How can we improve Azure Storage?

make it possible to use SSL on blob storage using custom domains

Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.

3,184 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobin RysengaTobin Rysenga shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    You can now use the Azure CDN to access blobs with custom domains over HTTPS. See the following article for instructions on how to do so: https://docs.microsoft.com/en-us/azure/storage/storage-https-custom-domain-cdn. Having talked to a number of customers, we concluded that this solution addresses many scenarios where the need for HTTPS access to blobs with custom domains exists.

    Native Azure Storage support for using SSL to access blobs at custom domains is still on our backlog. We would love to hear about your scenarios where using the Azure CDN is not an acceptable solution, either by posting on this thread or sending us an email at azurestoragefeedback@microsoft.com.

    81 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • BernardoBernardo commented  ·   ·  Flag as inappropriate

        Please, address this issue. This is not completed. Please, make https available for blob storage with custom domains.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Seriously? This is not completed... please revert status. This idea specifically asks for "SSL on blob storage using custom domains". It does not mention CDN which is a totally different thing.

        E.g. blob storage has the concept of Shared Access Signature (SAS) Links, which can be use for both read and write. SAS links is typically used for material, that you absolutely do not want to access using a CDN server. If you didn't care about privacy, why do you want SSL in the first place?

        In case the status of this idea is not changed back I've created the original idea again here: https://feedback.azure.com/forums/217298-storage/suggestions/19411273-support-ssl-on-blob-storage-with-custom-domains

      • Michaël HompusMichaël Hompus commented  ·   ·  Flag as inappropriate

        Using CDN has many downsides including price, performance, caching, etc. This is a workaround, not a solution.

      • Anonymous commented  ·   ·  Flag as inappropriate

        If this has been "Completed", why does it still say "Azure Storage does not yet support HTTPS with custom domains. While we do not have a specific timeline we can share for this feature, we are aware of customer interest." at https://docs.microsoft.com/en-us/azure/storage/storage-custom-domain-name?

        Could it be that the completion does not refer to the original feedback request (blob storage), but only to CDN instead?

      • MichaelMichael commented  ·   ·  Flag as inappropriate

        You can realize this with Azure Functions Proxies that route to the blob storage. Just add your custom domain to the Function App. The Proxies defined there route to the blob storage like this:

        {
        "$schema": "http://json.schemastore.org/proxies",
        "proxies": {
        "YourBlobProxy": {
        "matchCondition": {
        "route": "{*path}",
        "methods": [
        "GET"
        ]
        },
        "backendUri": "https://<yourblobstorage>.blob.core.windows.net/{path}"
        }
        }
        }

      • Clint MannClint Mann commented  ·   ·  Flag as inappropriate

        This is mind blowing that Microsoft has not implemented this! And the status as of May 2017 is "Under Review" and not "Completed" or even "Started". What an epic fail. Azure could dominate the internet if only Microsoft really really wanted it to. We will see.

      • DenexappDenexapp commented  ·   ·  Flag as inappropriate

        I just started to use Storage, i thought it was my lack of skill that i can't find a way to set up SSL there. Then i found this. This feature is so basic, how this can be not implemented for 5 years?

      • Anonymous commented  ·   ·  Flag as inappropriate

        The idea was shared on July 18, 2012. It is 2017 and this is still not available. Shame (ring) shame (ring)

      • NathanNathan commented  ·   ·  Flag as inappropriate

        Daresay you could meet this use-case now using Web App Firewalls, but an integrated solution would be better.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It might be necessary to use CloudFlare for the references until its implemented, but, I assumed that this would have been implemented as part of the initial service...

      • NelsonNelson commented  ·   ·  Flag as inappropriate

        Add this to your themes function.php file (or anywhere else it works i.e. plugin)

        add_filter( 'windows_azure_storage_allow_cname_https', '__return_true' );

        Azure Storage plugin will now accept https CNAME and custom domain

      • NelsonNelson commented  ·   ·  Flag as inappropriate

        there is actually a way. I've done it n multiple sites. Admin doesn't know what he/she is talking about.

      • bdcoderbdcoder commented  ·   ·  Flag as inappropriate

        Every Developer down in Developerville liked SSL a lot
        But Microsoft, who lived just North of Developerville did not!

        The Microsoft hated SSL! The whole SSL stack!
        Now, please don't ask why. No one quite knows the reason.

        It could be, perhaps, that the code was too tight.
        It could be his head wasn't screwed on just right.

        ... I'll stop there and continue next Christmas (but by 2017, I'm afraid we'll be forced to move off of Azure) ...

      • MichaelMichael commented  ·   ·  Flag as inappropriate

        Sorry but offering enterprise software, we look like idiots when customer's sec team asks for the URLs they need to allow and we need to point them to blob urls among our application url.

        Branding gives confidence to customers and this is still missing since 5 years after the initial request.

        And what does backlog mean, another two years?

      • Steffen GammelgårdSteffen Gammelgård commented  ·   ·  Flag as inappropriate

        Agree wholeheartedly with the last few comments, I also have a SPA and an API on Functions, and hope "BACKLOG" actually means it's a priority feature.

        Putting a static site on App Service seems like a waste of money, but hopefully it will do OK with Cloudflare and an agressive caching strategy until this feature is ready.

      • FreeFree commented  ·   ·  Flag as inappropriate

        What Steve said.

        And see https://feedback.azure.com/forums/217298-storage/suggestions/1180039-support-a-default-blob-for-blob-storage-containers - I just realize now that SSL is enabled by default, but only on the standard URL... fine when you're just having fun, but no use for real stuff.

        SPA on static hosting + API on serverless functions will go big, and it seems Azure is not ready for it.

      ← Previous 1 3 4 5

      Feedback and Knowledge Base