通过HTTPS访问Azure ubuntu虚拟机 [英] HTTPS access to Azure ubuntu Virtual Machine
问题描述
我有一个在Microsoft azure上运行的Ubuntu VM. 目前,我可以使用HTTP来访问它,但是不能使用HTTPS来访问它. 在网络接口中,入站端口规则已经允许使用443.
I have a Ubuntu VM running on Microsoft azure. Currently I can access it using HTTP, but not with HTTPS. In the network interface, inbound port rule, 443 is already allowed.
I already added a certificate into the VM, by creating a key vault and a certificate, prepare it for deployment following this documentation:
az keyvault update -n <keyvaultname> -g <resourcegroupname> --set properties.enabledForDeployment=true
然后在此答案之后添加证书.
then added the certificate following this answer.
在Azure CLI中:
In Azure CLI:
$secret=$(az keyvault secret list-versions \
--vault-name <keyvaultname> \
--name <certname> \
--query "[?attributes.enabled].id" --output tsv)
$vm_secret=$(az vm secret format --secret "$secret")
az vm update -n <vmname> -g <keyvaultname> --set osProfile.secrets="$vm_secret"
我遇到以下错误:
Unable to build a model: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>, DeserializationError: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>
但是,当我执行az vm show -g <resourcegroupname> -n <vmname>
之后,在osProfile
中,机密已经包含我添加的机密
However, when I do az vm show -g <resourcegroupname> -n <vmname>
after that, in the osProfile
, the secrets already contained the secret I added
"secrets": [
{
"sourceVault": {
"id": "/subscriptions/<subsID>/resourceGroups/<resourcegroupName>/providers/Microsoft.KeyVault/vaults/sit-key-vault"
},
"vaultCertificates": [
{
"certificateStore": null,
"certificateUrl": "https://<keyvaultname>.vault.azure.net/secrets/<certname>/<certhash>"
}
]
}
],
使用HTTPS访问时,我失败了.我可以使用HTTP访问它,但是chrome仍然在地址旁边显示不安全"标记.
When accessing using HTTPS, I failed. I can access it using HTTP but chrome still shows the "Not secure" mark next to the address.
我想念什么?
我还检查了类似问题的答案,但是在VM控件的任何位置都找不到启用直接服务器返回"面板页面.
I also checked answer from similar question, but could not find "Enable Direct Server Return" anywhere in the VM control panel page.
推荐答案
据我所知,我们可以按照以下步骤为nginx服务器配置SSL.
As far as I known, we can follow these following steps to configure SSL for nginx server.
-
添加SSl证书
Add SSl cert
$ secret = $(az密钥库机密列表版本--vault-name"keyvault_name" --name证书名称" --query"[?attributes.enabled] .id" --output tsv)
$secret=$(az keyvault secret list-versions --vault-name "keyvault_name" --name "cert name" --query "[?attributes.enabled].id" --output tsv)
$ vm_secret = $(az vm机密格式--secrets"$ secret")
$vm_secret=$(az vm secret format --secrets "$secret")
az vm update -n虚拟机名称" -g资源组名称" --set osProfile.secrets ="$ vm_secret"
az vm update -n "VM name" -g "resource group name" --set osProfile.secrets="$vm_secret"
安装Nginx
sudo apt-get更新
sudo apt-get update
sudo apt-get install nginx
sudo apt-get install nginx
配置SSL证书
#get cert name
find /var/lib/waagent/ -name "*.prv" | cut -c -57
#paste cert
mkdir /etc/nginx/ssl
cp "your cert name" /etc/nginx/ssl/mycert.cer
cp "your cert name" /etc/nginx/ssl/mycert.prv
#change nginx configuration file
sudo nano /etc/nginx/sites-available/default
PS: add the next content in the file
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.cert;
ssl_certificate_key /etc/nginx/ssl/mycert.prv;
}
service nginx restart
这篇关于通过HTTPS访问Azure ubuntu虚拟机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!