make it possible to use SSL on blob storage using custom domains
Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.
Thank you for the continued feedback on this request. We’re evaluating this support in the context of various storage services and connectivity mechanisms.
My free workaround is to use CloudFlare as a proxy, they provide free SSL to the client and optional SSL to the origin (the sa)
Jim Andreasen commented
My workaround has been to host an Azure Functions app without any functions. Just a proxies.json file in the archive. You can proxy calls through to a static website in a storage account, no problems. The benefit of this implementation is that you CAN attach your custom DNS and certificate to the Azure function (and it's super cheap). I'm finishing up a Terraform module that will show how everything works together
Patrick Burwell commented
I think I understand what this means, but help me out: If I wanted a storage account blob (general storage folder) on my Azure subscription called "Pictures", but I wanted to point to it FROM my personal domain name to that unique name, right? So, my question is this, why do I care what the folder name is on Azure when I can point to anything from my domain?
What am I missing here?
With Chrome now blocking HTTP downloads without much of an explanation to the user, either Microsoft addresses this now, or we too will migrate to something else. CDN is not an option, nor are non-custom domains.
It is so hard for Microsoft to implement this.
Hope I can see this feature in my lifetime.
Microsoft is moving very fast on this one. Improvement suggested in 2012, under review since 2017. I have high hopes that 2021 is the year the Storage Team will handle this. If not, for sure 2102.
Mike Grudzinskas commented
I have no need for a CDN (localized customer base) and I have no desire to introduce more complexity into my Azure solution. I already bought a wild card certificate through Azure. Just let me use that certificate.
Dimka M commented
As per Azure team's suggestion I created an additional thread for their storage team to follow: https://docs.microsoft.com/en-us/answers/questions/119714/make-it-possible-to-use-ssl-on-blob-storage-using.html
Dimka M commented
This is madness that it's still not implemented!!!
5000 votes, competitors have had it for years, yet it is still "Under review"?
Thomas Jespersen commented
CDN does not work!
We use blob storage to make SAS links, that are only valid for a minute or so. Also, we use writable SAS links to upload directly to blob storage from a browser. CDN is not an option either of these cases. Also, CDN is not an option for us because we cannot control what servers in what region data is stored on (GDPR).
You already have custom domains on blob storage, and you have Azure Webservice that can generated valid certificates for custom domains using Let's encrypt. So you know how to do this.
Please prioritise this.
Using the CDN works but is pricey. Why wouldn't this be allowed? I find it ridiculous.
I have a static website that I'd like to surface to an internal organisation and not the wider internet. As a workaround I can publish to CDN and try to lock down by IP address, but I can't do anything about securing the blob endpoint.
I'd prefer to just have native support for SSL and DNS on the blob endpoint for static websites, and skip the CDN entirely.
Three years after the last official update was posted a the top of this feature request, both Chrome and Microsoft's own Edge now automatically change HTTP URLs to HTTPS. Good for Amazon users maybe, but bad for all of us who are still waiting for a resolution on this, since our users are now getting an error until we can add TLS.
thomas woelfer commented
Trying to use this for downloadable installers. I would need to purge the cdn each time the installer gets updated. There's simply more overhead to monitor and manage, compared to a simple file copy using azcopy or suchlike.
Hi! is there any news on this? Do you plan to allow us to use custom SSL Certificates?
Clint Mann commented
So excited I just voted for this! Microsoft will surely listen to us since the vote count is so high! Well above 4800 votes! I'm so proud of all of us! We all pulled together and got this vote count high! I mean, that's why Microsoft implemented voting right? To help them prioritize? So I am sure they will listen now!! Can't wait to see what they do now!
Mark Foppen commented
Since there is still no good solution for this in Azure there is one possible workaround. You can solve this by using for example Cloudflare in front of it. It is free and will eliminate the certificate error. As a added bonus you will get caching included. The downside is that you are not using your own SSL certificate. If you want to use your own certificate you have to take a subscription with them to the business plan $200/month.
Hope this helps someone.
Devstringx Technologies commented
Thanx for sharing this valuable information!
Dmytro Salenko commented
I'm very disappointed that in 2020 Azure Storage doesn't provide a simple solution to use custom domains + SSL with self management certificates. It's very huge minus of Azure Storage for me.