Hand-on – Add and Secure a Custom Domain on your App Service web-app

To add and secure a custom domain to your Azure App Service web app, follow these steps:

Step 1: Add a Custom Domain to the App Service

1. Access the Azure Portal:

2. Navigate to Your App Service:

   • In the left-hand sidebar, click on "App Services" and select your web app from the list.

3. Go to Custom Domains:

   • In the App Service settings, find and click on "Custom domains" in the left menu under the Settings section.

4. Add a Custom Domain:

   • Click on the "Add custom domain" button.

5. Verify Ownership of Your Domain:

You'll need to verify that you own the domain.

This usually involves adding a DNS record (typically a TXT or CNAME record) to your domain registrar’s DNS settings.

To do this:

• Enter the domain name you want to add (e.g., www.yourdomain.com).

• Azure will provide a verification record (either a TXT or CNAME record) that you need to add to your domain’s DNS settings.

  • Follow the instructions provided by Azure.

• After updating your DNS, it may take some time (up to 48 hours) for the changes to propagate.

6. Complete Domain Addition:

Once the DNS changes are successfully propagated, return to the Azure Portal and click "Add Domain". If the DNS records are correct, your custom domain will be added to your App Service.

Step 2: Configure SSL/TLS for Secure Connection (HTTPS)

To secure your custom domain with HTTPS, you’ll need to enable SSL/TLS.

1. Navigate to TLS/SSL Settings:

   • In the App Service settings, go to "TLS/SSL settings" under the Settings section.

2. Get an SSL Certificate:

   You can either:

   • Use a free App Service Managed Certificate (if your domain is a root or subdomain and doesn’t require wildcard certificates).

   • Upload your own SSL certificate if you have purchased one from a Certificate Authority (CA).

   To use the App Service Managed Certificate:

   • Click on "Certificates" and then "Create App Service Managed Certificate".

   • Select the domain that you just added.

   • Click "Create" to issue the certificate.

   If you are using a custom certificate, click "Upload Certificate" and follow the prompts to upload the .pfx file containing your SSL certificate.

3. Bind the SSL Certificate:

   • After the SSL certificate is created or uploaded, return to the "TLS/SSL bindings" section.

   • Click "Add TLS/SSL Binding".

   • Choose the custom domain you added and the certificate you want to bind.

   • Select the SSL type (SNI SSL for shared IP or IP-based SSL for dedicated IP).

   • Click "Add Binding".

Step 3: Enforce HTTPS (Optional but Recommended)

1. Navigate to the "TLS/SSL settings" in your App Service.

2. Under the "HTTPS Only" section, toggle the setting to "On" to ensure that all traffic to your site is redirected over HTTPS.

Step 4: Test the Configuration

1. Visit your custom domain (e.g., https://www.yourdomain.com) to verify that it’s now pointing to your App Service and is secured with HTTPS.

2. You should see a padlock icon in the browser’s address bar, indicating that SSL is enabled.

Troubleshooting Tips

1. DNS Propagation Delays: If your domain doesn’t resolve after adding the DNS record, remember that DNS changes may take several hours (or up to 48 hours) to propagate globally.

2. SSL Issues: If you encounter SSL certificate errors, double-check that the certificate is correctly bound and that the domain’s DNS records are pointing to the correct Azure App Service IP.

Summary

By following these steps, you'll successfully add and secure your custom domain on your Azure App Service web app.