Unable to access CDN endpoint via custom subdomain

1
votes

my team and I are currently exploring using Azure static site blobs and CDN endpoints to host several web apps.

We have successfully deployed our static files to the blog storage and our entire test app loads on both the primary (name.abc.web.core.windows.net) and CDN (name.azureedge.net) endpoints. When it comes to mapping a custom subdomain via the “cdnverify” temporary step, however, I am unsuccessful.

I have very carefully followed and quintuple-checked all steps in the support doc "Tutorial: Add a custom domain to your Azure CDN endpoint" (here).

This is my current DNS config (via Namecheap).

When I skip the cdnverify step, e.g. assign the azureedge CNAME value directly to a host called “v2”, and add that as a custom domain in my Azure portal CDN blade, the subdomain begins loading the CDN endpoint and can even have a CDN-managed HTTPS cert deployed with no manual verification. A dig command to this host (v2.ourdomain.org) finds an expected response (view here).

Here's the rub, though. If I assign a CNAME host of “cdnverify.static” to “cdnverify.name.azureedge.net.” and add it as a custom domain in the portal’s CDN blade, however, this secondary subdomain never loads our endpoint, and cannot deploy an HTTPS cert. The Azure portal verified this host when added to the endpoint and a dig command to “cdnverify.static.ourdomain.org” shows this answer, which looks good.

A dig command to “static.ourdomain.org” returns no answer and a ping command says “unknown host”. This is expected since I’ve not created such a record yet, and so I am wondering how we’re meant to ensure this subdomain is verified as per the “Verify the custom domain” section in the above-mentioned doc.

It’s very important for us that the cdnverify host works and can be assigned a certificate before we permanently re-locate our domains as these apps are already in production. At this point, I am at a loss over what to try next. If possible, I’d love to know what step(s) I am missing, or what can further be done to diagnose the issue.

Many thanks to anybody who might have some advice!

1
azureazure-web-app-service

1 Answers

1
votes

The cdnverify subdomain is to create a temporary CNAME mapping to avoid interruption of web traffic. With this method, users can access your domain without interruption while the DNS mapping occurs. If you have not any existing web app work, you can skip the cdnverify step.

From your description, "a dig command to cdnverify.static.ourdomain.org shows this answer, which looks good." It indicates that the cdnverify host works and you have verified that. You just need to associate the custom domain with your CDN endpoint. In this step, you enter your custom domain like static.ourdomain.org, including the subdomain. Do not use the cdnverify subdomain name.

After you have added the custom domain static.ourdomain.org successfully in the CDN endpoint.

At this point, your custom domain has been verified by Azure, but traffic to your domain is not yet being routed to your CDN endpoint. After waiting long enough to allow the custom domain settings to propagate to the CDN edge nodes (90 minutes for Azure CDN from Verizon, 1-2 minutes for Azure CDN from Akamai), return to your DNS registrar's web site and create another CNAME record that maps your subdomain to your CDN endpoint. For example, specify the subdomain as www or cdn, and the hostname as .azureedge.net. With this step, the registration of your custom domain is complete.

After you have completed the registration of your custom domain, verify that custom domain references your CDN endpoint.

Finally, you could freely remove the cdnverify CNAME record in your domain provider as it was necessary only as an intermediary step..

Ref: https://github.com/uglide/azure-content/blob/master/articles/cdn/cdn-map-content-to-custom-domain.md#how-to-map-custom-domain-to-content-delivery-network-cdn-endpoint