1

I have an Azure web app up and running, using a custom domain purchased outside of Azure... and that all runs fine. So I have https://myappname.azurewebsites.net/ loading fine with my domain name URL https://www.myappname.com

I'm trying to upgrade the web app, though using Azure Traffic Manager. I've cloned the app a few times, each on its own app service plan, and I have the traffic manager all up and running fine. I can successfully hit different versions of my cloned website based on the traffic manager configuration profile... so no issues there.

The only issue is that I can only access the "traffic managed" version of my website via the standard azure URL -> myappname.trafficmanager.net.

All examples I've seen say all I really need to do now, is go into my DNS Management screen, and add domain forwarding, however, my online DNS management tool does not offer this option.

I can't really change my A record in the DNS management screen, because I don't know the IP address of myappname.trafficmanager.net

Every place I've tried to change the name of the current/working Azure URL (like in awverify text files, www cnames, etc.) does nothing. The DNS still points to the single instance which remains in the IP address od the DNS managers A record.

Also, since my live/single instance is linked to the domain name (along with the SSL binding), I can't add those properties to the clones, which makes sense....only one version can be live. However I could unbind that when I make the switch from the single instance web app to the traffic managed set of clones, but I fear I can only bind that to one of the clones. I can't seem to bind it to the myappname.trafficmanager.net version, which might cascade down to all of its endpoints. Is there a way to bind my domain name and SSL cert to more than one version of my web app?

Thanks!

BShirer
  • 11
  • 2

1 Answers1

0

Is there a way to bind my domain name and SSL cert to more than one version of my web app?

I don't think you can do that unless you have two different domains or subdomains with each own SSL cert. Each web app hostname is unique globally and each SSL binding is attached with the web app domain name.

If you have a purchased domain and just keep the default xxx.azurewebsites.net as each hostname. Then you could configure the two Azure app serves as the endpoint of TM.

By default, Azure provided a wildcard cert for this domain *azurewebsites.net, so you can automatically access this hostname with HTTPS without any extra cert. Then use a CNAME record www in the domain domain.com in your DNS provider to point to the traffic manager hostname myappname.trafficmanager.net. Since Traffic Manager works as DNS level, it does not validate the server and client SSL, you could safely ignore the SSL warning when accessing with traffic manager hostname.

Feel free to let me know if you have any question.

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • Thanks. This info was helpful. I am now able to point the CNAME record to the traffic manager url. I only issue I have is that my A record is still pointing to the IP address of the original website (not under traffic manager control). So myappname.com gets directed there, but www.myappname.com goes to the traffic manager site, so this is a step in the right direction. What I need to do now, is get my A record pointing to the traffic manager, however Azure does not make that IP address known, so I am still at a loss on how to fix that. – BShirer Jul 05 '19 at 11:38
  • Could you remove the A record pointing to the IP address of the original website in your DNS management? ps, You could [configure an alias record to support apex domain names with Traffic Manager](https://learn.microsoft.com/en-us/azure/dns/tutorial-alias-tm?toc=%2fazure%2ftraffic-manager%2ftoc.json) if you [host your domain in Azure DNS](https://learn.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns). Let me know if this works. – Nancy Jul 08 '19 at 03:02
  • I don't think the Azure DNS will work. I have to have my root domain working and I can only get CNAME/WWW records to work. It may be possible to remove the A record, but I can't try that right now. The reason I needed the TM to work was due to an expect influx of high traffic, which has already started, and I am past the point where I can mess with this. I can't chance anything now, at least until a week or two when the limited time offer we are offering has expired and traffic goes back to normal. – BShirer Jul 13 '19 at 11:27
  • I see, if there is an update on your side, please let me know. – Nancy Jul 16 '19 at 01:34