如何将SSL添加到Azure容器实例应用程序？ [英] How to add SSL to Azure Container Instance App?

问题描述

正如标题所述，我需要为Azure容器实例中托管的应用设置SSL，但是，我不确定应该从哪里开始。

As the title says, I need to setup SSL for an app hosted in Azure Container Instances, however, I'm not quite sure where I need to start.

我有一个通过Azure容器实例托管的容器化应用，其地址为 http://myApp.northamerica.azurecontainer.io 。该地址被 http://api.myApp.com 上的官方地址掩盖。

I have a containerized app hosted via Azure Container Instances at the address http://myApp.northamerica.azurecontainer.io. This address is masked by the 'official' address at http://api.myApp.com.

是有什么原因为什么我不能仅仅将SSL添加到@ http://api.myApp.com 的浅层域，而将其重定向到真实域@ http://myApp.northamerica.azurecontainer.io ？还是我需要将SSL添加到两个域？

Is there any reason why I can't just add SSL to the superficial domain @ http://api.myApp.com, that redirects to the real domain @ http://myApp.northamerica.azurecontainer.io? Or do I need to add SSL to both domains?

此外，如果我需要使用SSL保护两个域，是否需要为每个域分别获得证书？

Furthermore, if I need to secure both domains with SSL, do I need to get separate certificates for each?

Azure提供SSL证书服务，但我只需要知道采取的最佳途径。谢谢。

Azure provides SSL cert services but I just need to know the best route to take. Thanks.

推荐答案

据我所知，当前尚不存在内置支持在Azure容器实例上启用SSL请参阅此。

As far as I know, currently, there is still no built-in support for enabling SSL on Azure Container Instances refer to this.

不过，您可以有多种选择来为ACI应用程序启用SSL连接。

However, you could have multiple choices for enabling SSL connections for your ACI application.

• 在边车中使用SSL提供程序容器-例如Ngnix或球童

• Use SSL provider in a sidecar container---such as Ngnix or Caddy

如果在 Azure虚拟网络，您可以考虑其他选项来为后端容器实例启用SSL端点，包括：

If you deploy your container group in an Azure virtual network, you can consider other options to enable an SSL endpoint for a backend container instance, including:

• Azure函数代理


• Azure API管理


• Azure应用程序网关-请参见示例部署模板。

• Azure Functions Proxies
• Azure API Management
• Azure Application Gateway - see a sample deployment template.

标准SSL证书映射到唯一的域名，因此您需要为每个域使用单独的证书。

The standard SSL certificate maps to a unique domain name, so you need separate certificates for each domain.

您可以开始将Nginx设置为Sidecar容器中的SSL提供程序，并您需要域 api.myApp.com 的SSL证书。如果要使用域 myApp.northamerica.azurecontainer.io 进行单独的安全访问，则可以在Nginx配置文件中配置额外的服务器块。请参考在Nginx中配置HTTPS服务器。

You can get started to set up Nginx as an SSL provider in a sidecar container and you need an SSL certificate for the domain api.myApp.com. If you want separate secure access with domain myApp.northamerica.azurecontainer.io, you could configure extra server block in the Nginx config file. Refer to configuring HTTPS server in Nginx.

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     www.example.com.crt;
    ssl_certificate_key www.example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

这篇关于如何将SSL添加到Azure容器实例应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！