by using an SSL/TLS certificate.
Subscribe to 4sysops newsletter!
The service is still in preview as of this writing, but Azure actually allows you to deploy and manage your own public DNS zones by using the Azure Portal, Windows PowerShell, or the Azure Command-Line Interface (CLI).