Docker Https 与 Azure Key Vault 使用 DevOps 发布管道
[英]Docker Https With Azure Key Vault using DevOps Release Pipeline
问题描述
Background:
背景:
I am serving an auth server from a normal app service plan and switching to serve the auth server as a docker container.我正在从一个普通的应用程序服务计划中为一个身份验证服务器提供服务,并切换到将身份验证服务器作为一个 docker 容器来提供服务。 I use CI with dockerfile and azure-pipelines.yaml to push an image to the registry.我使用带有 dockerfile 和 azure-pipelines.yaml 的 CI 将图像推送到注册表。 This triggers my CD which I use Azure Web App on Container Deploy task to deploy.这会触发我的 CD,我使用 Azure Web App on Container Deploy 任务进行部署。 This all seemed fine until I tried to verify my api against an Authorize attribute.这一切似乎都很好,直到我尝试根据 Authorize 属性验证我的 api。 It appears that even though I am using a custom domain with https enabled.看来即使我使用的是启用了 https 的自定义域。 The tokens generated are still referencing http instead of https.生成的令牌仍然引用 http 而不是 https。
In order to circumvent this I tried, adding a configuration file or "docker-compose.yaml".为了规避这一点,我尝试添加一个配置文件或“docker-compose.yaml”。 However, when I do this my app is breaking.但是,当我这样做时,我的应用程序崩溃了。 So my two questions are:所以我的两个问题是:
-Am I running this correctly to use Https in my docker instance? - 我是否正确运行它以在我的 docker 实例中使用 Https?
-Also, how do I appropriately pass key vault secrets to the docker compose? -此外,我如何适当地将密钥保管库机密传递给 docker compose?
Here is my yaml:这是我的 yaml:
version: '3.4'
variables:
- group: VKVAPI
services:
webapp:
image: vkv.azurecr.io/vkvauth:latest
ports:
- '8000:80'
- '8001:443'
environment:
- ASPNETCORE_HTTPS_PORT=443
- 'ASPNETCORE_URLS=https://+;http://+'
- ASPNETCORE_Kestrel__Certificates__Default__Password=Variable!@#
- ASPNETCORE_Kestrel__Certificates__Default__Path=$(variable)
Also in my log stream I am getting:同样在我的日志流中,我得到:
2020-08-27T23:14:29.758256402Z: [ERROR] Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
2020-08-27T23:14:29.758271702Z: [ERROR] at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
2020-08-27T23:14:29.758398002Z: [ERROR] at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
2020-08-27T23:14:29.758404102Z: [ERROR] at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
2020-08-27T23:14:29.758408302Z: [ERROR] at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
2020-08-27T23:14:29.758412302Z: [ERROR] at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
1 个解决方案
解决方案1
0 2020-08-28 01:21:24
Am I running this correctly to use Https in my docker instance?我是否正确运行它以在我的 docker 实例中使用 Https?
There is no problem you run the docker container with HTTPS via the docker-compose.您通过 docker-compose 使用 HTTPS 运行 docker 容器没有问题。 See the details Starting a container with https support using docker-compose .请参阅使用 docker-compose 启动支持 https 的容器的详细信息。
Also, how do I appropriately pass key vault secrets to the docker compose?另外,我如何适当地将密钥保管库机密传递给 docker compose?
The possible reason caused the error is the supported Docker Compose options in the Azure Web App for Container does not contain the variables .导致该错误的可能原因是 Azure Web App for Container 中支持的Docker Compose 选项不包含variables 。 So when you set the variables block and use the variable in it, then it causes the error.因此,当您设置变量块并在其中使用变量时,就会导致错误。 I suggest you use the absolute value without the variables.我建议你使用没有变量的绝对值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.