Create a Front Door with HTTP to HTTPS redirection using the Azure portal
You can use the Azure portal to create a Front Door with a certificate for SSL termination. A routing rule is used to redirect HTTP traffic to HTTPS.
In this article, you learn how to:
- Create a Front Door with an existing Web App resource
- Add a custom domain with SSL certificate
- Setup HTTPS redirect on the custom domain
If you don't have an Azure subscription, create a free account before you begin.
Create a Front Door with an existing Web App resource
Sign in to the Azure portal at https://portal.azure.com.
Click Create a resource found on the upper left-hand corner of the Azure portal.
Search for Front Door using the search bar and once you find the resource type, click Create.
Choose a subscription and then either use an existing resource group or create a new one. Note, the location asked in the UI is for the resource group only. Your Front Door configuration will get deployed across all of Azure Front Door's POP locations.
Click Next to enter the configuration tab. The configuration for Front Door happens in three steps - adding a default frontend host, adding backends in a backend pool and then creating routing rules to map the routing behavior for frontend host.
Click the '+' icon on the Frontend hosts to create a frontend host, enter a globally unique name for your default frontend host for your Front Door (
\<**name**\>.azurefd.net). Click Add to proceed to the next step.
Click the '+' icon on the Backend pools to create a backend pool. Provide a name for the backend pool and then click 'Add a backend'.
Select the Backend Host Type as App service. Select the subscription where your web app is hosted and then select the specific web app from the dropdown for Backend host name.
Click Add to save the backend and click Add again to save the backend pool config.
Click the '+' icon on the Routing rules to create a route. Provide a name for the route, say 'HttpToHttpsRedirect', and then set the Accepted Protocols field to 'HTTP only'. Ensure that the appropriate frontend host is selected.
On the Route Details section, set the Route Type to Redirect, ensure that the Redirect type is set to Found (302) and Redirect protocol is set to HTTPS only.
Click Add to save the routing rule for HTTP to HTTPS redirect.
Add another routing rule for handling the HTTPS traffic. Click the '+' sign on the Routing rules and provide a name for the route, say 'DefaultForwardingRoute', and then set the Accepted Protocols field to 'HTTPS only'. Ensure that the appropriate frontend host is selected.
On the Route Details section, set the Route Type to Forward, ensure that the right backend pool is selected and the Forwarding Protocol is set to HTTPS only.
Click Add to save the routing rule for request forwarding.
Click Review + create and then Create, to create your Front Door profile. Go to the resource once created.
Add a custom domain to your Front Door and enable HTTPS on it
The following steps showcase how you can add a custom domain on an existing Front Door resource and then enable HTTP to HTTPS redirection on it.
Add a custom domain
In this example, you add a CNAME record for the
www subdomain (for example,
Create the CNAME record
Add a CNAME record to map a subdomain to your Front Door's default frontend host (
<name> is the name of your Front Door profile).
www.contoso.com domain, as an example, add a CNAME record that maps the name
After you add the CNAME, the DNS records page looks like the following example:
Onboard the custom domain on your Front Door
- On the Front Door designer tab, click on '+' icon on the Frontend hosts section to add a new custom domain.
- Enter the fully qualified custom DNS name in the custom host name field, example
- Once the CNAME mapping from the domain to your Front Door is validated, click on Add to add the custom domain.
- Click Save to submit the changes.
Enable HTTPS on your custom domain
Click on the custom domain that was added and under the section Custom domain HTTPS, change the status to Enabled.
You can leave the Certificate management type set to Front Door managed for the free certificate maintained, managed, and autorotated by Front Door. You can also choose to use your own custom SSL certificate stored with Azure Key Vault. This tutorial assumes that the use of Front Door managed certificate.
Click on Update to save the selection and then click Save.
Click Refresh after a couple of minutes and then click on the custom domain again to see the progress of certificate provisioning.
Enabling HTTPS for a custom domain may take several minutes and also depends on domain ownership validation if the CNAME is not directly mapped to your Front Door host
<name>.azurefd.net. Learn more about how to enable HTTPS for a custom domain.
Configure the routing rules for the custom domain
- Click on the redirect routing rule created earlier.
- Click on the dropdown for Frontend hosts and select your custom domain to apply this route for your domain as well.
- Click Update.
- Do the same operation for the other routing rule as well that is, for your forwarding route to add the custom domain.
- Click Save to submit your changes.