http to https endpoint with Azure

Question

With AWS I can convert a http to a https endpoint with API Gateway and CloudFront, and I get an URL like below,

https://4z9giyi2c1.execute-api.us-west-2.amazonaws.com/test/petstore/pets?type=fish

How can do I the same with Azure?

Answer 1

There is a open source extension for this:

1. Go to your Azure App Service Development Tools bar, you could find Extensions tab there and click on Add.

2. Before there is a extension Redirect HTTP to HTTPS there however I could not find it know, but I find a new extension Security Settings: HTTPS Redirect w/KeepAlive Support, Headers incl HSTS, CSP, and More. "Medium strength". Security Settings: HTTPS Redirect w/KeepAlive Support, Headers incl HSTS, CSP, and More. "Medium strength". .

3. Add the extension and restart the web.

Further details on this extension, check the source code on github . The mainly important file is applicationhost.xdt . It writes the rule "redirect HTTP to HTTPS".

          <rewrite xdt:Transform="InsertIfMissing">
                <rules xdt:Transform="InsertIfMissing" lockElements="clear">
                    <rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                            <add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
                            <add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" ignoreCase="false" />
                            <add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" ignoreCase="false" />
                            <add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" ignoreCase="false" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                    </rule>
                </rules>
            </rewrite>

Answer 2

Update

CloudFront is AWS CND which is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency. The CDN for Azure is Azure Content Delivery Network (CDN) .

If your goal is to enforce HTTPS for your application, then CDN is may not be the best available option as CDNs are used to deliver static contents with low letency and high availability to globally dispersed customers. Although, you can use HTTPS with CDN but this will incur cost for using CDN services.

So if your primary goal is to use HTTPs then below procedure is for binding SSL to your custom domian name to enforce HTTPS communication with your website.

With Microsoft Azure you can bind your Webapp with SSL certificate in order to access it over https. In order to do so you need to have;

1. Created an App Service app

2. Map a custom DNS name to your App Service app

3. Acquired an SSL certificate from a trusted certificate authority

4. Have the private key you used to sign the SSL certificate request

In you Azure portal visit the webapp for which you want to add SSL certificate. Then click SSL settings in the left navigation of your app. Then Click Upload Certificate to add it in your web app.

Afterwards, In the SSL binding section, click Add binding . In the Add SSL Binding page, use the dropdowns to select the domain name to secure, and the certificate to use.

Enforcing HTTPS :-

You can redirect all HTTP requests to the HTTPS port. In your app page, in the left navigation, select SSL settings . Then, in HTTPS Only , select On.

For further information and full tutorial please visit Tutorial: Bind an existing custom SSL certificate to Azure App Service

But, if you intended to use CDN services along with secure HTTPs connection then below is the procedure to use Azure CDN to enable a custom domain with SSL.

1. In the Azure portal, browse to your Azure CDN Standard from Microsoft, Azure CDN Standard from Akamai, Azure CDN Standard from Verizon or Azure CDN Premium from Verizon profile.
2. In the list of CDN endpoints , select the endpoint containing your custom domain.
3. In the list of custom domains , select the custom domain for which you want to enable HTTPS.
4. Under Certificate management type , select CDN managed.
5. Select On to enable HTTPS.

For further information refer Configure HTTPS on an Azure CDN custom domain

If you only want to redirect your HTTP traffic to HTTPs in your Azure CDN the you only need to create a URL Redirect rule with the Azure CDN rules engine. For further info refer HTTP-to-HTTPS redirection

Answer 3

Azure Front Door is the option you require.

This service provides a combined Web Application Firewall, Traffic Manager (for routing) and CDN all in one service. More importantly, unlike the other plain CDNs Azure offers, it allows for SSL termination:

You can configure the routing rule to accept either one of http or https only, or both, and then the route details allow you to specify whether the request is passed on as HTTPS Only, HTTP Only (what you want) or "Match Request":

You could then set up a subsequent rule for non-HTTPS traffic that redirects to HTTPS, forcing all traffic to be secure.