We have an AspNetCore WebAPI and an WebApp deployed in a couple of Azure Container Instances, and need to configure the HTTPS for both.
Right now (in development) we use self-sign certificates (.pfx) that are loaded on startup from a path in the container.
We are interested in using Let's Encrypt certificates but in my research I can't find a way to configure Let's Encrypt using Azure Container Instances. I can only find ways to configure Azure App Service and projects hosted in VMs.
Does anyone know of any way to do this configuration? Or some example that even if it is not identical, I can base it to make this configuration.
Thanks.
Related
I need to call some API of an application from some other application using certificate authentication.
I can access local application certificate using StoreName=My;StoreLocation=LocalMachine;FindType=FindByThumbprint;FindValue=83D2CEE781FC8D7E6C5372433CBACA75F9BC4B34
But I am not able to access the certificate of application which is hosted in Azure.
Can you please suggest how to access certificate parameters from Azure like StoreName and StoreLocation from my local application?
Can you elaborate what you mean with hosted in Azure? App Services, Container, AKS, VM, etc?
For App Services there is an option you might want to give a shot:
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code#load-certificate-in-windows-apps
You can also store certificates in KeyVault and access those securely - but this would require code changes. Example for secrets, but works similar for certificates
If you want 100% the same way it works currently, you will need to stick with VMs.
I am using Azure App Service to access a webservice hosted elsewhere. The webservice requires mutual TLS Authentication.
I have been given the public certificate from the provider of the webservice but where do I install this public certificate in Azure? In a traditional server environment, I would install in the certificate store. But in Azure, do I install it on the application gateway? or the Vault? How does Azure app service know where the certificate is installed and present it?
Private and Public certificates can be uploaded to Azure Web App: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal
Code running in Azure Web App can access those certificates in different ways, it depends on what language and runtime your application is using: https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code
In regards to your other questions:
"do I install it on the application gateway"?
From what I understand, your application is going to make outgoing calls to a webservice hosted elsewhere. Azure Web App outgoing traffic does not go through Application Gateway - so no, in your case storing certificate in Azure Web App and accessing it from the code is a good solution.
"or the Vault"? Azure Web App can also store certificates in Azure Key Vault. Your code could also connect to Azure Key Vault directly, bypassing Azure Web App key store altogether.
Finally, "How does Azure app service know where the certificate is installed and present it?" Please see the first two links I provided.
In the future, Azure has an excellent documentation on all of their products, a simple search engine search typically helps to narrow down many primitive answers.
Welcome to StackOverflow!
Good day dear community,
i have a smaller project where i need to search for different possibilities to deploy a website under azure portal.
Personally i found 4 different ways how to do it.
App services
App functions Serverless (which i dont understand how to deploy there a website)
Install a VM and then deploy a website
Use docker to deploy your code
Question:
Are there any more ways to deploy a website under azure and can somebody explain the deployment of websites with serverless as i dont understand how to publish a website there. i just managed to get the httptriggers and i am confused with that.
Thanks in advance
sorry for any spelling mistakes.
You can deploy to a website to a VM. But first you will have to setup the VM to be a web server. There are many different pre-configured images with either Linux or Windows OS. This will require you manage the OS of the VM.
An Azure App Service will abstract the OS and VM away from you. The OS will be managed for you and you can configure many settings through the Azure Portal. There are different plans that allow you to use more compute and/or memory. You can also setup Authentication through the portal. You can also elect to deploy you website inside a container to an App Service.
There are also Azure Function Apps which can be used. Azure Function Apps are not intended to serve as the backend to a website, but it can be. These are meant to serve only one purpose, not many like the backend of a whole website ( for example, you might use a different function app to serve content each page of a website instead of just one app service having multiple endpoints serving all pages of a website). With Azure function apps, you can deploy in a container or not in a container.
I am not sure what you mean by number 4, Container over docker. You can deploy a docker container an App Service or a Function App. You can deploy the container to docker hub or azure container registry (to name a couple), but that will not deploy your website so that it is accessible.
I'm trying to enable HTTPS on my Azure cloud service.
It doesn't belong to azurewebsites.
I'm using a self-signed certificate, already generated.
Following this guide I encounter a problem: I'm not able to access to the .csdef file to modify WebRole section to create a proper endpoint as described in the guide.
I would like to know if there's any method to enable HTTPS using self-signed certificates through the Azure Portal.
I tried to open the 443 port naming the endpoint HTTPS, using TCP protocol; unfortunately I notice that modifying the .csdef file instead it's possible to apply the https protocol directly.
Can you help me? I'm kind of stuck at the moment.
The Service configuration file and Service package were placed in storage. With Get Package (REST API) you can retrieve cloud service package that used for deployment before.
Also here is a more detailed article: Download Microsoft Azure Cloud Service Package files, hope it do help.
During the development, we didn't get the domain binding for our application, so we just use the Azure URL, something like this: xxx.cloudapp.net.
Because we would like our website use HTTPS protocol, we need to use a certificate, just follow the MSDN, we generated the self-signed pfx file using IIS Manager. Before we publish our application to cloud, we upload the pfx file to cloud by the portal page.
So my question is, is above the only way for this situation? Which I means, I need to upload the certificate to cloud manually first, then publish the application? Is there a way I don't need to to this, something like I even not rely on IIS Manager, the cloud can generate a certificate?
Simple answer to your question is No, Azure can't create a certificate for you. But you could do the same.
To elaborate further, let me explain you what's happening behind the scenes. So you have uploaded the PFX certificate in the portal and in your application configuration screen you have specified the thuumbprint of that certificate. When Azure Fabric Controller spins of the VM, it checks for this certificate thumbprint and based on that it fetches the certificate you uploaded previously and installs that certificate. Furthermore it makes changes to the IIS settings does the SSL magic. Now if you want (not sure why) but you could do the same. If we take just development environment, what you could do is write a startup task which would first create a certificate using makecert utility. Then you would write some IIS scripts which will do the SSL magic for IIS.
Yet another thing you could do is automate the deployment of your code using Azure PowerShell Cmdlets. As a part of deployment automation, 1st thing you would do is upload the SSL certificate using Add-AzureCertificate and then create a deployment of your service using New-AzureDeployment.