How to map storage and CDN to a custom domain

NB: vous avez besoin d’une traduction en français? Laissez-moi un commentaire en bas de ce billet.

Windows Azure SDK 1.4 has just released.

This posts shows how to map azure storage and CDN to a custom domain, as well as how to use https with this custom domain.

In this example, I’ll use my storage account named benjguinwesteurope01 which is located in West Europe datacenter as you could imagine.

I create a container named container01 and a sample file named file01.png, with public access (this can be done thru various utilities which are based on blob APIs).

The result is a blob, publically available at the following URLs:

• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png
• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png

In order to access it thru a CDN, we have to enable CDN for the storage account. This can be done thru the Windows Azure portal

so, once DNS have replicated, the picture is available thru the 2 additional URLs:

• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png
• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png
• https://az25331.vo.msecnd.net/container01/file01.png
• https://az25331.vo.msecnd.net/container01/file01.png

 

Now, let’s map that to custom domains: azure01.benjguin.archims.fr and cdn.azure01.benjguin.archims.fr in this example.

This makes Azure challenge me to check wether I really own the domain or not:

I go to the registrar (gandi.net in my case and update the DNS):

Copy from Azure portal’s challenge:

to the registrar Web UI:

 

Azure portal is pending while the domain is not verified:

In order to have Azure verifying I really own the domain, I click on the “Validate Domain” button:

DNS replication can take some time. In the interval, the response may be the following:

 

While waiting for the DNS to replicate, the same can be done for CDN url:

(same as before with the new challenge):

 

we also have to add the two additional CNAMEs so that redirects work:

and

…

After some time, DNS replicated and domain could be validated:

and

 

so at this stage, the blob is available thru the following URLs:

• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png
• https://benjguinwesteurope01.blob.core.windows.net/container01/file01.png
• https://az25331.vo.msecnd.net/container01/file01.png
• https://az25331.vo.msecnd.net/container01/file01.png
• https://azure01.benjguin.archims.fr/container01/file01.png
• https://cdn.azure01.benjguin.archims.fr/container01/file01.png

When trying https://azure01.benjguin.archims.fr/container01/file01.png, we get

 

same for https://cdn.azure01.benjguin.archims.fr/container01/file01.png

For now it is not possible to upload certificates that map azure01.benjguin.archims.fr or cdn.azure01.benjguin.archims.fr in order to have Azure storage using them directly.

The way to do this would be to have a custom domain mapped to Web Role that serves the blobs.

 

NB: Mapping a custom domain to a web role does not require any verification because the code inside the web role can have its own logic and refuse to serve requests with other domains.

This might be the subject of a future post.

 

Benjamin