You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Azure app service I was able to create a new app service, configure a hostname, apply managed certificate and configure the SNI bindings.
For APIM I'm having difficulties understanding how I can apply the same?
More specifically, I don't see how I can get the customDomainVerificationId property so that I can, using BICEP, apply a CNAME to our public DNS zone so that I can enable a managed cerrtificate.
On top of that I'm a bit confused with the stv1 vs stv2 platform. I understood from googling that, if you don't provide a public IP during provisioning, it will use stv1, so I provided a public IP, and first I was on the path of adding an A record to our DNS to that IP but that would yield me the issue that I would need to manage our own certificates, so I'd like to use the managed certificate on APIM.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
With Azure app service I was able to create a new app service, configure a hostname, apply managed certificate and configure the SNI bindings.
For APIM I'm having difficulties understanding how I can apply the same?
More specifically, I don't see how I can get the customDomainVerificationId property so that I can, using BICEP, apply a CNAME to our public DNS zone so that I can enable a managed cerrtificate.
On top of that I'm a bit confused with the stv1 vs stv2 platform. I understood from googling that, if you don't provide a public IP during provisioning, it will use stv1, so I provided a public IP, and first I was on the path of adding an A record to our DNS to that IP but that would yield me the issue that I would need to manage our own certificates, so I'd like to use the managed certificate on APIM.
My code:
`
resource apiManagementIP 'Microsoft.Network/publicIPAddresses@2023-06-01' = {
name: '${env}-${locationCap}-heat-apim-pip'
location: location
sku: {
name: 'Standard'
tier: 'Global'
}
properties: {
publicIPAllocationMethod: 'Static'
}
}
resource apiManagementService 'Microsoft.ApiManagement/service@2023-03-01-preview' = {
name: '${env}-${locationCap}-heat-apim'
location: location
sku: {
capacity: env == 'p' ? 1 : 1
name: env == 'p' ? 'StandardV2' : 'Developer'
}
properties: {
publisherEmail: 'xxx'
publisherName: 'xxx'
virtualNetworkConfiguration: {
subnetResourceId: subnetResourceId
}
virtualNetworkType: 'External'
publicIpAddressId: apiManagementIP.id
hostnameConfigurations:[
{
type:'Proxy'
hostName: '${env}-${locationCap}-heat-apim.azure-api.net'
negotiateClientCertificate:false
defaultSslBinding:false
certificateSource:'BuiltIn'
}]
}
}
module dns 'apim-dns.bicep' = {
name: 'apim-dns'
scope : resourceGroup('6a132517-09dd-44e5-a91e-7b73130ad2f0', 'i-dns')
params: {
cname: apiManagementService.properties.hostnameConfigurations[0].hostName
subdomain: transformedSubdomain
thumbprint: apiManagementService.properties.customDomainVerificationId => WHERE
domain: 'xxx'
}
}`
`param domain string // e.g. domain.com
param subdomain string // e.g. xyz (in xyz.domain.com)
param cname string // e.g. xyz-my-domain.azurewebsites.net
param thumbprint string
resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = {
name: domain
}
resource cnameRecord 'Microsoft.Network/dnsZones/CNAME@2018-05-01' = {
parent: dnsZone
name: subdomain
properties: {
TTL: 3600
CNAMERecord: {
cname: cname
}
}
}
resource txtRecord 'Microsoft.Network/dnsZones/TXT@2018-05-01' = {
parent: dnsZone
name: 'asuid.${subdomain}'
properties: {
TTL: 3600
TXTRecords: [
{
value: [
thumbprint
]
}
]
}
}
`
Beta Was this translation helpful? Give feedback.
All reactions