如何在 Azure Service Fabric 中的自托管 Web API 上配置 SSL [英] How to configure SSL on a self hosted Web API in Azure Service Fabric
问题描述
我已关注这篇文章 在 Azure 服务结构无状态服务中设置 OWIN 自托管 Web API.
I have followed this article to setup an OWIN self hosted Web API within an Azure service fabric stateless service.
我还发现了这篇文章 描述在 Azure 服务结构服务中设置 HTTPS 终结点.
I also found this article which describes setting up an HTTPS endpoint within an Azure service fabric service.
...
<Certificates>
<EndpointCertificate Name="TestCert1" X509FindValue="FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF F0" X509StoreName="MY" />
</Certificates>
...
如何在服务结构中为我的 WebAPI 服务配置 SSL 证书?当我在 Azure 门户中访问我的服务结构集群时,证书"文本框显示为灰色.
How do I configure the SSL certificate for my WebAPI service within service fabric? When I access my service fabric cluster in the Azure portal, the "Certificate" textboxes are greyed out.
在其他 Azure 服务中,它们通常是上传证书的区域,然后应用程序可以引用这些证书.
In other Azure services their is typically a area to upload certificates which can then be referenced by the application.
在引用之前,我是否需要手动将我的证书包含在服务结构包中并将其安装到证书存储中?
Do I need to manually include my certificate in the service fabric package and install it into the certificate store before it can be referenced?
此外,azure 是否为 *.cloudapp.azure.com 提供了可以在开发过程中使用的 HTTPS 证书?
In addition does azure provide a HTTPS cert for *.cloudapp.azure.com that can be used during development?
推荐答案
要使用 SSL 保护 SF 中的 OWIN 自托管 API,您可以遵循我编译的不同脚本和示例配置:
To secure an OWIN Self-Hosted API in SF with SSL, you can follow the different scripts and example config I've compiled:
https://gist.github.com/andersosthus/c483eaf8630219c789de
基本流程如下:
- 将证书上传到 KeyVault (uploadCertToKeyVault.ps1)
- 将证书安装到您的 SF 虚拟机 (installCertOnVm.ps1)
- 配置 ServiceManifest 的 Endpoint 部分
- 配置应用清单的 ManifestImport 和 Policy 部分
步骤 1 &2 可以跳过,但之后需要登录每个虚拟机,手动安装证书.
Step 1 & 2 can be skipped, but then you need to log in to each VM and install the certificate manually.
对于 VMSS:要将 KeyVault 中的证书安装到带有 ARM 的 VMSS 上,请执行以下操作:在您的 VMSS 模板中,在 OSProfile 部分下,有一个名为 secrets 的部分.在这里您可以配置sourcevault 并添加要安装的证书.
For VMSS:
To install certificates from KeyVault onto a VMSS with ARM, do the following:
In your VMSS template, under the OSProfile section, there is section called secrets. Here you can configure the sourcevault and add certificates to be installed.
这与所有其他 ARM 模板一样有效.您可以稍后将证书添加到此列表并重新部署模板.然后证书将安装在您的 VMSS 上.
This works like all other ARM templates. You can add a certificate to this list at a later point and redeploy the template. The certificate will then be installed on your VMSS.
这篇关于如何在 Azure Service Fabric 中的自托管 Web API 上配置 SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
