堆栈内存溢出
  简体   繁体   English

在没有 TXT 记录验证的情况下将自定义域添加到 Azure Front Door

[英]Adding custom domains to Azure Front Door without TXT record validation

 原文  2022-05-31 15:29:59       azure/ azure-front-door

问题描述

I have a SaaS application where by default customers get their own url on our domain like saas.application.com/company-a .我有一个 SaaS 应用程序,默认情况下,客户在我们的域上获得自己的 url,例如saas.application.com/company-a They can however configure a "vanity domain" using a subdomain on their own domain by setting up a CNAME record pointing to us.但是,他们可以通过设置指向我们的 CNAME 记录来使用自己域上的子域来配置“虚域”。 Something like this:像这样的东西:

saas.company-a.com CNAME saas.application.com

We validate that the record indeed points to us and generate a certificate (current setup is using cert-manager and Traefik in Kubernetes).我们验证记录确实指向我们并生成证书(当前设置是在 Kubernetes 中使用 cert-manager 和 Traefik)。

We want to start using Azure Front Door and let it handle cert generation/renewal.我们想开始使用 Azure Front Door 并让它处理证书生成/更新。 However, when setting up custom domains in Front Door, we need to validate each custom domain using a TXT record.但是,在 Front Door 中设置自定义域时,我们需要使用 TXT 记录验证每个自定义域。

This will complicate the setup process for our customers (currently they only need to add a CNAME record), and we will have to ask existing customers to setup TXT records so that their domains can be validated when we migrate to Front Door.这将使我们的客户的设置过程复杂化(目前他们只需要添加 CNAME 记录),我们将不得不要求现有客户设置 TXT 记录,以便在我们迁移到 Front Door 时可以验证他们的域。 This is a show stopper for us, is there an alternative that I'm not seeing?这对我们来说是一个表演终结者,有没有我没有看到的替代方案?

1 个解决方案

解决方案1
 1 已采纳  2022-07-06 15:54:49

Unfortunately with the new Azure Front Door product this is no longer possible.不幸的是,对于新的 Azure Front Door 产品,这不再可能。 A TXT record is required to obtain an SSL certificate.获取 SSL 证书需要 TXT 记录。

If it's possible to use your own SSL certificate, you might only need the CNAME, but I haven't tested this myself.如果可以使用您自己的 SSL 证书,您可能只需要 CNAME,但我自己没有测试过。 And as you stated in your post, this is also not the desired.正如你在帖子中所说,这也不是所希望的。

Another option is to use the older version of Azure Front Door (Classic).另一种选择是使用旧版本的 Azure 前门(经典)。 This tier allows you to verify the domain using only a CNAME record.此层允许您仅使用 CNAME 记录来验证域。

You can compare the features between Standard, Premium and Classic here: https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison#feature-comparison-between-tiers您可以在此处比较标准、高级和经典之间的功能: https ://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison#feature-comparison-between-tiers

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 Azure Front Door 配置自定义域 - Configuring custom domains with Azure Front Door Azure 前门未在浏览器中维护自定义域 - Azure Front Door Is Not Maintaining Custom Domain in Browser 无法删除 azure 前门中的自定义域 - Not able to delete a custom domain in azure front door Azure 前门在重定向中保留自定义 URL - Azure Front Door keep custom URL in redirects Azure 前门自定义域停机 - Azure front door custom domain downtime SSL“裸机”(无www)自定义域的Azure前门和DNS配置 - Azure Front Door and DNS Configuration for SSL “bare” (without www) Custom Domain Azure Front Door - 如何使用默认后端主机名自定义域? - Azure Front Door - how to custom domain with default backend host name? 使用 ARM 模板部署在 Azure Front Door 自定义域上启用 HTTPS - Enable HTTPS on Azure Front Door custom domain with ARM template deployment Azure Front Door Designer - 更新自定义域 - 新 SSL - Azure Front Door Designer - Update Custom Domain - New SSL 使用 terraform 如何将自定义域添加到 Azure 前门 - use terraform how to add custom domain to Azure front door
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM