如何在Azure的服务布自托管的Web API配置SSL [英] How to configure SSL on a self hosted Web API in Azure Service Fabric
问题描述
我按照<一个href=\"https://azure.microsoft.com/en-us/documentation/articles/service-fabric-reliable-services-communication-webapi/\"相对=nofollow>这篇文章设置一个OWIN自托管的Web API的服务Azure的面料无状态的服务中。
I have followed this article to setup an OWIN self hosted Web API within an Azure service fabric stateless service.
我也发现<一个href=\"https://azure.microsoft.com/en-us/documentation/articles/service-fabric-service-manifest-resources/\"相对=nofollow>这篇文章其描述设立一个HTTPS端点的Azure的服务结构服务中。
I also found this article which describes setting up an HTTPS endpoint within an Azure service fabric service.
...
<Certificates>
<EndpointCertificate Name="TestCert1" X509FindValue="FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF F0" X509StoreName="MY" />
</Certificates>
...
我怎么配置服务架构内我的WebAPI服务的SSL证书?当我进入我的服务面料集群中的Azure门户网站,证书文本框是灰色的。
How do I configure the SSL certificate for my WebAPI service within service fabric? When I access my service fabric cluster in the Azure portal, the "Certificate" textboxes are greyed out.
在其它天青服务其通常上传然后可以由应用程序所引用证书的区域。
In other Azure services their is typically a area to upload certificates which can then be referenced by the application.
我是否需要手动包括在服务包布我的证书,并将其安装到证书存储它可以被引用过吗?
Do I need to manually include my certificate in the service fabric package and install it into the certificate store before it can be referenced?
此外并蔚蓝提供了一个HTTPS证书* .cloudapp.azure.com,可以在开发过程中使用?
In addition does azure provide a HTTPS cert for *.cloudapp.azure.com that can be used during development?
推荐答案
要在SF与SSL安全的OWIN自托管API,你可以按照不同的脚本和配置的例子,我编译:
To secure an OWIN Self-Hosted API in SF with SSL, you can follow the different scripts and example config I've compiled:
https://gist.github.com/andersosthus/c483eaf8630219c789de
基本流程是这样的:
- 上传证书KeyVault(uploadCertToKeyVault.ps1)
- 证书安装到您的虚拟机SF(installCertOnVm.ps1)
- 配置您的ServiceManifest 的端点节
- 配置您的应用程序清单 的ManifestImport和政策科
- Upload a certificate to KeyVault (uploadCertToKeyVault.ps1)
- Install the certificate to your SF VMs (installCertOnVm.ps1)
- Configure the Endpoint section of your ServiceManifest
- Configure the ManifestImport and Policy section of your application manifest
步骤1安培; 2,可以跳过,但随后你需要登录到每个虚拟机并手动安装该证书。
Step 1 & 2 can be skipped, but then you need to log in to each VM and install the certificate manually.
有关VMSS:
要安装从KeyVault证书到与ARM一VMSS,做到以下几点:
在您的VMSS模板,在 OSProfile
部分,有一节叫秘密
。在这里,您可以配置 sourcevault
并添加证书安装。
For VMSS:
To install certificates from KeyVault onto a VMSS with ARM, do the following:
In your VMSS template, under the OSProfile
section, there is section called secrets
. Here you can configure the sourcevault
and add certificates to be installed.
这就像所有其他的ARM模板。您可以在以后证书添加到这个列表并重新部署模板。然后,该证书将被安装在您的VMSS。
This works like all other ARM templates. You can add a certificate to this list at a later point and redeploy the template. The certificate will then be installed on your VMSS.
这篇关于如何在Azure的服务布自托管的Web API配置SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!