Connect Azure Front Door Premium to an App Service (Web App) origin with Private Link

  • Article

This article guides you through configuring Azure Front Door Premium to connect to your App Service (Web App) privately using Azure Private Link.

Prerequisites

Note

Private endpoints require your App Service plan to meet specific requirements. For more information, see Using Private Endpoints for Azure Web App. This feature is not supported with App Service Slots.

Sign in to Azure

Sign in to the Azure portal.

In this section, you map the Private Link service to a private endpoint within Azure Front Door's private network.

  1. In your Azure Front Door Premium profile, go to Settings and select Origin groups.

  2. Choose the origin group that includes the App Service (Web App) origin you want to enable Private Link for.

  3. Select + Add an origin to add a new App Service (Web App) origin or select an existing one from the list.

    Screenshot of enabling private link to a Web App.

  4. Use the following table to configure the settings for the App Service (Web App) origin:

    Setting Value
    Name Enter a name to identify this App Service (Web App) origin.
    Origin Type App services
    Host name Select the host from the dropdown that you want as an origin.
    Origin host header Customize the host header of the origin or leave it as default.
    HTTP port 80 (default)
    HTTPS port 443 (default)
    Priority Assign different priorities to origins for primary, secondary, and backup purposes.
    Weight 1000 (default). Use weights to distribute traffic among different origins.
    Region Select the region that matches or is closest to your origin.
    Target sub resource Choose site as the subresource type for the selected resource.
    Request message Enter a custom message to display while approving the Private Endpoint.

  5. Select Add to save your configuration, then select Update to save the origin group settings.

Approve Azure Front Door Premium private endpoint connection from App Service (Web App)

  1. Navigate to the App Service (Web App) you configured with Private Link in the previous section. Under Settings, select Networking.

  2. In the Networking section, select on Configure your private endpoint connections.

    Screenshot of networking settings in a Web App.

  3. Find the pending private endpoint request from Azure Front Door Premium and select Approve.

    Screenshot of pending private endpoint request.

  4. After approval, the connection status will update. It can take a few minutes for the connection to fully establish. Once established, you can access your web app through Azure Front Door Premium. Direct access to the web app from the public internet is disabled once private endpoint is enabled.

    Screenshot of approved endpoint request.

Next steps

Learn about Private Link service with App service.