1. 技术文章
  2. Azure - SSL & Traffic Manager - Multiple regions

Azure - SSL & Traffic Manager - Multiple regions

[亡魂溺海] 提交于 2019-11-28 10:32:03

问题


I'm expanding my Azure SSL web app across multiple regions, and thus need to setup a traffic manager.

My current configuration works, and is:

SSL cert: www.bloop.com
Web App: uk-bloop.azurewebsites.net (Custom domain assigned)

Registrar (Go Daddy): 
CNAME   awverify    awverify.uk-bloop.azurewebsites.net
CNAME   awverify.www    awverify.uk-bloop.azurewebsites.net

I can visit https://www.bloop.com, and everything works fine.

I now wish to add a USA region app: usa-bloop.azurewebsites.net into the mix.

I have added a traffic manager, and assigned the two endpoints, and it all seems to be working correctly:

bloop.trafficmanager.net 
    -> usa-bloop.azurewebsites.net
    -> uk-bloop.azurewebsites.net

And that all seems great - the problem, is how can I assign a custom domain (& SSL Cert) to usa-bloop.azurewebsites.net? I cannot verify it, as the CNAME points to the uk region, and I cannot add two CNAME records, with the same name. If I point the CNAME to the traffic manager DNS, will Azure 'pass on' the verification to both the individual applications?

i.e:

Registrar (Go Daddy): 
CNAME   awverify    awverify.bloop.trafficmanager.net
CNAME   awverify.www    awverify.bloop.trafficmanager.net

回答1:


Minimum stuff required:

(you don't even need the awverify if CNAME is good enough - awverify is just for A)


Traffic Manager Endpoints:


Make sure your DNS configuration looks something like this (using tm.snobu.org instead of www.bloop.com):

$ dig tm.snobu.org

tm.snobu.org.           3397    IN      CNAME   simpletm.trafficmanager.net.
simpletm.trafficmanager.net. 97 IN      CNAME   app-eastus.azurewebsites.net.
app-eastus.azurewebsites.net. 1086 IN   CNAME   waws-prod-blu-039.vip.azurewebsites.windows.net.
waws-prod-blu-039.vip.azurewebsites.windows.net. 54 IN CNAME waws-prod-blu-039.cloudapp.net.
waws-prod-blu-039.cloudapp.net. 14 IN   A       23.96.103.159


Set (the same) custom domain for both Web Apps:

Upload the SSL cert (in my case for tm.snobu.org) and set bindings for both Web Apps.

That's it.

The request shown above is not made over HTTPS because i don't have a cert handy, but you get the point.




回答2:


In my opinion, you could configure SSL for each of your Azure websites, and configure DNS CNAME to point to the Traffic Manager, not the original website. And then you could add endpoints to point to your Azure Websites in Traffic Manager. I would recommend you to read this blog that explained how to scale Azure Websites globally with Traffic Manager.



来源:https://stackoverflow.com/questions/40381922/azure-ssl-traffic-manager-multiple-regions

标签
azure
ssl
dns
azure-web-sites
azure-traffic-manager
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!