1

I'm expanding my Azure SSL web app across multiple regions, and thus need to setup a traffic manager.

My current configuration works, and is:

SSL cert: www.bloop.com
Web App: uk-bloop.azurewebsites.net (Custom domain assigned)

Registrar (Go Daddy): 
CNAME   awverify    awverify.uk-bloop.azurewebsites.net
CNAME   awverify.www    awverify.uk-bloop.azurewebsites.net

I can visit https://www.bloop.com, and everything works fine.

I now wish to add a USA region app: usa-bloop.azurewebsites.net into the mix.

I have added a traffic manager, and assigned the two endpoints, and it all seems to be working correctly:

bloop.trafficmanager.net 
    -> usa-bloop.azurewebsites.net
    -> uk-bloop.azurewebsites.net

And that all seems great - the problem, is how can I assign a custom domain (& SSL Cert) to usa-bloop.azurewebsites.net? I cannot verify it, as the CNAME points to the uk region, and I cannot add two CNAME records, with the same name. If I point the CNAME to the traffic manager DNS, will Azure 'pass on' the verification to both the individual applications?

i.e:

Registrar (Go Daddy): 
CNAME   awverify    awverify.bloop.trafficmanager.net
CNAME   awverify.www    awverify.bloop.trafficmanager.net
David Makogon
  • 69,407
  • 21
  • 141
  • 189
Dave Bish
  • 19,263
  • 7
  • 46
  • 63

2 Answers2

3

Minimum stuff required:

(you don't even need the awverify if CNAME is good enough - awverify is just for A)


Traffic Manager Endpoints:

Endpoints


Make sure your DNS configuration looks something like this (using tm.snobu.org instead of www.bloop.com):

$ dig tm.snobu.org

tm.snobu.org.           3397    IN      CNAME   simpletm.trafficmanager.net.
simpletm.trafficmanager.net. 97 IN      CNAME   app-eastus.azurewebsites.net.
app-eastus.azurewebsites.net. 1086 IN   CNAME   waws-prod-blu-039.vip.azurewebsites.windows.net.
waws-prod-blu-039.vip.azurewebsites.windows.net. 54 IN CNAME waws-prod-blu-039.cloudapp.net.
waws-prod-blu-039.cloudapp.net. 14 IN   A       23.96.103.159


Set (the same) custom domain for both Web Apps:

hostnames

Upload the SSL cert (in my case for tm.snobu.org) and set bindings for both Web Apps. SSL-bindings

That's it.

EastUs-WebApp

The request shown above is not made over HTTPS because i don't have a cert handy, but you get the point.

evilSnobu
  • 24,582
  • 8
  • 41
  • 71
0

In my opinion, you could configure SSL for each of your Azure websites, and configure DNS CNAME to point to the Traffic Manager, not the original website. And then you could add endpoints to point to your Azure Websites in Traffic Manager. I would recommend you to read this blog that explained how to scale Azure Websites globally with Traffic Manager.

Fei Han
  • 26,415
  • 1
  • 30
  • 41