个人中心
gpt4 book ai didi

azure-devops - 如何通过 ARM 模板在 Azure CDN 中的自定义域上启用 HTTPS

转载 作者:行者123 更新时间:2023-12-03 23:50:10 26 4
gpt4 key购买 nike

我已经通过 CI/CD 从 Azure DevOps 的 ARM 模板创建了 Azure CDN,遵循以下引用 -

https://github.com/Azure/azure-quickstart-templates/tree/master/201-cdn-with-storage-account

https://docs.microsoft.com/en-us/azure/templates/microsoft.cdn/2019-04-15/profiles/endpoints/customdomains

Azure CDN 创建并映射了带有终结点的自定义域。
但不确定如何通过 ARM(来自 Azure DevOps)模板在自定义域中启用 HTTPS(KeyVault 中可用的我自己的证书),MS 模板引用中的选项不可用。

想要自动化 Azure CDN 的整个创建。

有没有办法为 CustomDomain 彻底的 DevOps 启用 HTTPS?

这是我的脚本(不是最终的)-

#Enable Https in Custom Domain - Azure CDN

$cdnProfileName ='debtestcdnprofile'
$cdnEndpointName = 'debtestcdnendpoint'
$cdnCustomDomainName = 'mysubdomain-mydomain-com' # testing 
$keyVaultName = 'debkeyvault'
$certificateName = 'debasiscert'
$apiVersion = '2019-04-15'

$secretVersion = 'XXXXXXXXXXX'
$secretName = 'debasiscert'
$keyVaultResourceGroupName = 'rsgStgCDN'

$cdnProfile = Get-AzCdnProfile -ProfileName $cdnProfileName;
$resourceGroup = Get-AzResourceGroup -Name $cdnProfile.ResourceGroupName;
$resourceGroupName = $resourceGroup.ResourceGroupName;
$context = Get-AzContext;
$subscriptionId = $context.Subscription.Id;
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile;

$profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($azProfile);
$token = $profileClient.AcquireAccessToken($context.Subscription.TenantId);
$accessToken = $token.AccessToken;

write-verbose -verbose "[INF] Access token : $($accessToken)"

$StateUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourcegroups/$($resourceGroupName)/providers/Microsoft.Cdn/profiles/$($cdnProfileName)/endpoints/$($cdnEndpointName)/customdomains/$($cdnCustomDomainName)?api-version=$($apiVersion)"

$ProvisionUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourcegroups/$($resourceGroupName)/providers/Microsoft.Cdn/profiles/$($cdnProfileName)/endpoints/$($cdnEndpointName)/customdomains/$($cdnCustomDomainName)/enableCustomHttps?api-version=$($apiVersion)"

$body = $ExecutionContext.InvokeCommand.ExpandString('{"certificateSource":"AzureKeyVault","protocolType":"ServerNameIndication","certificateSourceParameters":{"@odata.type":"#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters","subscriptionId":"$subscriptionId","resourceGroupName":"$keyVaultResourceGroupName","vaultName":"$keyVaultName","SecretName":"$secretName","SecretVersion":"$secretVersion","updateRule":"NoAction","deleteRule":"NoAction"}}')

$headers = @{ }

$headers.Add('Authorization', "Bearer $accessToken") 

$headers.Add('Content-Type', 'application/json')


$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'

[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

$state = (Invoke-RestMethod -Method GET  -Uri $StateUri -Headers $headers).properties.customHttpsProvisioningState


在 CI/CD 以及通过 PowerShell 执行时抛出相同的问题

问题 - 
Invoke-RestMethod : {
  "error": {
  "code": "NotFound",
   "message": "The resource cannot be found."
  }

At line:51 char:11
+ $state = (Invoke-RestMethod -Method GET  -Uri $StateUri -Headers $hea ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], We 
   bException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand


在 PowerShell 中执行“Get-AzCdnCustomDomain”命令也会抛出错误的请求 - 
PS C:\WINDOWS\system32> Get-AzCdnCustomDomain -ResourceGroupName 'XXXXX' -ProfileName 'XXXXX' -EndpointName 'XXXXX' -CustomDomainNa
me 'subdomain.domain.com'
Get-AzCdnCustomDomain : Operation returned an invalid status code 'BadRequest'
At line:1 char:1
+ Get-AzCdnCustomDomain -ResourceGroupName 'XXXXX' -Prof ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-AzCdnCustomDomain], ErrorResponseException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Cdn.CustomDomain.GetAzureRmCdnCustomDomain

最佳答案

通过PowerShell脚本启用自定义域的HTTPS并调用Rest API .至少现在;我无法通过“az cdn custom-domain enable-https ”完成,没有获得 的正确 sample --custom-domain-https-parameters .

由于错误,我总是从 Rest API 收到 HTTP 状态 400| .原因是我将域名(主机名)而不是友好名称映射到端点。 (例如 - 我的域名或主机名是:mysubdomain.domainname.com,友好名称是 MyDevDomain;然后 Rest API 期待 MyDevDomain)

我们可以按照@Merlin Liang - MSFT 步骤来自动化该过程。

我遵循的步骤 -

引用 - https://docs.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?tabs=option-2-enable-https-with-your-own-certificate#ssl-certificates

  • 在 Azure Active Directory 中注册 Azure CDN。
  • 授予 Azure CDN 访问 key 保管库的权限。
  • PowerShell 脚本 -

    • https://www.nlymbery.com.au/posts/azure-cdn-automate-provisioning-custom-certificate/

    https://gist.github.com/HQJaTu/c5695626ba51c6194845fa60913e911b 
    $cdnProfile = Get-AzCdnProfile -ProfileName $cdnProfileName;
    $resourceGroup = Get-AzResourceGroup -Name $cdnProfile.ResourceGroupName;
    $resourceGroupName = $resourceGroup.ResourceGroupName;

    # Get Access Token to invoke in Rest API
    $context = Get-AzContext;
    $subscriptionId = $context.Subscription.Id;
    $azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile;
    if (-not $azProfile.Accounts.Count) {
        Write-Error "Error occured!"
        Exit 1
    }

    $profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($azProfile);
    $token = $profileClient.AcquireAccessToken($context.Subscription.TenantId) ;
    $accessToken = $token.AccessToken;
    if (-not $accessToken) {
        Write-Error "Error occured!";
        Exit 1
    }

    # Update certificate values
    # ref - https://docs.microsoft.com/en-us/rest/api/cdn/customdomains/enablecustomhttps

    $ProvisionUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourcegroups/$($resourceGroupName)/providers/Microsoft.Cdn/profiles/$($cdnProfileName)/endpoints/$($cdnEndpointName)/customdomains/$($cdnCustomDomainName)/enableCustomHttps?api-version=$($apiVersion)"

    $body = $ExecutionContext.InvokeCommand.ExpandString('{"certificateSource":"AzureKeyVault","protocolType":"ServerNameIndication","certificateSourceParameters":{"@odata.type":"#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters","subscriptionId":"$subscriptionId","resourceGroupName":"$keyVaultResourceGroupName","vaultName":"$keyVaultName","SecretName":"$secretName","SecretVersion":"$secretVersion","updateRule":"NoAction","deleteRule":"NoAction"}}')

    $headers = @{ }  
    $headers.Add('Authorization', "Bearer $accessToken")  
    $headers.Add('Content-Type', 'application/json')

    write-verbose -verbose "[INF] Provision Uri: $($ProvisionUri)"
    write-verbose -verbose "[INF] Headers: $($headers)"  
    write-verbose -verbose "[INF] Body: $($body)"

    Write-Verbose -Verbose "Applying custom certificate to $($cdnProfileName):$($cdnEndpointName)"

    Invoke-RestMethod -Method Post -Uri $ProvisionUri -Headers $headers -Body $body
    write-verbose -verbose "[INF] Script executed successfully!"

    在调用之前根据博客检查配置状态。

    关于azure-devops - 如何通过 ARM 模板在 Azure CDN 中的自定义域上启用 HTTPS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59160499/

    26 4 0
    文章推荐: python - 谷歌 Colab 运行时错误 : cuDNN error: CUDNN_STATUS_NOT_INITIALIZED
    文章推荐: spring-boot - Spring Cloud 网关在过滤器中发送响应
    文章推荐: functional-programming - Erlang(函数式编程)vs 面向对象编程的思维方式
    文章推荐: apache-kafka - 如何使用 testcontainers 高效地创建 Kafka 主题?
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com