Top / Microsoft Azure / Azure App Service (Web Apps) / Custom Hostname Binding

Azure App Service (Web Apps) Custom Hostname Binding

This page shows how to write Terraform and Azure Resource Manager for App Service (Web Apps) Custom Hostname Binding and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_app_service_custom_hostname_binding (Terraform)

The Custom Hostname Binding in App Service (Web Apps) can be configured in Terraform with the resource name azurerm_app_service_custom_hostname_binding. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

app_service_custom_hostname_binding_test.tf#L38
resource "azurerm_app_service_custom_hostname_binding" "example" {
  hostname            = "www.mywebsite.com"
  app_service_name    = azurerm_app_service.example.name
  resource_group_name = azurerm_resource_group.example.name
  ssl_state           = "IpBasedEnabled"
}
app_service_custom_hostname_binding_test.tf#L38
resource "azurerm_app_service_custom_hostname_binding" "example" {
  hostname            = "www.mywebsite.com"
  app_service_name    = azurerm_app_service.example.name
  resource_group_name = azurerm_resource_group.example.name
  ssl_state           = "IpBasedEnabled"
}
main.tf#L1
resource "azurerm_app_service_custom_hostname_binding" "app_binding" {
  hostname            = var.hostname
  app_service_name    = var.app_service_name
  resource_group_name = var.resource_group_name
  ssl_state           = var.ssl_state
  thumbprint          = var.thumbprint
resources.tf#L1
resource "azurerm_app_service_custom_hostname_binding" "panel" {
  hostname            = "panel.faithfulknights.com"
  app_service_name    = var.panel_name
  resource_group_name = var.resource_group_name
}
main.tf#L7
resource "azurerm_app_service_custom_hostname_binding" "this" {
  app_service_name    = var.app_service_name
  hostname            = var.hostname
  resource_group_name = var.resource_group_name
  ssl_state           = var.ssl_state
  thumbprint          = var.thumbprint
custom_domain.tf#L1
resource "azurerm_app_service_custom_hostname_binding" "function_custom_domain_binding" {
  hostname            = var.CUSTOM_DOMAIN
  app_service_name    = azurerm_function_app.function_app.name
  resource_group_name = var.RESOURCE_GROUP_NAME
}
sslactivation.tf#L21
resource "azurerm_app_service_custom_hostname_binding" "customDomain" {
  for_each = local.azure_webApps_data

  hostname            = var.your_domain
  app_service_name    = each.value.name
  resource_group_name = each.value.resource_group
dns.tf#L17
resource "azurerm_app_service_custom_hostname_binding" "pasionporlosbits_binding_dns" {
  hostname            = var.url_site
  app_service_name    = azurerm_app_service.pasionporlosbits_webapp.name
  resource_group_name = azurerm_resource_group.CharlaResourceGroup.name
  ssl_state           = "SniEnabled"
  thumbprint          = var.cert_thumbprint
main.tf#L22
resource "azurerm_app_service_custom_hostname_binding" "hostname_binding" {
  hostname            = trim(azurerm_dns_cname_record.dns_cname_record.fqdn, ".")
  app_service_name    = var.app_service_name
  resource_group_name = var.resource_group_name
  ssl_state           = var.ssl_state
  thumbprint          = var.custom_domain.certificate_thumbprint
custom_domain_binding.tf#L1
resource "azurerm_app_service_custom_hostname_binding" "webapp_host_binding" {
  hostname            = var.app_dns_url
  app_service_name    = azurerm_app_service.webapp.name
  resource_group_name = var.rg_name
  count               = var.create_host_binding
  ssl_state           = "SniEnabled"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Hostname Binding within an App Service (or Function App).

>> from Terraform Registry

Tips: Best Practices for The Other Azure App Service (Web Apps) Resources

In addition to the azurerm_app_service, Azure App Service (Web Apps) has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_app_service

Ensure your App Service is accessible via HTTPS only

It is better to configure the App Service to be accessible via HTTPS only. By default, both HTTP and HTTPS are available.

risk-label

azurerm_function_app

Ensure to enable authentication to prevent anonymous request being accepted

It is better to enable authentication to prevent anonymous requests and ensure all communications in the application are authenticated.

Review your Azure App Service (Web Apps) settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Web/sites/hostNameBindings (Azure Resource Manager)

The sites/hostNameBindings in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/sites/hostNameBindings. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

cert-deploy.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
    "contentVersion": "1.0.0.0",
    "metadata" : {
        "comments": "This ARM template deploys Azure resources included in the Health Bot Reference Architecture",
template.json#L631
            "type": "Microsoft.Web/sites/hostNameBindings",
            "apiVersion": "2018-11-01",
            "name": "[concat(parameters('sites_tmdemo_ceurope_name'), '/alexdemo-europe.trafficmanager.net')]",
            "location": "France Central",
            "dependsOn": [
                "[resourceId('Microsoft.Web/sites', parameters('sites_tmdemo_ceurope_name'))]"
hnbind-hostNameBinding.json#L33
          "type": "Microsoft.Web/sites/hostNameBindings",
          "apiVersion": "2018-11-01",
          "name": "[concat(parameters('siteName'), '/', parameters('fqdn'))]",
          "location": "[resourceGroup().location]",
          "properties": {
              "siteName": "[parameters('siteName')]",
azuredeploy.base.core.web.site.hostbinding.json#L38
          "resourceType": "Microsoft.Web/sites/hostNameBindings",
          "resourceLocation": "[parameters('webSiteHostBindingResourceLocation')]",
          "hostName": "[parameters('webSiteHostBindingHostName')]",
          "thumbprint":"[parameters('webSiteHostBindingCertificateThumbprint')]"
        }
      }
hnbind-hostNameBinding.json#L33
          "type": "Microsoft.Web/sites/hostNameBindings",
          "apiVersion": "2018-11-01",
          "name": "[concat(parameters('siteName'), '/', parameters('fqdn'))]",
          "location": "[resourceGroup().location]",
          "properties": {
              "siteName": "[parameters('siteName')]",
certificatebinding.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "certificateBinding": {
PurchaseDomainAndAssignToWebApp.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "domainName": {
azuredeploy.json#L24
      "type": "Microsoft.Web/sites/hostNameBindings",
      "apiVersion": "2018-11-01",
      "name": "[concat(variables('AppServiceName'), '/', parameters('customDomain'))]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
      ],
secure-hostname-binding.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "appName": {
certificatebinding.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "certificateBinding": {

Parameters

  • apiVersion required - string
  • kind optional - string

    Kind of resource.

  • name required - string

    Hostname in the hostname binding.

  • properties required
      • azureResourceName optional - string

        Azure resource name.

      • azureResourceType optional - string

        Azure resource type.

      • customHostNameDnsRecordType optional - string

        Custom DNS record type.

      • domainId optional - string

        Fully qualified ARM domain resource URI.

      • hostNameType optional - string

        Hostname type.

      • siteName optional - string

        App Service app name.

      • sslState optional - string

        SSL type.

      • thumbprint optional - string

        SSL certificate thumbprint

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure App Service (Web Apps) Resources

Frequently asked questions

What is Azure App Service (Web Apps) Custom Hostname Binding?

Azure App Service (Web Apps) Custom Hostname Binding is a resource for App Service (Web Apps) of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure App Service (Web Apps) Custom Hostname Binding?

For Terraform, the gilyas/infracost, infracost/infracost and W2-Global-Data/azurerm_modules source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the microsoft/HealthBotRefArchDeploy, true-while/Az204-demos and goodtocode/azure-arm source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents