您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

可缩放的 Web 应用程序

Cosmos DB
Front Door
SQL 数据库

此参考体系结构显示的经验证做法可以改进 Azure 应用服务 Web 应用程序的可伸缩性和性能。This reference architecture shows proven practices for improving scalability and performance in an Azure App Service web application.

GitHub 徽标 github上提供了此体系结构的参考实现。GitHub logo A reference implementation for this architecture is available on GitHub.

Azure 中改进了可伸缩性的 Web 应用程序

下载此体系结构的 Visio 文件Download a Visio file of this architecture.


此体系结构基于基本 Web 应用程序中显示的体系结构。This architecture builds on the one shown in Basic web application. 它包括以下组件:It includes the following components:

  • Web 应用Web app. 典型的现代应用程序可能包括一个网站以及一个或多个 RESTful Web API。A typical modern application might include both a website and one or more RESTful web APIs. Web API 可供浏览器客户端通过 AJAX 来使用,也可供本机客户端应用程序或服务器端应用程序使用。A web API might be consumed by browser clients through AJAX, by native client applications, or by server-side applications. 有关设计 Web API 的注意事项,请参阅 API 设计指南For considerations on designing web APIs, see API design guidance.
  • 前门。Front Door. 前门 是第7层负载均衡器。Front Door is a layer 7 load balancer. 在此体系结构中,它将 HTTP 请求路由到 Web 前端。In this architecture, it routes HTTP requests to the web front end. 前门还提供了一个 web 应用程序防火墙 (WAF) ,以保护应用程序免受常见攻击和漏洞的侵害。Front Door also provides a web application firewall (WAF) that protects the application from common exploits and vulnerabilities.
  • Function AppFunction App. 使用 Function App 运行后台任务。Use Function Apps to run background tasks. Functions 由触发器(例如计时器事件或将消息置于队列中的事件)调用。Functions are invoked by a trigger, such as a timer event or a message being placed on queue. 对于长时间运行的有状态任务,请使用 Durable FunctionsFor long-running stateful tasks, use Durable Functions.
  • 队列Queue. 在此处显示的体系结构中,应用程序通过向 Azure 队列存储队列放置消息,将后台任务排队。In the architecture shown here, the application queues background tasks by putting a message onto an Azure Queue storage queue. 消息会触发函数应用。The message triggers a function app. 也可使用服务总线队列。Alternatively, you can use Service Bus queues. 如需比较,请参阅 Azure 队列和服务总线队列 - 比较与对照For a comparison, see Azure Queues and Service Bus queues - compared and contrasted.
  • 缓存Cache. 用于 Redis 的 Azure 缓存中存储半静态数据。Store semi-static data in Azure Cache for Redis.
  • CDNCDN. 使用 Azure 内容分发网络 (CDN) 缓存公开提供的内容,以便降低延迟并加快内容分发速度。Use Azure Content Delivery Network (CDN) to cache publicly available content for lower latency and faster delivery of content.
  • 数据存储Data storage. 对关系数据使用 Azure SQL 数据库Use Azure SQL Database for relational data. 对于非关系数据,可考虑 Cosmos DBFor non-relational data, consider Cosmos DB.
  • Azure 认知搜索Azure Cognitive Search. 使用 Azure 认知搜索 添加搜索功能,例如搜索建议、模糊搜索和语言特定的搜索。Use Azure Cognitive Search to add search functionality such as search suggestions, fuzzy search, and language-specific search. Azure 搜索通常与其他数据存储结合使用,尤其是在主数据存储对一致性要求严格的情况下。Azure Search is typically used in conjunction with another data store, especially if the primary data store requires strict consistency. 此方法将权威数据存储在其他数据存储中,将搜索索引存储在 Azure 搜索中。In this approach, store authoritative data in the other data store and the search index in Azure Search. 也可使用 Azure 搜索合并来自多个数据存储的单一搜索索引。Azure Search can also be used to consolidate a single search index from multiple data stores.
  • Azure DNSAzure DNS. Azure DNS 是 DNS 域的托管服务,它使用 Microsoft Azure 基础结构提供名称解析。Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. 通过在 Azure 中托管域,可以使用与其他 Azure 服务相同的凭据、API、工具和计费来管理 DNS 记录。By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.


你的要求可能不同于此处描述的体系结构。Your requirements might differ from the architecture described here. 请使用本部分中的建议作为入手点。Use the recommendations in this section as a starting point.

应用服务应用App Service apps

建议以独立应用服务应用的形式创建 Web 应用程序和 Web API。We recommend creating the web application and the web API as separate App Service apps. 此设计允许你按独立的应用服务计划运行它们,以便对它们进行单独缩放。This design lets you run them in separate App Service plans so they can be scaled independently. 如果一开始不需要该级别的可伸缩性,可以先将应用部署到同一计划中,再在以后根据需要将其移至独立的计划中。If you don't need that level of scalability initially, you can deploy the apps into the same plan and move them into separate plans later if necessary.


“基本”、“标准”和“高级”计划按计划中的 VM 实例计费,而不是按应用计费。For the Basic, Standard, and Premium plans, you are billed for the VM instances in the plan, not per app. 请参阅 应用服务定价See App Service Pricing


可以使用 用于 Redis 的 Azure 缓存 来缓存一些数据,从而提高性能和伸缩性。You can improve performance and scalability by using Azure Cache for Redis to cache some data. 请考虑使用适用于 Redis 的 Azure Cache:Consider using Azure Cache for Redis for:

  • 半静态事务数据。Semi-static transaction data.
  • 会话状态。Session state.
  • HTML 输出。HTML output. 这适用于可呈现复杂 HTML 输出的应用程序。This can be useful in applications that render complex HTML output.

有关缓存策略设计的更详细指南,请参阅缓存指南For more detailed guidance on designing a caching strategy, see Caching guidance.


使用 Azure CDN 来缓存静态内容。Use Azure CDN to cache static content. CDN 的主要优势是降低用户的延迟,因为内容缓存在靠近用户的边缘服务器上。The main benefit of a CDN is to reduce latency for users, because content is cached at an edge server that is geographically close to the user. CDN 还可以减轻应用程序的负载,因为相应的流量不是由应用程序处理。CDN can also reduce load on the application, because that traffic is not being handled by the application.

如果应用包含的内容大部分为静态页面,可考虑使用 CDN 来缓存整个应用If your app consists mostly of static pages, consider using CDN to cache the entire app. 否则,请将静态内容(例如图像、CSS 和 HTML 文件)置于 Azure 存储中,并使用 CDN 缓存这些文件Otherwise, put static content such as images, CSS, and HTML files, into Azure Storage and use CDN to cache those files.


Azure CDN 不能提供需要身份验证的内容。Azure CDN cannot serve content that requires authentication.

如需更详细的指南,请参阅内容分发网络 (CDN) 指南For more detailed guidance, see Content Delivery Network (CDN) guidance.


现代应用程序通常处理大量的数据。Modern applications often process large amounts of data. 若要进行适合云的缩放,请务必选择适当的存储类型。In order to scale for the cloud, it's important to choose the right storage type. 以下是一些基线建议。Here are some baseline recommendations.

要存储的内容What you want to store 示例Example 建议的存储Recommended storage
文件Files 图像、文档、PDFImages, documents, PDFs Azure Blob 存储Azure Blob Storage
键值对Key/Value pairs 按用户 ID 查找的用户配置文件数据User profile data looked up by user ID Azure 表存储Azure Table storage
旨在触发进一步处理的短消息Short messages intended to trigger further processing 订单请求Order requests Azure 队列存储、服务总线队列或服务总线主题Azure Queue storage, Service Bus queue, or Service Bus topic
架构灵活但只需要进行基本查询的非关系数据Non-relational data with a flexible schema requiring basic querying 产品目录Product catalog 文档数据库,例如 Azure Cosmos DB、MongoDB 或 Apache CouchDBDocument database, such as Azure Cosmos DB, MongoDB, or Apache CouchDB
需要更丰富的查询支持、严格的架构和/或高一致性的关系数据Relational data requiring richer query support, strict schema, and/or strong consistency 产品清单Product inventory Azure SQL 数据库Azure SQL Database

请参阅选择适当的数据存储See Choose the right data store.

成本注意事项Cost considerations

使用缓存来减少为不经常更改的内容提供服务的服务器上的负载。Use caching to reduce the load on servers that serve content that doesn't change frequently. 页面的每个呈现周期都可能会影响成本,因为它消耗计算、内存和带宽。Every render cycle of a page can impact cost because it consumes compute, memory, and bandwidth. 使用缓存可以显著减少这些开销,尤其是对于静态内容服务(如 JavaScript 单页应用和媒体流式处理内容)。Those costs can be reduced significantly by using caching, especially for static content services, such as JavaScript single-page apps and media streaming content.

如果你的应用程序具有静态内容,请使用 CDN 降低前端服务器上的负载。If your app has static content, use CDN to decrease the load on the front end servers. 对于不经常更改的数据,请使用 Azure Cache for Redis。For data that doesn't change frequently, use Azure Cache for Redis.

配置为自动缩放的无状态应用比有状态应用更具成本效益。Stateless apps that are configured for autoscaling are more cost effective than stateful apps. 对于 ASP.NET 应用程序,请将会话状态存储在内存中,使用 Azure Cache for Redis。For an ASP.NET application, store your session state in-memory with Azure Cache for Redis. 有关详细信息,请参阅 ASP.NET Session State Provider For Azure Cache For RedisFor more information, see ASP.NET Session State Provider for Azure Cache for Redis. 另一种方法是通过会话状态提供程序将 Cosmos DB 用作后端状态存储。Another option is to use Cosmos DB as a backend state store through a session state provider. 请参阅 支持 Azure Cosmos DB 和 Azure RedisSee Support Azure Cosmos DB and Azure Redis.

有关详细信息,请参阅 Microsoft Azure Well-Architected 框架中的 "成本" 部分。For more information, see the cost section in the Microsoft Azure Well-Architected Framework.

考虑将 function app 置于专用应用服务计划中,以便在处理 HTTP 请求的同一实例上运行后台任务。Consider placing a function app into a dedicated App Service plan so that background tasks don't run on the same instances that handle HTTP requests. 如果后台任务间歇性运行,可以考虑使用消耗计划,该计划按执行数而不是小时数收费。If background tasks run intermittently, consider using a consumption plan, which is billed based on the number of executions, rather than hourly.

使用 定价计算器 估算成本。Use the pricing calculator to estimate costs.

可伸缩性注意事项Scalability considerations

Azure 应用服务的主要优势是能够根据负载缩放应用程序。A major benefit of Azure App Service is the ability to scale your application based on load. 下面是在计划缩放应用程序时需要考虑的一些注意事项。Here are some considerations to keep in mind when planning to scale your application.

应用服务应用App Service app

如果解决方案包括多个应用服务应用,可考虑将其部署到不同的应用服务计划。If your solution includes several App Service apps, consider deploying them to separate App Service plans. 这种方法允许独立缩放应用,因为应用在不同的实例上运行。This approach enables you to scale them independently because they run on separate instances.

SQL 数据库SQL Database

通过数据库分片,增加 SQL 数据库的可伸缩性。Increase scalability of a SQL database by sharding the database. 分片是指将数据库水平分区。Sharding refers to partitioning the database horizontally. 可以通过分片,使用弹性数据库工具横向扩展数据库。Sharding allows you to scale out the database horizontally using Elastic Database tools. 分片的潜在好处包括:Potential benefits of sharding include:

  • 提高事务吞吐量。Better transaction throughput.
  • 对数据子集运行查询可以提高速度。Queries can run faster over a subset of the data.

Azure Front DoorAzure Front Door

前门可以执行 SSL 卸载,还可以减少与后端 web 应用之间的 TCP 连接总数。Front Door can perform SSL offload and also reduces the total number of TCP connections with the backend web app. 这提高了可伸缩性,因为 web 应用管理较小的 SSL 握手和 TCP 连接量。This improves scalability because the web app manages a smaller volume of SSL handshakes and TCP connections. 即使将请求作为 HTTPS 转发到 web 应用,也会带来这些性能增益,因为连接的使用率较高。These performance gains apply even if you forward the requests to the web app as HTTPS, due to the high level of connection reuse.

Azure 搜索没有在主数据存储中执行复杂的数据搜索所需的开销,并可通过缩放来处理负载。Azure Search removes the overhead of performing complex data searches from the primary data store, and it can scale to handle load. 请参阅在 Azure 搜索中缩放用于查询和索引工作负荷的资源级别See Scale resource levels for query and indexing workloads in Azure Search.

安全注意事项Security considerations

本部分列出专门与本文中所述 Azure 服务相关的安全注意事项,This section lists security considerations that are specific to the Azure services described in this article. 这并不是 web 应用程序安全最佳做法的完整列表。It's not a complete list of security best practices for web applications. 有关其他安全注意事项,请参阅 在 Azure App Service 中保护应用For additional security considerations, see Secure an app in Azure App Service.

限制传入流量Restrict incoming traffic

将应用程序配置为仅接受来自前门的流量。Configure the application to accept traffic only from Front Door. 这可确保所有流量在到达应用之前都要经历 WAF。This ensures that all traffic goes through the WAF before reaching the app. 有关详细信息,请参阅 如何实现锁定对我的后端的访问仅限于 Azure 前门?For more information, see How do I lock down the access to my backend to only Azure Front Door?

跨源资源共享 (CORS)Cross-Origin Resource Sharing (CORS)

如果将网站和 Web API 作为独立应用创建,则网站不能向 API 进行客户端 AJAX 调用,除非启用 CORS。If you create a website and web API as separate apps, the website cannot make client-side AJAX calls to the API unless you enable CORS.


浏览器安全性将阻止网页向另一个域发出 AJAX 请求。Browser security prevents a web page from making AJAX requests to another domain. 这种限制称为同域策略,可阻止恶意站点读取另一个站点中的敏感数据。This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. CORS 是一项 W3C 标准,可让服务器放宽同域策略,在拒绝某些跨域请求的同时,允许另一些跨域请求。CORS is a W3C standard that allows a server to relax the same-origin policy and allow some cross-origin requests while rejecting others.

应用服务内置了对 CORS 的支持,不需编写任何应用程序代码。App Services has built-in support for CORS, without needing to write any application code. 请参阅借助 CORS 从 JavaScript 使用 API 应用See Consume an API app from JavaScript using CORS. 请将网站添加到 API 允许域的列表。Add the website to the list of allowed origins for the API.

SQL 数据库加密SQL Database encryption

如需加密数据库中的静态数据,请使用透明数据加密Use Transparent Data Encryption if you need to encrypt data at rest in the database. 此功能对整个数据库(包括备份和事务日志文件)执行实时加密和解密,不需对应用程序进行更改。This feature performs real-time encryption and decryption of an entire database (including backups and transaction log files) and requires no changes to the application. 加密会增加一些延迟,因此最好将必须保护的数据单独放置在自己的数据库中,仅对该数据库启用加密。Encryption does add some latency, so it's a good practice to separate the data that must be secure into its own database and enable encryption only for that database.

DevOps 注意事项DevOps considerations

前端部署Front-end deployment

此体系结构构建在 基本 web 应用程序的基础上,请参阅 DevOps 注意事项部分This architecture builds on the one shown in Basic web application, see the DevOps considerations section.

后续步骤Next steps