Quickstart: Create an Azure Front Door using Azure portal
This quickstart guides you through the process of creating an Azure Front Door profile using the Azure portal. You have two options to create an Azure Front Door profile: Quick create and Custom create. The Quick create option allows you to configure the basic settings of your profile, while the Custom create option enables you to customize your profile with more advanced settings.
In this quickstart, you use the Custom create option to create an Azure Front Door profile. You first deploy two App services as your origin servers. Then, you configure the Azure Front Door profile to route traffic to your App services based on certain rules. Finally, you test the connectivity to your App services by accessing the Azure Front Door frontend hostname.
Note
For web workloads, we highly recommend utilizing Azure DDoS protection and a web application firewall to safeguard against emerging DDoS attacks. Another option is to employ Azure Front Door along with a web application firewall. Azure Front Door offers platform-level protection against network-level DDoS attacks. For more information, see security baseline for Azure services.
Prerequisites
An Azure account with an active subscription. Create an account for free.
Create an Azure Front Door profile
Sign in to the Azure portal.
Navigate to the home page or the Azure menu and select + Create a resource. Enter Front Door and CDN profiles in the search box and select Create.
On the Compare offerings page, select Quick create, and then select Continue to create a Front Door.
On the Create a Front Door profile page, provide the following information:
Setting Description Subscription Select your subscription. Resource group Select Create new and enter myAFDResourceGroup. Name Enter a name for your profile, such as myAzureFrontDoor. Tier Select either Standard or Premium. Standard is optimized for content delivery, while Premium focuses on security. See Tier Comparison. Endpoint name Enter a globally unique name for your endpoint. Origin type Select the type of resource for your origin. For this example, select an App service with Private Link enabled. Origin host name Enter the hostname for your origin. Private link (Premium only) Enable private link service for a private connection between Azure Front Door and your origin. Supported origins include internal load balancers, Azure Storage Blobs, Azure App services, and Azure Storage Static Website. See Private Link service with Azure Front Door. Caching Select the check box to cache content closer to users globally using Azure Front Door's edge POPs and the Microsoft network. WAF policy Select Create new or choose an existing WAF policy from the dropdown to enable this feature. Note
When creating a new Azure Front Door profile, you can only select an origin from the same subscription the Front Door is created in.
Select Review + Create and then Create to deploy your Azure Front Door profile.
Note
- It may take a few minutes for the Azure Front Door configuration to propagate to all edge POPs.
- If you enabled Private Link, go to the origin's resource page, select Networking > Configure Private Link, select the pending request from Azure Front Door, and then select Approve. After a few seconds, your origin will be accessible through Azure Front Door securely.
Verify Azure Front Door
The global deployment of the Azure Front Door profile takes a few minutes to complete. After that, you can access the frontend host by entering its endpoint hostname in a browser. For example, contoso-frontend.z01.azurefd.net
. The request is automatically routed to the closest server among the specified servers in the origin group.
To test the instant global failover feature, follow these steps if you created the apps in this quickstart. You see an information page with the app details.
Enter the endpoint hostname in a browser, for example,
contoso-frontend.z01.azurefd.net
.In the Azure portal, search for and select App services. Locate one of your Web Apps, such as WebApp-Contoso-001.
Select the Web App from the list and then select Stop. Confirm your action by selecting Yes.
Reload the browser to see the information page again.
Tip
Traffic may take some time to switch to the second Web App. You may need to reload the browser again.
To stop the second Web App, select it from the list and then choose Stop. Confirm your action by selecting Yes.
Reload the web page. You should encounter an error message after the refresh.
Clean up resources
If you no longer need the environment, you can delete all the resources you created. Deleting a resource group also removes all its contents. To avoid incurring unnecessary charges, we recommend deleting these resources if you don't plan to use this Azure Front Door.
In the Azure portal, search for and select Resource groups, or navigate to Resource groups from the Azure portal menu.
Use the filter option or scroll down the list to locate the resource groups, such as myAFDResourceGroup, myAppResourceGroup, or myAppResourceGroup2.
Select the resource group you want to delete, then choose the Delete option.
Warning
Deleting a resource group is irreversible. The resources within the resource group cannot be recovered once deleted.
Enter the name of the resource group to confirm, and then select the Delete button.
Repeat these steps for the remaining resource groups.
Next steps
Proceed to the next article to learn how to configure a custom domain for your Azure Front Door.