使用 Azure 门户在 Azure Database for PostgreSQL - 单一服务器中创建和管理防火墙规则Create and manage firewall rules for Azure Database for PostgreSQL - Single Server using the Azure portal

可以使用服务器级防火墙规则,管理从指定的 IP 地址或某个范围的 IP 地址对 Azure Database for PostgreSQL 服务器的访问。Server-level firewall rules can be used to manage access to an Azure Database for PostgreSQL Server from a specified IP address or range of IP addresses.

也可使用虚拟网络 (VNet) 规则来保护对服务器进行的访问。Virtual Network (VNet) rules can also be used to secure access to your server. 详细了解如何使用 Azure 门户创建和管理虚拟网络服务终结点和规则Learn more about creating and managing Virtual Network service endpoints and rules using the Azure portal.

必备条件Prerequisites

若要逐步执行本操作方法指南,需要:To step through this how-to guide, you need:

在 Azure 门户中创建服务器级防火墙规则Create a server-level firewall rule in the Azure portal

  1. 在 PostgreSQL 服务器页上的“设置”标题下,单击“连接安全性”,打开 Azure Database for PostgreSQL 的“连接安全性”页 。On the PostgreSQL server page, under Settings heading, click Connection security to open the Connection security page for the Azure Database for PostgreSQL.

    Azure 门户 - 单击连接安全性

  2. 在工具栏上单击“添加我的 IP” 。Click Add My IP on the toolbar. 该操作会自动创建一条防火墙规则,其中包含计算机的公共 IP 地址(由 Azure 系统标识)。This automatically creates a firewall rule with the public IP address of your computer, as perceived by the Azure system.

    Azure 门户 - 单击“添加我的 IP”

  3. 验证 IP 地址,并保存配置。Verify your IP address before saving the configuration. 在某些情况下,Azure 门户识别出的 IP 地址与访问 Internet 和 Azure 服务器时所使用的 IP 地址不同。In some situations, the IP address observed by Azure portal differs from the IP address used when accessing the internet and Azure servers. 因此,可能需要更改起始 IP 和结束 IP,以使规则正常工作。Therefore, you may need to change the Start IP and End IP to make the rule function as expected. 使用搜索引擎或其他联机工具来查看自己的 IP 地址。Use a search engine or other online tool to check your own IP address. 例如,搜索“我的 IP 是多少”。For example, search for "what is my IP."

    在必应中搜索“我的 IP 是多少”

  4. 添加其他地址范围。Add additional address ranges. 在 Azure Database for PostgreSQL 防火墙规则中,可以指定单个 IP 地址,也可以指定某个范围的地址。In the firewall rules for the Azure Database for PostgreSQL, you can specify a single IP address, or a range of addresses. 如果希望将规则限制为单个 IP 地址,请在起始 IP 和结束 IP 字段中输入相同的地址。If you want to limit the rule to a single IP address, type the same address in the field for Start IP and End IP. 打开防火墙后,管理员、用户和应用程序可以访问 PostgreSQL 服务器上他们拥有有效凭据的任何数据库。Opening the firewall enables administrators, users, and applications to access any database on the PostgreSQL server to which they have valid credentials.

    Azure 门户 - 防火墙规则

  5. 在工具栏上单击“保存” 以保存此服务器级防火墙规则。Click Save on the toolbar to save this server-level firewall rule. 等待出现有关防火墙规则更新已成功的确认消息。Wait for the confirmation that the update to the firewall rules was successful.

    Azure 门户 - 单击“保存”

从 Azure 连接Connecting from Azure

若要允许来自 Azure 的应用程序连接到 Azure Database for PostgreSQL 服务器,必须启用 Azure 连接。To allow applications from Azure to connect to your Azure Database for PostgreSQL server, Azure connections must be enabled. 例如,为了托管“Azure Web 应用”应用程序或 Azure VM 中运行的应用程序,或者为了从 Azure 数据工厂数据管理网关进行连接。For example, to host an Azure Web Apps application, or an application that runs in an Azure VM, or to connect from an Azure Data Factory data management gateway. 资源无需在同一虚拟网络 (VNet) 或资源组中,即可使用防火墙规则启用这些连接。The resources do not need to be in the same Virtual Network (VNet) or Resource Group for the firewall rule to enable those connections. 在应用程序尝试从 Azure 连接到数据库服务器时,防火墙会验证是否允许 Azure 连接。When an application from Azure attempts to connect to your database server, the firewall verifies that Azure connections are allowed. 有几种方法可启用这些类型的连接。There are a couple of methods to enable these types of connections. 如果防火墙设置的开始地址和结束地址都等于 0.0.0.0,则表示允许这些连接。A firewall setting with starting and ending address equal to 0.0.0.0 indicates these connections are allowed. 或者,可以在门户中从“连接安全性”窗格将“允许访问 Azure 服务”选项设为“启用”并点击“保存”。Alternatively, you can set the Allow access to Azure services option to ON in the portal from the Connection security pane and hit Save. 如果不允许该连接尝试,则该请求将不会访问 Azure Database for PostgreSQL 服务器。If the connection attempt is not allowed, the request does not reach the Azure Database for PostgreSQL server.

重要

该选项将防火墙配置为允许来自 Azure 的所有连接,包括来自其他客户的订阅的连接。This option configures the firewall to allow all connections from Azure including connections from the subscriptions of other customers. 选择该选项时,请确保登录名和用户权限将访问权限限制为仅已授权用户使用。When selecting this option, make sure your login and user permissions limit access to only authorized users.

通过 Azure 门户管理现有的服务器级别防火墙规则Manage existing server-level firewall rules through the Azure portal

重复这些步骤来管理防火墙规则。Repeat the steps to manage the firewall rules.

  • 若要添加当前计算机,请单击“添加我的 IP”的 + 按钮。 To add the current computer, click the button to + Add My IP. 单击“保存” 以保存更改。Click Save to save the changes.
  • 若要添加其他 IP 地址,请键入“规则名称”、“起始 IP 地址”和“结束 IP 地址”。To add additional IP addresses, type in the Rule Name, Start IP Address, and End IP Address. 单击“保存” 以保存更改。Click Save to save the changes.
  • 若要修改现有规则,单击规则中的任意字段并修改。To modify an existing rule, click any of the fields in the rule and modify. 单击“保存” 以保存更改。Click Save to save the changes.
  • 要删除现有规则,请单击省略号 […],并单击“删除”即可删除该规则 。To delete an existing rule, click the ellipsis […] and click Delete to remove the rule. 单击“保存” 以保存更改。Click Save to save the changes.

后续步骤Next steps