Apologies for the delay in response.
I understand that you wanted to know what the correct way is to set up a multi-tenant app service with custom domain behind an application gateway. If it is possible to let all the apps share the same domain or there is a need to create subdomains for the apps.
Using default domain name and tweaking Application gateway will not work for all scenarios. For example: It may be possible to somehow work with authentication redirect issue using Rewrites but next could be ARRAffinity cookie domain problem. Hence, use of custom domain is highly recommended for advanced configurations on App Services.
Sharing my observations on the 2 custom domain approaches:
Approach#1: Same custom domain for all App services:
As mentioned in the below doc, you can use the custom domain with one web app, say for example www.mydomain.com can be added to one azure web app. In order to use the same domain with another web app, you need to use another subdomain say xyz.mydomain.com but you CANNOT use www.mydomain.com.
https://azure.github.io/AppService/2017/08/08/FAQ-App-Service-Domain-and-Custom-Domains.html
I was not able to make the setup of multiple app services with custom domain behind an application gateway with path-based routing work.
I also discussed this with the Application gateway Product Group team, and they mentioned since "One custom domain cannot be used with multiple web apps", using path-based routing in Application gateway is not feasible.
You can see this blog which shares the similar setup and the disadvantages associated with this setup.
Approach#2: Use different custom domains/subdomains for all App Services:
The best approach would be to create subdomains for your multiple app services and then create respective backend pools for the app services and configure multi-site listeners for each subdomain using individual hostnames or wildcard hostnames in the Application gateway.
Refer: https://learn.microsoft.com/en-us/azure/application-gateway/multiple-site-overview
https://learn.microsoft.com/en-us/azure/application-gateway/configuration-listeners#listener-type
App service configuration:
Use different custom domains/subdomains for all App Services.
root.mydomain.com for root.azurewebsites.net
foo.mydomain.com for foo.azurewebsites.net
bar.mydomain.com for bar.azurewebsites.net and so on..
Application Gateway configuration:
- Create multisite listeners for each domain/subdomain. Each of these domains should point to AppGW IP.
- root.mydomain.com
- foo.mydomain.com
- bar.mydomain.com
- Create Backend pools for each app service.
- root.azurewebsites.net
- foo.azurewebsites.net
- bar.azurewebsites.net
- Do not override "hostname" in the Backend setting.
- Create Rules for each.
- You may want to create a custom probe to use "status code matching condition" so that 401 unauthenticated responses don't mark the server as unhealthy.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.