Connect Azure Front Door Premium to an App Service (Web App) origin with Private Link
This article guides you through how to configure Azure Front Door Premium tier to connect to your App Service (Web App) privately using the Azure Private Link service.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
Note
Private endpoints requires your App Service plan to meet some requirements. For more information, see Using Private Endpoints for Azure Web App. This feature is not supported with App Service Slots
Sign in to Azure
Sign in to the Azure portal.
Enable Private Link to an App Service (Web App) in Azure Front Door Premium
In this section, you map the Private Link service to a private endpoint created in Azure Front Door's private network.
Within your Azure Front Door Premium profile, under Settings, select Origin groups.
Select the origin group that contains the App Service (Web App) origin you want to enable Private Link for.
Select + Add an origin to add a new App Service (Web App) origin or select a previously created App Service (Web App) origin from the list.
The following table has information of what values to select in the respective fields while enabling private link with Azure Front Door. Select or enter the following settings to configure the App Service (Web App) you want Azure Front Door Premium to connect with privately.
Setting Value Name Enter a name to identify this App Service (Web App) origin. Origin Type App services Host name Select the host from the dropdown that you want as an origin. Origin host header You can customize the host header of the origin or leave it as default. HTTP port 80 (default) HTTPS port 443 (default) Priority Different origin can have different priorities to provide primary, secondary, and backup origins. Weight 1000 (default). Assign weights to your different origin when you want to distribute traffic. Region Select the region that is the same or closest to your origin. Target sub resource The type of subresource for the resource selected previously that your private endpoint can access. You can select site. Request message Custom message to see while approving the Private Endpoint. Select Add to save your configuration. Then select Update to save the origin group settings.
Approve Azure Front Door Premium private endpoint connection from App Service (Web App)
Go to the App Service (Web App) you configured Private Link for in the last section. Select Networking under Settings.
In Networking, select Configure your private endpoint connections.
Select the pending private endpoint request from Azure Front Door Premium then select Approve.
Once approved, it should look like the following screenshot. It takes a few minutes for the connection to fully establish. You can now access your web app from Azure Front Door Premium. Direct access to the web app from the public internet gets disabled after private endpoint gets enabled.
Next steps
Learn about Private Link service with App service.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for