Configuring SSL/TLS Certificates for Azure CDN Custom Domain
TypeScriptTo configure SSL/TLS certificates for an Azure CDN custom domain using Pulumi, you typically need to:
- Create an Azure CDN Profile and an endpoint.
- Acquire an SSL/TLS certificate for your custom domain.
- Configure the custom domain on the Azure CDN endpoint.
- Enable HTTPS on the Azure CDN with the custom domain by linking the SSL/TLS certificate.
Below, you'll find a Pulumi program written in TypeScript that demonstrates how you can accomplish this. The program will focus on setting up the Azure CDN part and associating the SSL/TLS certificate with the custom domain.
Before starting the actual program, please ensure the following prerequisites are met:
- You have an Azure account with the necessary permissions to create CDN profiles and endpoints.
- You have a domain name registered and can modify its DNS records.
- You have Pulumi installed and configured with appropriate access to your Azure account.
Detailed Explanation
First, we'll start by importing the required packages. We are using
@pulumi/azure-native
to interact with Azure resources natively. We will create the CDN profile and endpoint, and then link the custom domain to the Azure CDN endpoint.Next, we create the CDN profile and endpoint. The CDN profile is a collection of CDN endpoints and is the top-level resource representing the service. CDN endpoints are the points of presence for your content.
After setting up the CDN, we will configure the custom domain for the CDN endpoint. You can add your own domain to Azure CDN to customize the URLs used to access your content.
Finally, we enable HTTPS using your own certificate. When HTTPS is enabled for a custom domain, Azure CDN requests an SSL/TLS certificate and automatically provisions and manages it for your domain.
Below is the Pulumi program that accomplishes these steps.
import * as pulumi from "@pulumi/pulumi"; import * as cdn from "@pulumi/azure-native/cdn"; import * as resources from "@pulumi/azure-native/resources"; // Replace these variables with the appropriate values for your custom domain. const resourceGroupName = "my-cdn-resources"; const cdnProfileName = "myCdnProfile"; const cdnEndpointName = "myCdnEndpoint"; const customDomainName = "myCustomDomain"; const customDomainHostName = "<your_custom_domain>"; // e.g., www.example.com // Create an Azure resource group. const resourceGroup = new resources.ResourceGroup(resourceGroupName); // Create a new CDN Profile. const profile = new cdn.Profile(cdnProfileName, { resourceGroupName: resourceGroup.name, location: "global", sku: { name: "Standard_Microsoft", }, }); // Create a new CDN Endpoint. const endpoint = new cdn.Endpoint(cdnEndpointName, { profileName: profile.name, resourceGroupName: resourceGroup.name, location: "global", isHttpsAllowed: true, isHttpAllowed: true, isCompressionEnabled: false, contentTypesToCompress: [], deliveryPolicy: undefined, origins: [{ name: "cdn-origin", hostName: "www.example.com" }], }); // Create a new CDN Custom Domain linking to the CDN Endpoint. const customDomain = new cdn.CustomDomain(customDomainName, { customDomainName: customDomainName, endpointName: endpoint.name, profileName: profile.name, resourceGroupName: resourceGroup.name, hostName: customDomainHostName, // The following line indicates the ID of the certificate in Azure Key Vault. // This is to demonstrate where you would specify the link to the SSL/TLS certificate. // You will need to replace it with the actual secret ID from your Azure KeyVault. tlsSettings: { certificateType: "Shared", // To use your own certificate, set certificateType to "Customer" and // configure "secret" with the certificate ID from your Azure Key Vault. }, }); // Export the hostName of the CDN Endpoint, which is the URL you can use to access content. export const cdnEndpointHostname = endpoint.hostName;
What Happens After Deployment
After deploying the above code with Pulumi, you should have:
- A resource group containing the CDN profile and endpoint.
- A CDN profile configured with a specified SKU.
- A CDN endpoint representing the location your content is served from.
- A custom domain associated with your CDN endpoint.
- An indication where to specify your SSL/TLS certificate information.
Please note that actual SSL/TLS certificate management, including procurement (from a CA like Let's Encrypt) and deployment to Azure Key Vault, is not covered in this Pulumi program. Managing the certificate lifecycle is an advanced topic that can be automated using the
ACME
Pulumi provider for Let's Encrypt, or by managing SSL/TLS certificates manually in Azure Key Vault.Up Next
After you have the CDN up and running with HTTPS enabled, you will need to ensure the DNS settings for your custom domain point to the Azure CDN. This typically involves creating a CNAME record in your DNS provider's management console to alias your domain with the CDN endpoint.
If you have placed your SSL/TLS certificate in Azure Key Vault, you can use the secret ID of the certificate to enable HTTPS on the custom domain via CDN. Ensure the certificate's domain name matches your custom domain. If you don't have an SSL/TLS certificate yet, you will need to procure one and configure it appropriately in the Azure portal.
As a novice, you might find these steps complex. Don't hesitate to consult Azure documentation or the Pulumi community for support. You're now able to create and configure CDN profiles and endpoints with custom domains and SSL/TLS certificates in Azure using Pulumi!