1

With AWS I can convert a http to a https endpoint with API Gateway and CloudFront, and I get an URL like below,

https://4z9giyi2c1.execute-api.us-west-2.amazonaws.com/test/petstore/pets?type=fish

How can do I the same with Azure?

Kannaiyan
  • 12,554
  • 3
  • 44
  • 83
  • Which tier of CDN are you using, as the answers are slightly different. If you're using "Premium Verizon" see [this answer](https://stackoverflow.com/a/50240352/33051)? – Zhaph - Ben Duguid Jun 20 '19 at 16:25
  • We use Premium Verizon. There is a integration issue between Azure and Verizon. Based on the below answer, Front Door is the right solution. – Kannaiyan Jun 28 '19 at 21:51

3 Answers3

1

Azure Front Door is the option you require.

This service provides a combined Web Application Firewall, Traffic Manager (for routing) and CDN all in one service. More importantly, unlike the other plain CDNs Azure offers, it allows for SSL termination:

You can configure the routing rule to accept either one of http or https only, or both, and then the route details allow you to specify whether the request is passed on as HTTPS Only, HTTP Only (what you want) or "Match Request":

Routing options within Front Door

You could then set up a subsequent rule for non-HTTPS traffic that redirects to HTTPS, forcing all traffic to be secure.

Zhaph - Ben Duguid
  • 26,785
  • 5
  • 80
  • 117
0

There is a open source extension for this:

  1. Go to your Azure App Service Development Tools bar, you could find Extensions tab there and click on Add.

  2. Before there is a extension Redirect HTTP to HTTPS there however I could not find it know, but I find a new extension Security Settings: HTTPS Redirect w/KeepAlive Support, Headers incl HSTS, CSP, and More. "Medium strength"..

enter image description here

  1. Add the extension and restart the web.

Further details on this extension, check the source code on github. The mainly important file is applicationhost.xdt. It writes the rule "redirect HTTP to HTTPS".

          <rewrite xdt:Transform="InsertIfMissing">
                <rules xdt:Transform="InsertIfMissing" lockElements="clear">
                    <rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                            <add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
                            <add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" ignoreCase="false" />
                            <add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" ignoreCase="false" />
                            <add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" ignoreCase="false" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                    </rule>
                </rules>
            </rewrite>
George Chen
  • 13,703
  • 2
  • 11
  • 26
  • I don't want to redirect from http to https. Instead proxy http with a https address. Can I give a http url and get a https url that can proxy http? – Kannaiyan Mar 19 '19 at 01:59
  • @Kannaiyan,actually if you just use the default domain, you get a (free) ssl for you web and you could visit https site. However highly suggest that you use your own domain and your own SSL certificate (buy one) if you are going in production with it. – George Chen Mar 19 '19 at 02:21
  • Why do you recommend for own domain and own SSL ? – Kannaiyan Mar 19 '19 at 02:22
  • @Kannaiyan, and this is the whole [tutorial about how to bind ssl to your web ](https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#bind-your-ssl-certificate). And if you want to use like Let’s Encrypt you could go to [this blog](https://www.hanselman.com/blog/SecuringAnAzureAppServiceWebsiteUnderSSLInMinutesWithLetsEncrypt.aspx) , it combines the Let’s Encrypt extension to change your site to https://. – George Chen Mar 19 '19 at 02:24
  • @Kannaiyan, If you just test/play around - then you can safely use the default provided one. – George Chen Mar 19 '19 at 02:25
0

Update

CloudFront is AWS CND which is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency. The CDN for Azure is Azure Content Delivery Network (CDN).

If your goal is to enforce HTTPS for your application, then CDN is may not be the best available option as CDNs are used to deliver static contents with low letency and high availability to globally dispersed customers. Although, you can use HTTPS with CDN but this will incur cost for using CDN services.

So if your primary goal is to use HTTPs then below procedure is for binding SSL to your custom domian name to enforce HTTPS communication with your website.

With Microsoft Azure you can bind your Webapp with SSL certificate in order to access it over https. In order to do so you need to have;

  1. Created an App Service app

  2. Map a custom DNS name to your App Service app

  3. Acquired an SSL certificate from a trusted certificate authority

  4. Have the private key you used to sign the SSL certificate request

In you Azure portal visit the webapp for which you want to add SSL certificate. Then click SSL settings in the left navigation of your app. Then Click Upload Certificate to add it in your web app.

Afterwards, In the SSL binding section, click Add binding. In the Add SSL Binding page, use the dropdowns to select the domain name to secure, and the certificate to use.

Enforcing HTTPS:-

You can redirect all HTTP requests to the HTTPS port. In your app page, in the left navigation, select SSL settings. Then, in HTTPS Only, select On.

For further information and full tutorial please visit Tutorial: Bind an existing custom SSL certificate to Azure App Service

But, if you intended to use CDN services along with secure HTTPs connection then below is the procedure to use Azure CDN to enable a custom domain with SSL.

  1. In the Azure portal, browse to your Azure CDN Standard from Microsoft, Azure CDN Standard from Akamai, Azure CDN Standard from Verizon or Azure CDN Premium from Verizon profile.
  2. In the list of CDN endpoints, select the endpoint containing your custom domain.
  3. In the list of custom domains, select the custom domain for which you want to enable HTTPS.
  4. Under Certificate management type, select CDN managed.
  5. Select On to enable HTTPS.

For further information refer Configure HTTPS on an Azure CDN custom domain

If you only want to redirect your HTTP traffic to HTTPs in your Azure CDN the you only need to create a URL Redirect rule with the Azure CDN rules engine. For further info refer HTTP-to-HTTPS redirection

Community
  • 1
  • 1
Jinesh Shah
  • 922
  • 10
  • 18
  • CloudFront or API Gateway comes with its own SSL and does not need any other extra configuration. Do I need to write any code to forward the request to the destination URL? – Kannaiyan Mar 19 '19 at 01:58
  • No, you don't need to write any extra code forward the request to the destination url. See my updated answer. – Jinesh Shah Mar 19 '19 at 06:31