Static website hosting in Azure Storage
Static websites have some limitations. For example, If you want to configure headers, you'll have to use Azure Content Delivery Network (Azure CDN). There's no way to configure headers as part of the static website feature itself. Also, AuthN and AuthZ are not supported.
If these features are important for your scenario, consider using Azure Static Web Apps. It's a great alternative to static websites and is also appropriate in cases where you don't require a web server to render content. You can configure headers and AuthN / AuthZ is fully supported. Azure Static Web Apps also provides a fully managed continuous integration and continuous delivery (CI/CD) workflow from GitHub source to global deployment.
If you need a web server to render content, you can use Azure App Service.
Setting up a static website
Static website hosting is a feature that you have to enable on the storage account.
To enable static website hosting, select the name of your default file, and then optionally provide a path to a custom 404 page. If a blob storage container named $web doesn't already exist in the account, one is created for you. Add the files of your site to this container.
For step-by-step guidance, see Host a static website in Azure Storage.
Files in the $web container are case-sensitive, served through anonymous access requests and are available only through read operations.
You can use any of these tools to upload content to the $web container:
Users can view site content from a browser by using the public URL of the website. You can find the URL by using the Azure portal, Azure CLI, or PowerShell. See Find the website URL.
The index document that you specify when you enable static website hosting appears when users open the site and don't specify a specific file (For example:
If the server returns a 404 error, and you haven't specified an error document when you enabled the website, then a default 404 page is returned to the user.
Cross-Origin Resource Sharing (CORS) support for Azure Storage is not supported with static website.
If you set up redundancy in a secondary region, you can also access website content by using a secondary endpoint. Data is replicated to secondary regions asynchronously. Therefore, the files that are available at the secondary endpoint aren't always in sync with the files that are available on the primary endpoint.
Impact of setting the access level on the web container
You can modify the public access level of the $web container, but making this modification has no impact on the primary static website endpoint because these files are served through anonymous access requests. That means public (read-only) access to all files.
While the primary static website endpoint isn't affected, a change to the public access level does impact the primary blob service endpoint.
For example, if you change the public access level of the $web container from Private (no anonymous access) to Blob (anonymous read access for blobs only), then the level of public access to the primary static website endpoint
https://contosoblobaccount.z22.web.core.windows.net/index.html doesn't change.
However, the public access to the primary blob service endpoint
https://contosoblobaccount.blob.core.windows.net/$web/index.html does change from private to public. Now users can open that file by using either of these two endpoints.
Disabling public access on a storage account by using the public access setting of the storage account doesn't affect static websites that are hosted in that storage account. For more information, see Remediate anonymous public read access to blob data (Azure Resource Manager deployments).
Mapping a custom domain to a static website URL
You can make your static website available via a custom domain.
It's easier to enable HTTP access for your custom domain, because Azure Storage natively supports it. To enable HTTPS, you'll have to use Azure CDN because Azure Storage doesn't yet natively support HTTPS with custom domains. see Map a custom domain to an Azure Blob Storage endpoint for step-by-step guidance.
If the storage account is configured to require secure transfer over HTTPS, then users must use the HTTPS endpoint.
Consider hosting your domain on Azure. For more information, see Host your domain in Azure DNS.
Adding HTTP headers
There's no way to configure headers as part of the static website feature. However, you can use Azure CDN to add headers and append (or overwrite) header values. See Standard rules engine reference for Azure CDN.
If you want to use headers to control caching, see Control Azure CDN caching behavior with caching rules.
Multi-region website hosting
If you plan to host a website in multiple geographies, we recommend that you use a Content Delivery Network for regional caching. Use Azure Front Door if you want to serve different content in each region. It also provides failover capabilities. Azure Traffic Manager isn't recommended if you plan to use a custom domain. Issues can arise because of how Azure Storage verifies custom domain names.
The permission to be able to enable static website is Microsoft.Storage/storageAccounts/blobServices/write or shared key. Built in roles that provide this access include Storage Account Contributor.
You can enable static website hosting free of charge. You're billed only for the blob storage that your site utilizes and operations costs. For more details on prices for Azure Blob Storage, check out the Azure Blob Storage Pricing Page.
You can enable metrics on static website pages. Once you've enabled metrics, traffic statistics on files in the $web container are reported in the metrics dashboard.
To enable metrics on your static website pages, see Enable metrics on static website pages.
Support for this feature might be impacted by enabling Data Lake Storage Gen2, Network File System (NFS) 3.0 protocol, or the SSH File Transfer Protocol (SFTP).
If you've enabled any of these capabilities, see Blob Storage feature support in Azure Storage accounts to assess support for this feature.