Profile picture
, 16 tweets, 10 min read
My Authors
Read all threads
I needed a space to deploy simple web page over weekend. Requirements:
- static web page
- custom domain (apex)
- HTTPS enabled.

I gave a try to #Azure storage as a web hosting. Thread: (hint: documentation sucks at least a bit).
1/
Storage: simple, yet useful service in all #cloud. #Azure storage host static website:
Pro: simple, cheap, custom domain
Con: No HTTPS for custom domain
Basic setup:
docs.microsoft.com/en-us/azure/st…
- Create storage account
- Enable web hosting
- Change public access level
Done. Works.
I have DNS zone on #Azure DNS. No apex ("naked") domain support. How to overcome HTTPS and custom zone support?
Go for #Azure CDN service - in my case, Verizon premium (rules). It might take some time to provision it.
Basic setup: docs.microsoft.com/en-us/azure/cd…
Once you have it, on storage account go to "Azure CDN" and create new endpoint. IMPORTANT: select right "origin hostname" - it should be one with "*.web.core.windows.net" URL.
Not sure if you did it right - once an endpoint is created, go to its configuration and go "Origin" -> verify you have "Storage static website" selected.

Most blogs says "Custom" - there wasn't option for "website" before.
Basic endpoint config done.

Time to add custom domain - endpoint configuration "custom domains". Add your domain of choice. In my case 'naked' domain.

#Azure DNS doesn't support naked domain, unless ... it is an alias for #Azure CDN
Go to #Azure DNS and configure an "@" record, A type as an alias with target on your #Azure CDN endpoint. You have "naked" domain configured.

Congrats!
Now time to make it "HTTPS". Go to your CDN endpoint and surprise. No support for "managed" certs for naked domain. You need to bring your own cert.
Setup #Azure KeyVault and import cert into it.
I have a certs from @DigiCert as an #MVP #MVPBuzz perk. Created one and imported.

Nice way to do it - @letsencrypt

Nice function to generate, import and renew certs - github.com/MarcStan/lets-…
@digicert @letsencrypt Once cert is in place, you are ready to go. Use guidelines from the docs - one modification, you need to grant "List, Get and Import" on certs to #Azure CDN as a permissions on your KV. Docs says only "get-secret"
@digicert @letsencrypt Had an issue with "The server (leaf) certificate isn't within the validity period" while importing. Hint! It has to be 12 months valid, not 24 months.
Set reminder to renew it in a year (or use @letsencrypt)
We should have classes on writing useful error messages in IT :) - @AzureSupport definitely something can be done about this one :).
@AzureSupport Cert Import and propagation can take up to 6hrs - be patient my friend. It is a #cloud :).
@AzureSupport Result - static web site up and running, with naked domain and HTTPS at almost no cost (compared to other services)
Conclusion: it is a bit overkill to have to setup #Azure Storage + #Azure CDN + #Azure KeyVault to get it up and running, but it is great option to have.

Would be nice to have it in one click on Storage account but well .. it is a cloud :)
@threadreaderapp unroll :)
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Tomasz Onyszko

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Azure #cloud #MVP #MVPBuzz

More from @tonyszko see all

Profile picture
Tomasz Onyszko
@tonyszko
@patoarchitekci @marekgrabarz @rwitkowski_asc No więc tak, przesłuchałem w drodze do ... Panie Władzo, to naprawdę moja krytyczna życiowa potrzeba ... tyle powiem w temacie wyjścia. To teraz o odcinku.

1/n
@patoarchitekci @marekgrabarz @rwitkowski_asc @marekgrabarz temat zna tak i to z praktyki, że aż mi trochę głupio że co nie powiem wyjdzie na hejt :), ale mam nadzieje że raczej będzie konstruktywnie i rzeczowo.

2/n
@patoarchitekci @marekgrabarz @rwitkowski_asc Główna rzecz (to samo było na #AzuredayPL - to do czego mam zastrzeżenie to przekazywanie że #OpenIDCOnnect to jest część #Oauth - tak nie jest. Ogólnie temat odcinka nie powinien brzemieć #OAUth i nie o to powinny być pytania.

3/n
Read 19 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!