您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

将自定义 SSL 证书绑定到 Function AppBind a custom SSL certificate to a function app

此示例脚本在应用服务中创建一个 Function App 及其相关资源,然后将自定义域名的 SSL 证书绑定到该应用。This sample script creates a function app in App Service with its related resources, then binds the SSL certificate of a custom domain name to it. 在此示例中,需要以下项:For this sample, you need:

  • 对域注册机构的 DNS 配置页的访问权限。Access to your domain registrar's DNS configuration page.
  • 要上传和绑定的 SSL 证书的有效 .PFX 文件及其密码。A valid .PFX file and its password for the SSL certificate you want to upload and bind.
  • 已在自定义域中配置了一个指向 Web 应用的默认域名的 A 记录。Have configured an A record in your custom domain that points to your web app's default domain name. 有关详细信息,请参阅适用于 Azure 应用服务的映射自定义域说明For more information, see the Map custom domain instructions for Azure App Service.

若要绑定 SSL 证书,必须在高级计划或应用服务计划(而不是消耗计划)中创建 Function App。To bind an SSL certificate, your function app must be created in a Premium plan or an App Service plan and not in a Consumption plan.

如果还没有 Azure 订阅,可以在开始前创建一个免费帐户If you don't have an Azure subscription, create a free account before you begin.

打开 Azure Cloud ShellOpen Azure Cloud Shell

Azure Cloud Shell 是一个托管在 Azure 中的交互式 shell 环境,可通过浏览器使用。Azure Cloud Shell is an interactive shell environment hosted in Azure and used through your browse. Azure Cloud Shell 允许你使用 bashPowerShell shell 运行各种工具来使用 Azure 服务。Azure Cloud Shell allows you to use either bash or PowerShell shells to run a variety of tools to work with Azure services. Azure Cloud Shell 预安装了一些命令,允许你运行本文的内容,而不必在本地环境中安装任何内容。Azure Cloud Shell comes pre-installed with the commands to allow you to run the content of this article without having to install anything on your local environment.

若要在 Azure Cloud Shell 上运行本文中包含的任何代码,请打开 Cloud Shell 会话,对代码块使用“复制” 按钮以复制代码,然后使用 Ctrl+Shift+V(在 Windows 和 Linux 上)或 Cmd+Shift+V(在 macOS 上)将其粘贴到 Cloud Shell 会话中。To run any code contained in this article on Azure Cloud Shell, open a Cloud Shell session, use the Copy button on a code block to copy the code, and paste it into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS. 粘贴的文本不会自动执行,因此请按 Enter 运行代码。Pasted text is not automatically executed, so press Enter to run code.

可以通过以下方式启动 Azure Cloud Shell:You can launch Azure Cloud Shell with:

选项Option 示例/链接Example/Link
选择代码块右上角的“试用”。 Select Try It in the upper-right corner of a code block. 这__不__会自动将文本复制到 Cloud Shell。This doesn't automatically copy text to Cloud Shell. Azure Cloud Shell 的“试用”示例
在浏览器中打开 Azure Cloud ShellOpen Azure Cloud Shell in your browser. <a href="https://shell.azure.com" title="启动 Azure Cloud Shell
选择 Azure 门户右上角菜单上的“Cloud Shell” 按钮。Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal. Azure 门户中的“Cloud Shell”按钮

如果选择本地安装和使用 CLI,必须运行 Azure CLI 版本 2.0 或更高版本。If you choose to install and use the CLI locally, you must be running the Azure CLI version 2.0 or later. 运行 az --version 即可查找版本。Run az --version to find the version. 如需进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install the Azure CLI.

示例脚本Sample script

#!/bin/bash

# Function app and storage account names must be unique.
storageName=mystorageaccount$RANDOM
functionAppName=myconsumptionfunc$RANDOM

# TODO:
# Before starting, go to your DNS configuration UI for your custom domain and follow the 
# instructions at https://aka.ms/appservicecustomdns to configure an A record 
# and point it your web app's default domain name. 
fqdn=<Replace with www.{yourcustomdomain}>
pfxPath=<Replace with path to your .PFX file>
pfxPassword=<Replace with your .PFX password>

# Create a resource resourceGroupName
az group create \
  --name myResourceGroup \
  --location westeurope

# Create an azure storage account
az storage account create \
  --name $storageName \
  --location westeurope \
  --resource-group myResourceGroup \
  --sku Standard_LRS

# Create an App Service plan in Basic tier (minimum required by custom domains).
az appservice plan create \
  --name FunctionAppWithAppServicePlan \
  --location westeurope \
  --resource-group myResourceGroup \
  --sku B1

# Create a Function App
az functionapp create \
  --name $functionAppName \
  --storage-account $storageName \
  --plan FunctionAppWithAppServicePlan \
  --resource-group myResourceGroup

# Map your prepared custom domain name to the function app.
az functionapp config hostname add \
  --name $functionAppName \
  --resource-group myResourceGroup \
  --hostname $fqdn

# Upload the SSL certificate and get the thumbprint.
thumbprint=$(az functionapp config ssl upload --certificate-file $pfxPath \
--certificate-password $pfxPassword --name $functionAppName --resource-group myResourceGroup \
--query thumbprint --output tsv)

# Binds the uploaded SSL certificate to the function app.
az functionapp config ssl bind \
  --certificate-thumbprint $thumbprint \
  --ssl-type SNI \
  --name $functionAppName \
  --resource-group myResourceGroup

echo "You can now browse to https://$fqdn"

清理部署Clean up deployment

运行示例脚本后,可以使用以下命令删除资源组以及与其关联的所有资源。After the sample script has been run, the following command can be used to remove the resource group and all resources associated with it.

az group delete --name myResourceGroup

脚本说明Script explanation

此脚本使用以下命令。This script uses the following commands. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

命令Command 说明Notes
az group createaz group create 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
az storage account createaz storage account create 创建 Function App 所需的存储帐户。Creates a storage account required by the function app.
az appservice plan createaz appservice plan create 创建绑定 SSL 证书所需的应用服务计划。Creates an App Service plan required to bind SSL certificates.
az functionapp createaz functionapp create 在应用服务计划中创建函数应用。Creates a function app in the App Service plan.
az functionapp config hostname addaz functionapp config hostname add 将自定义域映射到 Function App。Maps a custom domain to a function app.
az functionapp config ssl uploadaz functionapp config ssl upload 将 SSL 证书上传到 Function App。Uploads an SSL certificate to a function app.
az functionapp config ssl bindaz functionapp config ssl bind 将上传的 SSL 证书绑定到 Function App。Binds an uploaded SSL certificate to a function app.

后续步骤Next steps

有关 Azure CLI 的详细信息,请参阅 Azure CLI 文档For more information on the Azure CLI, see Azure CLI documentation.

可以在 Azure 应用服务文档中找到其他应用服务 CLI 脚本示例。Additional App Service CLI script samples can be found in the Azure App Service documentation.