How can we improve Azure Storage?

make it possible to use SSL on blob storage using custom domains

Currently you can use SSL but you have to user the standard URL. You can create a CNAME to your storage account but most browsers complain that the traffic was rerouted and is possibly an attack. There should be a way to install a domain certificate to your containers.

3,184 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobin RysengaTobin Rysenga shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    You can now use the Azure CDN to access blobs with custom domains over HTTPS. See the following article for instructions on how to do so: https://docs.microsoft.com/en-us/azure/storage/storage-https-custom-domain-cdn. Having talked to a number of customers, we concluded that this solution addresses many scenarios where the need for HTTPS access to blobs with custom domains exists.

    Native Azure Storage support for using SSL to access blobs at custom domains is still on our backlog. We would love to hear about your scenarios where using the Azure CDN is not an acceptable solution, either by posting on this thread or sending us an email at azurestoragefeedback@microsoft.com.

    81 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Steve LeeSteve Lee commented  ·   ·  Flag as inappropriate

        [Can't edit my last comment] My use case is for the static web site for a AzureFunctions powered app. With Serverless set to explode this is bound to be a much wanted feature.

      • Steve LeeSteve Lee commented  ·   ·  Flag as inappropriate

        Glad it's on the back log. SSL is vital for all modern access, eg PWAs. and a custom domain is almost always wanted from front end access.

      • bdcoderbdcoder commented  ·   ·  Flag as inappropriate

        Dear Microsoft:

        As seen by the multitude of posts below, can someone (anyone?) from inside Microsoft please post a reply with regard to the question about when SSL (https) will be supported with custom domains?

        As most of the comments below indicate, we WANT to use MS services, but unless SSL functionality comes before the end of this year (2016), many of us will simply be forced into to using a different service as we cannot make any type of argument to our superiors as to why our competitors are hosting their content via https, and we (who are using MS services) cannot.

        Tomorrow, I have to try to explain to a panel of execs why we cannot use https and our custom domain like our competitors are. I fear they may simply say, "Well then, lets switch services"!

        Again, an MS reply / announcement / specific date / any help would be in order.

      • Anonymous commented  ·   ·  Flag as inappropriate

        A small workaround i use it's to create a webapp and assign a custom ssl cert to; then proxy blob assets:

        public class HomeController : Controller
        {
        private const string ASSETS = "https://XXXXXXXX.blob.core.windows.net/XXXXXXXX/{0}";

        public ActionResult Index(string url)
        {
        var blob_url = string.Format(ASSETS, url);
        var fs = TransferFile(blob_url);
        if (fs != null)
        {
        return fs;
        }

        return new HttpNotFoundResult();
        }

        private ActionResult TransferFile(string dest)
        {
        try
        {
        WebRequest request = WebRequest.Create(dest);
        WebResponse response = request.GetResponse();
        Stream stream = response.GetResponseStream();
        FileStreamResult fs = new FileStreamResult(stream, FTTLib.FTT.GetMimeType(dest));
        return fs;
        }
        catch (Exception e)
        {
        Trace.TraceError("ERROR: {0}", e.Message);
        }

        return null;
        }
        }

        I personally use a virtual dir under the main website, i.e.: /assets. this will lead you to

        https://XXXXXXXX.blob.core.windows.net/XXXXXXXX/example.jpg
        https://www.yourcustomdomain/assets/examples.jps

        you can further improve with local caching, extension filtering etc.

      • Darren SherwoodDarren Sherwood commented  ·   ·  Flag as inappropriate

        As SSL all the way is kind of standard now, I simply cannot use a custom domain with azure blog storage and this sucks.

      • Laurence MeeLaurence Mee commented  ·   ·  Flag as inappropriate

        Currently it is not possible to upload a certificate to allow access to Blob Storage via a Custom Domain. This means that resources are accessed insecurely and if included in a secured web page then browsers complain of mixed secure and unsecure content which is not good at all. SSL Certificates should be allowed for Blob Storage Custom Domains in some way.

      • Maxipes FikMaxipes Fik commented  ·   ·  Flag as inappropriate

        Is this STILL NOT POSSIBLE :-O!?!? WTF! Apple comming iOS enforces this this year in EVERY APP!!! So MS Azure gets a NO-GO for all interconnected apps!!!

      Feedback and Knowledge Base