Is it possible to add a custom domain for an Azure Blob Storage Static Website without a public CNAME record?

huangapple go评论78阅读模式
英文:

Is it possible to add a custom domain for an Azure Blob Storage Static Website without a public CNAME record?

问题

我有一个 Azure Blob Storage 静态网站,我想为其添加一个自定义子域名(例如 mysite.example-company.com 指向我的静态网站)。我正在按照此文档页面进行操作。

静态网站的防火墙在 Azure 网络页面中配置为仅允许来自公司 VPN 的连接(即仅限内部网站)。考虑到这一点,我只想创建一个内部 CNAME 记录,只有 VPN 用户才能看到。

当我在 Azure 网络页面中输入我的自定义域名时,我收到了一个错误消息:

Failed to update storage account 'example'. Error: The custom domain name could not be verified. CNAME mapping from mysite.example-company.com to any of example.blob.core.windows.net,example... does not exist

我想这个过程失败是因为 Azure 正在尝试查找一个公共 CNAME 记录。是否有办法在 Azure 静态网站中添加自定义域名而无需公共 CNAME 记录?

英文:

I have an Azure Blob Storage static site that I am trying to add a custom subdomain for (such that mysite.example-company.com points to my static site). I am following this documentation page.

The static site's firewall is configured in the Azure Networking page to only allow connections from the company's VPN (i.e., it is an internal-only site). With that in mind, I am only interested in creating an internal CNAME record -- one that can only be seen by users on the VPN.

When I enter my custom domain in the Azure Networking page, I am getting an error message:

> Failed to update storage account 'example'. Error: The custom domain name could not be verified. CNAME mapping from mysite.example-company.com to any of example.blob.core.windows.net,example... does not exist

I imagine that this process is failing because Azure is attempting to look for a public CNAME record. Is there any way to add a custom domain for an Azure static site without a public CNAME record?

答案1

得分: 1

Azure Blob Storage对于自定义域名需要进行域名验证,以确保您拥有该域名并防止他人使用未拥有的域名。如果您的DNS仅限内部访问(无法从公共互联网访问),Azure将无法验证自定义域名,因为它是通过公共互联网进行检查的。

以下是我尝试解决这个问题的方法:

最简单的方法似乎是临时创建一个公共CNAME记录用于域名验证。一旦Azure验证了自定义域名,您可以删除公共CNAME记录并依赖于您的内部DNS。

或者

另一种方法是使用Azure Front Door或Azure CDN等服务,并将流量路由到Azure Blob静态网站。您仍然需要处理域名验证(通常使用验证代码),但这可能比直接指向Blob存储的CNAME更可接受。

英文:

Azure Blob Storage requires domain verification for custom domains, to ensure that you own the domain and to prevent others from using domains they don't own. If your DNS is internal-only (not accessible from the public internet), Azure won't be able to verify the custom domain because it checks from the public internet.

Below is how I would have tried to tackle this situation:

The easiest way seems to temporarily create a public CNAME record for the domain verification. Once Azure has verified the custom domain, you can remove the public CNAME and rely on your internal DNS.

Or

Another approach will be to use service like Azure Front door or Azure CDN and Route your traffic to azure blob static website. You'd still need to handle domain validation (typically done with a verification code), but it might be more acceptable than a CNAME pointing directly to your blob storage.

huangapple
  • 本文由 发表于 2023年8月8日 22:14:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76860417.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定