您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

为 Azure 存储帐户配置自定义域名Configure a custom domain name for your Azure storage account

可以配置自定义域以便访问 Azure 存储帐户中的 Blob 数据。You can configure a custom domain for accessing blob data in your Azure storage account. Azure Blob 存储的默认终结点是 <storage-account-name>.blob.core.windows.netThe default endpoint for Azure Blob storage is <storage-account-name>.blob.core.windows.net. 你还可以使用作为静态网站功能的一部分生成的 web 终结点。You can also use the web endpoint that's generated as a part of the static websites feature. 如果将自定义域和子域 (如www.contoso.com) 映射到存储帐户的 blob 或 web 终结点, 则用户可以使用该域访问存储帐户中的 blob 数据。If you map a custom domain and subdomain, such as www.contoso.com, to the blob or web endpoint for your storage account, your users can use that domain to access blob data in your storage account.

重要

Azure 存储尚不支持以本机方式对自定义域使用 HTTPS。Azure Storage does not yet natively support HTTPS with custom domains. 目前可以使用 Azure CDN 通过 HTTPS 访问包含自定义域的 BlobYou can currently Use Azure CDN to access blobs by using custom domains over HTTPS.

备注

暂仅支持为每个存储帐户配置一个自定义域名。Storage accounts currently support only one custom domain name per account. 无法将自定义域名映射到 Web 和 Blob 服务终结点。You can't map a custom domain name to both the web and blob service endpoints.

备注

映射仅适用于子域 (例如 www.contoso.com)。The mapping does only work for subdomains (e.g. www.contoso.com). 如果要在根域 (例如 contoso.com) 上提供 web 终结点, 则必须将自定义域添加到 Azure CDN 终结点If you want to have your web endpoint available on the root domain (e.g. contoso.com), then you have to Add a custom domain to your Azure CDN endpoint.

下表显示了 mystorageaccount 存储帐户中的 Blob 数据的一些示例 URL。The following table shows a few sample URLs for blob data that's located in a storage account named mystorageaccount. 为存储帐户注册的自定义子域是 www.contoso.comThe custom subdomain that's registered for the storage account is www.contoso.com:

资源类型Resource type 默认 URLDefault URL 自定义域 URLCustom domain URL
存储帐户Storage account http://mystorageaccount.blob.core.windows.nethttp://mystorageaccount.blob.core.windows.net http://www.contoso.comhttp://www.contoso.com
BlobBlob http://mystorageaccount.blob.core.windows.net/mycontainer/myblobhttp://mystorageaccount.blob.core.windows.net/mycontainer/myblob http://www.contoso.com/mycontainer/myblobhttp://www.contoso.com/mycontainer/myblob
根容器Root container http://mystorageaccount.blob.core.windows.net/myblob 或 http://mystorageaccount.blob.core.windows.net/$root/myblobhttp://mystorageaccount.blob.core.windows.net/myblob or http://mystorageaccount.blob.core.windows.net/$root/myblob http://www.contoso.com/myblob 或 http://www.contoso.com/$root/myblobhttp://www.contoso.com/myblob or http://www.contoso.com/$root/myblob
WebWeb http://mystorageaccount. [zone] web.config/$web/[indexdoc] 或 http://mystorageaccount. [zone] web.config/[indexdoc] 或 http://mystorageaccount. [zone] web.config/$web 或 http://mystorageaccount. [zone]。 net/http://mystorageaccount.[zone].web.core.windows.net/$web/[indexdoc] or http://mystorageaccount.[zone].web.core.windows.net/[indexdoc] or http://mystorageaccount.[zone].web.core.windows.net/$web or http://mystorageaccount.[zone].web.core.windows.net/ http://www.contoso.com/$web 或 http://www.contoso.com/或 http://www.contoso.com/$web/[indexdoc] 或 http://www.contoso.com/[indexdoc]http://www.contoso.com/$web or http://www.contoso.com/ or http://www.contoso.com/$web/[indexdoc] or http://www.contoso.com/[indexdoc]

备注

如以下部分中所示,Blob 服务终结点的所有示例同样适用于 Web 服务终结点。As shown in the following sections, all examples for the blob service endpoint also apply to the web service endpoint.

直接 CNAME 映射与中间 CNAME 映射Direct vs. intermediary CNAME mapping

可通过下述两种方法之一将带有子域(例如 www.contoso.com)前缀的自定义域指向存储帐户的 Blob 终结点:You can point your custom domain prefixed with a subdomain (e.g. www.contoso.com) to the blob endpoint for your storage account in either of two ways:

  • 使用直接 CNAME 映射。Use direct CNAME mapping.
  • 使用 asverify 中间子域。Use the asverify intermediary subdomain.

直接 CNAME 映射Direct CNAME mapping

第一种方法是创建一个规范名称 (CNAME) 记录。此记录可以将自定义域和子域直接映射到 Blob 终结点。这种方法最简单。The first, and simplest, method is to create a canonical name (CNAME) record that maps your custom domain and subdomain directly to the blob endpoint. CNAME 记录是一种域名系统 (DNS) 功能,用于将源域映射到目标域。A CNAME record is a domain name system (DNS) feature that maps a source domain to a destination domain. 在示例中,源域是你自己的自定义域和子域(例如 www.contoso.com)。In our example, the source domain is your own custom domain and subdomain (www.contoso.com, for example). 目标域是 Blob 服务终结点(例如 mystorageaccount.blob.core.windows.net)。The destination domain is your blob service endpoint (mystorageaccount.blob.core.windows.net, for example).

“注册自定义域”部分介绍了直接方法。The direct method is covered in the "Register a custom domain" section.

使用 asverify 进行中间映射Intermediary mapping with asverify

第二种方法也使用 CNAME 记录。The second method also uses CNAME records. 但是,为了避免停机,此方法先采用了可由 Azure 识别的特殊子域 asverifyTo avoid downtime, however, it first employs a special subdomain asverify that's recognized by Azure.

将自定义域映射到 Blob 终结点会导致在 Azure 门户中注册域时出现短暂的停机。Mapping your custom domain to a blob endpoint can cause a brief period of downtime while you are registering the domain in the Azure portal. 如果该域目前所支持的应用程序的服务级别协议 (SLA) 要求不能有停机时间,请使用 Azure asverify 子域作为中间注册步骤。If the domain currently supports an application with a service-level agreement (SLA) that requires zero downtime, use the Azure asverify subdomain as an intermediate registration step. 此步骤可确保用户能够在 DNS 映射期间访问域。This step ensures that users can access your domain while the DNS mapping takes place.

使用 asverify 子域注册自定义域中介绍了中间方法。The intermediary method is covered in Register a custom domain by using the asverify subdomain.

注册自定义域Register a custom domain

如果符合以下陈述,则可以使用本部分所述的过程来注册域:Register the domain by using the procedure in this section if the following statements apply:

  • 你不担心域暂时对用户不可用。You are unconcerned that the domain is briefly unavailable to your users.
  • 自定义域当前未托管应用程序。Your custom domain is not currently hosting an application.

可以使用 Azure DNS 为 Azure Blob 存储配置自定义 DNS 名称。You can use Azure DNS to configure a custom DNS name for your Azure Blob store. 有关详细信息,请参阅使用 Azure DNS 为 Azure 服务提供自定义域设置For more information, see Use Azure DNS to provide custom domain settings for an Azure service.

如果自定义域目前在支持不能有任何停机时间的应用程序,请遵循使用 asverify 子域注册自定义域中的过程。If your custom domain currently supports an application that cannot have any downtime, use the procedure in Register a custom domain by using the asverify subdomain.

若要配置自定义域名,请在 DNS 中创建一个新的 CNAME 记录。To configure a custom domain name, create a new CNAME record in DNS. 该 CNAME 记录指定了域名的别名。The CNAME record specifies an alias for a domain name. 本示例将自定义域的地址映射到存储帐户的 Blob 存储终结点。In our example, it maps the address of your custom domain to your storage account's Blob storage endpoint.

通常可以在域注册机构的网站上管理域的 DNS 设置。You can usually manage your domain's DNS settings on your domain registrar's website. 每个注册机构指定 CNAME 记录的方法类似但略有不同,但概念是相同的。Each registrar has a similar but slightly different method of specifying a CNAME record, but the concept is the same. 由于某些基本域注册程序包不提供 DNS 配置,因此可能需要首先升级域注册程序包,才能创建 CNAME 记录。Because some basic domain registration packages don't offer DNS configuration, you might need to upgrade your domain registration package before you can create the CNAME record.

  1. Azure 门户中转到自己的存储帐户。In the Azure portal, go to your storage account.

  2. 在菜单窗格中的“Blob 服务”下,选择“自定义域”。In the menu pane, under Blob Service, select Custom domain.
    此时会打开“自定义域”窗格。The Custom domain pane opens.

  3. 登录到域注册机构的网站,并转到用于管理 DNS 的页面。Sign in to your domain registrar's website, and then go to the page for managing DNS.
    可在名为“域名”、“DNS”或“名称服务器管理”的部分中找到该页。You might find the page in a section named Domain Name, DNS, or Name Server Management.

  4. 找到用于管理 CNAME 的部分。Find the section for managing CNAMEs.
    可能需要转到高级设置页,并查找“CNAME”、“别名”或“子域”。You might have to go to an advanced settings page and look for CNAME, Alias, or Subdomains.

  5. 创建新的 CNAME 记录,输入 wwwphotos 等子域别名(子域是必需的,根域不受支持),然后提供主机名。Create a new CNAME record, enter a subdomain alias such as www or photos (subdomain is required, root domains are not supported), and then provide a host name.
    主机名是 Blob 服务终结点。The host name is your blob service endpoint. 主机名格式为 <mystorageaccount>.blob.core.windows.net,其中,mystorageaccount 是存储帐户的名称。Its format is <mystorageaccount>.blob.core.windows.net, where mystorageaccount is the name of your storage account. 要使用的主机名显示在 Azure 门户的“自定义域”窗格的第 1 项中。The host name to use appears in item #1 of the Custom domain pane in the Azure portal.

  6. 在“自定义域”窗格中的文本框内,输入自定义域的名称,包括子域。In the Custom domain pane, in the text box, enter the name of your custom domain, including the subdomain.
    例如,如果域是 contoso.com,子域别名是 www,请输入 www.contoso.comFor example, if your domain is contoso.com and your subdomain alias is www, enter www.contoso.com. 如果子域是 photos,则请输入 photos.contoso.comIf your subdomain is photos, enter photos.contoso.com.

  7. 若要注册自定义域,请选择“保存”。To register your custom domain, select Save.
    如果注册成功,则门户会通知存储帐户已成功更新。If the registration is successful, the portal notifies you that your storage account was successfully updated.

新的 CNAME 记录通过 DNS 传播后,如果用户具有相应的权限,则他们可以使用自定义域查看 Blob 数据。After your new CNAME record has propagated through DNS, if your users have the appropriate permissions, they can view blob data by using your custom domain.

使用 asverify 子域注册自定义域Register a custom domain by using the asverify subdomain

如果自定义域目前支持的应用程序的 SLA 要求不能停机,请使用本部分所述的过程注册自定义域。If your custom domain currently supports an application with an SLA that requires that there be no downtime, register your custom domain by using the procedure in this section. 通过创建从 asverify.<subdomain>.<customdomain> 指向 asverify.<storageaccount>.blob.core.windows.net 的 CNAME,可以预先向 Azure 注册域。By creating a CNAME that points from asverify.<subdomain>.<customdomain> to asverify.<storageaccount>.blob.core.windows.net, you can pre-register your domain with Azure. 然后,可以创建从 <subdomain>.<customdomain> 指向 <storageaccount>.blob.core.windows.net 的另一个 CNAME,发往自定义域的流量将定向到 Blob 终结点。You can then create a second CNAME that points from <subdomain>.<customdomain> to <storageaccount>.blob.core.windows.net, and then traffic to your custom domain is directed to your blob endpoint.

asverify 子域是 Azure 能够识别的一个特殊子域。The asverify subdomain is a special subdomain recognized by Azure. asverify 追加到自己的子域可使 Azure 识别自定义域,且无需修改该域的 DNS 记录。By prepending asverify to your own subdomain, you permit Azure to recognize your custom domain without having to modify the DNS record for the domain. 修改该域的 DNS 记录后,它将映射到 Blob 终结点,并且没有故障时间。When you do modify the DNS record for the domain, it will be mapped to the blob endpoint with no downtime.

  1. Azure 门户中转到自己的存储帐户。In the Azure portal, go to your storage account.

  2. 在菜单窗格中的“Blob 服务”下,选择“自定义域”。In the menu pane, under Blob Service, select Custom domain.
    此时会打开“自定义域”窗格。The Custom domain pane opens.

  3. 登录到 DNS 提供程序的网站,并转到用于管理 DNS 的页面。Sign in to your DNS provider's website, and then go to the page for managing DNS.
    可在名为“域名”、“DNS”或“名称服务器管理”的部分中找到该页。You might find the page in a section named Domain Name, DNS, or Name Server Management.

  4. 找到用于管理 CNAME 的部分。Find the section for managing CNAMEs.
    可能需要转到高级设置页,并查找“CNAME”、“别名”或“子域”。You might have to go to an advanced settings page and look for CNAME, Alias, or Subdomains.

  5. 创建新的 CNAME 记录,并且提供包含 asverify 子域的子域别名(例如 asverify.wwwasverify.photos),然后提供主机名。Create a new CNAME record, provide a subdomain alias that includes the asverify subdomain, such as asverify.www or asverify.photos, and then provide a host name.
    主机名是 Blob 服务终结点。The host name is your blob service endpoint. 主机名格式为 asverify.<mystorageaccount>.blob.core.windows.net,其中,mystorageaccount 是存储帐户的名称。Its format is asverify.<mystorageaccount>.blob.core.windows.net, where mystorageaccount is the name of your storage account. 要使用的主机名显示在 Azure 门户的“自定义域”窗格的第 2 项中。The host name to use appears in item #2 of the Custom domain pane in the Azure portal.

  6. 在“自定义域”窗格中的文本框内,输入自定义域的名称,包括子域。In the Custom domain pane, in the text box, enter the name of your custom domain, including the subdomain.
    请不要包含 asverifyDo not include asverify. 例如,如果域是 contoso.com,子域别名是 www,请输入 www.contoso.comFor example, if your domain is contoso.com and your subdomain alias is www, enter www.contoso.com. 如果子域是 photos,则请输入 photos.contoso.comIf your subdomain is photos, enter photos.contoso.com.

  7. 选中“使用间接 CNAME 验证”复选框。Select the Use indirect CNAME validation check box.

  8. 若要注册自定义域,请选择“保存”。To register your custom domain, select Save.
    如果注册成功,则门户会通知存储帐户已成功更新。If the registration is successful, the portal notifies you that your storage account was successfully updated. 自定义域已由 Azure 验证,但发往域的流量尚未路由到存储帐户。Your custom domain has been verified by Azure, but traffic to your domain is not yet being routed to your storage account.

  9. 返回到 DNS 提供程序的网站,创建将子域映射到 Blob 服务终结点的另一条 CNAME 记录。Return to your DNS provider's website, and then create another CNAME record that maps your subdomain to your blob service endpoint.
    例如,将子域指定为 wwwphotos(不含 asverify),将主机名指定为 <mystorageaccount>.blob.core.windows.net(其中,mystorageaccount 是存储帐户名称)。For example, specify the subdomain as www or photos (without the asverify) and specify the host name as <mystorageaccount>.blob.core.windows.net, where mystorageaccount is the name of your storage account. 完成此步骤后,也就完成了自定义域的注册。With this step, the registration of your custom domain is complete.

  10. 最后,可以删除新建的包含 asverify 的 CNAME 记录,因为只在中间步骤中才需要用到它。Finally, you can delete the newly created CNAME record that contains the asverify subdomain, which was required only as an intermediary step.

新的 CNAME 记录通过 DNS 传播后,如果用户具有相应的权限,则他们可以使用自定义域查看 Blob 数据。After your new CNAME record has propagated through DNS, if your users have the appropriate permissions, they can view blob data by using your custom domain.

测试自定义域Test your custom domain

若要确认自定义域是否映射到了 Blob 服务终结点,请在存储帐户中的公共容器内创建一个 Blob。To confirm that your custom domain is mapped to your blob service endpoint, create a blob in a public container within your storage account. 然后在 Web 浏览器中,使用以下格式的 URI 来访问该 Blob:http://<subdomain.customdomain>/<mycontainer>/<myblob>Then, in a web browser, access the blob by using a URI in the following format: http://<subdomain.customdomain>/<mycontainer>/<myblob>

例如,若要访问 photos.contoso.com 自定义子域中的 myforms 容器内的 Web 窗体:可使用以下 URI:http://photos.contoso.com/myforms/applicationform.htmFor example, to access a web form in the myforms container in the photos.contoso.com custom subdomain, you might use the following URI: http://photos.contoso.com/myforms/applicationform.htm

取消注册自定义域Deregister a custom domain

若要取消注册 Blob 存储终结点的自定义域,请使用以下过程之一。To deregister a custom domain for your Blob storage endpoint, use one of the following procedures.

Azure 门户Azure portal

若要删除自定义域设置,请执行以下操作:To remove the custom domain setting, do the following:

  1. Azure 门户中转到自己的存储帐户。In the Azure portal, go to your storage account.

  2. 在菜单窗格中的“Blob 服务”下,选择“自定义域”。In the menu pane, under Blob Service, select Custom domain.
    此时会打开“自定义域”窗格。The Custom domain pane opens.

  3. 清除包含自定义域名的文本框的内容。Clear the contents of the text box that contains your custom domain name.

  4. 选择“保存”按钮。Select the Save button.

成功删除自定义域后,会看到一条门户通知,指出存储帐户已成功更新。After the custom domain has been removed successfully, you will see a portal notification that your storage account was successfully updated.

Azure CLIAzure CLI

若要删除自定义域注册,请使用 az storage account update CLI 命令,并为 --custom-domain 参数值指定空字符串 ("")。To remove a custom domain registration, use the az storage account update CLI command, and then specify an empty string ("") for the --custom-domain argument value.

  • 命令格式:Command format:

    az storage account update \
        --name <storage-account-name> \
        --resource-group <resource-group-name> \
        --custom-domain ""
    
  • 命令示例:Command example:

    az storage account update \
        --name mystorageaccount \
        --resource-group myresourcegroup \
        --custom-domain ""
    

PowerShellPowerShell

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

若要删除自定义域注册,请使用 Set-AzStorageAccount PowerShell cmdlet,并为 -CustomDomainName 参数值指定空字符串 ("")。To remove a custom domain registration, use the Set-AzStorageAccount PowerShell cmdlet, and then specify an empty string ("") for the -CustomDomainName argument value.

  • 命令格式:Command format:

    Set-AzStorageAccount `
        -ResourceGroupName "<resource-group-name>" `
        -AccountName "<storage-account-name>" `
        -CustomDomainName ""
    
  • 命令示例:Command example:

    Set-AzStorageAccount `
        -ResourceGroupName "myresourcegroup" `
        -AccountName "mystorageaccount" `
        -CustomDomainName ""
    

后续步骤Next steps