Share via

Azure Front Door Custom domain not routing to origin group

Rich P 6 Reputation points
2022-06-08T14:46:01.203+00:00

I have an Azure Front Door service setup. I have an existing endpoint / route / origin-group all setup.

The origin-group is an Azure Container App (with http ingress enabled)

When I send an https request to the endpoint (example) origin-abc-123.azurefd.net the call is routed through and my container app responds as expected, so that's all working.

I've since added a custom domain, added the ssl cert, and validated the domain with the txt record.
In my domain control panel (wix) I've added a new CNAME api.mydomain.com and pointed it to the origin-abc-123.azurefd.net endpoint.
The route has been updated to include both the original origin-abc-123-azurefd.net domain and then the newly registered domain.

Everything in the Azure FrontDoor Manager looks good.

So now when I try and access the origin-abc-123.azurefd.net it works as expected however when I try and access the api.mydomain.com I get a 400 bad request and an error message

<h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>0HK[...]AwMTA5MDM1AEVkZ2U=

Any idea what I'm doing wrong here?

Thanks,
Rich

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
688 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich P 6 Reputation points
    2022-06-09T15:51:19.617+00:00

    So I got it working.. the issue was the pfx I had was "off" somehow and I followed the instructions here

    https://github.com/MicrosoftDocs/azure-docs/issues/50164

    To decompose my pfx to a cert and key and then reassemble it, and it appears to be working as expected!

    Can you confirm that the CNAME on my for my DNS should be either

    api.mydomain.com -> origin-abc-123-azurefd.net (the existing route that works)

    api.mydomain.com -> my-frontdoor-azurefd.net (the name of the azure front door service)

    I ask because last night I also switched from option 1 (which is how I had it), to option 2 and today I noticed that in the custom domains blade for my custom domain, under the DNS state column is says "CNAME is currently not detected" but it IS working now after I redid the cert.

    So I just want to make sure everything is correct

    Thanks,
    Rich

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.