[英]How to path-based reverse proxy app service behind application gateway?
I have an application gateway configured with my wildcard certificate that I want to use to proxy myapp.azurewebsites.net (an ASP.NET core application) behind myapp.mywebsite.net/mypath.我有一个配置了我的通配符证书的应用程序网关,我想用它来代理 myapp.mywebsite.net/mypath 后面的 myapp.azurewebsites.net(一个 ASP.NET 核心应用程序)。
I have an existing site running on myapp.mywebsite.net configured in the gateway, but I want just the /mypath
route to point to the app service.我有一个在网关中配置的 myapp.mywebsite.net 上运行的现有站点,但我只希望
/mypath
路由指向应用程序服务。 How can I accomplish this?我怎样才能做到这一点?
myapp.azurewebsites.net
myapp.azurewebsites.net
添加新的后端目标myapp.azurewebsites.net
.myapp.azurewebsites.net
启用具有特定域名的主机名覆盖。 Don't add the path override, we want the /mypath
to be passed to the app service./mypath
传递给应用服务。/mypath/*
/mypath/*
mypathname
// can be whatever mypathname
// 可以是任何值This will point myapp.mywebsite.net/mypath
to the site这会将
myapp.mywebsite.net/mypath
指向该站点
See here for more info.请参阅此处了解更多信息。
Add the following to the very start of the Configure method.将以下内容添加到 Configure 方法的开头。 We want headers to be adjusted before all other middleware happens.
我们希望在所有其他中间件发生之前调整标头。
app.UseForwardedHeaders(); // Enable hostname to be derived from headers added by app gateway
app.UsePathBase("/mypath"); // Tell ASP.NET that we have a base path
See here for debugging help.有关调试帮助,请参见此处。
We need to tell ASP.NET to trust the gateway headers 我们需要告诉 ASP.NET 信任网关标头
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.AllowedHosts.Add("myapp.mywebsite.net");
options.KnownProxies.Add(IPAddress.Parse("10.my.gateway.ip"));
});
If you are using如果您正在使用
services.AddMicrosoftIdentityWebAppAuthentication(config);
for auth, we need to override the reply url so it points to myapp.mywebsite.net/mypath/signin-oidc
instead of myapp.azurewebsites.net/signin-oidc
.对于身份验证,我们需要覆盖回复 url 使其指向
myapp.mywebsite.net/mypath/signin-oidc
而不是myapp.azurewebsites.net/signin-oidc
。 This can be done with:这可以通过以下方式完成:
if (!env.IsDevelopment())
{
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// options.SaveTokens = true; // this saves the token for the downstream api
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = async ctxt =>
{
ctxt.ProtocolMessage.RedirectUri = "https://myapp.mywebsite.net/mypath/signin-oidc";
await Task.Yield();
}
};
});
}
We only run this in dev so that running our stuff locally does the default behaviour of filling the replyurl with localhost.我们只在 dev 中运行它,以便在本地运行我们的东西会执行使用 localhost 填充回复 URL 的默认行为。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.