Secure Sitecore Vanity Domains with Azure Function Apps

Requisite

We always run into the request of Vanity domains that would just redirect to a Sitecore site or sometimes we would need to do some redirects too. In today's world, we need all the sites to be secure. We could do this with a simple IIS website but in case you have many domains then we need something more maintainable with certificate management.

Plan

Azure Function Apps is a quick and easy approach to set up and redirect users to their desired destination, and this will also improve the site's SEO rankings. Azure Function Apps can be set up on the portal with few clicks and no code approach, you can quickly and easily set up secure redirects for vanity domains. In this article, we'll discuss how to set up redirects and use proxies for path-level redirects.

Exceution

Create a Resource Group for the redirect function app

Create a function app with the following settings. I am using the consumption-based plan. Use the app service plan if you plan to use it in production for better price and performance.

After the function app is successfully created you should be able to see the following items

The function app proxies are disabled by default with version 4.x and considered legacy. Re-enabling proxies requires you to set a flag in the AzureWebJobsFeatureFlags application setting in one of the following ways:

If the AzureWebJobsFeatureFlags setting doesn't already exists, add this setting to your function app with a value of EnableProxies.

If this setting already exists, add ,EnableProxies to the end of the existing value.

https://learn.microsoft.com/en-us/azure/azure-functions/legacy-proxies#re-enable-proxies-in-functions-v4x

The app will restart and we should see the proxies menu in the Functions section. If it's greyed out you could add this to the end of your URL "functionsProxies" to visit the proxies page.

Add default redirection to the proxy by clicking on add

Adding custom path redirects. In the following case, path mvp/2023 will redirect to the designated page. We will be able to use this option to redirect custom paths.

If the route template terminates in a wildcard, such as /api/{*restOfPath}, the value {restOfPath} is a string representation of the remaining path segments from the incoming request.

https://learn.microsoft.com/en-us/azure/azure-functions/legacy-proxies#additional-request-parameters

If you are like me and prefer to use the advanced editor navigate to the app files in the functions section and choose the proxies.json. This can also help in setting up release pipelines and versioning.

Testing

We can test the redirects by opening the function app URL. We should be able to set up the vanity domain with an app service-managed certificate or custom certificate from the key vault to finalize the redirect app. We should validate the domain with an A record and a TXT record. Once completed then we can set up the CNAME to Go-Live with the vanity domain.

Microsoft recommends using API Management which also supports proxies with more advanced features like rate limiting. The sample mentioned will work for basic and some custom redirects with smaller loads.

Ref:

https://learn.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition

https://learn.microsoft.com/en-us/azure/azure-functions/legacy-proxies#re-enable-proxies-in-functions-v4x

Photo Curated by Balaji Kandasamy

Photo by Nick Fewings on Unsplash