Https Endpoint用于服务 [英] Https Endpoint for services
问题描述
我在服务架构上托管了多项服务。其中一些是容器,其余是客户可执行文件。我正在访问http上的服务。现在我想继续使用https,我的负载均衡器不支持ssl绑定。我已经为https添加了清单
文件中的条目,但我仍然无法访问https上的服务。
我正在使用管理员证书来实现此目的。由于我的证书已经在vmss中添加用于内部通信,所以我没有再添加它们。
条目如下:
应用程序清单:
我要说你也需要指定安全策略,以便在证书的私钥上设置访问规则:
< pre class ="prettyprint">< Policies>
< RunAsPolicy CodePackageRef =" code" UserRef = QUOT; Service.User" />
< EndpointBindingPolicy EndpointRef =" ServiceEndpoint" CertificateRef = QUOT; HttpsCert" />
< SecurityAccessPolicy ResourceRef =" ServiceEndpoint" PrincipalRef = QUOT; Service.User" />
< / Policies>但如果您使用现有证书和默认服务用户(网络服务),则可能已经有权访问证书的私钥......
Hi,
I have multiple services hosted on service fabric. Some of them are container and rest is guest executable. I am accessing the services on http. Now I want to move on https and my load balancer not support ssl binding. I have added the entries in manifest files for https but i am still not able to access service on https.
I am using the admin certificate for this purpose. As my certificate is already added in vmss for internal communication so I didn't added them again.
Entries are below:
Application Manifest:
Hi,
I'd say that you need to specify security policy too, in order to set access rules on certificate's private key:
<Policies> <RunAsPolicy CodePackageRef="code" UserRef="Service.User" /> <EndpointBindingPolicy EndpointRef="ServiceEndpoint" CertificateRef="HttpsCert" /> <SecurityAccessPolicy ResourceRef="ServiceEndpoint" PrincipalRef="Service.User" /> </Policies>But if You used an existing cert and a default service user (NETWORK SERVICE), it probably already had access to the certificate's private key...
这篇关于Https Endpoint用于服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!