You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`cloudservicename.cloudapp.net`|`A`|`192.0.2.13`| <--This public IP isn't your private endpoint. You receive a 403 error. |
79
79
80
-
You must set up a private DNS server or an Azure DNS private zone. For tests, you can modify the host entry of your test machine. The DNS zone that you need to create is: `privatelink.azurewebsites.net`. Register the record for your app with an `A` record and the private endpoint IP.
80
+
You must set up a private DNS server or an Azure DNS private zone. For tests, you can modify the host entry of your test machine. The DNS zone that you need to create is: `privatelink.azurewebsites.net`. Register the record for your app with an `A` record and the private endpoint IP. With [Azure Private DNS Zone Groups](../private-link/private-endpoint-dns-integration.md#private-dns-zone-group), the DNS records are automatically added to the Private DNS zone.
81
81
82
82
For example, the name resolution is:
83
83
@@ -88,9 +88,15 @@ For example, the name resolution is:
88
88
89
89
When you set up this DNS configuration, you can reach your app privately with the default name `mywebapp.azurewebsites.net`. You must use this name, because the default certificate is issued for `*.azurewebsites.net`.
90
90
91
-
If you need to use a custom DNS name, add the custom name in your app. You must validate the custom name like any custom name, by using public DNS resolution. For more information, see [custom DNS validation](./app-service-web-tutorial-custom-domain.md).
91
+
### Custom domain name
92
92
93
-
For the Kudu console, or Kudu REST API (for deployment with Azure DevOps Services self-hosted agents, for example) you must create two records pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app and the second is for the SCM (source control management) of your app.
93
+
If you need to use a custom domain name, add the custom name in your app. You must validate the custom name like any custom name, by using public DNS resolution. For more information, see [custom DNS validation](./app-service-web-tutorial-custom-domain.md).
94
+
95
+
In your custom DNS zone, you need to update the DNS record to point to the private endpoint. If your app is already configured with DNS resolution for the default host name, the preferred way is to point the custom domain CNAME record to `mywebapp.azurewebsites.net`. If you only want the custom domain name to resolve to the private endpoint, you can add an A record with the private endpoint IP directly.
96
+
97
+
### Kudu/scm endpoint
98
+
99
+
For the Kudu console, or Kudu REST API (for deployment with Azure DevOps Services self-hosted agents, for example) you must create a second record pointing to the private endpoint IP in your Azure DNS private zone or your custom DNS server. The first is for your app and the second is for the SCM (source control management) of your app. With Azure Private DNS Zone groups, the scm endpoint is automatically added.
94
100
95
101
| Name | Type | Value |
96
102
|-----|-----|-----|
@@ -131,5 +137,5 @@ For up-to-date information about limitations, see [this documentation](../privat
131
137
-[Quickstart: Create a private endpoint by using the Azure CLI](../private-link/create-private-endpoint-cli.md)
132
138
-[Quickstart: Create a private endpoint by using Azure PowerShell](../private-link/create-private-endpoint-powershell.md)
133
139
-[Quickstart: Create a private endpoint by using an ARM template](../private-link/create-private-endpoint-template.md)
134
-
-[Quickstart template for connecting a front-end app to a secured back-end app with virtual network integration and a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/webapp-privateendpoint-vnet-injection)
135
-
-[Create two web apps connected securely with a private endpoint and virtual network integration (Terraform)](./scripts/terraform-secure-backend-frontend.md)
140
+
-[Quickstart: Template for connecting a front-end app to a secured back-end app with virtual network integration and a private endpoint](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/webapp-privateendpoint-vnet-injection)
141
+
-[Script: Create two web apps connected securely with a private endpoint and virtual network integration (Terraform)](./scripts/terraform-secure-backend-frontend.md)
0 commit comments