• You surely can serve public images from Blob Storage via the private link through the private endpoint created but when accessed from the public internet, i.e., from outside the virtual network where the storage account’s private endpoint is not assigned a private IP address from the virtual network in which the private link is created. Kindly refer to the below point for more details: -
When you resolve the storage endpoint URL from outside the VNet with the private endpoint, it resolves to the public endpoint of the storage service. When resolved from the VNet hosting the private endpoint, the storage endpoint URL resolves to the private endpoint's IP address.
Please find the below steps for demonstrating the above stated point wherein you can serve public images from an Azure blob storage through a private endpoint: -
• For accessing a storage account through the private endpoint configured, kindly ensure that the DNS records for the storage account should be configured as below wherein the custom domain name through which the storage account’s public endpoint is accessible should be configured as below: -
Once, the custom domain name is configured, its related DNS records should be created as below for ensuring that the accessibility from inside the virtual network to the storage account through the private link created is possible. Also, create DNS records as below for that purpose: -
Thus, in this way, configuring the correct DNS records and allowing specific services access over Microsoft’s trusted network to the private endpoint created for the storage account can be very helpful in configuring the public access to the blob storage for accessing the images stored on it.
Please find the below links for more relevant information on this: -
https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-networking-endpoints?tabs=azure-portal
