Let's say there is an Azure Functions instance. One of your customers wants to add a custom domain to the Function app. As long as the custom domain is a sub-domain type like api.contoso.com, it shouldn't be an issue because CNAME mapping is supported out-of-the-box. But what if the customer wants to add an APEX domain?
Both APEX domain and root domain point to the same thing like contoso.com.
Adding the root domain through Azure Portal can't be accomplished with the message above. To add the APEX domain to Azure Functions instance, it requires an A record that needs a public IP address. But Azure Functions instance doesn't support it via the portal.
Should we give it up now? Well, not really.
As always, there's a way to get around. Throughout this post, I'm going to show how to map the APEX domain to an Azure Functions instance in three different ways.
Verifying Domain Ownership
First of all, you need to verify the domain ownership at the Custom Domains blade of the Function app instance.
Get the Custom Domain Verification ID at the picture above.
Add the TXT record, asuid.contoso.com, to your DNS server.
Add the A record with the IP address to your DNS server.
The verification process can be done via the portal.
If you want to run the verification with Azure CLI, please have a look at the link.
Now, you've verified the domain ownership. But you haven't still yet made the APEX domain mapping.
When you use Azure PowerShell, you MUST make sure one thing. The -HostNames parameter specified above MUST include the existing domain names (line #7). Otherwise, all existing domains will be removed, and you will get the warning like below:
If you add all custom domains including the default domain name like *.azurewebsites.net, you will be able to see the screen below:
2. Through Azure CLI
If you prefer to using Azure CLI, use the command, az functionapp config hostname add.
So far, we've used three different ways to map an APEX domain to Azure Functions instance. Generally speaking, it's rare to map a custom domain to an Azure Functions instance. It's even rarer to map the APEX domain. Therefore, the Azure Portal doesn't support this feature. However, as we already saw, we can use either Azure PowerShell or Azure CLI, or ARM templates to add the root domain. I hope this post helps if one of your clients' requests is the one described in this post.
In the next post, I'll discuss how to bind a Let's Encrypt generated SSL certificate to the custom APEX domain on Azure Function app.
This article was originally published on Dev Kimchi.