如何设置两个都使用https端口的微服务? [英] How do you set up two microservices that both use https port?

问题描述

我有一个微服务是Asp.Net Core无状态服务.该服务运行良好，我可以访问 https://myazureresource.eastus.cloudapp.azure .com/controller/method .

I have one microservice that is a Asp.Net Core stateless service. The service runs fine and i can access at https://myazureresource.eastus.cloudapp.azure.com/controller/method.

我的ServiceManifest.xml是:

My ServiceManifest.xml is:

<Resources>
  <Endpoints>
    <Endpoint Protocol="https" Name="EndpointHttps" Type="Input" Port="443" />      
  </Endpoints>
</Resources>

MyService.cs是:

And MyService.cs is:

protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
    return new ServiceInstanceListener[]
    {
                new ServiceInstanceListener(serviceContext =>
                    new KestrelCommunicationListener(serviceContext, "EndpointHttps", (url, listener) =>
                    {
                        var transportCertificate = GetCertificate(ConfigurationManager.Instance["mycert"]);

                        return new WebHostBuilder()
                                    .UseKestrel(x =>
                                    {
                                        int port = serviceContext.CodePackageActivationContext.GetEndpoint("EndpointHttps").Port;
                                        x.Listen(IPAddress.IPv6Any, port, listenOptions =>
                                        {
                                            listenOptions.UseHttps(transportCertificate);
                                            listenOptions.NoDelay = true;
                                        });
                                    })
                                    .ConfigureServices(
                                        services => services
                                            .AddSingleton<StatelessServiceContext>(serviceContext))
                                    .UseContentRoot(Directory.GetCurrentDirectory())
                                    .UseStartup<Startup>()
                                    .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
                                    .UseUrls(url)
                                    .UseSerilog(Logger.Serilog)
                                    .Build();
                    }))
    };
}

一切正常，但是现在我不尝试创建另一个微服务.我收到一个错误，因为它已经被使用，所以它显然不能绑定到443.我必须以某种方式告诉它在URL中使用我的服务的名称.

Everything works fine however now I am not trying to create another microservice. I get an error that it can't bind to 443 obviously because it is already being used. Somehow I have to tell it to use the name of my service in the url.

我尝试了很多事情，包括附加到url:

I've tried many things including appending to the url:

.UserUrls(url + "/myservice")

但是我得到了一个无法绑定的例外，因为它正在覆盖并使用UseKestrel端点.然后，我尝试了PreferHostingUrls(true)，但收到一个错误，您必须使用UsePathBase.

but i get an exception that it can't bind because it is overriding and using UseKestrel endpoints. I then tried PreferHostingUrls(true) but then got an error that you have to use UsePathBase.

然后我尝试:

.UsePathBase("myservice")

，然后我得到一个错误，它没有适用于https的有效证书.但它仅适用于一种微服务.

and I then get an error that it does not have a valid certificate for https. But it works with one microservice.

1.有谁知道您需要做什么才能同时运行两个微服务?

2.在单独的注释上(出于好奇)，我一直想知道为什么您会使用动态端口.如果该服务正在选择端口，您将如何知道要给您的客户使用的网址?

感谢您的帮助.

推荐答案

我正在回答这个问题，以防其他人有相同的问题.不确定这是唯一的方法，但是我解决的方法是使用反向代理.您还可以使用功能更强大的应用程序网关，但是出于我的需要，我只需要反向代理.

I'm answering this in case someone else has the same question. Not sure this is the only way but the way i solved it was to use a reverse proxy. You could also use Application Gateway which is more powerful but for my needs i just needed the reverse proxy.

我不得不重新创建我的服务结构(事实之后，无法使用它来使用反向代理).创建服务结构时，请选择反向代理.

I had to recreate my service fabric (couldn't get it to use a reverse proxy after the fact). Select reverse proxy when creating the service fabric.

注意:如果要使用https，请先创建一个密钥库并添加两个证书.在证书页面上，选择自定义"，然后为群集和反向代理使用不同的证书.如果使用相同的Azure，则Azure部署会失败.

Note: if you want https, create a key vault first and add two certificates. on the certificates page select 'Custom' and use different ones for the cluster and reverse proxy. Azure fails deployment if you use the same one.

还至少选择一台D1_s2大小的计算机，否则Azure在部署时将无限期挂起，并且不告诉您任何信息.此后我没有头发了.

Also select at least a D1_s2 size machine or Azure will hang indefinitely when deploying and not tell you anything. I have no hair left after this.

在调用反向代理时，您指定结构和服务:

when you call the reverse proxy you specify the fabric and service:

https://.eastus2.cloudapp.azure.com:19081/MyFabric/MyService/Controller/route

https://.eastus2.cloudapp.azure.com:19081/MyFabric/MyService/Controller/route

从一种服务与另一种服务进行交谈时，可以使用localhost:19081而不是URL.

when talking from one service to another you can use localhost:19081 instead of the url.

设置端点类似:

<Resources>
  <Endpoints>
    <Endpoint Protocol="http" UriScheme="http" Name="EndpointHttp" Type="Input" />
  </Endpoints>
</Resources>

代理知道发送到哪里.我设置了一个应用程序管理API，将请求转发到代理.请注意，这是针对单个分区群集的.如果您有多个分区，则还需要在url中指定分区ID.

the proxy knows where to send to. I set up an Application Management API that forwards the request to the proxy. Note this is for a single partition cluster. if you have multiple partitions you need to specify the partition id in the url also.

https://docs.microsoft.com /en-us/azure/service-fabric/service-fabric-reverseproxy

这篇关于如何设置两个都使用https端口的微服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！