Static website hosting in Azure Storage
Static websites have some limitations. For example, If you want to configure headers, you'll have to use Azure Content Delivery Network (Azure CDN). There's no way to configure headers as part of the static website feature itself. Also, AuthN and AuthZ are not supported.
If these features are important for your scenario, consider using Azure Static Web Apps. It's a great alternative to static websites and is also appropriate in cases where you don't require a web server to render content. You can configure headers and AuthN / AuthZ is fully supported. Azure Static Web Apps also provides a fully managed continuous integration and continuous delivery (CI/CD) workflow from GitHub source to global deployment.
If you need a web server to render content, you can use Azure App Service.
Setting up a static website
Static website hosting is a feature that you have to enable on the storage account.
To enable static website hosting, select the name of your default file, and then optionally provide a path to a custom 404 page. If a blob storage container named $web doesn't already exist in the account, one is created for you. Add the files of your site to this container.
For step-by-step guidance, see Host a static website in Azure Storage.
Files in the $web container are case-sensitive, served through anonymous access requests and are available only through read operations.
You can use any of these tools to upload content to the $web container:
Users can view site content from a browser by using the public URL of the website. You can find the URL by using the Azure portal, Azure CLI, or PowerShell. See Find the website URL.
The index document that you specify when you enable static website hosting appears when users open the site and don't specify a specific file (For example:
If the server returns a 404 error, and you haven't specified an error document when you enabled the website, then a default 404 page is returned to the user.
Cross-Origin Resource Sharing (CORS) support for Azure Storage is not supported with static website.
If you set up redundancy in a secondary region, you can also access website content by using a secondary endpoint. Data is replicated to secondary regions asynchronously. Therefore, the files that are available at the secondary endpoint aren't always in sync with the files that are available on the primary endpoint.
Impact of setting the access level on the web container
You can modify the anonymous access level of the $web container, but making this modification has no impact on the primary static website endpoint because these files are served through anonymous access requests. That means public (read-only) access to all files.
While the primary static website endpoint isn't affected, a change to the anonymous access level does impact the primary blob service endpoint.
For example, if you change the anonymous access level of the $web container from Private (no anonymous access) to Blob (anonymous read access for blobs only), then the level of anonymous access to the primary static website endpoint
https://contosoblobaccount.z22.web.core.windows.net/index.html doesn't change.
However, anonymous access to the primary blob service endpoint
https://contosoblobaccount.blob.core.windows.net/$web/index.html does change, enabling users to open that file by using either of these two endpoints.
Disabling anonymous access on a storage account by using the anonymous access setting of the storage account doesn't affect static websites that are hosted in that storage account. For more information, see Remediate anonymous read access to blob data (Azure Resource Manager deployments).
Mapping a custom domain to a static website URL
You can make your static website available via a custom domain.
It's easier to enable HTTP access for your custom domain, because Azure Storage natively supports it. To enable HTTPS, you'll have to use Azure CDN because Azure Storage doesn't yet natively support HTTPS with custom domains. see Map a custom domain to an Azure Blob Storage endpoint for step-by-step guidance.
If the storage account is configured to require secure transfer over HTTPS, then users must use the HTTPS endpoint.
Consider hosting your domain on Azure. For more information, see Host your domain in Azure DNS.
Adding HTTP headers
There's no way to configure headers as part of the static website feature. However, you can use Azure CDN to add headers and append (or overwrite) header values. See Standard rules engine reference for Azure CDN.
If you want to use headers to control caching, see Control Azure CDN caching behavior with caching rules.
Multi-region website hosting
If you plan to host a website in multiple geographies, we recommend that you use a Content Delivery Network for regional caching. Use Azure Front Door if you want to serve different content in each region. It also provides failover capabilities. Azure Traffic Manager isn't recommended if you plan to use a custom domain. Issues can arise because of how Azure Storage verifies custom domain names.
The permission to be able to enable static website is Microsoft.Storage/storageAccounts/blobServices/write or shared key. Built in roles that provide this access include Storage Account Contributor.
You can enable static website hosting free of charge. You're billed only for the blob storage that your site utilizes and operations costs. For more details on prices for Azure Blob Storage, check out the Azure Blob Storage Pricing Page.
You can enable metrics on static website pages. Once you've enabled metrics, traffic statistics on files in the $web container are reported in the metrics dashboard.
To enable metrics on your static website pages, see Enable metrics on static website pages.
Support for this feature might be impacted by enabling Data Lake Storage Gen2, Network File System (NFS) 3.0 protocol, or the SSH File Transfer Protocol (SFTP).
If you've enabled any of these capabilities, see Blob Storage feature support in Azure Storage accounts to assess support for this feature.
Frequently asked questions (FAQ)
Does the Azure Storage firewall work with a static website?
Yes. Storage account network security rules, including IP-based and VNET firewalls, are supported for the static website endpoint, and may be used to protect your website.
Do static websites support Azure Active Directory (Azure AD)?
No. A static website only supports anonymous read access for files in the $web container.
How do I use a custom domain with a static website?
How do I use a custom Secure Sockets Layer (SSL) certificate with a static website?
How do I add custom headers and rules with a static website?
Why am I getting an HTTP 404 error from a static website?
A 404 error can happen if you refer to a file name by using an incorrect case. For example:
Index.html instead of
index.html. File names and extensions in the url of a static website are case-sensitive even though they're served over HTTP. This can also happen if your Azure CDN endpoint isn't yet provisioned. Wait up to 90 minutes after you provision a new Azure CDN for the propagation to complete.
Why isn't the root directory of the website not redirecting to the default index page?
In the Azure portal, open the static website configuration page of your account and locate the name and extension that is set in the Index document name field. Ensure that this name is exactly the same as the name of the file located in the $web container of the storage account. File names and extensions in the url of a static website are case-sensitive even though they're served over HTTP.