如何使用ARM使用托管SSL证书部署App
如何使用ARM使用托管SSL证书部署App
提问于 2022-07-22 09:17:44
我希望创建一个具有自定义主机名绑定和托管SSL证书的Azure Azure。
当我创建一个Bicep-模板时,只有当主机名绑定已经创建时,才能部署证书资源。但是要创建主机名绑定,我需要证书拇指指纹。
更新同一模板中的主机名绑定也是不可能的,因为一个资源只能在模板中存在一次。
// hostname bindings must be deployed one by one to prevent Conflict (HTTP 429) errors.
@batchSize(1)
resource customHostnameWithoutSsl 'Microsoft.web/sites/hostnameBindings@2019-08-01' = [for fqdn in customHostnames: {
name: '${webAppService.name}/${fqdn}'
properties: {
siteName: webAppService.name
hostNameType: 'Verified'
sslState: 'Disabled'
}
}]
// Managed certificates can only be created once the hostname is added to the web app.
resource certificates 'Microsoft.Web/certificates@2022-03-01' = [for (fqdn, i) in customHostnames: {
name: '${fqdn}-${webAppName}'
location: location
properties: {
serverFarmId: appServicePlanResourceId
canonicalName: fqdn
}
dependsOn: [ ]
}]
// sslState and thumbprint can only be set once the managed certificate is created
@batchSize(1)
resource customHostname 'Microsoft.web/sites/hostnameBindings@2019-08-01' = [for (fqdn, i) in customHostnames: {
name: '${webAppService.name}/${fqdn}'
properties: {
siteName: webAppService.name
hostNameType: 'Verified'
sslState: 'SniEnabled'
thumbprint: certificates[i].properties.thumbprint
}
}]是否有另一种方法来创建一个单独的部署模板来为自定义主机名部署带有托管SSL证书的Azure Azure?
回答 2
Stack Overflow用户
回答已采纳
发布于 2022-07-22 13:46:16
更新同一个模板中的主机名绑定也是不可能的,因为一个资源只能在模板中存在一次。
为了防止此错误,可以使用Bicep模块(或ARM嵌套模板)部署资源。
然后解决办法是:
webApp.bicep
@description('The name of the App Service Plan that this web app will be deployed to.')
param appServicePlanResourceId string
@description('The location that the resource will be deployed to')
param location string = resourceGroup().location
@description('The custom hostnames that you wish to add.')
param customHostnames array = []
@description('Deploy hostnames without SSL binding before creating the certificate. Required when hostname is not present yet.')
param redeployHostnames bool = false
resource webAppService 'Microsoft.Web/sites@2020-12-01' = {
...
}
// hostname bindings must be deployed one by one to prevent Conflict (HTTP 429) errors.
@batchSize(1)
resource customHostnameWithoutSsl 'Microsoft.web/sites/hostnameBindings@2019-08-01' = [for fqdn in customHostnames: if (redeployHostnames) {
name: '${webAppService.name}/${fqdn}'
properties: {
siteName: webAppService.name
hostNameType: 'Verified'
sslState: 'Disabled'
}
}]
// certificates must be bound via module/nested template, because each resource can only occur once in every template
// in this case the hostnameBindings would occur twice otherwise.
module certificateBindings './bindCertificateToHostname.bicep' = {
name: '${deployment().name}-ssl'
params: {
appServicePlanResourceId: appServicePlanResourceId
customHostnames: customHostnames
location: location
webAppName: webAppService.name
}
dependsOn: customHostnameWithoutSsl
}bindCertificateToHostname.bicep
param webAppName string
param location string
param appServicePlanResourceId string
param customHostnames array
// Managed certificates can only be created once the hostname is added to the web app.
resource certificates 'Microsoft.Web/certificates@2022-03-01' = [for (fqdn, i) in customHostnames: {
name: '${fqdn}-${webAppName}'
location: location
properties: {
serverFarmId: appServicePlanResourceId
canonicalName: fqdn
}
}]
// sslState and thumbprint can only be set once the managed certificate is created
@batchSize(1)
resource customHostname 'Microsoft.web/sites/hostnameBindings@2019-08-01' = [for (fqdn, i) in customHostnames: {
name: '${webAppName}/${fqdn}'
properties: {
siteName: webAppName
hostNameType: 'Verified'
sslState: 'SniEnabled'
thumbprint: certificates[i].properties.thumbprint
}
}]Stack Overflow用户
发布于 2022-07-22 11:43:53
其中一个解决办法,您可以遵循,以实现上述要求;
要为自定义域部署带有SSL证书的应用程序服务,您可以遵循@bmoore在此上建议的完整配置和模板:-
样本template.json:-
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2019-08-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('appServicePlanName')]"
},
"sku": {
"name": "P1",
"tier": "Premium",
"size": "1",
"family": "P",
"capacity": "1"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2019-08-01",
"name": "[parameters('webAppName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
],
"properties": {
"name": "[parameters('webAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
}
},
{
"condition": "[variables('enableSSL')]",
"type": "Microsoft.Web/certificates",
"apiVersion": "2019-08-01",
"name": "[variables('certificateName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
],
"properties": {
"keyVaultId": "[parameters('existingKeyVaultId')]",
"keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverFarms', variables('appServicePlanName'))]"
}
},
{
"type": "Microsoft.Web/sites/hostnameBindings",
"name": "[concat(parameters('webAppName'), '/', parameters('customHostname'))]",
"apiVersion": "2019-08-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/certificates', variables('certificateName'))]"
],
"properties": {
"sslState": "[if(variables('enableSSL'), 'SniEnabled', json('null'))]",
"thumbprint": "[if(variables('enableSSL'), reference(resourceId('Microsoft.Web/certificates', variables('certificateName'))).Thumbprint, json('null'))]"
}
}注意:-我无法用自定义域测试它,因为我们的帐户有一些条款问题。
有关更多信息,请参阅此所以线程_
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73077972
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号