Here I will go through the steps to create a custom domain and host it on Azure Front Door premium and go through the custom domain validation process. Also, this walks through the common scenarios around custom domain removal/deletion and steps to overcome the common errors.
In this scenario, I have already deployed an Azure Front Door Premium and added the origin, the app service, and also updated the route configurations to the Azure Front Door Premium resource. We will have a walk-through of the steps to add the custom domain to the Azure Front Door premium and the various stages of custom domain validation. Here I am using a custom domain delegated and hosted on Azure, Azure managed DNS. For hosting a custom domain (an APEX custom domain) on Azure DNS, please check this out Host custom domain on Azure DNS.
Note: If you are using a custom domain purchased from a third-party DNS Provider and plan for managing DNS records in the DNS Provider instead of using Azure DNS for hosting it, the DNS records are managed in the Domain provider. For more information: Please check Manage custom domain on Domain Provider.
Steps to add a custom domain on Azure Front Door premium:
1. Navigate to the "Domains" Page of the Azure Front Door premium resource on Azure Portal, under the "Settings". Click on "Add a domain", choose the DNS zone that is previously created for the custom domain and the custom domain and click "Add" to save it. If the DNS zone is not created yet, follow these steps to do it. Create a DNS Zone
2. Upon clicking on "Add", we will see that the custom domain is being created. Let us wait for this to complete.
We will see that the validation state now shows "pending" as the custom domain is added or created to the Azure Front Door premium profile and the Azure Front Door premium endpoint is unassociated.
Now we see that the Azure Front Door Premium profile is yet to be associated so we will proceed with that step, clicking on "Unassociated" that prompts to the page where we can associate the custom domain to the Azure Front Door Premium profile. Once the endpoint and route are selected from the dropdown, click "Associate" to complete this step.
3. Now we see that the association of the Azure Front Door Premium endpoint is complete for the custom domain and we will update the TXT record for pending domain validation, click on "Pending" under validation state as we will be prompted to update the TXT record.
Click "Update" to update the TXT record. Once the TXT record update is complete, we will see a green tick mark for that step as shown in the below screenshot.
It takes a few seconds to update the TXT record validation under the "Validation state" for the custom domain and as we refresh, we can see that it changes to "Approved" with certificate (managed certificate as it is being used in this example in this blog), and we can further update the CNAME record to complete this custom domain validation step.
Click on the DNS state to update the CNAME record.
Click "Add" to add the CNAME record and update it to the custom domain.
You will see the CNAME record creation and adding it completes and we see the DNS state complete.
We can now see the custom domain validation is complete quickly with Azure Front Door premium, as seen under the Properties in the Overview page of the Azure Front Door Premium profile.
Now we see the custom domain validation is complete! We can test it by launching the endpoint hostname in the browser and in another browser window we can test the custom domain by launching it.
Test the Azure Frontdoor Premium endpoint hostname:
Test the Azure Frontdoor Premium custom domain:
Steps to remove the custom domain from the Azure Front Door Premium profile:
We will walk through the steps to delete the custom domain after previously discussing the steps to successfully add a custom domain to the Azure Front Door Premium. For adding a custom domain, we added the custom domain and then associated it with the Azure Front Door Premium endpoint and updated the route. Now we have to dissociate the route and Front Door endpoint from the custom domain to be successfully able to delete the custom domain.
A common error when trying to delete the custom domain when the route and Front Door profile is associated with the custom domain:
An error like this mentioned in the below screenshot appears when we try deleting the custom domain that has the route and Front Door endpoint associated with it.
To resolve this error, we have to follow the below steps:
1. Dissociate the Front Door Premium endpoint and the route from the custom domain, this can be done by just removing the association of the Front Door Premium endpoint to the custom domain by navigating to the route and updating it. Navigate to the Front Door Manager and click on the route.
Now uncheck the custom domain checkbox under the domains, when updating the route and click "Update" to update the route with the dissociation of the custom domain.
Updating the route saves the Front Door Premium endpoint with this configuration and we can verify if it is seen dissociated under the custom domain by navigating to the "Domains" page.
Now, go ahead and try to click "Delete domain" to remove the custom domain from the Azure Front Door premium endpoint.
Now without any error, we should be able to successfully delete the domain, ensuring the Front Door endpoint is already dissociated from the custom domain.
This takes a few seconds to delete or remove the custom domain and we can see it is complete within a few seconds.
I hope this post was useful and helped with a better and simplified view for understanding custom domain operations on the Azure Front Door Premium profile.
Happy Learning!
FastTrack for Azure: Move to Azure efficiently with customized guidance from Azure engineering. FastTrack for Azure – Benefits, and FAQ | Microsoft Azure