[英]HTTPS access to Azure ubuntu Virtual Machine
I have a Ubuntu VM running on Microsoft azure. 我有一个在Microsoft azure上运行的Ubuntu VM。 Currently I can access it using HTTP, but not with HTTPS.
目前,我可以使用HTTP来访问它,但是不能使用HTTPS来访问它。 In the network interface, inbound port rule, 443 is already allowed.
在网络接口中,入站端口规则443已被允许。
I already added a certificate into the VM, by creating a key vault and a certificate, prepare it for deployment following this documentation : 我已经通过创建密钥库和证书将证书添加到VM中,并按照以下文档为部署做准备:
az keyvault update -n <keyvaultname> -g <resourcegroupname> --set properties.enabledForDeployment=true
then added the certificate following this answer . 然后根据此答案添加证书。
In Azure CLI: 在Azure CLI中:
$secret=$(az keyvault secret list-versions \
--vault-name <keyvaultname> \
--name <certname> \
--query "[?attributes.enabled].id" --output tsv)
$vm_secret=$(az vm secret format --secret "$secret")
az vm update -n <vmname> -g <keyvaultname> --set osProfile.secrets="$vm_secret"
I got the following error: 我收到以下错误:
Unable to build a model: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>, DeserializationError: Cannot deserialize as [VaultSecretGroup] an object of type <class 'str'>
However, when I do az vm show -g <resourcegroupname> -n <vmname>
after that, in the osProfile
, the secrets already contained the secret I added 但是,当我在那之后执行
az vm show -g <resourcegroupname> -n <vmname>
,在osProfile
,机密已经包含了我添加的机密
"secrets": [
{
"sourceVault": {
"id": "/subscriptions/<subsID>/resourceGroups/<resourcegroupName>/providers/Microsoft.KeyVault/vaults/sit-key-vault"
},
"vaultCertificates": [
{
"certificateStore": null,
"certificateUrl": "https://<keyvaultname>.vault.azure.net/secrets/<certname>/<certhash>"
}
]
}
],
When accessing using HTTPS, I failed. 使用HTTPS访问时,我失败了。 I can access it using HTTP but chrome still shows the "Not secure" mark next to the address.
我可以使用HTTP访问它,但是chrome仍然在地址旁边显示“不安全”标记。
What did I miss? 我错过了什么?
I also checked answer from similar question , but could not find "Enable Direct Server Return" anywhere in the VM control panel page. 我还检查了类似问题的答案 ,但在VM控制面板页面的任何位置都找不到“启用直接服务器返回”。
As far as I known, we can follow these following steps to configure SSL for nginx server. 据我所知,我们可以按照以下步骤为nginx服务器配置SSL。
Add SSl cert 添加SSl证书
$secret=$(az keyvault secret list-versions --vault-name "keyvault_name" --name "cert name" --query "[?attributes.enabled].id" --output tsv) $ secret = $(az密钥库机密列表版本--vault-name“ keyvault_name” --name“证书名称” --query“ [?attributes.enabled] .id” --output tsv)
$vm_secret=$(az vm secret format --secrets "$secret") $ vm_secret = $(az vm机密格式--secrets“ $ secret”)
az vm update -n “VM name” -g “resource group name” --set osProfile.secrets="$vm_secret" az vm update -n“ VM名称” -g“资源组名称” --set osProfile.secrets =“ $ vm_secret”
Install Nginx 安装Nginx
sudo apt-get update sudo apt-get更新
sudo apt-get install nginx 须藤apt-get install nginx
Configure SSL Cert 配置SSL证书
#get cert name find /var/lib/waagent/ -name "*.prv" | cut -c -57 #paste cert mkdir /etc/nginx/ssl cp “your cert name” /etc/nginx/ssl/mycert.cer cp “your cert name” /etc/nginx/ssl/mycert.prv #change nginx configuration file sudo nano /etc/nginx/sites-available/default PS: add the next content in the file server { listen 443 ssl; ssl_certificate /etc/nginx/ssl/mycert.cert; ssl_certificate_key /etc/nginx/ssl/mycert.prv; } service nginx restart
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.