Cloud Resume Challenge Tutorial — Part 4 of 6

Published in

Coding in the Cloud

10 min readJan 1, 2024

Part 4: Activate HTTPS

Introduction

This tutorial is a hands-on, project-based review of web development fundamentals designed to prepare you to pass your Azure Fundamentals Certification (AZ900). You will apply the concepts from AZ900 to a real project in Azure using real processes and approaches that engineers use for real projects. You don’t need to know command line, HTML, or networking. But by the time you finish, you will have a basic understanding of these concepts. It is written for the non-technical person, starting from an absolute beginner point of view.

Based on Forrest Brazeal’s Cloud Resume Challenge, this tutorial shows you one of many possible ways to build and host a simple website in Azure. The tutorial also will show you which tools to use and how to build a software development workflow. I’ve consulted with software developers throughout so that you can have confidence that the workflow is based on real-life, best practices. With a solid workflow foundation in place, you can expand the Cloud Resume Challenge to some of the optional enhancements, or even start new your own new projects, learning, exploring and building with Azure.

Project Overview

In this six-part project, you’ll build a cloud-hosted resume by completing the following:

· Part 1 — Create Your Resume in a GitHub Workflow

· Part 2 — Activate Azure Storage Static Webpage

· Part 3 — Activate a URL and Configure DNS and Azure Front Door CDN

· Part 4 — Activate HTTPS Action (you are here)

· Part 5 — Automate Your Workflow using GitHub

· Part 6 — Add a Staging Webpage to Your Workflow

Tutorial Overview

Goals of Part 4

In the prior tutorials you configured an Azure DNS Zone to work with a CDN, so that if you enter the CDN URL, it will resolve to your website, but the DNS routing still is not fully configured, meaning requests to yourwebsite.com will not correctly resolve.

In this tutorial you will complete the configuration of DNS so that users who request your root domain such as yourwebsite.com or www.yourwebsite.com, resolve to Azure Front Door CDN where you will also provision an SSL/TLS certificate so that users can connect to your website securely.

Components and Costs

Networking

· Azure DNS Zone and Azure Front Door CDN (for HTTPS, covered in part 4)

AZ900 — Need to Know

In this Part of the tutorial you won’t be using any new Azure Services, so perhaps you can review Azure Networking Fundamentals, which are an important part of the AZ900 test. For your reference and AZ900 test prep, the following networking services in Azure provide various networking capabilities that can be used together or separately. Some of the key capabilities include:

· Connectivity services: Connect Azure resources and on-premises resources using any or a combination of these networking services in Azure — Virtual Network (VNet), Virtual WAN, ExpressRoute, VPN Gateway, Virtual network NAT Gateway, Azure DNS, Peering service, Azure Virtual Network Manager, Route Server, and Azure Bastion.

· Application protection services: Protect your applications using any or a combination of these networking services in Azure — Load Balancer, Private Link, DDoS protection, Firewall, Network Security Groups, Web Application Firewall, and Virtual Network Endpoints.

· Application delivery services: Deliver applications in the Azure network using any or a combination of these networking services in Azure — Content Delivery Network (CDN), Azure Front Door Service, Traffic Manager, Application Gateway, Internet Analyzer, and Load Balancer.

· Network monitoring: Monitor your network resources using any or a combination of these networking services in Azure — Network Watcher, ExpressRoute Monitor, Azure Monitor, or VNet Terminal Access Point (TAP).

Azure Virtual Network (VNet) is not included in this tutorial, but it is an AZ900 fundamental and an essential building block for a private network in Azure. You can use VNets to communicate between Azure resources, between each other, and to the internet.

Technology Terms

Domain Name System (DNS)

DNS is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names (identification strings) assigned to each of the associated entities. DNS translates domain names to IP addresses so that web browsers can load Internet resources. When you enter a domain name like mycloudresume.com into your web browser, the DNS system looks up the IP address associated with that domain name and returns it to your computer. Your computer then uses that IP address to connect to the web server hosting the website and download the digital files. DNS enables anyone with a browser on an Internet-connected computer to enter a website domain name, connect to a remote server, and download the digital files from anywhere in the world. And to work, each computer that connects to the Internet must have a unique IP address. DNS is the global standard so that every computer/server knows how to find every other computer/server.

NS Record

The NS (nameserver) is a DNS function that identifies a set of servers any request should reference in order to obtain a domain’s DNS records. When you register your domain through GoDaddy, for example, GoDaddy automatically assigns its own nameservers and allows you to specify the IP address for your website host, so in this case, you can assign it to the static website IP address you created in Azure.

SOA Record

Start of Authority. In DNS every domain must have a Start of Authority record at the cutover point where the domain is delegated from its parent domain. You won’t be configuring or changing this record. It’s just an FYI.

Alias Record

Alias records are a category of records in a DNS configuration. In this project you’ll be creating an A record and CNAME, which are examples of Alias records.

SSL/TLS Certificate

SSL stands for Secure Sockets Layer, which is the predecessor to TLS (Transport Layer Security) 2. SSL/TLS certificates are used to secure communication between a web server and a web browser by encrypting data in transit.

When a website has an SSL/TLS certificate, you can see a closed padlock icon in the address bar of your web browser, and the URL of the website starts with “https://” instead of “http://”. This indicates that the website is secure and that the data you enter on the website is encrypted and protected from unauthorized access.

Certificates are issued by a Certificate Authority and installed on the web server. But in our project the certificate is managed by Azure Front Door and is deployed on the CDN so that when a user requests your URL and the DNS sends the request to the CDN, it is validated at the CDN and not the web server itself.

HTTPS

HTTP is the protocol used to connect and transfer website content from the browser to the web server. The “S” in HTTPS stands for “Secure” and indicates that the connection between the browser and the web server is encrypted and secure. Websites that use HTTPS confirm the validity of the URL (through an SSL/TLS certificate) so that users can be rest assured that the website they are visiting is the legitimate website of the registered domain name. This is to prevent criminals from routing you to a fake version of the website you are requesting where they may try to steal your data.

If you don’t want the browser to show this when people access your website then you need to activate HTTPS.

CNAME

A CNAME record stands for “canonical name” and is a type of DNS record that points from an alias domain to a “canonical” domain. It is used when a domain or subdomain is an alias of another domain.

For example, suppose blog.example.com has a CNAME record with a value of “example.com” (without the “blog”). This means when a DNS server hits the DNS records for blog.example.com, it actually triggers another DNS lookup to example.com, returning example.com’s IP address via its A record. In this case, we would say that example.com is the canonical name (or true name) of blog.example.com.

CNAME records are useful when you want to point multiple domain names to the same IP address. Instead of creating an A record for each domain name, you can create a CNAME record for each domain name that points to the canonical domain name 1.

Part 4 Activate HTTPS

Step 1 — Configure DNS with an A record and CNAME to route to the CDN

· Navigate to the DNS record you created in Step 2

· Add record set

· Leave the name blank

· Select Yes under Alias record set

· Find the CDN you just created in Step 3

· Click OK and wait for the record to be added

Create a CNAME to handle www requests

· Repeat the step above with the following changes

· Under name add ‘www’

· Under type select CNAME

· Under Alias record set select Yes

· Under Azure resource select the CDN you created in Step 3

· Select OK

Note: This CNAME record informs the DNS servers when it receives a request for www.yourwebsite.com (with the www), to send the request to your CDN

· Confirm you can see the A record and CNAME record in your Azure DNS Zone

Step 2 — Activate HTTPS

At this point if you navigate to your website, the browser will give you this alert. This is because you haven’t configured HTTPS yet.

Note: If you click advanced, and confirm, Azure DNS will still connect you to the blob static website, but it will continue to show “not secure” in the URL panel. This is a browser setting that is designed to alert users when a security certificate hasn’t been provisioned for the website.

· Return to the Front Door CDN and click domains

· Add a new domain

· Select your URL from the DNS Zone

· Under custom domain select Apex

· Select AFD (Azure Front Door) managed certificate

· Click Add

· Repeat the steps above but in the custom domain click the CNAME with www.yourdomain.com

Note: In these steps, Azure is automatically setting up a certificate for yourwebsite.com and provisioning it on the CDN so that all the DNS servers in the world can confirm to any user in the world that when they type yourURL.com, which resolves to the CDN URL, it is the confirmed and accurate website.

With these two custom domains created, the next step is to validate and associate an endpoint with the domains.

· Click pending

· Change TTL (Time to Live) from Hour to Minutes

Note: TTL is a DNS setting that informs the DNS servers how long they should wait before refreshing the routing instructions in the DNS cache. As you are building and testing a page, you should reduce this so that as you make changes, you can refresh the DNS settings faster. Once you have everything setup, you can change it back to 1 hour or longer if desired.

Click Add and close the window

· Click Endpoint Association

· Select your CDN in the endpoint association route and click associate

· Repeat the steps for the www custom domain

· The association process may take a few minutes so check back and refresh the page until certificate and DNS state are green:

While you are waiting, you can observe what Azure just created for you by going to the DNS Zone and looking for dnsauth in the names.

The prior steps created a certificate for youURL.com and www.yourURL.com, and added a txt record to the DNS Zone so that it is now verified as the proper DNS zone to route requests between Users requesting yourURL.com and the CDN.