Front Door Standard/Premium with domain and certificate
This template deploys a Front Door Standard/Premium with a custom domain and customer-managed TLS certificate.
Sample overview and deployed resources
This sample template creates a Front Door profile with a custom domain and a customer-managed TLS certificate. To keep the sample simple, Front Door is configured to direct traffic to a static website configured as an origin, but this could be any origin supported by Front Door.
The following resources are deployed as part of the solution:
Front Door Standard/Premium
- Front Door profile, endpoint, origin group, origin, and route to direct traffic to the static website.
- Note that you can use either the standard or premium Front Door SKU for this sample. By default, the standard SKU is used.
- Front Door secret, which refers to a Key Vault secret containing the TLS certificate to use.
- Front Door custom domain, which refers to the Front Door secret.
You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.
After you deploy the Azure Resource Manager template, you need to validate your ownership of the custom domain by updating your DNS server. You must create a TXT record with the name specified in the
customDomainValidationDnsTxtRecordName deployment output, and use the value specified in the
customDomainValidationDnsTxtRecordValue deployment output. You must the validation before the time specified in the
customDomainValidationExpiry deployment output.
Front Door validates your domain ownership and updates the status automatically. You can monitor the validation process, or trigger an immediate validation, in the domain configuration in the Azure portal.
Next, you should configure your DNS server with a CNAME record to direct the traffic to Front Door. You must create a CNAME record at the host name you specified in the
customDomainName deployment parameter, and use the value specified in the
frontDoorEndpointHostName deployment output.
You can then access the Front Door endpoint by using your custom domain name. If you access the hostname you should see a page saying Welcome. If you see a different error page, wait a few minutes and try again.
- You must grant Front Door access to your key vault before it can access your certificate. Follow the guidance here to register the Azure Front Door application with your Azure Active Directory tenant, and grant Azure Front Door access to your key vault.
Tags: Microsoft.Cdn/profiles, Microsoft.Cdn/profiles/afdEndpoints, Microsoft.Cdn/profiles/originGroups, Microsoft.Cdn/profiles/secrets, Microsoft.Cdn/profiles/customDomains, Microsoft.Cdn/profiles/originGroups/origins, Microsoft.Cdn/profiles/afdEndpoints/routes