Https Endpoint用于服务 [英] Https Endpoint for services

问题描述

我在服务架构上托管了多项服务。其中一些是容器，其余是客户可执行文件。我正在访问http上的服务。现在我想继续使用https，我的负载均衡器不支持ssl绑定。我已经为https添加了清单
文件中的条目，但我仍然无法访问https上的服务。

我正在使用管理员证书来实现此目的。由于我的证书已经在vmss中添加用于内部通信，所以我没有再添加它们。

条目如下：

应用程序清单：

< 政策 >

解决方案

我要说你也需要指定安全策略，以便在证书的私钥上设置访问规则：

< pre class ="prettyprint">< Policies>
< RunAsPolicy CodePackageRef =" code" UserRef = QUOT; Service.User" />
< EndpointBindingPolicy EndpointRef =" ServiceEndpoint" CertificateRef = QUOT; HttpsCert" />
< SecurityAccessPolicy ResourceRef =" ServiceEndpoint" PrincipalRef = QUOT; Service.User" />
< / Policies>

但如果您使用现有证书和默认服务用户（网络服务），则可能已经有权访问证书的私钥......

Hi,

I have multiple services hosted on service fabric. Some of them are container and rest is guest executable. I am accessing the services on http. Now I want to move on https and my load balancer not support ssl binding. I have added the entries in manifest files for https but i am still not able to access service on https.

I am using the admin certificate for this purpose. As my certificate is already added in vmss for internal communication so I didn't added them again.

Entries are below:

Application Manifest:

<Policies>

解决方案

Hi,

I'd say that you need to specify security policy too, in order to set access rules on certificate's private key:

    <Policies>
      <RunAsPolicy CodePackageRef="code" UserRef="Service.User" />
      <EndpointBindingPolicy EndpointRef="ServiceEndpoint" CertificateRef="HttpsCert" />
      <SecurityAccessPolicy ResourceRef="ServiceEndpoint" PrincipalRef="Service.User" />
    </Policies>

But if You used an existing cert and a default service user (NETWORK SERVICE), it probably already had access to the certificate's private key...

这篇关于Https Endpoint用于服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！