You can use the same process to install and configure Apache.Ĭreate a file named cloud-init-web-server.txt and paste the following configuration: #cloud-config In this example, you install and configure the NGINX web server. To automate adding the certificate to the VM and configuring the web server, use cloud-init. When you create a VM, certificates and keys are stored in the protected /var/lib/waagent/ directory. As cloud-init runs during the initial boot process, there are no extra steps or required agents to apply your configuration. You can use cloud-init to install packages and write files, or to configure users and security. Vm_secret=$(az vm secret format -secrets "$secret" -g myResourceGroupSecureWeb -keyvault $keyvault_name)Ĭreate a cloud-init config to secure NGINXĬloud-init is a widely used approach to customize a Linux VM as it boots for the first time. The following example assigns the output of these commands to variables for ease of use in the next steps: secret=$(az keyvault secret list-versions \ Convert the certificate with az vm secret format. To use the certificate during the VM create process, obtain the ID of your certificate with az keyvault secret list-versions. ![]() policy "$(az keyvault certificate get-default-policy)" For this tutorial, the following example shows how you can generate a self-signed certificate with az keyvault certificate create that uses the default certificate policy: az keyvault certificate create \ Generate a certificate and store in Key Vaultįor production use, you should import a valid certificate signed by trusted provider with az keyvault certificate import. resource-group myResourceGroupSecureWeb \ Replace in the following example with your own unique Key Vault name: keyvault_name= Each Key Vault requires a unique name, and should be all lowercase. ![]() Next, create a Key Vault with az keyvault create and enable it for use when you deploy a VM. The following example creates a resource group named myResourceGroupSecureWeb in the eastus location: az group create -name myResourceGroupSecureWeb -location eastus Create an Azure Key Vaultīefore you can create a Key Vault and certificates, create a resource group with az group create. During the whole process, the certificates never leave the Azure platform or are exposed in a script, command-line history, or template. The latest certificates are automatically injected as you create more VMs. If you renew or replace a certificate, you don't also have to create a new custom VM image. This process ensures that the most up-to-date certificates are installed on a web server during deployment. ![]() Rather than using a custom VM image that includes certificates baked-in, you inject certificates into a running VM. You can create a self-signed certificate inside Key Vault, or upload an existing, trusted certificate that you already own. Key Vault helps streamline the certificate management process and enables you to maintain control of keys that access those certificates. OverviewĪzure Key Vault safeguards cryptographic keys and secrets, such as certificates or passwords. If you need to install or upgrade, see Install Azure CLI. If you choose to install and use the CLI locally, this tutorial requires that you're running the Azure CLI version 2.0.30 or later. To open the Cloud Shell, select Try it from the top of any code block. This tutorial uses the CLI within the Azure Cloud Shell, which is constantly updated to the latest version. Inject the certificate into the VM and configure NGINX with a TLS binding.Create a VM and install the NGINX web server.Generate or upload a certificate to the Key Vault.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |