如何通过ARM-Template启用app-service-authentication和登录blob?
如何通过ARM模板启用app-service-authentication和登录blob?
大家好,我有一个问题,我想激活匿名请求的app-service-authentication,以及通过资源模板将网站中可能发生的一切记录到storageaccount的blob中。我应该在template-json文件中添加什么来做呢?
感谢您的每一次帮助
修改
我发现了一些东西。 使用此代码段,但它不是正确的设置
"properties": {
"name": "<#= website.Name #>",
"siteConfig": {
"alwaysOn": true,
"siteAuthEnabled": true,
"siteAuthSettings": null,
"httpLoggingEnabled": true,
"logsDirectorySizeLimit": 35,
"detailedErrorLoggingEnabled": true
},
现在看起来像这样:
https://msdn.microsoft.com/de-de/library/microsoft.office.interop.word(v=office.11).aspx
但这就是它应该寻找的方式:
3 个答案:
答案 0 :(得分:4)
根据您的方案,我已部署了我的ARM模板,以启用针对Blob存储的应用程序日志记录和Web服务器日志记录,启用应用程序服务身份验证并允许对我的Web应用程序进行匿名请求。以下是一些详细步骤,您可以参考它们。
1.创建Azure资源组项目并添加Web App模板;
2.添加“监控&gt;诊断日志”配置如下:
3.添加“设置&gt;身份验证/授权”配置如下:
4.部署Web应用程序并在Azure门户上进行检查:
这是我的website.json,你可以参考它。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hostingPlanName": {
"type": "string",
"minLength": 1
},
"skuName": {
"type": "string",
"defaultValue": "F1",
"allowedValues": [
"F1",
"D1",
"B1",
"B2",
"B3",
"S1",
"S2",
"S3",
"P1",
"P2",
"P3",
"P4"
],
"metadata": {
"description": "Describes plan's pricing tier and capacity. Check details at https://azure.microsoft.com/en-us/pricing/details/app-service/"
}
},
"skuCapacity": {
"type": "int",
"defaultValue": 1,
"minValue": 1,
"metadata": {
"description": "Describes plan's instance count"
}
}
},
"variables": {
"webSiteName": "[concat('webSite', uniqueString(resourceGroup().id))]"
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[parameters('hostingPlanName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"tags": {
"displayName": "HostingPlan"
},
"sku": {
"name": "[parameters('skuName')]",
"capacity": "[parameters('skuCapacity')]"
},
"properties": {
"name": "[parameters('hostingPlanName')]"
}
},
{
"apiVersion": "2015-08-01",
"name": "[variables('webSiteName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"tags": {
"[concat('hidden-related:', resourceGroup().id, '/providers/Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]": "Resource",
"displayName": "Website"
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanName'))]"
],
"properties": {
"name": "[variables('webSiteName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]"
},
"resources": [
{
"name": "logs",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteLogs"
},
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureTableStorage": {
"level": "Off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "Error",
"sasUrl": "https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": false
},
"azureBlobStorage": {
"sasUrl":"https://{your-storageaccount-name}.blob.core.windows.net/{container-name}?{sasToken}",
"retentionInDays": null,
"enabled": true
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"name": "authsettings",
"type": "config",
"apiVersion": "2015-08-01",
"dependsOn": [ "[resourceId('Microsoft.Web/sites/', variables('webSiteName'))]" ],
"tags": {
"displayName": "websiteAuthSettings"
},
"properties": {
"enabled": true,
"httpApiPrefixPath": null,
"unauthenticatedClientAction": 1,
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": 0,
"clientId": null,
"clientSecret": null,
"issuer": null,
"allowedAudiences": null,
"additionalLoginParams": null,
"isAadAutoProvisioned": false,
"googleClientId": null,
"googleClientSecret": null,
"googleOAuthScopes": null,
"facebookAppId": null,
"facebookAppSecret": null,
"facebookOAuthScopes": [
""
],
"twitterConsumerKey": null,
"twitterConsumerSecret": null,
"microsoftAccountClientId": null,
"microsoftAccountClientSecret": null,
"microsoftAccountOAuthScopes": [
""
]
}
}
]
}
]
}
此外,您可以从resources.azure.com检索配置。以下是您可以更好地了解ARM模板的屏幕截图:
答案 1 :(得分:2)
可以通过模板中的以下资源启用WebApp日志记录和身份验证
{
"apiVersion": "2015-08-01",
"name": "logs",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "off"
},
"azureTableStorage": {
"level": "off",
"sasUrl": null
},
"azureBlobStorage": {
"level": "off",
"sasUrl": null,
"retentionInDays": null
}
},
"httpLogs": {
"fileSystem": {
"retentionInMb": 35,
"retentionInDays": null,
"enabled": true
},
"azureBlobStorage": {
"sasUrl": null,
"retentionInDays": null,
"enabled": false
}
},
"failedRequestsTracing": {
"enabled": true
},
"detailedErrorMessages": {
"enabled": true
}
}
},
{
"apiVersion": "2015-08-01",
"name": "authsettings",
"type": "config",
"location": "[resourceGroup().location]",
"dependsOn": [ "[resourceId('Microsoft.Web/Sites', variables('webSiteName'))]" ],
"properties": {
"enabled": false,
"isAadAutoProvisioned": false
}
}
如果您不确定,模板中应包含哪些值。 请执行以下操作:
- 通过门户网站 配置Web App
- 启用必要的设置
- 转到https://resources.azure.com/并检查如何为您的网络应用配置模板
- 在模板json文件中进行更改
答案 2 :(得分:0)
记录所有内容
您可以启用诊断日志记录(https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log) 对于您的App Service,请按照本指南https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-enable-diagnostic-logs-using-template
将其添加到您的App Service网站对于可帮助您跟踪(几乎)App Service网站中发生的所有事件的常规日志记录解决方案,您可以使用Application Insights(AI)。您可以按照本文https://docs.microsoft.com/en-us/azure/application-insights/app-insights-powershell#create-an-azure-resource-manager-template将Application Insights添加到ARM模板中。这将帮助您为Web设置AI并定义要记录的任何特定跟踪和遥测。
基本上,您需要添加到ARM模板中以便将AI添加到App Service:
"resources": [
{
"apiVersion": "2014-08-01",
"location": "[parameters('appLocation')]",
"name": "[parameters('appName')]",
"type": "microsoft.insights/components",
"properties": {
"Application_Type": "[parameters('applicationType')]",
"ApplicationId": "[parameters('appName')]",
"Name": "[parameters('appName')]",
"Flow_Type": "Redfield",
"Request_Source": "IbizaAIExtension"
}
},
{
"name": "[variables('billingplan')]",
"type": "microsoft.insights/components/CurrentBillingFeatures",
"location": "[parameters('appLocation')]",
"apiVersion": "2015-05-01",
"dependsOn": [
"[resourceId('microsoft.insights/components', parameters('appName'))]"
],
"properties": {
"CurrentBillingFeatures": "[variables('pricePlan')]",
"DataVolumeCap": {
"Cap": "[parameters('dailyQuota')]",
"WarningThreshold": "[parameters('warningThreshold')]",
"ResetTime": "[parameters('dailyQuotaResetTime')]"
}
}
},
"__comment":"web test, alert, and any other resources go here"
]
当然,您需要根据您要设置的价格计划和配额为所有参数和变量提供值。
然后,您可以从AI设置持续导出(https://docs.microsoft.com/en-us/azure/application-insights/app-insights-export-telemetry),将所有已记录的遥测数据导出到单独的Azure存储blob,以便长期保留您记录的数据。不幸的是,您无法从ARM模板设置持续导出,但很快就可以使用:https://visualstudio.uservoice.com/forums/357324-application-insights/suggestions/13718607-enable-programatic-configuration-of-continuous-exp
验证所有内容
在App Service中设置身份验证,您可以为properties资源指定身份验证选项WebSite。我建议您首先使用门户网站或PowerShell配置所需的身份验证模型,然后从生成的部署https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template中提取模板,因为要设置的实际属性和值没有很好地记录。
从门户网站创建ARM模板
您可以对网站进行所有更改,直接在门户中设置诊断,然后提取反映当前在该资源组中部署的内容的模板。
只需转到资源组并选择自动化脚本,这将提取模板定义。它可能不是最漂亮的模板或最佳结构,但它将包含您的部署(除非它显示某些资源的警告)。
- 如何启动ART加速器STM32F407VGT6
- 如何通过logging.properties启用Hibernate的SQL日志记录?
- 通过ARM模板启用VM基本度量标准
- 如何通过log4j.xml在TomEE 7.0.1中启用EAR app log4j日志记录?
- 如何通过ARM-Template启用app-service-authentication和登录blob?
- 如何在Azure上为Node.js Api应用程序启用BLOB日志记录?
- 有没有办法使用PowerShell或ARM模板为Azure应用服务启用应用程序日志记录blob?
- 使用ARM模板启用App Service的诊断日志
- 如何将容器Blob下载到Azure应用服务wwwroot中?
- 如何通过Terraform或ARM部署App Service Extension?
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?