个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
33
4
我正在通过 ARM 模板部署 Azure 前门,并尝试在自定义域上启用 HTTPS。
根据Azure documentation for Front Door ,有一个quick start template “将自定义域添加到您的 Front Door,并使用通过 DigiCert 生成的 Front Door 托管证书为其启用 HTTPS 流量。”但是,虽然这添加了自定义域,但它不启用 HTTPS。
查看ARM template reference for Front Door ,我看不到任何明显的方法来启用 HTTPS,但也许我错过了一些东西?
尽管有下面的附加信息,我还是希望能够通过 ARM 模板部署在 Front Door 自定义域上启用 HTTPS。现在可以吗?
请注意,有一个 REST operation to enable HTTPS ,但这似乎不适用于 Front Door 管理的证书 -
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/frontDoors/{frontDoorName}/frontendEndpoints/{frontendEndpointName}/enableHttps?api-version=2019-05-01
{
"certificateSource": "FrontDoor",
"protocolType": "ServerNameIndication",
"minimumTLSVersion": "1.2"
}
还有一个Az PowerShell cmdlet to enable HTTP ,这确实有效。
Enable-AzFrontDoorCustomDomainHttps -ResourceGroupName "lmk-bvt-accounts-front-door" -FrontDoorName "my-front-door" -FrontendEndpointName "my-front-door-rg"
最佳答案
UPDATE: This implementation currently seems to be unstable and is working only intermittently, which indicates it may not be production ready yet.
在跟踪最新的 Front Door API (2020-01-01) 规范(该规范似乎并未在 MS 中完全发布)后,现在实际上似乎可以通过 ARM 模板实现这一点引用网站尚未):
frontendEndpoint properties 对象中有一个新的 customHttpsConfiguration 属性:
"customHttpsConfiguration": {
"certificateSource": "AzureKeyVault" // or "FrontDoor",
"minimumTlsVersion":"1.2",
"protocolType": "ServerNameIndication",
// Depending on "certificateSource" you supply either:
"keyVaultCertificateSourceParameters": {
"secretName": "<secret name>",
"secretVersion": "<secret version>",
"vault": {
"id": "<keyVault ResourceID>"
}
}
// Or:
"frontDoorCertificateSourceParameters": {
"certificateType": "Dedicated"
}
}
Note: I have tested this and appears to work.
{
"type": "Microsoft.Network/frontdoors",
"apiVersion": "2020-01-01",
"properties": {
"frontendEndpoints": [
{
"name": "[variables('frontendEndpointName')]",
"properties": {
"hostName": "[variables('customDomain')]",
"sessionAffinityEnabledState": "Enabled",
"sessionAffinityTtlSeconds": 0,
"webApplicationFirewallPolicyLink": {
"id": "[variables('wafPolicyResourceId')]"
},
"resourceState": "Enabled",
"customHttpsConfiguration": {
"certificateSource": "AzureKeyVault",
"minimumTlsVersion":"1.2",
"protocolType": "ServerNameIndication",
"keyVaultCertificateSourceParameters": {
"secretName": "[parameters('certKeyVaultSecret')]",
"secretVersion": "[parameters('certKeyVaultSecretVersion')]",
"vault": {
"id": "[resourceId(parameters('certKeyVaultResourceGroupName'),'Microsoft.KeyVault/vaults',parameters('certKeyVaultName'))]"
}
}
}
}
}
],
...
}
}
看起来您需要设置 FrontDoor 托管证书:
Note: I have not tested this
{
"type": "Microsoft.Network/frontdoors",
"apiVersion": "2020-01-01",
"properties": {
"frontendEndpoints": [
{
"name": "[variables('frontendEndpointName')]",
"properties": {
"hostName": "[variables('customDomain')]",
"sessionAffinityEnabledState": "Enabled",
"sessionAffinityTtlSeconds": 0,
"webApplicationFirewallPolicyLink": {
"id": "[variables('wafPolicyResourceId')]"
},
"resourceState": "Enabled",
"customHttpsConfiguration": {
"certificateSource": "FrontDoor",
"minimumTlsVersion":"1.2",
"protocolType": "ServerNameIndication",
"frontDoorCertificateSourceParameters": {
"certificateType": "Dedicated"
}
}
}
}
],
...
}
}
关于azure - 通过 ARM 模板部署在 Azure Front Door 自定义域上启用 HTTPS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58180861/
33
4
0
我想在 ESXi 主机上使用 Libvirt Java 绑定(bind)定义一个新的持久域。我为它创建了一个 xml 描述,其中我设置了(除其他外)VM 的设备及其源文件。但是,除非我在服务器上手动创
我是一名优秀的程序员,十分优秀!