Microsoft.Network frontDoors
Bicep resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/frontDoors@2021-06-01' = {
location: 'string'
name: 'string'
properties: {
backendPools: [
{
id: 'string'
name: 'string'
properties: {
backends: [
{
address: 'string'
backendHostHeader: 'string'
enabledState: 'string'
httpPort: int
httpsPort: int
priority: int
privateLinkAlias: 'string'
privateLinkApprovalMessage: 'string'
privateLinkLocation: 'string'
privateLinkResourceId: 'string'
weight: int
}
]
healthProbeSettings: {
id: 'string'
}
loadBalancingSettings: {
id: 'string'
}
}
}
]
backendPoolsSettings: {
enforceCertificateNameCheck: 'string'
sendRecvTimeoutSeconds: int
}
enabledState: 'string'
friendlyName: 'string'
frontendEndpoints: [
{
id: 'string'
name: 'string'
properties: {
hostName: 'string'
sessionAffinityEnabledState: 'string'
sessionAffinityTtlSeconds: int
webApplicationFirewallPolicyLink: {
id: 'string'
}
}
}
]
healthProbeSettings: [
{
id: 'string'
name: 'string'
properties: {
enabledState: 'string'
healthProbeMethod: 'string'
intervalInSeconds: int
path: 'string'
protocol: 'string'
}
}
]
loadBalancingSettings: [
{
id: 'string'
name: 'string'
properties: {
additionalLatencyMilliseconds: int
sampleSize: int
successfulSamplesRequired: int
}
}
]
routingRules: [
{
id: 'string'
name: 'string'
properties: {
acceptedProtocols: [
'string'
]
enabledState: 'string'
frontendEndpoints: [
{
id: 'string'
}
]
patternsToMatch: [
'string'
]
routeConfiguration: {
@odata.type: 'string'
// For remaining properties, see RouteConfiguration objects
}
rulesEngine: {
id: 'string'
}
webApplicationFirewallPolicyLink: {
id: 'string'
}
}
}
]
}
tags: {
{customized property}: 'string'
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
@odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration'
backendPool: {
id: 'string'
}
cacheConfiguration: {
cacheDuration: 'string'
dynamicCompression: 'string'
queryParameters: 'string'
queryParameterStripDirective: 'string'
}
customForwardingPath: 'string'
forwardingProtocol: 'string'
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
@odata.type: '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration'
customFragment: 'string'
customHost: 'string'
customPath: 'string'
customQueryString: 'string'
redirectProtocol: 'string'
redirectType: 'string'
}
Property values
Backend
Name | Description | Value |
---|---|---|
address | Location of the backend (IP address or FQDN) | string |
backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
Name | Description | Value |
---|---|---|
backends | The set of backends for this pool | Backend[] |
healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
Name | Description | Value |
---|---|---|
enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
Name | Description | Value |
---|---|---|
cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
queryParameters | query parameters to include or exclude (comma separated). | string |
queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
Name | Description | Value |
---|---|---|
backendPools | Backend pools available to routing rules. | BackendPool[] |
backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
friendlyName | A friendly name for the frontDoor | string |
frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
Name | Description | Value |
---|---|---|
hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
HealthProbeSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
Name | Description | Value |
---|---|---|
enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
intervalInSeconds | The number of seconds between health probes. | int |
path | The path to use for the health probe. Default is / | string |
protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
Name | Description | Value |
---|---|---|
additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
sampleSize | The number of samples to consider for load balancing decisions | int |
successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
RedirectConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
Name | Description | Value |
---|
RouteConfiguration
Name | Description | Value |
---|---|---|
@odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
Name | Description | Value |
---|---|---|
acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
patternsToMatch | The route patterns of the rule. | string[] |
routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Add custom domain and custom certificate with Front Door | This template onboards and secures a custom domain with Front Door with a customer-managed certificate |
Add custom domain and managed certificate with Front Door | This template onboards and secures a custom domain with Front Door |
Control Health Probes for your backends on Front Door | This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent. |
Create a basic Front Door | This template creates a basic Front Door configuration with a single backend. |
Create a Front Door with HTTP to HTTPS redirection | This template creates a Front Door configuration for HTTP to HTTPS redirection. |
ARM template resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following JSON to your template.
{
"type": "Microsoft.Network/frontDoors",
"apiVersion": "2021-06-01",
"name": "string",
"location": "string",
"properties": {
"backendPools": [
{
"id": "string",
"name": "string",
"properties": {
"backends": [
{
"address": "string",
"backendHostHeader": "string",
"enabledState": "string",
"httpPort": "int",
"httpsPort": "int",
"priority": "int",
"privateLinkAlias": "string",
"privateLinkApprovalMessage": "string",
"privateLinkLocation": "string",
"privateLinkResourceId": "string",
"weight": "int"
}
],
"healthProbeSettings": {
"id": "string"
},
"loadBalancingSettings": {
"id": "string"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "string",
"sendRecvTimeoutSeconds": "int"
},
"enabledState": "string",
"friendlyName": "string",
"frontendEndpoints": [
{
"id": "string",
"name": "string",
"properties": {
"hostName": "string",
"sessionAffinityEnabledState": "string",
"sessionAffinityTtlSeconds": "int",
"webApplicationFirewallPolicyLink": {
"id": "string"
}
}
}
],
"healthProbeSettings": [
{
"id": "string",
"name": "string",
"properties": {
"enabledState": "string",
"healthProbeMethod": "string",
"intervalInSeconds": "int",
"path": "string",
"protocol": "string"
}
}
],
"loadBalancingSettings": [
{
"id": "string",
"name": "string",
"properties": {
"additionalLatencyMilliseconds": "int",
"sampleSize": "int",
"successfulSamplesRequired": "int"
}
}
],
"routingRules": [
{
"id": "string",
"name": "string",
"properties": {
"acceptedProtocols": [ "string" ],
"enabledState": "string",
"frontendEndpoints": [
{
"id": "string"
}
],
"patternsToMatch": [ "string" ],
"routeConfiguration": {
"@odata.type": "string"
// For remaining properties, see RouteConfiguration objects
},
"rulesEngine": {
"id": "string"
},
"webApplicationFirewallPolicyLink": {
"id": "string"
}
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "string"
},
"cacheConfiguration": {
"cacheDuration": "string",
"dynamicCompression": "string",
"queryParameters": "string",
"queryParameterStripDirective": "string"
},
"customForwardingPath": "string",
"forwardingProtocol": "string"
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration",
"customFragment": "string",
"customHost": "string",
"customPath": "string",
"customQueryString": "string",
"redirectProtocol": "string",
"redirectType": "string"
}
Property values
Backend
Name | Description | Value |
---|---|---|
address | Location of the backend (IP address or FQDN) | string |
backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
Name | Description | Value |
---|---|---|
backends | The set of backends for this pool | Backend[] |
healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
Name | Description | Value |
---|---|---|
enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
Name | Description | Value |
---|---|---|
cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
queryParameters | query parameters to include or exclude (comma separated). | string |
queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
Name | Description | Value |
---|---|---|
backendPools | Backend pools available to routing rules. | BackendPool[] |
backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
friendlyName | A friendly name for the frontDoor | string |
frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
Name | Description | Value |
---|---|---|
hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
HealthProbeSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
Name | Description | Value |
---|---|---|
enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
intervalInSeconds | The number of seconds between health probes. | int |
path | The path to use for the health probe. Default is / | string |
protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
Name | Description | Value |
---|---|---|
additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
sampleSize | The number of samples to consider for load balancing decisions | int |
successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2021-06-01' |
location | Resource location. | string |
name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/frontDoors' |
RedirectConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
Name | Description | Value |
---|
RouteConfiguration
Name | Description | Value |
---|---|---|
@odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
Name | Description | Value |
---|---|---|
acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
patternsToMatch | The route patterns of the rule. | string[] |
routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Add custom domain and custom certificate with Front Door |
This template onboards and secures a custom domain with Front Door with a customer-managed certificate |
Add custom domain and managed certificate with Front Door |
This template onboards and secures a custom domain with Front Door |
Configure Session Affinity for your Front Door host names |
This template updates a Front Door to enable session affinity for your frontend host, thereby, sending subsequent traffic from the same user session to the same backend. |
Control Health Probes for your backends on Front Door |
This template updates your Front Door to change the health probe settings by setting the probe path and also the intervals in which the probes will be sent. |
Create a basic Front Door |
This template creates a basic Front Door configuration with a single backend. |
Create a Front Door with HTTP to HTTPS redirection |
This template creates a Front Door configuration for HTTP to HTTPS redirection. |
Create a Front Door with multiple backends and backend pools |
This template creates a Front Door with load balancing configured for multiple backends in a backend pool and also across backend pools based on URL path. |
Create Azure Front Door in front of Azure API Management |
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management. |
Create Front Door with Active-Standby config |
This template creates a Front Door that demonstrates priority-based routing for Active-Standby application topology. |
Create Front Door with caching enabled for certain routes |
This template creates a Front Door with caching enabled for the defined routing configuration thus caching any static assets for your workload. |
Terraform (AzAPI provider) resource definition
The frontDoors resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/frontDoors resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/frontDoors@2021-06-01"
name = "string"
location = "string"
body = jsonencode({
properties = {
backendPools = [
{
id = "string"
name = "string"
properties = {
backends = [
{
address = "string"
backendHostHeader = "string"
enabledState = "string"
httpPort = int
httpsPort = int
priority = int
privateLinkAlias = "string"
privateLinkApprovalMessage = "string"
privateLinkLocation = "string"
privateLinkResourceId = "string"
weight = int
}
]
healthProbeSettings = {
id = "string"
}
loadBalancingSettings = {
id = "string"
}
}
}
]
backendPoolsSettings = {
enforceCertificateNameCheck = "string"
sendRecvTimeoutSeconds = int
}
enabledState = "string"
friendlyName = "string"
frontendEndpoints = [
{
id = "string"
name = "string"
properties = {
hostName = "string"
sessionAffinityEnabledState = "string"
sessionAffinityTtlSeconds = int
webApplicationFirewallPolicyLink = {
id = "string"
}
}
}
]
healthProbeSettings = [
{
id = "string"
name = "string"
properties = {
enabledState = "string"
healthProbeMethod = "string"
intervalInSeconds = int
path = "string"
protocol = "string"
}
}
]
loadBalancingSettings = [
{
id = "string"
name = "string"
properties = {
additionalLatencyMilliseconds = int
sampleSize = int
successfulSamplesRequired = int
}
}
]
routingRules = [
{
id = "string"
name = "string"
properties = {
acceptedProtocols = [
"string"
]
enabledState = "string"
frontendEndpoints = [
{
id = "string"
}
]
patternsToMatch = [
"string"
]
routeConfiguration = {
@odata.type = "string"
// For remaining properties, see RouteConfiguration objects
}
rulesEngine = {
id = "string"
}
webApplicationFirewallPolicyLink = {
id = "string"
}
}
}
]
}
})
tags = {
{customized property} = "string"
}
}
RouteConfiguration objects
Set the @odata.type property to specify the type of object.
For #Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration, use:
{
@odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration"
backendPool = {
id = "string"
}
cacheConfiguration = {
cacheDuration = "string"
dynamicCompression = "string"
queryParameters = "string"
queryParameterStripDirective = "string"
}
customForwardingPath = "string"
forwardingProtocol = "string"
}
For #Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration, use:
{
@odata.type = "#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration"
customFragment = "string"
customHost = "string"
customPath = "string"
customQueryString = "string"
redirectProtocol = "string"
redirectType = "string"
}
Property values
Backend
Name | Description | Value |
---|---|---|
address | Location of the backend (IP address or FQDN) | string |
backendHostHeader | The value to use as the host header sent to the backend. If blank or unspecified, this defaults to the incoming host. | string |
enabledState | Whether to enable use of this backend. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
httpPort | The HTTP TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
httpsPort | The HTTPS TCP port number. Must be between 1 and 65535. | int Constraints: Min value = 1 Max value = 65535 |
priority | Priority to use for load balancing. Higher priorities will not be used for load balancing if any lower priority backend is healthy. | int Constraints: Min value = 1 Max value = 5 |
privateLinkAlias | The Alias of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
privateLinkApprovalMessage | A custom message to be included in the approval request to connect to the Private Link | string |
privateLinkLocation | The location of the Private Link resource. Required only if 'privateLinkResourceId' is populated | string |
privateLinkResourceId | The Resource Id of the Private Link resource. Populating this optional field indicates that this backend is 'Private' | string |
weight | Weight of this endpoint for load balancing purposes. | int Constraints: Min value = 1 Max value = 1000 |
BackendPool
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Backend Pool | BackendPoolProperties |
BackendPoolProperties
Name | Description | Value |
---|---|---|
backends | The set of backends for this pool | Backend[] |
healthProbeSettings | L7 health probe settings for a backend pool | SubResource |
loadBalancingSettings | Load balancing settings for a backend pool | SubResource |
BackendPoolsSettings
Name | Description | Value |
---|---|---|
enforceCertificateNameCheck | Whether to enforce certificate name check on HTTPS requests to all backend pools. No effect on non-HTTPS requests. | 'Disabled' 'Enabled' |
sendRecvTimeoutSeconds | Send and receive timeout on forwarding request to the backend. When timeout is reached, the request fails and returns. | int Constraints: Min value = 16 |
CacheConfiguration
Name | Description | Value |
---|---|---|
cacheDuration | The duration for which the content needs to be cached. Allowed format is in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations). HTTP requires the value to be no more than a year | string |
dynamicCompression | Whether to use dynamic compression for cached content | 'Disabled' 'Enabled' |
queryParameters | query parameters to include or exclude (comma separated). | string |
queryParameterStripDirective | Treatment of URL query terms when forming the cache key. | 'StripAll' 'StripAllExcept' 'StripNone' 'StripOnly' |
ForwardingConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' (required) | |
backendPool | A reference to the BackendPool which this rule routes to. | SubResource |
cacheConfiguration | The caching configuration associated with this rule. | CacheConfiguration |
customForwardingPath | A custom path used to rewrite resource paths matched by this rule. Leave empty to use incoming path. | string |
forwardingProtocol | Protocol this rule will use when forwarding traffic to backends. | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
FrontDoorProperties
Name | Description | Value |
---|---|---|
backendPools | Backend pools available to routing rules. | BackendPool[] |
backendPoolsSettings | Settings for all backendPools | BackendPoolsSettings |
enabledState | Operational status of the Front Door load balancer. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
friendlyName | A friendly name for the frontDoor | string |
frontendEndpoints | Frontend endpoints available to routing rules. | FrontendEndpoint[] |
healthProbeSettings | Health probe settings associated with this Front Door instance. | HealthProbeSettingsModel[] |
loadBalancingSettings | Load balancing settings associated with this Front Door instance. | LoadBalancingSettingsModel[] |
routingRules | Routing rules associated with this Front Door. | RoutingRule[] |
FrontendEndpoint
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Frontend endpoint | FrontendEndpointProperties |
FrontendEndpointProperties
Name | Description | Value |
---|---|---|
hostName | The host name of the frontendEndpoint. Must be a domain name. | string |
sessionAffinityEnabledState | Whether to allow session affinity on this host. Valid options are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
sessionAffinityTtlSeconds | UNUSED. This field will be ignored. The TTL to use in seconds for session affinity, if applicable. | int |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each host (if applicable) | FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink |
FrontendEndpointUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
HealthProbeSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the health probe settings | HealthProbeSettingsProperties |
HealthProbeSettingsProperties
Name | Description | Value |
---|---|---|
enabledState | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | 'Disabled' 'Enabled' |
healthProbeMethod | Configures which HTTP method to use to probe the backends defined under backendPools. | 'GET' 'HEAD' |
intervalInSeconds | The number of seconds between health probes. | int |
path | The path to use for the health probe. Default is / | string |
protocol | Protocol scheme to use for this probe | 'Http' 'Https' |
LoadBalancingSettingsModel
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the load balancing settings | LoadBalancingSettingsProperties |
LoadBalancingSettingsProperties
Name | Description | Value |
---|---|---|
additionalLatencyMilliseconds | The additional latency in milliseconds for probes to fall into the lowest latency bucket | int |
sampleSize | The number of samples to consider for load balancing decisions | int |
successfulSamplesRequired | The number of samples within the sample period that must succeed | int |
Microsoft.Network/frontDoors
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string Constraints: Min length = 5 Max length = 5 Pattern = ^[a-zA-Z0-9]+([-a-zA-Z0-9]?[a-zA-Z0-9])*$ (required) |
properties | Properties of the Front Door Load Balancer | FrontDoorProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/frontDoors@2021-06-01" |
RedirectConfiguration
Name | Description | Value |
---|---|---|
@odata.type | '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) | |
customFragment | Fragment to add to the redirect URL. Fragment is the part of the URL that comes after #. Do not include the #. | string |
customHost | Host to redirect. Leave empty to use the incoming host as the destination host. | string |
customPath | The full path to redirect. Path cannot be empty and must start with /. Leave empty to use the incoming path as destination path. | string |
customQueryString | The set of query strings to be placed in the redirect URL. Setting this value would replace any existing query string; leave empty to preserve the incoming query string. Query string must be in <key>=<value> format. The first ? and & will be added automatically so do not include them in the front, but do separate multiple query strings with &. | string |
redirectProtocol | The protocol of the destination to where the traffic is redirected | 'HttpOnly' 'HttpsOnly' 'MatchRequest' |
redirectType | The redirect type the rule will use when redirecting traffic. | 'Found' 'Moved' 'PermanentRedirect' 'TemporaryRedirect' |
ResourceTags
Name | Description | Value |
---|
RouteConfiguration
Name | Description | Value |
---|---|---|
@odata.type | Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' for type ForwardingConfiguration. Set to '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' for type RedirectConfiguration. | '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' '#Microsoft.Azure.FrontDoor.Models.FrontdoorRedirectConfiguration' (required) |
RoutingRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | Resource name. | string |
properties | Properties of the Front Door Routing Rule | RoutingRuleProperties |
RoutingRuleProperties
Name | Description | Value |
---|---|---|
acceptedProtocols | Protocol schemes to match for this rule | String array containing any of: 'Http' 'Https' |
enabledState | Whether to enable use of this rule. Permitted values are 'Enabled' or 'Disabled' | 'Disabled' 'Enabled' |
frontendEndpoints | Frontend endpoints associated with this rule | SubResource[] |
patternsToMatch | The route patterns of the rule. | string[] |
routeConfiguration | A reference to the routing configuration. | RouteConfiguration |
rulesEngine | A reference to a specific Rules Engine Configuration to apply to this route. | SubResource |
webApplicationFirewallPolicyLink | Defines the Web Application Firewall policy for each routing rule (if applicable) | RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink |
RoutingRuleUpdateParametersWebApplicationFirewallPolicyLink
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |