具有2个公开的https端点和不同端口

时间:2017-04-07 12:58:06

标签: azure-service-fabric

我创建了 2无状态服务架构服务,我需要公开,并且可以通过https从网络访问:

  • 引擎(Asp.net核心API)在端口1212上通过HTTP公开,在端口8465上通过HTTPS公开
  • 网站(Asp.net Core Web App)通过端口443上的HTTPS公开

我现在仅限本地,使用 WebListener

ServiceManifest.XML ENGINE

<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="EnginePkg"
                 Version="1.0.0"
                 xmlns="http://schemas.microsoft.com/2011/01/fabric"
                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ServiceTypes>
    <StatelessServiceType ServiceTypeName="EngineType" />
  </ServiceTypes>

 <CodePackage Name="Code" Version="1.0.0">
    <EntryPoint>
      <ExeHost>
        <Program>Engine.exe</Program>
        <WorkingFolder>CodePackage</WorkingFolder>
      </ExeHost>
    </EntryPoint>
  </CodePackage>

 <ConfigPackage Name="Config" Version="1.0.0" />

  <Resources>
    <Endpoints>
      <Endpoint Protocol="http" Name="EngineEndpoint" Type="Input" Port="1212" />
      <Endpoint Protocol="https" Name="EngineEndpointSecure" Type="Input" Port="8465" />
    </Endpoints>
  </Resources>
</ServiceManifest>

ServiceManifest.XML网站

<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="WebsitePkg"
                 Version="1.0.0"
                 xmlns="http://schemas.microsoft.com/2011/01/fabric"
                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ServiceTypes>
    <StatelessServiceType ServiceTypeName="WebsiteType" />
  </ServiceTypes>

  <CodePackage Name="Code" Version="1.0.0">
    <EntryPoint>
      <ExeHost>
        <Program>Website.exe</Program>
        <WorkingFolder>CodePackage</WorkingFolder>
      </ExeHost>
    </EntryPoint>
  </CodePackage>

  <ConfigPackage Name="Config" Version="1.0.0" />

  <Resources>
    <Endpoints>
    <Endpoint Protocol="https" Name="WebsiteEndpoint" Type="Input" Port="443" />
    </Endpoints>
  </Resources>
</ServiceManifest>

ENGINE.CS

internal sealed class Engine : StatelessService
    {
        public Engine(StatelessServiceContext context)
            : base(context)
        { }

        /// <summary>
        /// Optional override to create listeners (like tcp, http) for this service instance.
        /// </summary>
        /// <returns>The collection of listeners.</returns>
        protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
        {
            return new ServiceInstanceListener[]
            {
                new ServiceInstanceListener(serviceContext =>
                    new WebListenerCommunicationListener(serviceContext, "EngineEndpoint", (url, listener) =>
                    {
                        ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");

                        return new WebHostBuilder().UseWebListener()
                                    .ConfigureServices(
                                        services => services
                                            .AddSingleton(serviceContext))
                                    .UseContentRoot(Directory.GetCurrentDirectory())
                                    .UseStartup<Startup>()
                                    .UseApplicationInsights()
                                    .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
                                    .UseUrls(url)
                                    .Build();
                    }), "EngineEndpoint"),//Name is important for multiple endpoints

               new ServiceInstanceListener(serviceContext =>
                    new WebListenerCommunicationListener(serviceContext, "EngineEndpointSecure", (url, listener) =>
                    {
                        ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Secure WebListener on {url}");

                        return new WebHostBuilder().UseWebListener()
                                    .ConfigureServices(
                                        services => services
                                            .AddSingleton(serviceContext))
                                    .UseContentRoot(Directory.GetCurrentDirectory())
                                    .UseStartup<Startup>()
                                    .UseApplicationInsights()
                                    .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
                                    .UseUrls(url)
                                    .Build();
                    }), "EngineEndpointSecure")
            };
        }
    }

WEBSITE.CS

internal sealed class Website : StatelessService
{
    public Website(StatelessServiceContext context)
        : base(context)
    { }

    /// <summary>
    /// Optional override to create listeners (like tcp, http) for this service instance.
    /// </summary>
    /// <returns>The collection of listeners.</returns>
    protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
    {
        return new ServiceInstanceListener[]
        {
            new ServiceInstanceListener(serviceContext =>
                new WebListenerCommunicationListener(serviceContext, "WebsiteEndpoint", (url, listener) =>
                {
                    ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");

                    return new WebHostBuilder().UseWebListener()
                                .ConfigureServices(
                                    services => services
                                        .AddSingleton(serviceContext))
                                .UseContentRoot(Directory.GetCurrentDirectory())
                                .UseStartup<Startup>()
                                .UseApplicationInsights()
                                .UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)      
                                .UseUrls(url)
                                .Build();
                }), "WebsiteEndpoint"),
        };
    }
}

APPLICATIONMANIFEST.XML

<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ApplicationTypeName="ProjectSFType" ApplicationTypeVersion="1.0.0" xmlns="http://schemas.microsoft.com/2011/01/fabric">
  <Parameters>

    <!--STATELESS-->
    <Parameter Name="Engine_InstanceCount" DefaultValue="-1" />
    <Parameter Name="Website_InstanceCount" DefaultValue="-1" />

  </Parameters>
  <ServiceManifestImport>
    <ConfigOverrides />
    <Policies>
      <EndpointBindingPolicy EndpointRef="WebsiteEndpoint" CertificateRef="FabricFront" />
      <EndpointBindingPolicy EndpointRef="EngineEndpointSecure" CertificateRef="FabricFront" />
    </Policies>
  </ServiceManifestImport>
  <ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="EnginePkg" ServiceManifestVersion="1.0.0" />
    <ConfigOverrides />
  </ServiceManifestImport>
  <ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="WebsitePkg" ServiceManifestVersion="1.0.0" />
    <ConfigOverrides />
  </ServiceManifestImport>
  <DefaultServices>
    <Service Name="Engine">
      <StatelessService ServiceTypeName="EngineType" InstanceCount="[Engine_InstanceCount]">
        <SingletonPartition />
      </StatelessService>
    </Service>
    <Service Name="Website">
      <StatelessService ServiceTypeName="WebsiteType" InstanceCount="[Website_InstanceCount]">
        <SingletonPartition />
      </StatelessService>
    </Service>
  </DefaultServices>
  <Certificates>
    <EndpointCertificate X509FindValue="‎0000000000000" Name="FabricFront" />
  </Certificates>
</ApplicationManifest>

启动时本地群集中会发生什么:

  • 端口1212上的引擎HTTP 始终有效
  • 如果将Engine HTTPS端点作为端点并从Engine.cs中删除,则端口443上的网站HTTPS端点
  • 引擎HTTPS端点从不工作即使网站切换到HTTP并且是解决方案中唯一的安全端点,浏览器显示&#34; ERR_CONNECTION RESET&#34;错误。

在ServiceFabric Explorer上,我看到“活动”和“正在运行”,“输出”中没有错误。 我尝试了其他具有相同结果的端口。

enter image description here

enter image description here

我该如何做到这一点?

2 个答案:

答案 0 :(得分:0)

你的问题有点不清楚,但如果你试图在1601端口上运行一个而在443上运行一个而只有443成功。那么它可能是一个特权问题?不同的端口需要不同的特权。

另一方面,如果您尝试在端口443上绑定两者,则可能会发生冲突,因为它们都使用相同的端口和URL。我们遇到了同样的问题,我们通过以下方式设法克服了这个问题:

  1. 创建运行PowerShell脚本的 HttpSetup应用程序

    1. 安装我们的证书并使用netsh注册它

      &netsh http add sslcert hostnameport="${EndpointHost}:${EndpointPort}" certhash=$CertThumbprint certstorename=$CertStore appid=$AppId

    2. 使用netsh:

      绑定证书网址

      &netsh http add urlacl url=$ReservationUrl"

      示例网址

      https://mydnsname.com/

      https://mydnsname.com/api

  2. 在我们的主要应用程序中,我们将服务绑定到完整的网址,因为完整的网址没有冲突。我们通过环境参数将URL传递给集群。

  3. 注意:我们必须分成两个应用程序的原因是因为我们的主应用程序在每次提交时不断部署。当netsh同时从多个部署中运行时,它会锁定并挂在节点上。

    <强> ApplicationManifest.xml

    <ServiceManifestImport>
      <ServiceManifestRef ServiceManifestName="ApiPkg" ServiceManifestVersion="1.0.0" />
      <EnvironmentOverrides CodePackageRef="Code">
        <EnvironmentVariable Name="EndpointUri" Value="[Api_EndpointUri]" />
        <EnvironmentVariable Name="CertThumbprint" Value="[Api_CertThumbprint]" />
      </EnvironmentOverrides>
    </ServiceManifestImport>
    <ServiceManifestImport>
      <ServiceManifestRef ServiceManifestName="UiPkg" ServiceManifestVersion="1.0.0" />
      <EnvironmentOverrides CodePackageRef="Code">
        <EnvironmentVariable Name="EndpointUri" Value="[App_EndpointUri]" />
        <EnvironmentVariable Name="CertThumbprint" Value="[App_CertThumbprint]" />
      </EnvironmentOverrides>
    </ServiceManifestImport>

    ServiceManifest.xml(适用于两个软件包)

    <?xml version="1.0" encoding="utf-8"?>
    <ServiceManifest Name="UiPkg"
                     Version="1.0.0"
                     xmlns="http://schemas.microsoft.com/2011/01/fabric"
                     xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <ServiceTypes>
        <StatelessServiceType ServiceTypeName="UiType" />
      </ServiceTypes>
    
      <CodePackage Name="Code" Version="1.0.0">
        <EntryPoint>
          <ExeHost>
            <Program>Ui.exe</Program>
            <WorkingFolder>CodePackage</WorkingFolder>
          </ExeHost>
        </EntryPoint>
        <EnvironmentVariables>
          <EnvironmentVariable Name="EndpointUri" Value="" />
          <EnvironmentVariable Name="CertThumbprint" Value="" />
        </EnvironmentVariables>
      </CodePackage>
    
      <!-- Config package is the contents of the Config directoy under PackageRoot that contains an
           independently-updateable and versioned set of custom configuration settings for your service. -->
      <ConfigPackage Name="Config" Version="1.0.0" />
    
      <Resources>
        <Endpoints>
          <!-- To bind to a specific hostname use netsh from a SetupEntyPoint and change Protocol to tcp here to just open the firewall
          -->
          <Endpoint Name="ServiceEndpoint" Protocol="tcp" Port="443" />
        </Endpoints>
      </Resources>
    </ServiceManifest>

    <强> Program.cs的

    var listeningAddress = $"{Environment.GetEnvironmentVariable("Api_EndpointUri")}:443/api/";
    
    _webHost = new WebHostBuilder().UseWebListener()
                                   .UseContentRoot(Directory.GetCurrentDirectory())
                                   .UseStartup<Startup>()
                                   .UseUrls(listeningAddress)
                                   .Build();

答案 1 :(得分:0)

错误在于我将<Policies>放在两个<ServiceManifestImport>顶部的ApplicationManifest.xml中。 每项服务都需要在<Policy>下方<ServiceManifestImport><ConfigOverrides />