使用App Service证书的Azure ARM SSL绑定

时间:2018-07-11 06:34:10

标签: azure ssl azure-resource-manager

我有一个站点,该站点的自定义主机名已在ARM模板中配置了hostnameBindings。这样可以很好地部署。

我还有从Azure创建和验证的SSL证书,以及相应的指纹。

在Azure站点中,我还可以将证书绑定到应用程序服务。

但是当我使用ARM模板从hostnameBindings中的模板分配SSL时,会出现一个错误,即未找到证书...

我不明白怎么了...

我的猜测:

  • 证书位于不同的资源组中,因此不能 找到,但是在模板设置中我无法设置组。
  • 必须先在Azure网站中使用我要导入的SSL,所以也许我在ARM模板中缺少此步骤?
  • 使用了错误的指纹?

在hostnameBindings中,我仅定义指纹和sslState

知道我缺少哪一步吗?

谢谢

更新

我的参数json文件:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.5.0.8",
"parameters": {
    "baseResourceName": {
        "value": "base-name"
    },
    "environments": {
        "value": [
            "preview"
        ]
    },
    "hostNames": {
        "value": [
            {
                "name": "myhostname.example.com",
                "sslState": "SniEnabled",
                "thumbprint": "9897LKJL88KHKJH8888KLJLJLJLKJLJLKL4545"
            },
            {
                "name": "myhostname2.example.com"
            }              
        ]
    }, 
    "ipSecurityRestrictions": {
        "value": []
    }
}

}

我的模板json文件:

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.5.0.8",
    "parameters": {
        "hostName": {
            "defaultValue": [],
            "type": "array",
            "metadata": {
                "description": "The custom hostnames of sites"
            }
        }
    },
    "variables": {
        "standardPlanMaxAdditionalSlots": 4,
        "appName": "[concat(parameters('baseResourceName'), '-private')]",
        "appServicePlanName": "[concat(parameters('baseResourceName'), '-appServicePlan')]",
        "appInsightName": "[concat(parameters('baseResourceName'), '-appInsight')]",
        "ipSecurityRestrictions": "[parameters('ipSecurityRestrictions')]"
    },
    "resources": [
        {
            "type": "Microsoft.Web/serverfarms",
            "comments": "AppPlan for app.",
            "sku": {
                "name": "[if(lessOrEquals(length(parameters('environments')), variables('standardPlanMaxAdditionalSlots')), 'S1', 'P1')]"
            },
            "tags": {
                "displayName": "AppServicePlan-Private"
            },
            "name": "[variables('appServicePlanName')]",
            "kind": "app",
            "apiVersion": "2016-09-01",
            "location": "[resourceGroup().location]",
            "properties": {},
            "dependsOn": []
        },
        {
            "type": "Microsoft.Web/sites",
            "comments": "This is the private web app.",
            "kind": "app",
            "apiVersion": "2016-03-01",
            "name": "[variables('appName')]",
            "location": "[resourceGroup().location]",
            "tags": {
                "displayName": "WebApp"
            },
            "properties": {
                "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
                "siteConfig": {
                    "appSettings": [],
                    "phpVersion": "",
                    "ipSecurityRestrictions": "[variables('ipSecurityRestrictions')]",
                    "http20Enabled": true,
                    "minTlsVersion": "1.2"
                }
            },
            "dependsOn": [
                "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
                "[resourceId('microsoft.insights/components/', variables('appInsightName'))]"
            ]
        },
        {
            "type": "Microsoft.Web/sites/hostnameBindings",
            "name": "[concat(variables('appName'), '/', parameters('hostName')[copyIndex()].Name)]",
            "apiVersion": "2016-03-01",
            "location": "[resourceGroup().location]",
            "properties": "[parameters('hostName')[copyIndex()]]",
            "condition": "[greater(length(parameters('hostName')), 0)]",
            "copy": {
                "name": "hostnameCopy",
                "count": "[length(parameters('hostName'))]",
                "mode": "Serial"
            },
            "dependsOn": [
                "[concat('Microsoft.Web/sites/',variables('appName'))]"
            ]
        }
    ]
}

1 个答案:

答案 0 :(得分:0)

完全不相关,您是否使用零长度数组测试了条件greater(..., 0)?肯定会炸毁。

关于主题。我认为,如果您将证书资源链接到应用程序服务计划,则也许可以使其工作。因此,这是对证书资源执行的操作。如果您使用keyvault来存储证书,这是完全可能的

    {
        "apiVersion": "2016-03-01",
        "name": "[variables('certificateName')]",
        "location": "[resourceGroup().location]",
        "type": "Microsoft.Web/certificates",
        "dependsOn": [
            "[parameters('appServicePlan')]"
        ],
        "properties": {
            "keyVaultId": "kvResourceId",
            "keyVaultSecretName": "secretName",
            "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appServicePlan'))]"
        }
    }