我有一个 Azure 存储帐户,其 blob 端点为:“mystorageaccountname”。斑点.core.windows.net',(和队列等)。我想选择一个静态 IP 地址,因为我的一些更热心的客户只想通过他们的防火墙分配一组已知的 IP 地址。我已经为他们提供了我的 Azure 区域的 Azure IP 范围列表,但他们不想分配如此广泛的范围。
1 Azure 门户 | 添加新资源”公有 IP 地址“,允许我为虚拟网络网关(VNG?)添加公共静态 IP 地址。我可以将所有流量通过 VNG 重新路由到适当的存储端点吗?
%20address%20when%20assigned%20to%20a%20virtual%20machine%20or%20role%20instance%20directly%2C%20and%20a%20virtual%20IP%20address%20(VIP)%20when%20assigned%20to%20a%20cloud%20service.%20Furthermore%2C%20a%20reserved%20IP%20address%20could%20be%20associated%20to%20the%20VIP%20of%20a%20cloud%20service%20to%20ensure%20that%20the%20assigned%20address%20remained%20the%20same%20even%20if%20its%20virtual%20machines%20or%20deployments%20were%20stopped.%20These%20concepts%20have%20now%20been%20unified%20in%20the%20Resource%20Manager%20deployment%20model%20with%20the%20public%20IP%20address%20resource.%3C%2Fp%3E%22%2C%22isPrivate%22%3Afalse%2C%22hasPrivateOffer%22%3Afalse%2C%22isMacc%22%3Atrue%2C%22isPreview%22%3Afalse%2C%22isByol%22%3Afalse%2C%22isCSPEnabled%22%3Atrue%2C%22isCSPSelective%22%3Afalse%2C%22isThirdParty%22%3Afalse%2C%22isStopSell%22%3Afalse%2C%22isReseller%22%3Afalse%2C%22hasFreeTrials%22%3Afalse%2C%22marketingMaterial%22%3A%5B%5D%2C%22version%22%3A%221.1.5%22%2C%22metadata%22%3A%7B%22leadGeneration%22%3Anull%2C%22testDrive%22%3Anull%7D%2C%22categoryIds%22%3A%5B%22networking%22%5D%2C%22screenshotUris%22%3A%5B%5D%2C%22links%22%3A%5B%7B%22id%22%3A%220%22%2C%22displayName%22%3A%22Service%20overview%22%2C%22uri%22%3A%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fvirtual-network%2Fvirtual-network-public-ip-address%22%7D%2C%7B%22id%22%3A%221%22%2C%22displayName%22%3A%22Pricing%20details%22%2C%22uri%22%3A%22http%3A%2F%2Fazure.microsoft.com%2Fpricing%2Fdetails%2Fip-addresses%2F%22%7D%5D%2C%22filters%22%3A%5B%5D%2C%22plans%22%3A%5B%7B%22id%22%3A%22PublicIPAddress-ARM%22%2C%22displayName%22%3A%22Public%20IP%20address%22%2C%22summary%22%3A%22An%20IP%20address%20that%20can%20be%20used%20with%20virtual%20machines%20and%20load%20balancers.%22%2C%22description%22%3A%22%3Cp%3EA%20public%20IP%20address%20is%20a%20dynamic%20or%20static%20IP%20address%20that%20you%20can%20assign%20to%20virtual%20machines%2C%20load%20balancers%2C%20and%20virtual%20network%20gateways%20to%20communicate%20with%20the%20Internet.%20Your%20public%20IP%20addresses%20are%20associated%20with%20your%20Azure%20subscription%2C%20and%20can%20be%20moved%20freely%20between%20Azure%20resources.%20The%20address%20of%20dynamic%20public%20IP%20address%20may%20change%20when%20dissociated%20and%20moved%20between%20resources%2C%20or%20when%20the%20associated%20resource%20is%20shutdown%20or%20deleted.%20You%20can%20use%20a%20static%20public%20IP%20address%20to%20ensure%20that%20the%20assigned%20address%20remains%20the%20same%2C%20even%20if%20the%20associated%20resource%20is%20shutdown%20or%20deleted.%3C%2Fp%3E%3Cp%3EIn%20the%20Classic%20deployment%20model%2C%20a%20public%20IP%20address%20was%20named%20an%20instance-level%20public%20IP%20(ILPIP)%20address%20when%20assigned%20to%20a%20virtual%20machine%20or%20role%20instance%20directly%2C%20and%20a%20virtual%20IP%20address%20(VIP)%20when%20assigned%20to%20a%20cloud%20service.%20Furthermore%2C%20a%20reserved%20IP%20address%20could%20be%20associated%20to%20the%20VIP%20of%20a%20cloud%20service%20to%20ensure%20that%20the%20assigned%20address%20remained%20the%20same%20even%20if%20its%20virtual%20machines%20or%20deployments%20were%20stopped.%20These%20concepts%20have%20now%20been%20unified%20in%20the%20Resource%20Manager%20deployment%20model%20with%20the%20public%20IP%20address%20resource.%3C%2Fp%3E%22%2C%22restrictedAudience%22%3A%7B%7D%2C%22skuId%22%3A%22PublicIPAddress-ARM%22%2C%22planId%22%3A%22PublicIPAddress-ARM%22%2C%22legacyPlanId%22%3A%22Microsoft.PublicIPAddress-ARM%22%2C%22keywords%22%3A%5B%5D%2C%22type%22%3A%22None%22%2C%22leadGeneration%22%3Anull%2C%22testDrive%22%3Anull%2C%22categoryIds%22%3A%5B%22networking%22%5D%2C%22conversionPaths%22%3A%5B%5D%2C%22metadata%22%3A%7B%7D%2C%22uiDefinitionUri%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FUIDefinition.json%22%2C%22artifacts%22%3A%5B%7B%22name%22%3A%22PublicIPAddress%22%2C%22uri%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FPublicIPAddress.json%22%2C%22type%22%3A%22Template%22%7D%5D%2C%22version%22%3A%221.1.5%22%2C%22itemName%22%3A%22PublicIPAddress-ARM%22%2C%22isPrivate%22%3Afalse%2C%22isHidden%22%3Afalse%2C%22hasFreeTrials%22%3Afalse%2C%22isByol%22%3Afalse%2C%22isFree%22%3Afalse%2C%22isPayg%22%3Afalse%2C%22isStopSell%22%3Afalse%2C%22cspState%22%3A%22OptIn%22%2C%22isQuantifiable%22%3Afalse%2C%22purchaseDurationDiscounts%22%3A%5B%5D%2C%22upns%22%3A%5B%5D%2C%22hasRI%22%3Afalse%2C%22stackType%22%3A%22ARM%22%7D%5D%2C%22selectedPlanId%22%3A%22PublicIPAddress-ARM%22%2C%22iconFileUris%22%3A%7B%22small%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FSmall.png%22%2C%22medium%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FMedium.png%22%2C%22large%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FLarge.png%22%2C%22wide%22%3A%22https%3A%2F%2Fcatalogartifact.azureedge.net%2Fpublicartifacts%2FMicrosoft.PublicIPAddress-ARM-1.1.5%2FWide.png%22%7D%2C%22itemType%22%3A%22Single%22%2C%22hasNoProducts%22%3Atrue%2C%22hasNoPlans%22%3Afalse%2C%22privateBadgeText%22%3Anull%2C%22createBladeType%22%3A1%2C%22offerType%22%3A%22None%22%2C%22useEnterpriseContract%22%3Afalse%2C%22hasStandardContractAmendments%22%3Afalse%2C%22standardContractAmendmentsRevisionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22supportUri%22%3Anull%2C%22galleryItemAccess%22%3A0%2C%22privateSubscriptions%22%3A%5B%5D%2C%22isTenantPrivate%22%3Afalse%2C%22hasRIPlans%22%3Afalse%7D/id/PublicIPAddress-ARM/resourceGroupId//resourceGroupLocation//dontDiscardJourney%7E/false){kind=link}
2:可以使用公共静态 IP 配置 Azure API 管理,然后添加“直通”路由。
每个客户端的 app.config 都需要更新“AzureWebJobsStorage”,以便通过 API 管理路由为每个端点类型发送请求,使用'显式存储端点连接字符串
3:APIm 的替代方案:dotnet YARP 作为托管在 Azure WebApp 上的反向代理,并以此方式管理重新路由。
还发布在Azure Docs 问题论坛和堆栈溢出
答案1
您无法将公共 IP 直接分配给存储帐户,它们只能通过名称引用,而 vNet 网关对此无济于事。您可以在存储帐户前面放置一个代理,例如您建议的 App Gateway,并让它将所有流量代理到存储帐户,这可能会起作用。然而,这是一个复杂且昂贵的解决方案,问题应该由客户根据 DNS 名称而不是 IP 进行过滤来解决,大多数防火墙已经能够做到这一点一段时间了。
如果您的客户是 Azure 客户,并且拥有自己的 vNet,您还可以查看私有端点,这将允许他们将存储帐户连接到他们的 vNet 并通过私有 IP 访问它。