将现有的 Azure 应用服务连接到 Azure Database for MySQL 服务器Connect an existing Azure App Service to Azure Database for MySQL server

备注

将要查看的是 Azure Database for MySQL 的新服务。You are viewing the new service of Azure Database for MySQL. 若要查看经典 MySQL Database for Azure 的文档,请访问此页To view the documentation for classic MySQL Database for Azure, please visit this page.

本主题将说明如何将现有的 Azure App Service 连接到 Azure Database for MySQL 服务器。This topic explains how to connect an existing Azure App Service to your Azure Database for MySQL server.

开始之前Before you begin

登录 Azure 门户Sign in to the Azure portal. 创建 Azure Database for MySQL 服务器。Create an Azure Database for MySQL server. 有关详细信息,请参阅如何在门户中创建 Azure Database for MySQL 服务器如何使用 CLI 创建 Azure Database for MySQL 服务器For details, refer to How to create Azure Database for MySQL server from Portal or How to create Azure Database for MySQL server using CLI.

当前有两种解决方案,都允许从 Azure 应用服务访问 Azure Database for MySQL。Currently there are two solutions to enable access from an Azure App Service to an Azure Database for MySQL. 这两种解决方案都涉及设置服务器级别的防火墙规则。Both solutions involve setting up server-level firewall rules.

解决方案 1 - 允许 Azure 服务Solution 1 - Allow Azure services

Azure Database for MySQL 通过使用防火墙保护数据来确保访问安全。Azure Database for MySQL provides access security using a firewall to protect your data. 从 Azure App Service 连接到 Azure Database for MySQL 服务器时,请记住应用服务的出站 IP 实际上为动态 IP。When connecting from an Azure App Service to Azure Database for MySQL server, keep in mind that the outbound IPs of App Service are dynamic in nature. 选择“允许访问 Azure 服务”选项将允许应用服务连接到 MySQL 服务器。Choosing the "Allow access to Azure services" option will allow the app service to connect to the MySQL server.

  1. 在 MySQL 服务器边栏选项卡上的“设置”标题下,单击“连接安全性”,以打开 Azure Database for MySQL 的“连接安全性”边栏选项卡 。On the MySQL server blade, under the Settings heading, click Connection Security to open the Connection Security blade for Azure Database for MySQL.

    Azure 门户 - 单击连接安全性

  2. 在“允许访问 Azure 服务”中选择“开”,然后选择“保存”。Select ON in Allow access to Azure services, then Save. Azure 门户 - 允许 Azure 访问Azure portal - Allow Azure access

解决方案 2 - 创建显式允许出站 IP 的防火墙规则Solution 2 - Create a firewall rule to explicitly allow outbound IPs

可显式添加 Azure 应用服务的所有出站 IP。You can explicitly add all the outbound IPs of your Azure App Service.

  1. 在应用服务的“属性”边栏选项卡中,查看“出站 IP 地址” 。On the App Service Properties blade, view your OUTBOUND IP ADDRESS.

    Azure 门户 - 查看出站 IP

  2. 在 MySQL 的“连接安全性”边栏选项卡中,逐个添加出站 IP。On the MySQL Connection security blade, add outbound IPs one by one.

    Azure 门户 - 添加显式 IP

  3. 请记住保存 防火墙规则。Remember to Save your firewall rules.

尽管 Azure App Service 会尝试在一段时间内将 IP 地址保持不变,但也有 IP 地址可能发生变动的情况。Though the Azure App service attempts to keep IP addresses constant over time, there are cases where the IP addresses may change. 例如,当应用回收、出现缩放操作或在 Azure 区域数据中心添加新计算机以增加容量时,IP 地址可能发生变动。For example, this can occur when the app recycles or a scale operation occurs, or when new computers are added in Azure regional data centers to increase capacity. IP 地址变动时,应用若无法再连接到 MySQL 服务器,则可能会停机。When the IP addresses change, the app could experience downtime in the event it can no longer connect to the MySQL server. 选择上述任何一种解决方案时,请考虑此可能性。Keep this consideration in mind when choosing one of the preceding solutions.

SSL 配置SSL configuration

Azure Database for MySQL 已默认启用 SSL。Azure Database for MySQL has SSL enabled by default. 如果应用程序不使用 SSL 连接到数据库,则需禁用 MySQL 服务器上的 SSL。If your application is not using SSL to connect to the database, then you need to disable SSL on the MySQL server. 有关如何配置 SSL 的详细信息,请参阅通过 Azure Database for MySQL 使用 SSLFor details on how to configure SSL, see Using SSL with Azure Database for MySQL.

Django (PyMySQL)Django (PyMySQL)

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'quickstartdb',
        'USER': 'myadmin@mydemoserver',
        'PASSWORD': 'yourpassword',
        'HOST': 'mydemoserver.mysql.database.chinacloudapi.cn',
        'PORT': '3306',
        'OPTIONS': {
            'ssl': {'ssl-ca': 'C:\OpenSSL-Win32\bin\DigiCertGlobalRootCA.pem'}
        }
    }
}

后续步骤Next steps

有关连接字符串的详细信息,请参阅连接字符串For more information about connection strings, refer to Connection Strings.