Web-jobs instances (do I need one for each site?) #43
Comments
|
Right now it doesn't support running a single instance for multiple sites. I could be done - but as of right now I'm not building it until I know whether or not we can get the certs to install on windows azure, see #42 |
|
Well, I am certain it is only a matter of time. |
|
Within the next 14 days - all their frontends should have it removed. But I'm not 100% certain that it will fix it, because it seems there are some caching that is hitting onprem users, which could also affect azure. We will have to wait and see. |
|
It seems like you figured out issue #42. What's the status with this feature? |
|
@Yitzchok - I decided not to implement it as part of the site extension but Im going to build something else that will support that scenario. |
|
@sjkp would you reconsider? This would actually resolve #22 along the way - simply have a dedicated web app for LetsEncrypt renewals, configure all your web apps there, and never touch it again... The user just needs to make sure that the service principal has the right permissions. Then you can make clean deployments to whatever web apps you want, cleaning existing WebJobs and whatnot, without worry. |
|
I'm working on restructuring the code, that will allow the extension to be run from a function app, and that single function app, can install certificates on several web apps. That should solve the problem. I'm hoping to finish it tomorrow. |
|
@sjkp I noticed you added a commit that references this issue but it's still open, could you please share where things stand? IMHO this is the single most important issue of the extension (specifically the deletion of the webjob when one uses "Delete Existing files", which I do all the time to avoid clutter and assembly mismatches). It's just too easy to miss and breaks everything silently... |
|
@ohadschn - I wanted to make it work with Azure functions (applying the ssl certificates could be completely external to the web app), but I think I have to give up on that, because Azure functions doesn't support assembly binding redirects so running the code from the site extension in an azure function app, gives me whole world of problems. |
|
@sjkp then how about allowing Web App A to renew certificates for Web App B (and ideally web app C and D and so forth, but for the first phase a one-to-one correspondence would be good enough), still using Webjobs? That would eliminate the "delete existing files" problem as you'd never deploy the cert renewing app... |
|
That is exactly what I refactored to code to allow, but my original intention was to use functions as the runtime as that would allow easy setup and configuration. But I will post a sample tonight on how you can do it with your own web jobs or console app for that matter it is about 10 lines of code. |
|
@sjkp cool, thanks! I take it that sample would involve pulling some LetsEncrypt,Azure NuGets and operating on classes there? |
|
If someone wants to play with the nuget it can be downloaded from here: It is still in prerelease so I might break it or do other things with it, but it should be workable. A sample console app could e.g. look like this using LetsEncrypt.Azure.Core;
using LetsEncrypt.Azure.Core.Models;
using System;
namespace Letsencrypt.Azure.Console
{
class Program
{
static void Main(string[] args)
{
var mgr = new CertificateManager(new LetsEncrypt.Azure.Core.Models.AzureEnvironment("tenantId", new Guid("subscriptionId"), new Guid("clientId"), "secret", "resourceGroupName", "webAppName"), new AcmeConfig()
{
Host = "your-domain.com",
RegistrationEmail = "your@email.com",
RSAKeyLength = 2048,
PFXPassword = "yourCertPass",
BaseUri = "https://acme-v01.api.letsencrypt.org/" //Comment out to use staging
}, new CertificateServiceSettings()
{
UseIPBasedSSL = false
}, new AuthProviderConfig());
//var res = mgr.RenewCertificate(renewXNumberOfDaysBeforeExpiration: 180).Result;
mgr.AddCertificate();
}
}
internal class AuthProviderConfig : IAuthorizationChallengeProviderConfig
{
public bool DisableWebConfigUpdate
{
get
{
return false;
}
}
}
} |
|
@sjkp thanks!
|
|
|
|
I created a WebJob that supports multiple sites (Web Apps) among other things: @sjkp would you mind linking to it from the main README? I also added e-mail notifications and removed the dependency on Azure Storage. You can also use it as a standalone command-line tool. |
I have a question about webjobs instances and if one is required for each site. I have quite a few sites in a single resource group which all have the let's encrypt job. The thing is actually that now they don't all have said job because I have been messing around with continuous deployment and I've inadvertently delete some of them. At any rate I was wondering if just having one per resource group would be enough to pick up and renew certs. Maybe it would do this with a little extra configuration? I don't really want to run multiple versions of the same thing if one would suffice.
Thanks in advance
The text was updated successfully, but these errors were encountered: