Configure Azure CDN as Reverse Proxy
To set up Azure CDN as a reverse proxy, an Azure CDN Premium plan is required.
Configure Custom Domains with Self-Managed Certificates if you haven't already. Make note of the Origin Domain Name and cname-api-key values since you'll need these later.
Login to the Azure Portal.
Create a new Azure CDN endpoint using the CDN Profile you just created. For the CDN endpoint settings, use the following values:
Setting Value Name We recommend naming your CDN endpoint like your custom domain name, replacing dots with dashes. For example: login-mydomain-com.azureedge.net. Origin type Select Custom Origin Origin hostname Enter
YOUR_TENANT.<CUSTOM_DOMAIN_ID>.edge.tenants.auth0.com, making sure to replace
<CUSTOM_DOMAIN_ID>with the custom domain ID from the Origin Domain Name you received from Auth0. If your tenants are not in the US region, use one of the following:
Origin path Leave blank. Origin host header Use the name you provided for the Origin hostname. Protocol Disable HTTP so that only HTTPS is enabled.
Configure HTTPS for your Azure CDN custom domain. This process requires you to verify ownership of the domain. Once done, it may take up to 6 hours to deploy the certificate to all of the CDN pop locations.
Set up the configuration for the custom domain communication with Auth0 using the Azure CDN Rules engine. (To learn more, see Override HTTP behavior using the Azure CDN from Verizon Premium rules engine in Microsoft documentation.) Create a new Azure CDN Rule with the following settings:
Setting Value Name/Description Auth0 Custom Domain Type of requests Select the Edge CName option, then select your custom domain name from the list.
Add the following Features to your Azure CDN Rule: We recommend creating another Azure CDN Rule to deny the usage of the azureedge.net CNAME.
Setting Value Bypass Cache Enabled Modify Client Request Header Select Override, enter cname-api-key for the name, and enter the CNAME API Key provided by Auth0 as the value.
Once the Azure CDN Rule is approved, the status will change from Pending XML to Active XML. At this point, Azure CDN will be publishing the rules and certificates. When Azure finishes processing all changes, you can use your custom domain.