Enabling CDN on Azure Front Door

In the serie 'Advanced Azure Front Door configuration strategies for Sitecore Managed Cloud on Containers', this is part 5: Enabling CDN on Azure Front Door. In case you missed the other parts, I wrote about part 1: simplifying managing Azure Frond Door IP whitelisting, part 2: parsing the Azure Front Door logs, part 3: help, my 'request is blocked' and part 4: IPwhitelisting on the CD server.

Sitecore Managed Cloud comes in two flavors: webapps and containers. In my role as Senior Solution Architect at uxbee, I setup and configured the container variant for a customer. In this blog series I will share my configuration experiences on Azure Front Door in combination with Sitecore Managed Cloud.

The Sitecore Managed Cloud environment comes equipped with Azure Front Door as the default option. There is an option to switch from Front Door to CloudFlare. However, in this customer’s case, switching to CloudFlare was not desirable and therefore not pursued. Instead, the ‘classic’ version of Front Door was used, which has limited caching capabilities. However, it is possible to enable CDN through a created route in Front Door, as shown in the Azure Front Door Designer.

Out of the box, there a 5 routes available, with the HTTPS-CD route being the first attempt at enabling CDN.When you click on the HTTPS-cd link, you will find only one switch for CDN, which is disabled by default.

Once caching is enabled, several options become available:

You can find more information in this article on what each specific option does.

Enabling CDN caching on the CD-HTPPS route is not without snags. All requests will be cached and that's not what we want. So we came up with the following solution that works great.

Solution for enabling CDN caching

In order to serve media items and javascript/css files from the CD Sitecore instance using a new URL, we created a new route called HTTPS-Assets and connected it to a newly created Front Door Endpoint named assets-<environment>.uxbee.nl. To ensure that modified media items, css, and js files are cleared from the CDN, a unique revising query parameter must be added to the URL. This can be done within Sitecore, but for the purpose of this blog, it is beyond the scope.

Since Sitecore Managed Cloud is Infrastructure as Code-based, our solution must be programmed in Terraform. To do this, go to the Infrastructure repository of your Managed Cloud Environment and navigate to the "frontdoor" folder. In the "main.tf" file, you'll find a "locals" section at the top where I added some variables to make it easy to enable and disable CDN caching or adjust options without having to search through the file.

After creating the local variables, a new endpoint must be created. Search the "main.tf" file for "frontend_endpoint," where all the endpoints are defined, and add the new endpoint, as shown in the image below. Don’t forget to fill in your own hostname.

The next step is to connect an SSL certificate to the endpoint, which can be found in the "resource "azurerm_frontdoor_custom_https_configuration"" section. Make sure that the azure_key_vault_certificate_secret_name and azure_key_vault_certificate_secret_version are set correctly for your situation.

Finally, to create a new assets route to the CD backend, look for the "HTTPS-cd" section in the "main.tf" file. This is a routing rule section for the "azurerm_frontdoor" resource named "this." Create a new section above the HTTPS-cd section, following the image provided below.

The routing rule establishes a connection between the frontend endpoint “assets-cd-cdn-endpoint” and the backend “cd-ingress.” The local variables can be used to turn on or off the CDN. It's important to note that making any changes to this file requires a pull request to the main branch and the execution of the frontdoor pipeline to update the settings in the Azure Front Door of your Sitecore Managed Cloud environment.

Is this sufficient or could it be better? It could be better, for sure. To improve the functionality of Sitecore Managed Cloud, we are currently implementing Dianoga. This implementation required the creation of a rule engine in Azure Front Door. For the rule engine to work properly, we had to update the Terraform Image in the Front Door pipeline. In the next two blog posts, the process of correctly implementing Dianoga on Sitecore Managed Cloud and creating an updated version of the Terraform image with Azure CLI functionality will be explained in detail.

Final note from me

If you have any questions or concerns, feel free to reach out to jspeldekamp@uxbee.nl for assistance.