如何将 SSL 添加到 Azure 容器实例应用程序? [英] How to add SSL to Azure Container Instance App?
问题描述
正如标题所说,我需要为 Azure 容器实例中托管的应用程序设置 SSL,但是,我不太确定需要从哪里开始.
As the title says, I need to setup SSL for an app hosted in Azure Container Instances, however, I'm not quite sure where I need to start.
我有一个通过 Azure 容器实例托管的容器化应用程序,地址为 http://myApp.northamerica.azurecontainer.io.此地址被 http://api.myApp.com 上的官方"地址所掩盖.
I have a containerized app hosted via Azure Container Instances at the address http://myApp.northamerica.azurecontainer.io. This address is masked by the 'official' address at http://api.myApp.com.
有什么原因我不能只是将 SSL 添加到表面域@http://api.myApp.com,重定向到真实域@http:///myApp.northamerica.azurecontainer.io?或者我是否需要将 SSL 添加到两个域?
Is there any reason why I can't just add SSL to the superficial domain @ http://api.myApp.com, that redirects to the real domain @ http://myApp.northamerica.azurecontainer.io? Or do I need to add SSL to both domains?
此外,如果我需要使用 SSL 保护两个域,我是否需要为每个域获取单独的证书?
Furthermore, if I need to secure both domains with SSL, do I need to get separate certificates for each?
Azure 提供 SSL 证书服务,但我只需要知道最佳路线.谢谢.
Azure provides SSL cert services but I just need to know the best route to take. Thanks.
推荐答案
据我所知,目前还没有内置支持在 Azure 容器实例上启用 SSL 参考 这个.
As far as I know, currently, there is still no built-in support for enabling SSL on Azure Container Instances refer to this.
但是,您可以有多种选择来为您的 ACI 应用程序启用 SSL 连接.
However, you could have multiple choices for enabling SSL connections for your ACI application.
- 在 sidecar 中使用 SSL 提供程序容器---例如Ngnix或Caddy
- Use SSL provider in a sidecar container---such as Ngnix or Caddy
如果您将容器组部署在 Azure 虚拟网络,您可以考虑其他选项来为后端容器实例启用 SSL 端点,包括:
If you deploy your container group in an Azure virtual network, you can consider other options to enable an SSL endpoint for a backend container instance, including:
- Azure Functions Proxies
- Azure API Management
- Azure Application Gateway - see a sample deployment template.
标准的 SSL 证书映射到唯一的域名,因此您需要为每个域提供单独的证书.
The standard SSL certificate maps to a unique domain name, so you need separate certificates for each domain.
您可以开始将 Nginx 设置为 sidecar 容器中的 SSL 提供程序,并且您需要域 api.myApp.com 的 SSL 证书.如果您想对域 myApp.northamerica.azurecontainer.io 进行单独的安全访问,您可以在 Nginx 配置文件中配置额外的服务器块.参考在Nginx中配置HTTPS服务器.
You can get started to set up Nginx as an SSL provider in a sidecar container and you need an SSL certificate for the domain api.myApp.com. If you want separate secure access with domain myApp.northamerica.azurecontainer.io, you could configure extra server block in the Nginx config file. Refer to configuring HTTPS server in Nginx.
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
这篇关于如何将 SSL 添加到 Azure 容器实例应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
