我们的情况是,我们希望经常向多个Azure网站添加新的自定义子域,我们需要能够自动化该过程,以便最大限度地减少对人工干预的需求以及将某些事情搞砸的风险
Azure跨平台CLI工具和PowerShell cmdlet为我提供了足够的功能,可以将其全部编写为脚本,但SSL绑定明显例外......这些网站都是仅限HTTPS的,我们添加的每个域都需要SNI SSL绑定。
Azure管理门户允许您手动配置网站域的SSL绑定。如何使用PowerShell cmdlet或跨平台CLI工具实现相同目的?如果无法使用这些工具中的任何一种,我是否可以采用其他方式编写流程,以便在我们向网站添加/删除域时添加?
答案 0 :(得分:7)
我终于通过使用Azure网站管理REST API成功完成了这项工作。
我在2014年根据我的示例代码生成的原始文档已不再可用,但Zain在评论中提到并链接到博客文章的Azure资源浏览器在我看来是一种优越的资源。直接链接:https://resources.azure.com/
服务管理REST API参考似乎与我使用的原始文档最接近,但目前缺少任何关于Azure Web Apps(以前称为Azure网站)的内容:https://msdn.microsoft.com/library/azure/ee460799.aspx
E.g:
using System;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Formatting;
using System.Net.Http.Headers;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
private const string managementThumbprint = "0000000000000000000000000000000000000000";
private const string subscriptionId = "00000000-0000-0000-0000-000000000000";
private const string sslThumbprint = "0000000000000000000000000000000000000000";
private const string webspace = "eastasiawebspace";
private const string websiteName = "myWebsite";
private const string websiteDomain = "myDomain";
private const SslState sslState = SslState.SniEnabled;
public async Task SetSslState()
{
//Retrieve management certificate
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Cast<X509Certificate2>().First(xc => xc.Thumbprint.Equals(managementThumbprint, StringComparison.OrdinalIgnoreCase));
//Setup http client
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(certificate);
var client = new HttpClient(handler) {
BaseAddress = new Uri("https://management.core.windows.net/" + subscriptionId + "/services/WebSpaces/")
};
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("x-ms-version", "2014-06-01");
var requestData = new {
HostNameSslStates = new[] {
new {
Name = websiteDomain,
SslState = (long)sslState,
Thumbprint = sslThumbprint,
ToUpdate = true
}
}
};
var response = await client.PutAsJsonAsync(webspace + "/sites/" + websiteName, requestData);
}
public enum SslState
{
Disabled = 0,
SniEnabled = 1,
IpBasedEnabled = 2
}
答案 1 :(得分:4)
现在可以使用Azure Powershell库的Azure Resource Manager模式执行此操作。这也假设所选的证书已经在Azure中可用,我已经在其他网站上使用了证书,因此在将其添加到新站点之前不需要上传它。
首先,将库设置为使用Azure Resource Manager模式。 This文章详细介绍了此模式提供的内容。
Switch-AzureMode -Name AzureResourceManager
Add-AzureAccount
Select-AzureSubscription -SubscriptionId $subscriptionId
以下代码中使用了以下变量:
$apiVersion = "2015-08-01"
$subscriptionId = "" #The ID of your Azure subscription
$siteName = "myWebApp"
$resGroup = "myResourceGroup"
$appServicePlan = "myAppServicePlan"
$location = "East US" #Select the appropriate Azure data centre.
$hostName = "mywebapp.mydomain.com"
$sslThumbprint = "" # Thumbprint of SSL certificate uploaded for use in Azure.
选择正确的模式后,以下代码块将检索当前的站点信息。然后可以将新的SSL信息添加到新对象中,该对象可以添加到当前HostNameSslStates数组的末尾。
最后,可以使用Set-AzureResource cmdlet将其推回到Azure中。
# Add SSL binding to custom domain
$r = Get-AzureResource -Name $siteName -ResourceGroupName $resGroup -ResourceType Microsoft.Web/sites -ApiVersion $apiVersion -OutputObjectFormat New
# Create an object containing the desired new SSL configuration
$newSSL = @(
@{
"Name" = $hostName;
"SslState" = 1;
"Thumbprint" = $sslThumbprint;
"ToUpdate" = $true;
}
)
# Create an object which concatenates the existing SSL config with the new config object.
$ssl = @{
"HostNameSslStates" = $r.Properties.HostNameSslStates + $newSSL
}
# Upload the new configuration into the web app.
Set-AzureResource -ApiVersion $apiVersion -Name $siteName -ResourceGroupName $resGroup -ResourceType Microsoft.Web/sites -PropertyObject $ssl -OutputObjectFormat New