Azure预留IP地址和没有端点的云服务 [英] Azure ReservedIPAddress & Cloud Service without an endpoint

问题描述

我有一个云服务，该服务可在外部打开套接字并需要列入白名单的IP地址.任何事情都不会从外部启动与我的服务的连接.

I have a cloud service that opens a socket externally and requires a whitelisted IP address. Nothing will externally initiate a connection with my service.

当我尝试使用关联的ReservedIP地址发布它时，出现以下错误:Validation Errors: Error validating the .cscfg file against the .csdef file. Severity:Error, message:ReservedIP 'xxxx' was not mapped to an endpoint. The service definition must contain atleast one endpoint that maps to the ReservedIP..

When I attempt to publish it with an associated ReservedIP address I get the following error: Validation Errors: Error validating the .cscfg file against the .csdef file. Severity:Error, message:ReservedIP 'xxxx' was not mapped to an endpoint. The service definition must contain atleast one endpoint that maps to the ReservedIP..

.cscfg

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="Gateway" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="5" osVersion="*" schemaVersion="2015-04.2.6">
  <Role name="WorkerRole1">
    <Instances count="1" />
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="yyyyy" />
      <Setting name="APPINSIGHTS_INSTRUMENTATIONKEY" value="xxx" />
      <Setting name="ASPNETCORE_ENVIRONMENT" value="dev" />
    </ConfigurationSettings>
  </Role>
  <NetworkConfiguration>
    <AddressAssignments>
      <ReservedIPs>
       <ReservedIP name="xxxxx"/>
      </ReservedIPs>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

1. 有没有一种方法可以在不指定端点的情况下进行部署? (我正在使用VS2017RC进行部署)
2. 如果没有，那么一个虚拟的端点"的xml看起来会是什么样子，而我这样做会有什么风险?
3. 有没有更好的方法来解决这个问题?

推荐答案

看起来，只有包含外部端点的服务才支持ReservedIP.您可以做的是添加一个外部终结点，但使用NSG将其防火墙保护(

Looks like ReservedIP is only supported with services containing an external endpoint. What you can do is add an external endpoint but firewall it off with the NSG (Network Security Group).

有关定义端点的帮助，请参见

On help defining an endpoint see

https://docs.microsoft.com/zh-CN/azure/cloud-services/cloud-services-enable-communication-role-instances

此外，如果您使用的端口实际上不是计算机中未绑定的端口，那么它也不应该是漏洞.但是在NSG中添加拒绝规则也可以涵盖将来的任何变化.

Also, if you use a port that is actually not bound to in the machine, it should not be a vulnerability; but adding a deny rule in NSG would cover for any change in future as well.

[Aside]如果您的服务没有任何传入连接，则应考虑使用辅助角色而不是Web角色.长时间运行的线程可能会在Web角色实例中终止.

[Aside] If your service does not have any incoming connections, you should consider using a worker role instead of a web role. Long running threads can get terminated in web role instances.

这篇关于Azure预留IP地址和没有端点的云服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！