Hi - is there any progress on this topic? Thank you for any update :-)
Make it possible to use SSL on blob storage using custom domains
I'm following the recommendation from @AzureSupport twitter handle to post this uservoice suggestion here for better visibility and tracking. (https://twitter.com/AzureSupport/status/1313745281364697090)
Original request:
https://feedback.azure.com/forums/217298-storage/suggestions/3007732-make-it-possible-to-use-ssl-on-blob-storage-using
High-level the issue is that we can add custom domains to storage accounts, but we are not able to make use of custom SSL certificates with those domains. Effectively we either must use Microsoft SSL certificate with default storage URL (ex: mystorageaccountname.blob.core.windows.net) or use custom domain but no SSL at all.
The proposed MSFT solution was initially to use Azure CDN on top of blob storage, but from many comments on uservoice over the years it seems like that's not an appropriate solution in various cases.
Other solutions that were proposed over time were to use an Azure Function to stream blob data, Azure Front Door or Azure API Management. All of these add additional complexity, dependencies and cost.
The customers need a simpler solution just like it exists for App Services and functions (verify custom domain - associate SSL cert to domain - done!)
7 answers
Sort by: Most helpful
-
-
deherman-MSFT 34,026 Reputation points Microsoft Employee
2020-10-07T22:22:47.107+00:00 @Dmitri M
Thanks for making your request. We have forwarded this information to the product team. We will respond back if there is any additional guidance or if they require additional information for your use-case. -
j.bauer 6 Reputation points
2022-09-11T12:25:37.697+00:00 Had the same issues with Azure Blob Storage.
Currently I am using Azure App Gateway (APG) to route traffic from my custom domain to blob storage with SSL:
- Setup DNS: configure download.example.org to point to the APG public endpoint (replace example.org with your own DNS root zone)
- Route traffic from HTTPS listener to yourblobstorage.blob.core.windows.net backend HTTP endpoint inside APG
- Put a status.html into your blob storage container "container-name" and configure a health check to container-name/status.html, because the APG will get a 400 error on the base URL of blob storage, so it would think the blob storage is offline otherwise
optionally you can setup a HTTP port 80 listener on APG and a redirect rule to route traffic to the HTTPS listener
It is not a perfect solution, but it does its job...
-
Mili Beganovic [CELUM] 1 Reputation point
2022-12-15T19:29:01.35+00:00 Can you give me more input - i am using a Storage Account with a custom domain, how can i workaround the http issue?
-
ChrisH 31 Reputation points
2023-06-27T23:22:28.77+00:00 3 years later, any progress on this?