Setting Up Azure Storage for a Public Website: A Step-by-Step Guide

Introduction

In Azure cloud architecture, a storage account plays a key role in hosting and protecting application data. For public-facing websites, it’s important to balance accessibility with security. Configuring features like Read-access Geo-redundant storage (RA-GRS), anonymous access, soft delete, and versioning ensures high availability, protection against accidental data loss, and resilience during regional outages.

1. Create a storage account with high availability. Create a storage account to support the public website.

• In the portal, search for and select Storage accounts.
  

• Select + Create.
  

• For resource group select new.Give your resource group a name and select OK.
  

• Set the Storage account name to publicwebsite. Make sure the storage account name is unique by adding an identifier.
  

• Take the defaults for other settings.

• Select Review and then Create.
  

• Wait for the storage account to deploy, and then select Go to resource.
  

1. This storage requires high availability if there’s a regional outage. Additionally, enable read access to the secondary region, Learn more about storage account redundancy.

• In the storage account, in the Data management section, select the Redundancy blade.
  

• Ensure Read-access Geo-redundant storage is selected.
  

• Review the primary and secondary location information.

Create a storage account to support the public website.

1. Information on the public website should be accessible without requiring customers to login.

• In the storage account, in the Settings section, select the Configuration blade.
  

• Ensure the Allow blob anonymous access setting is Enabled.
  

• Be sure to Save your changes.
  

Create a blob storage container with anonymous read access

1. The public website has various images and documents. Create a blob storage container for the content. Learn more about storage containers.

• In your storage account, in the Data storage section, select the Containers blade.
  

• Select + Container.
  

• Ensure the Name of the container is public.
  

• Select Create.
  

1. Customers should be able to view the images without being authenticated. Configure anonymous read access for the public container blobs. Learn more about configuring anonymous public access.

• Select your public container.
  

• On the Overview blade, select Change access level.
  

• Ensure the Public access level is Blob (anonymous read access for blobs only).
  

• Select OK.
  

Practice uploading files and testing access.

1. For testing, upload a file to the public container. The type of file doesn’t matter. A small image or text file is a good choice.

• Ensure you are viewing your container.

• Select Upload.
  

• Browse to files and select a file. Browse to a file of your choice.
  

• Select Upload.
  

• Close the upload window, Refresh the page and ensure your file was uploaded.

1. Determine the URL for your uploaded file. Open a browser and test the URL.

• Select your uploaded file.
  

• On the Overview tab, copy the URL.
  

• Paste the URL into a new browser tab.
  ![URL into a new browser](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/e5iig5jx500arz1vqfnc.png.

• If you have uploaded an image file it will display in the browser. Other file types should be downloaded.

Configure soft delete

1. It’s important that the website documents can be restored if they’re deleted. Configure blob soft delete for 21 days. Learn more about soft delete for blobs.

• Go to the Overview blade of the storage account.
  

• On the Properties page, locate the Blob service section.
  

• Select the Blob soft delete setting.
  

• Ensure the Enable soft delete for blobs is checked.
  

• Change the Keep deleted blobs for (in days) setting to 21.
  

• Notice you can also Enable soft delete for containers.

• Don’t forget to Save your changes.
  

1. If something gets deleted, you need to practice using soft delete to restore the files.

• Navigate to your container where you uploaded a file.
  

• Select the file you uploaded and then select Delete.
  

• Select delete to confirm deleting the file.
  

• On the container Overview page, toggle the slider Show deleted blobs. This toggle is to the right of the search box.
  

• Select your deleted file, and use the ellipses on the far right, to Undelete the file.
  

• Refresh the container and confirm the file has been restored.

Configure blob versioning

1. It’s important to keep track of the different website product document versions. Learn more about blob versioning.

• Go to the Overview blade of the storage account.
  

• In the Properties section, locate the Blob service section.
  

• Select the Versioning setting.
  

• Ensure the Enable versioning for blobs checkbox is checked.
  

• Notice your options to keep all versions or delete versions after.
  

• Don’t forget to Save your changes.
  

As you have time experiment with restoring previous blob versions.

1. Upload another version of your container file. This overwrites your existing file.
2. Your previous file version is listed on Show deleted blobs page.

Conclusion

By enabling RA-GRS along with soft delete and blob versioning, you create a storage solution that is both highly available and protected from human error. While anonymous access supports public content delivery, it should be carefully managed to expose only intended assets. With these settings, your Azure Storage account is well-prepared to deliver reliable, globally accessible content.

Comments

[SKILL.SCH]

Welldone!