Azure Linux VM(资源管理器)上的端点选项卡?
[英]Endpoints tab on an Azure Linux VM (resource manager)?
问题描述
I'm trying to migrate my app from Heroku to Azure. 
我正在尝试将我的应用程序从Heroku迁移到Azure。 The process is turning out to be more drudgery-ridden than advertised. 这个过程变得比宣传更加苦差事。
After resetting quite a few approaches, I've finally settled on setting up a Ubuntu VM on Azure (resource manager VM) and handling everything myself. 在重置了很多方法之后,我终于决定在Azure上设置一个Ubuntu VM(资源管理器VM)并自己处理所有事情。 I now want to install IIS on this VM, set up HTTP endpoints and configure a website on it. 我现在想在这个VM上安装IIS,设置HTTP端点并在其上配置一个网站。 But I'm unable to move forward on this goal because all online resources I've seen want me to start from the Endpoints tab on the Azure management console. 但是我无法继续实现这一目标,因为我看到的所有在线资源都希望我从Azure管理控制台的“ 端点”选项卡开始。
But there is no Endpoints tab on the Azure management console for the virtual machine I just provisioned. 但是,我刚配置的虚拟机的Azure管理控制台上没有“端点”选项卡。
I'm now guessing this is a feature of classic Azure VMs, not v2, but the documentation, unlike Heroku's, is too fragmented to clearly describe what's what. 我现在猜测这是经典Azure VM的一个功能,而不是v2,但与Heroku不同,文档太碎片化,无法清楚地描述什么是什么。
So what's the comparable approach I need to take for my Linux Azure VM (v2), so as to start serving web traffic? 那么我需要为Linux Azure VM(v2)采取的可比方法是什么,以便开始提供网络流量?
More about my app: it's a Django app, it uses a pure python WSGI webserver called waitress , it's db is postgresql. 更多关于我的应用程序:它是一个Django应用程序,它使用一个名为waitress的纯python WSGI网络服务器,它的db是postgresql。 BTW, I can't use 'Azure Web Apps' because this feature doesn't support postgresql, nor can I install all the packages from my requirements.txt on it since some of them require a compiler and don't have Python Wheels yet (a compiler is not available on the machine running the web app in Azure App Service). 顺便说一句,我不能使用'Azure Web Apps',因为这个功能不支持postgresql,也不能安装我的requirements.txt所有包,因为它们中的一些需要编译器而且还没有Python Wheels (在Azure App Service中运行Web应用程序的计算机上没有编译器)。
2 个解决方案
解决方案1
2 已采纳 2015-11-28 14:21:38
One of the big differences between v1 and v2 is the concept of a network adapter and a public IP address. v1和v2之间的一个重大区别是网络适配器和公共IP地址的概念。 as a separate entity to the VM. 作为VM的单独实体。 The thing that should sit between them is a Network Security Group 应该介于它们之间的是网络安全组
The power and flexibility of Azure v2 means that it is easy to create a solution that actually has no firewalling at all. Azure v2的强大功能和灵活性意味着可以轻松创建实际上根本没有防火墙的解决方案。
If you look in the resource group you have created your Network security group should be there. 如果查看已创建网络安全组的资源组,则应该在那里。 From there you can configure endpoints. 从那里你可以配置端点。 (you can also look on the 'quick start' page of a VM, there should be a 'security group' link at the bottom right (I'm doing this from memory as I don't have access to Azure at the moment - so details might be slightly off) (您也可以查看虚拟机的“快速启动”页面,右下方应该有一个“安全组”链接(我正在从内存中执行此操作,因为此刻我无法访问Azure)所以细节可能稍微偏离)
ETA ETA
v2 Security groups are software firewalls that exist at either the subnet boundary layer or at the Network card layer. v2安全组是位于子网边界层或网卡层的软件防火墙。
A subnet boundary SG can protect backend VMs from front end servers being compromised. 子网边界SG可以保护后端VM免受前端服务器的攻击。 So a database server only communicates via a specific port and doesn't have access to the internet (for instance) 因此,数据库服务器仅通过特定端口进行通信,并且无法访问Internet(例如)
An SG attached to a Nic is there to create application rules. 附加到Nic的SG可以创建应用程序规则。 For instance for HTTP you would create a single rule that allowed the destination to be port 80, allowing that to be sourced from any IP Address, with any source port. 例如,对于HTTP,您将创建一个允许目标为端口80的规则,允许从任何IP地址和任何源端口获取该目标。
解决方案2
1 2016-06-04 20:49:25
So what's the comparable approach I need to take for my Linux Azure VM (v2), so as to start serving web traffic?
The concept of "endpoints" apply to the classical deployment mode (aka classic portal). “端点”的概念适用于经典部署模式(又名经典门户)。 But in the new azure portal, where Resource Management (arm) deployment mode is preferred over classic portal/classical deployment mode (asm), you need to add "Inbound security rules" to your Network Security Group (NSG). 但是在新的azure门户中,资源管理(arm)部署模式优于传统门户/经典部署模式(asm),您需要向网络安全组(NSG)添加“入站安全规则”。
You can use the new Azure Portal ( https://portal.azure.com ), PowerShell, Azure CLI, or ARM template. 您可以使用新的Azure门户( https://portal.azure.com ),PowerShell,Azure CLI或ARM模板。 I will go over Azure Portal and Azure CLI. 我将介绍Azure Portal和Azure CLI。
Method 1: Using new azure portal ( https://portal.azure.com ): 方法1:使用新的azure门户网站( https://portal.azure.com ):
1. Navigate to your network security group for the Linux VM you created in Azure
1.导航到您在Azure中创建的Linux VM的网络安全组
2. Navigate to your Inbound security rules setting
2.导航到“入站安全规则”设置
1. Add a new Inbound security rule to start serving web traffic.
1.添加新的入站安全规则以开始提供Web流量。 (This is an example rule named "web-rule", which allow traffic from clients connecting from any port to port 80) (这是一个名为“web-rule”的示例规则,允许从任何端口连接到端口80的客户端的流量)
Method 2: Using the Azure CLI: 方法2:使用Azure CLI:
- Open Azure CLI 打开Azure CLI
- Login to azure:
azure login登录azure: azure login - Switch to Resource Manager mode:
azure config mode arm切换到资源管理器模式: azure config mode arm Run the azure network nsg create command:
运行azure network nsg create命令: azure network nsg rule create -g UbuntuRG -a UbuntuVM -n web-rule -c Allow -p Tcp -r Inbound -y 200 -f Internet -o * -e * -u 80
Note: The above methods are assuming your resource group name is "UbuntuRG" and your virtual machine name is "UbuntuVM". 注意:上述方法假设您的资源组名称为“UbuntuRG”,并且您的虚拟机名称为“UbuntuVM”。
You can find more information: 您可以找到更多信息:
How to manage NSGs using the Azure portal 如何使用Azure门户管理NSG
How to create NSGs in Resource Manager by using PowerShell 如何使用PowerShell在资源管理器中创建NSG
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.