如何将 SSL 添加到 Azure 容器实例应用程序? [英] How to add SSL to Azure Container Instance App?
问题描述
正如标题所说,我需要为 Azure 容器实例中托管的应用程序设置 SSL,但是,我不太确定需要从哪里开始.
As the title says, I need to setup SSL for an app hosted in Azure Container Instances, however, I'm not quite sure where I need to start.
我有一个通过 Azure 容器实例托管的容器化应用程序,地址为 http://myApp.northamerica.azurecontainer.io
.此地址被 http://api.myApp.com
上的官方"地址所掩盖.
I have a containerized app hosted via Azure Container Instances at the address http://myApp.northamerica.azurecontainer.io
. This address is masked by the 'official' address at http://api.myApp.com
.
有什么原因我不能只是将 SSL 添加到表面域@http://api.myApp.com
,重定向到真实域@http:///myApp.northamerica.azurecontainer.io
?或者我是否需要将 SSL 添加到两个域?
Is there any reason why I can't just add SSL to the superficial domain @ http://api.myApp.com
, that redirects to the real domain @ http://myApp.northamerica.azurecontainer.io
? Or do I need to add SSL to both domains?
此外,如果我需要使用 SSL 保护两个域,我是否需要为每个域获取单独的证书?
Furthermore, if I need to secure both domains with SSL, do I need to get separate certificates for each?
Azure 提供 SSL 证书服务,但我只需要知道最佳路线.谢谢.
Azure provides SSL cert services but I just need to know the best route to take. Thanks.
推荐答案
据我所知,目前还没有内置支持在 Azure 容器实例上启用 SSL 参考 这个.
As far as I know, currently, there is still no built-in support for enabling SSL on Azure Container Instances refer to this.
但是,您可以有多种选择来为您的 ACI 应用程序启用 SSL 连接.
However, you could have multiple choices for enabling SSL connections for your ACI application.
- 在 sidecar 中使用 SSL 提供程序容器---例如Ngnix或Caddy
- Use SSL provider in a sidecar container---such as Ngnix or Caddy
如果您将容器组部署在 Azure 虚拟网络,您可以考虑其他选项来为后端容器实例启用 SSL 端点,包括:
If you deploy your container group in an Azure virtual network, you can consider other options to enable an SSL endpoint for a backend container instance, including:
- Azure Functions Proxies
- Azure API Management
- Azure Application Gateway - see a sample deployment template.
标准的 SSL 证书映射到唯一的域名,因此您需要为每个域提供单独的证书.
The standard SSL certificate maps to a unique domain name, so you need separate certificates for each domain.
您可以开始将 Nginx 设置为 sidecar 容器中的 SSL 提供程序,并且您需要域 api.myApp.com
的 SSL 证书.如果您想对域 myApp.northamerica.azurecontainer.io
进行单独的安全访问,您可以在 Nginx 配置文件中配置额外的服务器块.参考在Nginx中配置HTTPS服务器.
You can get started to set up Nginx as an SSL provider in a sidecar container and you need an SSL certificate for the domain api.myApp.com
. If you want separate secure access with domain myApp.northamerica.azurecontainer.io
, you could configure extra server block in the Nginx config file. Refer to configuring HTTPS server in Nginx.
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
这篇关于如何将 SSL 添加到 Azure 容器实例应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!