具有 2 个公开的 https 端点和不同端口的 Service Fabric 集群
Service Fabric cluster with 2 exposed https endpoint and different ports
我创建了 2 Stateless Service Fabric 服务,我需要将其公开并通过 https 从 Web 访问:
- 引擎,(Asp.net 核心 API)通过端口 1212 上的 HTTP 和端口 8465 上的 HTTPS 暴露
- 网站(Asp.net 核心 Web 应用程序)通过端口 443 上的 HTTPS 暴露
我现在仅限本地,使用WebListener。
ServiceManifest.XML 引擎
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="EnginePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="EngineType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Engine.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Protocol="http" Name="EngineEndpoint" Type="Input" Port="1212" />
<Endpoint Protocol="https" Name="EngineEndpointSecure" Type="Input" Port="8465" />
</Endpoints>
</Resources>
</ServiceManifest>
ServiceManifest.XML 网站
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="WebsitePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="WebsiteType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Website.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Protocol="https" Name="WebsiteEndpoint" Type="Input" Port="443" />
</Endpoints>
</Resources>
</ServiceManifest>
ENGINE.CS
internal sealed class Engine : StatelessService
{
public Engine(StatelessServiceContext context)
: base(context)
{ }
/// <summary>
/// Optional override to create listeners (like tcp, http) for this service instance.
/// </summary>
/// <returns>The collection of listeners.</returns>
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
return new ServiceInstanceListener[]
{
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "EngineEndpoint", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "EngineEndpoint"),//Name is important for multiple endpoints
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "EngineEndpointSecure", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Secure WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "EngineEndpointSecure")
};
}
}
WEBSITE.CS
internal sealed class Website : StatelessService
{
public Website(StatelessServiceContext context)
: base(context)
{ }
/// <summary>
/// Optional override to create listeners (like tcp, http) for this service instance.
/// </summary>
/// <returns>The collection of listeners.</returns>
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
return new ServiceInstanceListener[]
{
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "WebsiteEndpoint", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "WebsiteEndpoint"),
};
}
}
APPLICATIONMANIFEST.XML
<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ApplicationTypeName="ProjectSFType" ApplicationTypeVersion="1.0.0" xmlns="http://schemas.microsoft.com/2011/01/fabric">
<Parameters>
<!--STATELESS-->
<Parameter Name="Engine_InstanceCount" DefaultValue="-1" />
<Parameter Name="Website_InstanceCount" DefaultValue="-1" />
</Parameters>
<ServiceManifestImport>
<ConfigOverrides />
<Policies>
<EndpointBindingPolicy EndpointRef="WebsiteEndpoint" CertificateRef="FabricFront" />
<EndpointBindingPolicy EndpointRef="EngineEndpointSecure" CertificateRef="FabricFront" />
</Policies>
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="EnginePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="WebsitePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
</ServiceManifestImport>
<DefaultServices>
<Service Name="Engine">
<StatelessService ServiceTypeName="EngineType" InstanceCount="[Engine_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
<Service Name="Website">
<StatelessService ServiceTypeName="WebsiteType" InstanceCount="[Website_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
</DefaultServices>
<Certificates>
<EndpointCertificate X509FindValue="0000000000000" Name="FabricFront" />
</Certificates>
</ApplicationManifest>
启动时在本地集群中发生的情况:
- 端口 1212 上的引擎 HTTP 始终有效
- 如果引擎 HTTPS 端点作为端点从 Engine.cs
中删除,则端口 443 上的网站 HTTPS 端点仅有效
- 引擎 HTTPS 端点永远无法工作 即使网站切换到 HTTP 并且是解决方案中唯一的安全端点,浏览器也会显示 "ERR_CONNECTION RESET" 错误。
在 ServiceFabric Explorer 上,我看到活动和 运行,输出中没有错误。
我尝试了其他端口,结果相同。
我怎样才能完成这项工作?
您的问题有点不清楚,但是如果您尝试 运行 一个端口 1601 和一个端口 443,只有 443 成功。那么这可能是一个特权问题?不同的端口需要不同的权限。
另一方面,如果您试图在端口 443 上绑定两者,那么您可能会遇到冲突,因为它们都使用相同的端口和 url。我们遇到了同样的问题,我们通过执行以下操作设法解决了这个问题:
正在创建 HttpSetup 应用程序,运行是一个
的 powershell 脚本
安装我们的证书并使用 netsh 注册它
&netsh http add sslcert hostnameport="${EndpointHost}:${EndpointPort}" certhash=$CertThumbprint certstorename=$CertStore appid=$AppId
绑定证书 urls,使用 netsh:
&netsh http add urlacl url=$ReservationUrl"
例子urls
https://mydnsname.com/
https://mydnsname.com/api
在我们的 主应用程序 中,我们然后将我们的服务绑定到完整的 urls 因为完整的 urls 没有冲突。我们通过环境参数将 urls 传递给集群。
注意:我们不得不拆分成两个应用程序的原因是因为我们的主应用程序在每次提交时连续部署。当 netsh 运行 同时来自多个部署时,它会锁定并挂在节点上。
ApplicationManifest.xml
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="ApiPkg" ServiceManifestVersion="1.0.0" />
<EnvironmentOverrides CodePackageRef="Code">
<EnvironmentVariable Name="EndpointUri" Value="[Api_EndpointUri]" />
<EnvironmentVariable Name="CertThumbprint" Value="[Api_CertThumbprint]" />
</EnvironmentOverrides>
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="UiPkg" ServiceManifestVersion="1.0.0" />
<EnvironmentOverrides CodePackageRef="Code">
<EnvironmentVariable Name="EndpointUri" Value="[App_EndpointUri]" />
<EnvironmentVariable Name="CertThumbprint" Value="[App_CertThumbprint]" />
</EnvironmentOverrides>
</ServiceManifestImport>
ServiceManifest.xml(两个包)
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="UiPkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="UiType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Ui.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
<EnvironmentVariables>
<EnvironmentVariable Name="EndpointUri" Value="" />
<EnvironmentVariable Name="CertThumbprint" Value="" />
</EnvironmentVariables>
</CodePackage>
<!-- Config package is the contents of the Config directoy under PackageRoot that contains an
independently-updateable and versioned set of custom configuration settings for your service. -->
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<!-- To bind to a specific hostname use netsh from a SetupEntyPoint and change Protocol to tcp here to just open the firewall
-->
<Endpoint Name="ServiceEndpoint" Protocol="tcp" Port="443" />
</Endpoints>
</Resources>
</ServiceManifest>
Program.cs
var listeningAddress = $"{Environment.GetEnvironmentVariable("Api_EndpointUri")}:443/api/";
_webHost = new WebHostBuilder().UseWebListener()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseUrls(listeningAddress)
.Build();
错误是我将 ApplicationManifest.xml 中的 <Policies> 放在两个 <ServiceManifestImport> 的顶部。
每个服务都需要在 <ConfigOverrides />.
下方自己的 <ServiceManifestImport> 中使用不同的 <Policy>
我创建了 2 Stateless Service Fabric 服务,我需要将其公开并通过 https 从 Web 访问:
- 引擎,(Asp.net 核心 API)通过端口 1212 上的 HTTP 和端口 8465 上的 HTTPS 暴露
- 网站(Asp.net 核心 Web 应用程序)通过端口 443 上的 HTTPS 暴露
我现在仅限本地,使用WebListener。
ServiceManifest.XML 引擎
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="EnginePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="EngineType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Engine.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Protocol="http" Name="EngineEndpoint" Type="Input" Port="1212" />
<Endpoint Protocol="https" Name="EngineEndpointSecure" Type="Input" Port="8465" />
</Endpoints>
</Resources>
</ServiceManifest>
ServiceManifest.XML 网站
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="WebsitePkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="WebsiteType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Website.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
</CodePackage>
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<Endpoint Protocol="https" Name="WebsiteEndpoint" Type="Input" Port="443" />
</Endpoints>
</Resources>
</ServiceManifest>
ENGINE.CS
internal sealed class Engine : StatelessService
{
public Engine(StatelessServiceContext context)
: base(context)
{ }
/// <summary>
/// Optional override to create listeners (like tcp, http) for this service instance.
/// </summary>
/// <returns>The collection of listeners.</returns>
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
return new ServiceInstanceListener[]
{
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "EngineEndpoint", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "EngineEndpoint"),//Name is important for multiple endpoints
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "EngineEndpointSecure", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting Secure WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "EngineEndpointSecure")
};
}
}
WEBSITE.CS
internal sealed class Website : StatelessService
{
public Website(StatelessServiceContext context)
: base(context)
{ }
/// <summary>
/// Optional override to create listeners (like tcp, http) for this service instance.
/// </summary>
/// <returns>The collection of listeners.</returns>
protected override IEnumerable<ServiceInstanceListener> CreateServiceInstanceListeners()
{
return new ServiceInstanceListener[]
{
new ServiceInstanceListener(serviceContext =>
new WebListenerCommunicationListener(serviceContext, "WebsiteEndpoint", (url, listener) =>
{
ServiceEventSource.Current.ServiceMessage(serviceContext, $"Starting WebListener on {url}");
return new WebHostBuilder().UseWebListener()
.ConfigureServices(
services => services
.AddSingleton(serviceContext))
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseApplicationInsights()
.UseServiceFabricIntegration(listener, ServiceFabricIntegrationOptions.None)
.UseUrls(url)
.Build();
}), "WebsiteEndpoint"),
};
}
}
APPLICATIONMANIFEST.XML
<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ApplicationTypeName="ProjectSFType" ApplicationTypeVersion="1.0.0" xmlns="http://schemas.microsoft.com/2011/01/fabric">
<Parameters>
<!--STATELESS-->
<Parameter Name="Engine_InstanceCount" DefaultValue="-1" />
<Parameter Name="Website_InstanceCount" DefaultValue="-1" />
</Parameters>
<ServiceManifestImport>
<ConfigOverrides />
<Policies>
<EndpointBindingPolicy EndpointRef="WebsiteEndpoint" CertificateRef="FabricFront" />
<EndpointBindingPolicy EndpointRef="EngineEndpointSecure" CertificateRef="FabricFront" />
</Policies>
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="EnginePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="WebsitePkg" ServiceManifestVersion="1.0.0" />
<ConfigOverrides />
</ServiceManifestImport>
<DefaultServices>
<Service Name="Engine">
<StatelessService ServiceTypeName="EngineType" InstanceCount="[Engine_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
<Service Name="Website">
<StatelessService ServiceTypeName="WebsiteType" InstanceCount="[Website_InstanceCount]">
<SingletonPartition />
</StatelessService>
</Service>
</DefaultServices>
<Certificates>
<EndpointCertificate X509FindValue="0000000000000" Name="FabricFront" />
</Certificates>
</ApplicationManifest>
启动时在本地集群中发生的情况:
- 端口 1212 上的引擎 HTTP 始终有效
- 如果引擎 HTTPS 端点作为端点从 Engine.cs 中删除,则端口 443 上的网站 HTTPS 端点仅有效
- 引擎 HTTPS 端点永远无法工作 即使网站切换到 HTTP 并且是解决方案中唯一的安全端点,浏览器也会显示 "ERR_CONNECTION RESET" 错误。
在 ServiceFabric Explorer 上,我看到活动和 运行,输出中没有错误。 我尝试了其他端口,结果相同。
我怎样才能完成这项工作?
您的问题有点不清楚,但是如果您尝试 运行 一个端口 1601 和一个端口 443,只有 443 成功。那么这可能是一个特权问题?不同的端口需要不同的权限。
另一方面,如果您试图在端口 443 上绑定两者,那么您可能会遇到冲突,因为它们都使用相同的端口和 url。我们遇到了同样的问题,我们通过执行以下操作设法解决了这个问题:
正在创建 HttpSetup 应用程序,运行是一个
的 powershell 脚本安装我们的证书并使用 netsh 注册它
&netsh http add sslcert hostnameport="${EndpointHost}:${EndpointPort}" certhash=$CertThumbprint certstorename=$CertStore appid=$AppId绑定证书 urls,使用 netsh:
&netsh http add urlacl url=$ReservationUrl"例子urls
https://mydnsname.com/https://mydnsname.com/api
在我们的 主应用程序 中,我们然后将我们的服务绑定到完整的 urls 因为完整的 urls 没有冲突。我们通过环境参数将 urls 传递给集群。
注意:我们不得不拆分成两个应用程序的原因是因为我们的主应用程序在每次提交时连续部署。当 netsh 运行 同时来自多个部署时,它会锁定并挂在节点上。
ApplicationManifest.xml
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="ApiPkg" ServiceManifestVersion="1.0.0" />
<EnvironmentOverrides CodePackageRef="Code">
<EnvironmentVariable Name="EndpointUri" Value="[Api_EndpointUri]" />
<EnvironmentVariable Name="CertThumbprint" Value="[Api_CertThumbprint]" />
</EnvironmentOverrides>
</ServiceManifestImport>
<ServiceManifestImport>
<ServiceManifestRef ServiceManifestName="UiPkg" ServiceManifestVersion="1.0.0" />
<EnvironmentOverrides CodePackageRef="Code">
<EnvironmentVariable Name="EndpointUri" Value="[App_EndpointUri]" />
<EnvironmentVariable Name="CertThumbprint" Value="[App_CertThumbprint]" />
</EnvironmentOverrides>
</ServiceManifestImport>
ServiceManifest.xml(两个包)
<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="UiPkg"
Version="1.0.0"
xmlns="http://schemas.microsoft.com/2011/01/fabric"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ServiceTypes>
<StatelessServiceType ServiceTypeName="UiType" />
</ServiceTypes>
<CodePackage Name="Code" Version="1.0.0">
<EntryPoint>
<ExeHost>
<Program>Ui.exe</Program>
<WorkingFolder>CodePackage</WorkingFolder>
</ExeHost>
</EntryPoint>
<EnvironmentVariables>
<EnvironmentVariable Name="EndpointUri" Value="" />
<EnvironmentVariable Name="CertThumbprint" Value="" />
</EnvironmentVariables>
</CodePackage>
<!-- Config package is the contents of the Config directoy under PackageRoot that contains an
independently-updateable and versioned set of custom configuration settings for your service. -->
<ConfigPackage Name="Config" Version="1.0.0" />
<Resources>
<Endpoints>
<!-- To bind to a specific hostname use netsh from a SetupEntyPoint and change Protocol to tcp here to just open the firewall
-->
<Endpoint Name="ServiceEndpoint" Protocol="tcp" Port="443" />
</Endpoints>
</Resources>
</ServiceManifest>
Program.cs
var listeningAddress = $"{Environment.GetEnvironmentVariable("Api_EndpointUri")}:443/api/";
_webHost = new WebHostBuilder().UseWebListener()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseUrls(listeningAddress)
.Build();
错误是我将 ApplicationManifest.xml 中的 <Policies> 放在两个 <ServiceManifestImport> 的顶部。
每个服务都需要在 <ConfigOverrides />.
<ServiceManifestImport> 中使用不同的 <Policy>