在 Azure Stack Hub 中部署应用服务Deploy App Service in Azure Stack Hub


在部署或更新应用服务资源提供程序 (RP) 之前,如有必要,请将 Azure Stack Hub 更新到支持的版本(或部署最新的 Azure Stack 开发工具包)。Update Azure Stack Hub to a supported version (or deploy the latest Azure Stack Development Kit) if necessary, before deploying or updating the App Service resource provider (RP). 请务必阅读 RP 发行说明,了解新功能、修补程序以及可能影响部署的任何已知问题。Be sure to read the RP release notes to learn about new functionality, fixes, and any known issues that could affect your deployment.

支持的 Azure Stack Hub 版本Supported Azure Stack Hub version 应用服务 RP 版本App Service RP version
20082008 2020.Q3 安装程序发行说明2020.Q3 Installer (release notes)
20052005 2020.Q2 安装程序发行说明2020.Q2 Installer (release notes)
20022002 2020.Q2 安装程序发行说明2020.Q2 Installer (release notes)


在运行资源提供程序安装程序之前,必须完成准备工作中的步骤Before you run the resource provider installer, you must complete the steps in Before you get started

本文介绍如何在 Azure Stack Hub 中部署应用服务,从而使你的用户能够创建 Web 应用程序、API 应用程序和 Azure Functions 应用程序。In this article you learn how to deploy App Service in Azure Stack Hub, which gives your users the ability to create Web, API and Azure Functions applications. 你需要:You need to:

  • 执行本文所述步骤,将应用服务资源提供程序添加到 Azure Stack Hub 部署。Add the App Service resource provider to your Azure Stack Hub deployment using the steps described in this article.
  • 安装应用服务资源提供程序后,可以将其包括在套餐和计划中。After you install the App Service resource provider, you can include it in your offers and plans. 然后,用户可以通过订阅获取服务并开始创建应用。Users can then subscribe to get the service and start creating apps.

运行应用服务资源提供程序安装程序Run the App Service resource provider installer

安装应用服务资源提供程序至少需要一小时。Installing the App Service resource provider takes at least an hour. 所需时长取决于部署的角色实例数。The length of time needed depends on how many role instances you deploy. 部署期间,安装程序运行以下任务:During the deployment, the installer runs the following tasks:

  • 在“默认提供程序订阅”中注册所需的资源提供程序Registers the required resource providers in the Default Provider Subscription
  • 授予参与者对应用服务标识应用程序的访问权限Grants contributor access to the App Service Identity application
  • 创建资源组和虚拟网络(如有必要)Create Resource Group and Virtual network (if necessary)
  • 创建用于应用服务安装项目、使用情况服务和资源混合的存储帐户和容器Create Storage accounts and containers for App Service installation artifacts, usage service, and resource hydration
  • 下载应用服务项目并将其上传到应用服务存储帐户Download App Service artifacts and upload them to the App Service storage account
  • 部署应用服务Deploy the App Service
  • 注册使用情况服务Register the usage service
  • 为应用服务创建 DNS 条目Create DNS Entries for App Service
  • 注册应用服务管理员和租户资源提供程序Register the App Service admin and tenant resource providers
  • 注册库项 - Web、API、函数应用、应用服务计划、WordPress、DNN、Orchard 和 Django 应用程序Register Gallery Items - Web, API, Function App, App Service Plan, WordPress, DNN, Orchard, and Django applications

若要部署应用服务资源提供程序,请执行以下步骤:To deploy App Service resource provider, follow these steps:

  1. 在可以访问“Azure Stack Hub 管理”Azure 资源管理终结点的计算机上,以管理员身份运行 appservice.exe。Run appservice.exe as an admin from a computer that can access the Azure Stack Hub Admin Azure Resource Management Endpoint.

  2. 选择“部署应用服务或升级到最新版本”。Select Deploy App Service or upgrade to the latest version.

    屏幕截图,显示 Azure 应用服务安装程序的主屏幕。

  3. 查看并接受 Microsoft 软件许可条款,然后选择“下一步”。Review and accept the Microsoft Software License Terms and then select Next.

  4. 查看并接受第三方许可条款,然后选择“下一步”。Review and accept the third-party license terms and then select Next.

  5. 请确保应用服务云配置信息正确无误。Make sure that the App Service cloud configuration information is correct. 如果在 ASDK 部署过程中使用了默认设置,则可接受默认值。If you used the default settings during ASDK deployment, you can accept the default values. 但是,如果在部署 ASDK 时自定义了选项,或者要部署到 Azure Stack Hub 集成系统,则必须在此窗口中根据差异情况编辑相应的值。But, if you customized the options when you deployed the ASDK, or are deploying on an Azure Stack Hub integrated system, you must edit the values in this window to reflect the differences.

    例如,如果使用域后缀 mycloud.com,则必须将“Azure Stack Hub 租户”Azure 资源管理器终结点更改为 management.<区域>.mycloud.com。For example, if you use the domain suffix mycloud.com, your Azure Stack Hub Tenant Azure Resource Manager endpoint must change to management.<region>.mycloud.com. 查看这些设置,然后选择“下一步”以保存设置。Review these settings, and then select Next to save the settings.

    屏幕截图,显示用于为应用服务指定 ARM 终结点的屏幕。

  6. 在下一个应用服务安装程序页上,你将连接到 Azure Stack Hub:On the next App Service Installer page you will connect to your Azure Stack Hub:

    1. 选择要使用的连接方法-“凭据”或“服务主体” Select the connection method you wish to use - Credential or Service Principal

      • 凭据Credential

        • 如果使用 Azure Active Directory (Azure AD),请输入在部署 Azure Stack Hub 时提供的 Azure AD 管理员帐户和密码。If you're using Azure Active Directory (Azure AD), enter the Azure AD admin account and password that you provided when you deployed Azure Stack Hub. 选择“连接” 。Select Connect.
        • 如果使用 Active Directory 联合身份验证服务 (AD FS),请提供管理员帐户。If you're using Active Directory Federation Services (AD FS), provide your admin account. 例如,cloudadmin@azurestack.local。For example, cloudadmin@azurestack.local. 输入密码,然后选择“连接”。Enter your password, and then select Connect.
      • 服务主体Service Principal

        • 使用的服务主体必须对“默认提供程序订阅”拥有“所有者”权限 The service principal that you use must have Owner rights on the Default Provider Subscription
        • 提供“服务主体 ID”、“证书文件”和“密码”,然后选择“连接” 。Provide the Service Principal ID, Certificate File, and Password and select Connect.
    2. 在“Azure Stack Hub 订阅”中,选择“默认提供程序订阅”。 In Azure Stack Hub Subscriptions, select the Default Provider Subscription. Azure Stack Hub 上的 Azure 应用服务 必须 部署在 默认提供程序订阅 中。Azure App Service on Azure Stack Hub must be deployed in the Default Provider Subscription.

    3. 在“Azure Stack Hub 位置”中,选择要部署到的区域所对应的位置。In the Azure Stack Hub Locations, select the location that corresponds to the region you're deploying to. 例如,若要部署到 ASDK,请选择“本地”。For example, select local if you're deploying to the ASDK.

    屏幕截图,显示在应用服务安装程序中的何处指定 Azure Stack Hub 订阅信息。

  7. 现在,可以部署到使用这些步骤配置的现有虚拟网络中,或者让应用服务安装程序创建新的虚拟网络和子网。Now you can deploy into an existing virtual network that you configured using these steps, or let the App Service installer create a new virtual network and subnets. 若要创建 VNet,请执行以下步骤:To create a VNet, follow these steps:

    a.a. 选择“使用默认设置创建 VNet”,接受默认值,然后选择“下一步”。 Select Create VNet with default settings, accept the defaults, and then select Next.

    b.b. 也可选择“使用现有的 VNet 和子网”。Alternatively, select Use existing VNet and Subnets. 完成以下操作:Complete the following actions:

    • 选择包含虚拟网络的 资源组Select the Resource Group that contains your virtual network.
    • 选择要部署到其中的 虚拟网络 的名称。Choose the Virtual Network name that you want to deploy to.
    • 为每个所需角色子网选择正确的“子网”值。Select the correct Subnet values for each of the required role subnets.
    • 选择“下一步”。Select Next.


  8. 输入文件共享的信息,然后选择“下一步”。Enter the info for your file share and then select Next. 文件共享的地址必须使用文件服务器的完全限定域名 (FQDN) 或 IP 地址。The address of the file share must use the Fully Qualified Domain Name (FQDN) or the IP address of your File Server. 例如 \\appservicefileserver.local.cloudapp.azurestack.external\websites,或 \\\websites。For example, \\appservicefileserver.local.cloudapp.azurestack.external\websites, or \\\websites. 如果使用已加入域的文件服务器,则必须提供包含域的完整用户名。If you're using a file server, which is domain joined, you must provide the full username including domain. 例如 myfileserverdomain\FileShareOwner。For example, myfileserverdomain\FileShareOwner.


    在继续下一步之前,安装程序会尝试测试与文件共享的连接。The installer tries to test connectivity to the file share before proceeding. 不过,如果是部署到现有的虚拟网络,此连接测试可能会失败。But, if you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果文件共享信息正确,请继续部署。If the file share info is correct, continue the deployment.


  9. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 在“标识应用程序 ID”框中,输入作为先决条件一部分创建的标识应用程序的 GUID。In the Identity Application ID box, enter the GUID for the Identity application you created as part of the pre-requisites.

    b.b. 在“标识应用程序证书文件”框中,输入(或浏览到)证书文件的位置。In the Identity Application certificate file box, enter (or browse to) the location of the certificate file.

    c.c. 在“标识应用程序证书密码”框中,输入证书的密码。In the Identity Application certificate password box, enter the password for the certificate. 此密码是在使用脚本创建证书时记下的密码。This password is the one that you made note of when you used the script to create the certificates.

    d.d. 在“Azure 资源管理器根证书文件”框中,输入(或浏览到)证书文件的位置。In the Azure Resource Manager root certificate file box, enter (or browse to) the location of the certificate file.

    e.e. 选择“下一步”。Select Next.

    此屏幕截图显示了在应用服务安装程序中提供 AAD/ADFS 标识应用程序和 Azure Stack 资源管理器证书的详细信息的屏幕

  10. 对于三个证书文件框的每一个框,请选择“浏览”并导航到相应的证书文件。For each of the three certificate file boxes, select Browse and navigate to the appropriate certificate file. 必须为每个证书提供密码。You must provide the password for each certificate. 这些证书是在 Azure Stack Hub 上部署应用服务的先决条件中创建的证书。These certificates are the ones that you created in Prerequisites for deploying App Service on Azure Stack Hub. 输入所有信息后,选择“下一步”。Select Next after entering all the information.

    BoxBox 证书文件名示例Certificate file name example
    应用服务默认 SSL 证书文件App Service default SSL certificate file _.appservice.local.AzureStack.external.pfx_.appservice.local.AzureStack.external.pfx
    应用服务 API SSL 证书文件App Service API SSL certificate file api.appservice.local.AzureStack.external.pfxapi.appservice.local.AzureStack.external.pfx
    应用服务发布者 SSL 证书文件App Service Publisher SSL certificate file ftp.appservice.local.AzureStack.external.pfxftp.appservice.local.AzureStack.external.pfx

    如果在创建证书时使用了其他域后缀,证书文件名不要使用 local.AzureStack.externalIf you used a different domain suffix when you created the certificates, your certificate file names don't use local.AzureStack.external. 而要改用自定义域信息。Instead, use your custom domain info.


  11. 为用于托管应用服务资源提供程序数据库的服务器实例输入 SQL Server 详细信息,然后选择“下一步”。Enter the SQL Server details for the server instance used to host the App Service resource provider database and then select Next. 安装程序将验证 SQL 连接属性。The installer validates the SQL connection properties.

    在继续下一步之前,应用服务安装程序会尝试测试与 SQL Server 的连接。The App Service installer tries to test connectivity to the SQL Server before proceeding. 如果是部署到现有的虚拟网络,此连接测试可能会失败。If you're deploying to an existing virtual network, this connectivity test might fail. 系统会发出警告,并提示你继续操作。You're given a warning and a prompt to continue. 如果 SQL Server 信息正确,请继续部署。If the SQL Server info is correct, continue the deployment.

    此屏幕截图显示了在应用服务安装程序中提供 SQL Server 连接详细信息的屏幕

  12. 查看角色实例和 SKU 选项。Review the role instance and SKU options. 默认设置中填充了生产部署中每个角色的最小实例数和最低 SKU 层级。The defaults populate with the minimum number of instances and the minimum SKU for each role in a production deployment. 对于 ASDK 部署,可以将实例纵向缩减到更低的 SKU,以减少核心和内存提交,但性能会下降。For ASDK deployment, you can scale the instances down to lower SKUs to reduce the core and memory commit but you will experience a performance degradation. 提供 vCPU 和内存要求摘要是为了帮助你规划部署。A summary of vCPU and memory requirements is provided to help plan your deployment. 进行选择后,请选择“下一步”。After you make your selections, select Next.


    对于生产部署,请按照 Azure Stack Hub 中 Azure 应用服务服务器角色的容量规划中的指南进行操作。For production deployments, following the guidance in Capacity planning for Azure App Service server roles in Azure Stack Hub.

    角色Role 最小实例数Minimum instances 最小 SKUMinimum SKU 注释Notes
    控制器Controller 22 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 管理和维护应用服务云的运行状况。Manages and maintains the health of the App Service cloud.
    管理Management 11 Standard_D3_v2 -(4 核,14336 MB)Standard_D3_v2 - (4 cores, 14336 MB) 管理应用服务 Azure 资源管理器和 API 终结点、门户扩展(管理员门户、租户门户、Functions 门户)和数据服务。Manages the App Service Azure Resource Manager and API endpoints, portal extensions (admin, tenant, Functions portal), and the data service. 为了支持故障转移,已将建议的实例数增加到 2 个。To support failover, increase the recommended instances to 2.
    发布者Publisher 11 Standard_A2_v2 -(2 核,4096 MB)Standard_A2_v2 - (2 cores, 4096 MB) 通过 FTP 和 Web 部署发布内容。Publishes content via FTP and web deployment.
    FrontEndFrontEnd 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 将请求路由到应用服务应用。Routes requests to App Service apps.
    共享辅助角色Shared Worker 11 Standard_A4_v2 -(4 核,8192 MB)Standard_A4_v2 - (4 cores, 8192 MB) 托管 Web 应用或 API 应用和 Azure Functions 应用。Hosts web or API apps and Azure Functions apps. 可能需要添加更多实例。You might want to add more instances. 作为操作员,可以定义产品/服务,并选择任何 SKU 层。As an operator, you can define your offering and choose any SKU tier. 这些层必须至少具有一个 vCPU。The tiers must have a minimum of one vCPU.

    此屏幕截图显示了在应用服务安装程序中提供角色实例数及其相应计算 sku 的屏幕


    不支持将 Windows Server 2016 Core 平台映像与 Azure Stack Hub 上的 Azure 应用服务配合使用。请勿将评估映像用于生产部署。Windows Server 2016 Core isn't a supported platform image for use with Azure App Service on Azure Stack Hub. Don't use evaluation images for production deployments.

  13. 在“选择平台映像”框中选择 Windows Server 2016 虚拟机 (VM) 部署映像,该映像是应用服务云的计算资源提供程序提供的映像之一。In the Select Platform Image box, choose your deployment Windows Server 2016 virtual machine (VM) image from the images available in the compute resource provider for the App Service cloud. 选择“下一步”。Select Next.

  14. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 输入辅助角色 VM 管理员用户名和密码。Enter the Worker Role VM admin user name and password.

    b.b. 输入其他角色 VM 管理员用户名和密码。Enter the Other Roles VM admin user name and password.

    c.c. 选择“下一步”。Select Next.

    此屏幕截图显示了在其中选择可供应用服务安装程序使用的 Windows 平台映像的屏幕

  15. 在“应用服务安装程序”摘要页上,执行以下步骤:On the App Service Installer summary page, follow these steps:

    a.a. 验证所做的选择。Verify the selections you made. 若要进行更改,请使用“上一步”按钮访问前面的页面。To make changes, use the Previous buttons to visit previous pages.

    b.b. 如果配置正确,则选中此复选框。If the configurations are correct, select the check box.

    c.c. 若要开始部署,请选择“下一步”。To start the deployment, select Next.


  16. 在下一“应用服务安装程序”页上,执行以下步骤:On the next App Service Installer page, follow these steps:

    a.a. 跟踪安装进度。Track the installation progress. 部署 Azure Stack Hub 上的应用服务最长可能需要 240 分钟,具体取决于所做的默认选择,以及 Windows 2016 Datacenter 基础映像的期限。App Service on Azure Stack Hub can take up to 240 minutes to deploy based on the default selections and age of the base Windows 2016 Datacenter image.

    b.b. 安装程序成功完成后,请选择“退出”。After the installer successfully finishes, select Exit.


部署后步骤Post-deployment Steps


如果已经为应用服务 RP 提供 SQL Always On 实例,则必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you've provided the App Service RP with a SQL Always On Instance you must add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

如果部署到现有虚拟网络并使用内部 IP 地址连接到文件服务器,则必须添加出站安全规则。If you're deploying to an existing virtual network and using an internal IP address to connect to your file server, you must add an outbound security rule. 此规则允许辅助角色子网和文件服务器之间的 SMB 流量。This rule enables SMB traffic between the worker subnet and the file server. 在管理员门户中,转到 WorkersNsg 网络安全组并添加具有以下属性的出站安全规则:In the administrator portal, go to the WorkersNsg Network Security Group and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

验证 Azure Stack Hub 上的应用服务安装Validate the App Service on Azure Stack Hub installation

  1. 在 Azure Stack Hub 管理员门户中,转到“管理 - 应用服务”。In the Azure Stack Hub administrator portal, go to Administration - App Service.

  2. 在“概述”中,在“状态”下,检查“状态”是否显示了“所有角色已就绪”。In the overview, under status, check to see that the Status displays All roles are ready.

    Azure Stack Hub 管理门户中的应用服务管理

体验 Azure Stack Hub 上的应用服务Test drive App Service on Azure Stack Hub

部署并注册应用服务资源提供程序后,对其进行测试以确保用户可以部署 Web 应用和 API 应用。After you deploy and register the App Service resource provider, test it to make sure that users can deploy web and API apps.


需要创建一个套餐,其中的计划包含 Microsoft.Web 命名空间。You need to create an offer that has the Microsoft.Web namespace in the plan. 此外还需订阅此套餐的租户订阅。You also need a tenant subscription that subscribes to the offer. 有关详细信息,请参阅创建套餐创建计划For more info, see Create offer and Create plan.

必须有租户订阅,才能创建使用 Azure Stack Hub 上的应用服务的应用。You must have a tenant subscription to create apps that use App Service on Azure Stack Hub. 服务管理员只能在管理员门户中完成的任务与资源提供程序对应用服务的管理相关。The only tasks that a service admin can complete in the administrator portal are related to the resource provider administration of App Service. 这包括添加容量、配置部署源以及添加辅助角色层和 SKU。This includes adding capacity, configuring deployment sources, and adding Worker tiers and SKUs.

若要创建 Web 应用、API 应用和 Azure Functions 应用,必须使用用户门户并具有租户订阅。To create web, API, and Azure Functions apps, you must use the user portal and have a tenant subscription.

若要创建测试性 Web 应用,请执行以下步骤:To create a test web app, follow these steps:

  1. 在 Azure Stack Hub 用户门户中,选择“+ 创建资源” > “Web + 移动” > “Web 应用” 。In the Azure Stack Hub user portal, select + Create a resource > Web + Mobile > Web App.

  2. 在“Web 应用”下的“Web 应用”中输入一个名称。 Under Web App, enter a name in Web app.

  3. 在“资源组”下,选择“新建” 。Under Resource Group, select New. 输入 资源组 的名称。Enter a name for the Resource Group.

  4. 选择“应用服务计划/位置” > “新建”。Select App Service plan/Location > Create New.

  5. 在“应用服务计划”下,输入 应用服务计划 的名称。Under App Service plan, enter a name for the App Service plan.

  6. 选择“定价层” > “免费共享”或“共享共享” > “选择” > “确定” > “创建”。Select Pricing tier > Free-Shared or Shared-Shared > Select > OK > Create.

  7. 此时新 Web 应用的磁贴会显示在仪表板上。A tile for the new web app appears on the dashboard. 选择磁贴。Select the tile.

  8. 在“Web 应用”上选择“浏览”,查看此应用的默认网站。On Web App, select Browse to view the default website for this app.

部署 WordPress、DNN 或 Django 网站(可选)Deploy a WordPress, DNN, or Django website (optional)

  1. 在 Azure Stack Hub 用户门户中选择“+”,转到 Azure 市场,部署 Django 网站,然后等待部署完成。In the Azure Stack Hub user portal, select +, go to the Azure Marketplace, deploy a Django website, and then wait for the deployment to finish. Django Web 平台使用基于文件系统的数据库。The Django web platform uses a file system-based database. 它不需要任何其他资源提供程序,如 SQL 或 MySQL。It doesn't require any additional resource providers, such as SQL or MySQL.

  2. 如果还部署了 MySQL 资源提供程序,则可从市场部署 WordPress 网站。If you also deployed a MySQL resource provider, you can deploy a WordPress website from the Marketplace. 当系统提示输入数据库参数时,请输入用户名,其格式为 User1@Server1(使用所选的用户名和服务器名称)。When you're prompted for database parameters, enter the user name as User1@Server1, with the user name and server name of your choice.

  3. 如果还部署了 SQL Server 资源提供程序,则可从市场部署 DNN 网站。If you also deployed a SQL Server resource provider, you can deploy a DNN website from the Marketplace. 当系统提示输入数据库参数时,请在运行 SQL Server 的计算机中选择连接到资源提供程序的数据库。When you're prompted for database parameters, choose a database in the computer running SQL Server that's connected to your resource provider.

后续步骤Next steps

准备 Azure Stack Hub 上的应用服务的其他管理操作:Prepare for additional admin operations for App Service on Azure Stack Hub: