tabs ↹ over ␣ ␣ ␣ spaces

by Jiří {x2} Činčura

Workaround for using HTTPS with custom domain on Azure Blob Storage

2 May 2017 Azure, Azure Storage, CDN, Cloud

Azure Blob Storage is my favorite cloud service in Azure. Among it’s purpose of storing data, it allows you to set custom domain instead of using <account>.blob.core.windows.net. Which is handy. On the other hand it does not allow you (currently) to use it with HTTPS because you can’t upload your own certificate, which sucks, sucks donkey balls.

What to do about it? It’s time for combining multiple services together and hoping it fits. Of course I don’t want to put i.e. Web App in front of it because that’s another piece to take care about. I want something Azure manages for me.

Solution

One service that allows using HTTPS with custom domain (and certificate) is Azure CDN (only Verizon currently). Although you can’t upload your own certificate, you’ll get a valid certificate from DigiCert for free once you enable HTTPS. Because you can put CDN in front of blob storage, it’s almost solved.

The CDN pricing is very similar to blob storage pricing, thus from cost perspective it’s not going to burn hole in your pocket.

Limitations

The limitation is of course the nature of CDN - it’s caching the data in PoP locations. That means if your data is changing often you’re pretty much out of luck.

And similarly, if you’re using Shared Access Signatures, it’s not going to work well either.

Summary

Honestly I hate finding workarounds for such basic tasks. I know handling and scaling HTTPS isn’t easy. So isn’t building cloud infrastructure. That’s why I’m building apps on top of Azure and not buildnig my own Azure.

If you can fit your needs in between the limitations, this might be viable solution. Else you’re out of luck and you have to wait until the HTTPS with custom domain is supported directly on blob storage.