How can we improve Azure Storage?

make it possible to use SSL on blob storage using custom domains

Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.

3,085 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobin RysengaTobin Rysenga shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Our apologies for not updating this ask earlier. SSL support for Blob Storage custom domain names is an important feature that is toward the front of our backlog. As soon as we have progress to share, we will do so. We will continue to provide updates at least once per quarter. For any further questions, or to discuss your specific scenario, send us an email at azurestoragefeedback@microsoft.com.

    73 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        The idea was shared on July 18, 2012. It is 2017 and this is still not available. Shame (ring) shame (ring)

      • NathanNathan commented  ·   ·  Flag as inappropriate

        Daresay you could meet this use-case now using Web App Firewalls, but an integrated solution would be better.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It might be necessary to use CloudFlare for the references until its implemented, but, I assumed that this would have been implemented as part of the initial service...

      • NelsonNelson commented  ·   ·  Flag as inappropriate

        Add this to your themes function.php file (or anywhere else it works i.e. plugin)

        add_filter( 'windows_azure_storage_allow_cname_https', '__return_true' );

        Azure Storage plugin will now accept https CNAME and custom domain

      • NelsonNelson commented  ·   ·  Flag as inappropriate

        there is actually a way. I've done it n multiple sites. Admin doesn't know what he/she is talking about.

      • bdcoderbdcoder commented  ·   ·  Flag as inappropriate

        Every Developer down in Developerville liked SSL a lot
        But Microsoft, who lived just North of Developerville did not!

        The Microsoft hated SSL! The whole SSL stack!
        Now, please don't ask why. No one quite knows the reason.

        It could be, perhaps, that the code was too tight.
        It could be his head wasn't screwed on just right.

        ... I'll stop there and continue next Christmas (but by 2017, I'm afraid we'll be forced to move off of Azure) ...

      • MichaelMichael commented  ·   ·  Flag as inappropriate

        Sorry but offering enterprise software, we look like idiots when customer's sec team asks for the URLs they need to allow and we need to point them to blob urls among our application url.

        Branding gives confidence to customers and this is still missing since 5 years after the initial request.

        And what does backlog mean, another two years?

      • Steffen GammelgårdSteffen Gammelgård commented  ·   ·  Flag as inappropriate

        Agree wholeheartedly with the last few comments, I also have a SPA and an API on Functions, and hope "BACKLOG" actually means it's a priority feature.

        Putting a static site on App Service seems like a waste of money, but hopefully it will do OK with Cloudflare and an agressive caching strategy until this feature is ready.

      • FreeFree commented  ·   ·  Flag as inappropriate

        What Steve said.

        And see https://feedback.azure.com/forums/217298-storage/suggestions/1180039-support-a-default-blob-for-blob-storage-containers - I just realize now that SSL is enabled by default, but only on the standard URL... fine when you're just having fun, but no use for real stuff.

        SPA on static hosting + API on serverless functions will go big, and it seems Azure is not ready for it.

      • Steve LeeSteve Lee commented  ·   ·  Flag as inappropriate

        [Can't edit my last comment] My use case is for the static web site for a AzureFunctions powered app. With Serverless set to explode this is bound to be a much wanted feature.

      • Steve LeeSteve Lee commented  ·   ·  Flag as inappropriate

        Glad it's on the back log. SSL is vital for all modern access, eg PWAs. and a custom domain is almost always wanted from front end access.

      • bdcoderbdcoder commented  ·   ·  Flag as inappropriate

        Dear Microsoft:

        As seen by the multitude of posts below, can someone (anyone?) from inside Microsoft please post a reply with regard to the question about when SSL (https) will be supported with custom domains?

        As most of the comments below indicate, we WANT to use MS services, but unless SSL functionality comes before the end of this year (2016), many of us will simply be forced into to using a different service as we cannot make any type of argument to our superiors as to why our competitors are hosting their content via https, and we (who are using MS services) cannot.

        Tomorrow, I have to try to explain to a panel of execs why we cannot use https and our custom domain like our competitors are. I fear they may simply say, "Well then, lets switch services"!

        Again, an MS reply / announcement / specific date / any help would be in order.

      • Anonymous commented  ·   ·  Flag as inappropriate

        A small workaround i use it's to create a webapp and assign a custom ssl cert to; then proxy blob assets:

        public class HomeController : Controller
        {
        private const string ASSETS = "https://XXXXXXXX.blob.core.windows.net/XXXXXXXX/{0}";

        public ActionResult Index(string url)
        {
        var blob_url = string.Format(ASSETS, url);
        var fs = TransferFile(blob_url);
        if (fs != null)
        {
        return fs;
        }

        return new HttpNotFoundResult();
        }

        private ActionResult TransferFile(string dest)
        {
        try
        {
        WebRequest request = WebRequest.Create(dest);
        WebResponse response = request.GetResponse();
        Stream stream = response.GetResponseStream();
        FileStreamResult fs = new FileStreamResult(stream, FTTLib.FTT.GetMimeType(dest));
        return fs;
        }
        catch (Exception e)
        {
        Trace.TraceError("ERROR: {0}", e.Message);
        }

        return null;
        }
        }

        I personally use a virtual dir under the main website, i.e.: /assets. this will lead you to

        https://XXXXXXXX.blob.core.windows.net/XXXXXXXX/example.jpg
        https://www.yourcustomdomain/assets/examples.jps

        you can further improve with local caching, extension filtering etc.

      ← Previous 1 3 4

      Feedback and Knowledge Base