4

I linked a subdomain help.mydomain.com of mydomain.com to my Intercom help center with a CNAME. Everything is working fine over HTTP.

I would like to use the App Service Certificate I have in my Azure subscription to make this subdomain work over HTTPS. The point here is that I don't have any webapp to link to the subdomain and the certificate since it is just a redirection.

I read the following documentation on the Intercom website but it does not help with Azure : https://developers.intercom.com/installing-intercom/docs/set-up-your-custom-domain?showHidden=f2cb6

How to implement this using Azure ?

PMerlet
  • 2,568
  • 4
  • 23
  • 39
  • Could you explain please what involvement you think Azure has in this scenario, other than just being the tool used to generate the certificate? When you say "in my Azure subscription" do you mean held in an instance of Key Vault, or something else? At the moment I can't really tell what you're asking. – Tom W Feb 22 '19 at 09:54
  • 1
    OK, having read the Intercom documentation, I'm guessing what you want help with is the part where it says "Use your own SSL certificate (using a TLS Termination Proxy)" - are you asking how to set up a TLS termination proxy in Azure? – Tom W Feb 22 '19 at 09:57
  • I have an App Service certificate in Azure that I am using with all my web apps and I would like to use it in this scenario where Azure is not involved yet. Can it be done through the configuration of a TLS termination proxy in Azure ? – PMerlet Feb 22 '19 at 10:03

2 Answers2

5

Ok, so I got an answer and it works using Azure CDN. Application Gateway was very hard, I was able to do redirects, but from what I saw it doesn't do DNS masking, so it won't do what you want and keep your custom domain.

Now to get this working with Azure CDN.

  • Create a Azure CDN Profile I selected Standard Microsoft CDN (Verizon Premium didn't work)
  • Select Create new CDN Endpoint now, Origin Type->Custom Origin ; Origin Hostname-> custom.intercom.help
  • Now on that CDN profile-Endpoint you made select +Custom Domains.
  • Add a CNAME record to your Azure DNS host with help.yourdomain.com -> help-xxxx.azureedge.net
  • Now add the Custom domain and it should allow you to use help.mydomain.com
  • Then enable HTTPS on you custom domain (this will take an hour or so)

Note the first time I tried this, it failed to create the SSL certificate for some reason. the next time it worked no problem, maybe just an azure failure.

Verzion just didn't work, not sure why.

Dan Parker
  • 823
  • 1
  • 11
  • 27
-1

There are probably a couple of ways this can be achieved in Azure, but to me the logical choice would seem to be to create an instance of Application Gateway and configure TLS termination there. There is a documentation article describing how to set up Application Gateway to route traffic onward to an endpoint that is not within Azure itself, so this does appear to be a supported scenario.

Tom W
  • 5,108
  • 4
  • 30
  • 52
  • This would cost about $20/mo and all that's needed something like aws cloudfront to redirect. – Dan Parker Nov 30 '20 at 22:39
  • Also I had issue masking the URL with app gateway, this didn't work, the CDN method is better anyway https://stackoverflow.com/questions/60042617/azure-application-gateway-redirect-traffic-to-an-external-site-without-the-url – Dan Parker Dec 02 '20 at 01:27