Azure网站 - 使用PowerShell或跨平台CLI配置SSL绑定

Question

我们的情况是,我们希望经常向许多Azure网站添加新的自定义子域,并且我们需要能够自动化该过程,以便最大限度地减少对手动干预的需求以及将某些内容搞砸的风险.

Azure Cross-Platform CLI工具和PowerShell cmdlet为我提供了足够的功能,可以将其全部编写,SSL绑定明显例外......这些网站都是仅限HTTPS的,我们添加的每个域都需要SNI SSL捆绑.

Azure管理门户允许您手动配置网站域的SSL绑定.如何使用PowerShell cmdlet或跨平台CLI工具实现相同目的？如果不可能使用这些工具中的任何一种,那么我是否有其他方法可以在我们向网站添加/删除域时编写流程脚本？

Answer 1

我终于通过使用Azure网站管理REST API成功地完成了这项工作.

我在2014年根据我的示例代码生成的原始文档已不再可用,但Zain在评论中提到并链接到博客帖子的Azure资源浏览器在我看来是一种优越的资源.直接链接:https://resources.azure.com/

Service Management REST API Reference似乎与我使用的原始文档最接近,但目前缺少任何关于Azure Web Apps(以前称为Azure Web站点)的内容:https://msdn.microsoft.com/library/azure/ee460799的.aspx

例如:

using System;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Formatting;
using System.Net.Http.Headers;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;

private const string managementThumbprint = "0000000000000000000000000000000000000000";
private const string subscriptionId = "00000000-0000-0000-0000-000000000000";

private const string sslThumbprint = "0000000000000000000000000000000000000000";
private const string webspace = "eastasiawebspace";
private const string websiteName = "myWebsite";
private const string websiteDomain = "myDomain";
private const SslState sslState = SslState.SniEnabled;

public async Task SetSslState()
{
    //Retrieve management certificate
    var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
    store.Open(OpenFlags.ReadOnly);
    var certificate = store.Certificates.Cast<X509Certificate2>().First(xc => xc.Thumbprint.Equals(managementThumbprint, StringComparison.OrdinalIgnoreCase));

    //Setup http client
    var handler = new WebRequestHandler();
    handler.ClientCertificates.Add(certificate);
    var client = new HttpClient(handler) {
        BaseAddress = new Uri("https://management.core.windows.net/" + subscriptionId + "/services/WebSpaces/")
    };
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    client.DefaultRequestHeaders.Add("x-ms-version", "2014-06-01");

    var requestData = new {
        HostNameSslStates = new[] {
            new {
                Name = websiteDomain,
                SslState = (long)sslState,
                Thumbprint = sslThumbprint,
                ToUpdate = true
            }
        }
    };
    var response = await client.PutAsJsonAsync(webspace + "/sites/" + websiteName, requestData);
}

public enum SslState
{
    Disabled = 0,
    SniEnabled = 1,
    IpBasedEnabled = 2
}