da0cdd93d7
Co-authored-by: azure-quickstart-templates pipeline <azure-quickstart-templates@noreply.github.com> |
||
---|---|---|
.. | ||
images | ||
README.md | ||
azuredeploy.json | ||
azuredeploy.parameters.json | ||
main.bicep | ||
metadata.json |
README.md
description | page_type | products | urlFragment | languages | ||||
---|---|---|---|---|---|---|---|---|
This template creates a Front Door Standard/Premium, an App Service, and configures the App Service to validate that traffic has come through the Front Door origin. | sample |
|
front-door-standard-premium-app-service-public |
|
Front Door Standard/Premium with App Service origin
This template deploys a Front Door Standard/Premium with an App Service origin, using the App Service public endpoint.
Sample overview and deployed resources
This sample template creates an App Service app and a Front Door profile, and uses the App Service's public IP address with access restrictions to enforce that incoming connections must come through your Front Door instance.
The following resources are deployed as part of the solution:
App Service
- App Service plan and application. This sample uses the public endpoint for the App Service application and does not use a private endpoint.
- App Service access restrictions to block access to the application unless they have come through Front Door. The traffic is checked to ensure it has come from the
AzureFrontDoor.Backend
service tag, and also that theX-Azure-FDID
header is configured with your specific Front Door instance's ID.
Front Door Standard/Premium
- Front Door profile, endpoint, origin group, origin, and route to direct traffic to the App Service application.
- Note that you can use either the standard or premium Front Door SKU for this sample. By default, the standard SKU is used.
The following diagram illustrates the components of this sample.
Deployment steps
You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.
Usage
Connect
Once you have deployed the Azure Resource Manager template, wait a few minutes before you attempt to access your Front Door endpoint to allow time for Front Door to propagate the settings throughout its network.
You can then access the Front Door endpoint. The hostname is emitted as an output from the deployment - the output is named frontDoorEndpointHostName
. You should see an App Service welcome page. If you see an error page, wait a few minutes and try again.
You can also attempt to access the App Service hostname directly. The hostname is also emitted as an output from the deployment - the output is named appServiceHostName
. You should see a Forbidden error, since your App Service instance has been configured to block requests that don't come through your Front Door profile.
Tags: Microsoft.Cdn/profiles, Microsoft.Web/serverfarms, Microsoft.Web/sites, SystemAssigned, Microsoft.Cdn/profiles/afdEndpoints, Microsoft.Cdn/profiles/originGroups, Microsoft.Cdn/profiles/originGroups/origins, Microsoft.Cdn/profiles/afdEndpoints/routes