![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 88%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Azure Spring Apps
An Azure platform as a service for running Spring Boot applications at cloud scale. Previously known as Azure Spring Cloud.
124 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Muhammad Usman Naeem Thanks for posting your question in Microsoft Q&A. When Azure Spring Apps service is deployed in VNET, applications are accessible only within the private network (via private endpoint). However, the apps can be exposed to Internet via
- Application Gateway with two options: Expose applications to the internet with TLS Termination at Application Gateway & Expose applications with end-to-end TLS in a virtual network.
- Standard public IP https://video2.skills-academy.com/en-us/azure/spring-apps/how-to-access-app-from-internet-virtual-network?tabs=azure-portal.
Since you are looking to add a custom domain, I suggest you follow application gateway route and step-by-step guide is described in option 3: Implement an application gateway with a custom domain.
Solution from doc:
To begin the setup process, ensure that you have properly prepared your self-signed certificate by including the root, intermediate and client certificates in the certificate chain with the same hostname as your custom domain. You can refer to the following link for more details: https://video2.skills-academy.com/EN-US/azure/spring-apps/tutorial-custom-domain?tabs=Azure-portal#prepare...
- Merge the root certificate, middle certificate, and client certificate into a PFX file.
- Import the PFX file certificate into Azure Key Vault.
- Grant Azure Spring Apps access to your Key Vault.
- Import the certificate from Azure Key Vault to your Spring app.
- Add a custom domain to your Spring app.
- Go to your DNS provider and add a CNAME record to map your domain to
<service-name>-<appname>.private.azuremicroservices.io. If this is a custom domain created for testing purposes, you can add the CNAME record in Azure Private DNS zone. - Add an SSL binding to your Spring app.
After the operation is complete, you will be able to access your Spring app using a custom domain from the Virtual Network (VNet).
Then the same configuration needs to be applied to the Application Gateway. It is important to note that if you are using a self-signed certificate in the backend settings of your Application Gateway, you will need to select "No" for "Use well-known CA certificate" and upload the root certificate(.cer) that was merged into the PFX file in the previous step, under "Trusted root certificate".
In the "Host name" section, make sure to select "Override with specific domain name" and ensure that the hostname matches the one specified in the SSL certificate.
In the "Listeners" settings, add a new listener on port 443 and select the existing certificate with the merged certificate.
For testing purposes, edit your Windows host file and add a record to map the custom domain with the Application Gateway's public IP address. Or if you owned this domain, you could add a A record on domain provider to point to Application Gateway's public IP to make it work.
I hope this helps with your question and let me know if you have any other questions.
If you found the answer to your question helpful, please take a moment to mark it as Yes for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.