如何在应用程序网关后面进行基于路径的反向代理应用程序服务?
[英]How to path-based reverse proxy app service behind application gateway?
问题描述
I have an application gateway configured with my wildcard certificate that I want to use to proxy myapp.azurewebsites.net (an ASP.NET core application) behind myapp.mywebsite.net/mypath.
我有一个配置了我的通配符证书的应用程序网关,我想用它来代理 myapp.mywebsite.net/mypath 后面的 myapp.azurewebsites.net(一个 ASP.NET 核心应用程序)。
I have an existing site running on myapp.mywebsite.net configured in the gateway, but I want just the /mypath route to point to the app service.我有一个在网关中配置的 myapp.mywebsite.net 上运行的现有站点,但我只希望/mypath路由指向应用程序服务。 How can I accomplish this?我怎样才能做到这一点?
1 个解决方案
解决方案1
0 2022-02-02 20:47:16
Step 1 - Configuring the Gateway第 1 步 - 配置网关
- Add a new backend target for
myapp.azurewebsites.net为myapp.azurewebsites.net添加新的后端目标 - Add a new http setting, enable hostname override with specific domain name for
myapp.azurewebsites.net.添加新的 http 设置,为myapp.azurewebsites.net启用具有特定域名的主机名覆盖。 Don't add the path override, we want the/mypathto be passed to the app service.不要添加路径覆盖,我们希望将/mypath传递给应用服务。 - Edit the existing path-based rule for the site:编辑站点的现有基于路径的规则:
- Add new path-based rule添加新的基于路径的规则
- path=
/mypath/*路径= /mypath/* - name=
mypathname// can be whatevername= mypathname// 可以是任何值 - httpsetting=the one we just made httpsetting=我们刚刚做的那个
- backendpool=the one we just made backendpool=我们刚做的那个
- path=
- Add new path-based rule
This will point myapp.mywebsite.net/mypath to the site这会将myapp.mywebsite.net/mypath指向该站点
Step 2 - Configuring the Application第 2 步 - 配置应用程序
Startup.cs - Configure Startup.cs - 配置
See here for more info.请参阅此处了解更多信息。
Add the following to the very start of the Configure method.将以下内容添加到 Configure 方法的开头。 We want headers to be adjusted before all other middleware happens.我们希望在所有其他中间件发生之前调整标头。
app.UseForwardedHeaders(); // Enable hostname to be derived from headers added by app gateway
app.UsePathBase("/mypath"); // Tell ASP.NET that we have a base path
See here for debugging help.有关调试帮助,请参见此处。
Startup.cs - ConfigureServices Startup.cs - 配置服务
We need to tell ASP.NET to trust the gateway headers 我们需要告诉 ASP.NET 信任网关标头
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.AllowedHosts.Add("myapp.mywebsite.net");
options.KnownProxies.Add(IPAddress.Parse("10.my.gateway.ip"));
});
If you are using如果您正在使用
services.AddMicrosoftIdentityWebAppAuthentication(config);
for auth, we need to override the reply url so it points to myapp.mywebsite.net/mypath/signin-oidc instead of myapp.azurewebsites.net/signin-oidc .对于身份验证,我们需要覆盖回复 url 使其指向myapp.mywebsite.net/mypath/signin-oidc而不是myapp.azurewebsites.net/signin-oidc 。 This can be done with:这可以通过以下方式完成:
if (!env.IsDevelopment())
{
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// options.SaveTokens = true; // this saves the token for the downstream api
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async ctxt =>
{
ctxt.ProtocolMessage.RedirectUri = "https://myapp.mywebsite.net/mypath/signin-oidc";
await Task.Yield();
}
};
});
}
We only run this in dev so that running our stuff locally does the default behaviour of filling the replyurl with localhost.我们只在 dev 中运行它,以便在本地运行我们的东西会执行使用 localhost 填充回复 URL 的默认行为。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.