What is the proper way to route a static web app through cloudflare and maintain the binding on the SWA?

TechnicianTate 1 Reputation point
2024-09-10T16:22:16.7533333+00:00

I am using static web apps and have found that there is an issue with using them and an external WAF such as cloudflare. When you route traffic via cname to cloudflare, the ssl cert on the domain can't renew, which is a minor issue as cloudflare works fine if the cert is expired on "Full" SSL/TLS mode.
However, Azure then removes the SWA binding entirely after some time. Which breaks everything. Removing and re-adding the binding every 6 months is also not a real option.

I would use txt record domain validation if it was possible to have a txt record and a cname at the same time, or I would use file based domain validation if that were a supported and documented option.

Static web apps don't let us use app service certificates which would be the ideal way to solve this problem. So what can be done to set the binding, with a valid, or invalid cert, and allow the binding to persist while traffic is being routed through cloudflare and back to the service?

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
966 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sina Salam 12,011 Reputation points
    2024-09-10T18:25:09.0933333+00:00

    Hello TechnicianTate,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that due to Azure static web issue, you would like to know how to set the Binding with a Valid or Invalid Certificate and best practices to route a Static Web App through Cloudflare and Maintain the Binding on the SWA.

    1. To route a Static Web App through Cloudflare and Maintain the Binding on the SWA, use this link: https://www.farleysfollies.com/azure/part-2-azure-storage-static-websites-with-cloudflare for more detail.
    2. For more troubleshooting about binding of certificates, use the following links: https://github.com/Azure/static-web-apps/issues/888 and https://video2.skills-academy.com/en-us/azure/static-web-apps/troubleshooting and https://community.cloudflare.com/t/let-lets-encrypt-bot-bypass-always-use-https/200274

    and I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.