How can we improve Azure Storage?

make it possible to use SSL on blob storage using custom domains

Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.

3,522 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobin Rysenga shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    You can now use the Azure CDN to access blobs with custom domains over HTTPS. See the following article for instructions on how to do so: https://docs.microsoft.com/en-us/azure/storage/storage-https-custom-domain-cdn. Having talked to a number of customers, we concluded that this solution addresses many scenarios where the need for HTTPS access to blobs with custom domains exists.

    Native Azure Storage support for using SSL to access blobs at custom domains is still on our backlog. We would love to hear about your scenarios where using the Azure CDN is not an acceptable solution, either by posting on this thread or sending us an email at azurestoragefeedback@microsoft.com.

    94 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Fred commented  ·   ·  Flag as inappropriate

        Come on MS - you dont need to ask peoples opinion on it. Obviously this feature should have been in from day 1.
        It sounds like someone is stalling for some reasons - either they don't want to do the work (unlikely) or MS prefers to force us to pay for CDN usage when it is absolutely not warranted.
        Either way this is a real shame - truly a real shame...
        And asking your customers to jump through hoops to fill in web form to ask - plead - beg you... - to do something so simple and so essential is a disgrace.
        Anyhow - here I am having to fill this form to try to explain why such feature is mandatory:
        - obviously http access is a must
        - obviously it needs to be https since http alone is almost never going to work for most scenario.
        - obviously custom domain is an absolute must for any cloud service. Otherwise it would simply be another PAS.
        So here you have it - we need https access and we need custom domain. Simple as that. And of course we need this 5 years ago.

        This is so obvious it pains me to read the admin comment on the top of this page.

      • Lighter commented  ·   ·  Flag as inappropriate

        I have to move to AWS because I wait for this one year.
        You don't care customer's mind.

      • Chris commented  ·   ·  Flag as inappropriate

        This is absolutely crazy that this is not completed by now! There are 3263 votes and this has been an issue for 5 years. This could be the difference between a corporation going with Azure versus AWS. This needs to be addressed. A redirect is not appropriate and the CDN is not the answer.

      • Marcus Kern commented  ·   ·  Flag as inappropriate

        Secure File Transfer from blob storage for distributed file sharing. for instance: our work provides assessments for each "client" these assessments are downloadable, where in they are generated on the fly. our hope is one day to be able to obtain a long term cache (historic deployment and version control) for activity monitoring and update policy violations.

        providing a secure way to distribute these documents would make Azure Storage Blobs a simple solution when compared to other options available but without SSL, this path is not an option.

      • Tamas commented  ·   ·  Flag as inappropriate

        Serving static pages from a blob is a mess. Cannot specify default content and SSL is not possible using custom domains.

        Why I need SSL? Now that's a different story:
        I'm using Azure B2C directory and Azure functions. B2C is only allowing HTTPS callbacks. Which is a bit too strict. There is one usecase where it is not necessary:

        I have a single web page application and the token is returned using html anchors. (#hash). The connection to B2C is under https, so as the redirect directive when the authentication was finished.
        Then the next GET won't include the part of the URL after the #, so it will never leave the browser, only the app could read it (then redirect away from it).

      • Tor Knutsson commented  ·   ·  Flag as inappropriate

        Why do I dislike CDN? First of all, its not a turnkey solution - there a management cost - changes I need to to to my blob data (cache invalidation headers management). Secondly, an additional run costs that bothers me less but it's surely not a pleaser.

      • James Hood commented  ·   ·  Flag as inappropriate

        Put simply, Azure CDN would be unnecessary additional layer(s) for some use cases, including mine. It seems to me that native support for this feature within the blob storage service is a natural extension. Considering the general push for a more-secure web through TLS by default (https://letsencrypt.org/2017/06/28/hundred-million-certs.html) the Azure Storage Service _without_ this feature will become less-and-less useful over time.

      • Bernardo commented  ·   ·  Flag as inappropriate

        Please, address this issue. This is not completed. Please, make https available for blob storage with custom domains.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Seriously? This is not completed... please revert status. This idea specifically asks for "SSL on blob storage using custom domains". It does not mention CDN which is a totally different thing.

        E.g. blob storage has the concept of Shared Access Signature (SAS) Links, which can be use for both read and write. SAS links is typically used for material, that you absolutely do not want to access using a CDN server. If you didn't care about privacy, why do you want SSL in the first place?

        In case the status of this idea is not changed back I've created the original idea again here: https://feedback.azure.com/forums/217298-storage/suggestions/19411273-support-ssl-on-blob-storage-with-custom-domains

      • Michaël Hompus commented  ·   ·  Flag as inappropriate

        Using CDN has many downsides including price, performance, caching, etc. This is a workaround, not a solution.

      • Anonymous commented  ·   ·  Flag as inappropriate

        If this has been "Completed", why does it still say "Azure Storage does not yet support HTTPS with custom domains. While we do not have a specific timeline we can share for this feature, we are aware of customer interest." at https://docs.microsoft.com/en-us/azure/storage/storage-custom-domain-name?

        Could it be that the completion does not refer to the original feedback request (blob storage), but only to CDN instead?

      • Michael commented  ·   ·  Flag as inappropriate

        You can realize this with Azure Functions Proxies that route to the blob storage. Just add your custom domain to the Function App. The Proxies defined there route to the blob storage like this:

        {
        "$schema": "http://json.schemastore.org/proxies",
        "proxies": {
        "YourBlobProxy": {
        "matchCondition": {
        "route": "{*path}",
        "methods": [
        "GET"
        ]
        },
        "backendUri": "https://<yourblobstorage>.blob.core.windows.net/{path}"
        }
        }
        }

      • Clint Mann commented  ·   ·  Flag as inappropriate

        This is mind blowing that Microsoft has not implemented this! And the status as of May 2017 is "Under Review" and not "Completed" or even "Started". What an epic fail. Azure could dominate the internet if only Microsoft really really wanted it to. We will see.

      ← Previous 1 3 4 5

      Feedback and Knowledge Base