azure - 使用 AzureRmWebAppDeployment@4 将 net6 ASP 应用程序部署到 azure 应用程序服务时出现 SSL 错误

Question

我在将 net6 ASP 项目部署到新创建的应用服务(代码/Windows)时遇到问题。 我用的是

# Build the project
- task: DotNetCoreCLI@2
  displayName: 'Build project'
  inputs:
    command: 'build'
    projects: '${{ parameters.ProjectPath }}'
    arguments: '--configuration ${{ parameters.BuildConfiguration }}'

# Publish the asp project build files
- task: DotNetCoreCLI@2
  displayName: 'Publish project'
  inputs:
    command: "publish"
    publishWebProjects: false # would otherwise ignore the projects parameter and would try to find all web project in the repo
    projects: '${{ parameters.ProjectPath }}'
    arguments: '--configuration ${{ parameters.BuildConfiguration }} /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:PackageLocation="$(Build.ArtifactStagingDirectory)"'

构建项目并

- task: AzureRmWebAppDeployment@4
  displayName: 'Azure App Service Deploy: ${{ parameters.WebAppName }}'
  inputs:
    azureSubscription: ${{ parameters.SubscriptionConnectionName }}
    WebAppName: ${{ parameters.WebAppName }}
    package: '$(Pipeline.Workspace)/${{ parameters.SiteName }}-${{ parameters.ArtifactName }}/*.zip'
    JSONFiles: |
      **/appsettings.json
      **/appsettings.Production.json

将其部署到应用服务。

部署任务正在自托管的 Azure 代理(在 Azure VM 上)上运行。

任务输出错误消息

Error: The request was aborted: Could not create SSL/TLS secure channel.

我可以通过使用 Visual Studio 发布配置文件来部署到应用服务，但我不知道出了什么问题。 还可以使用相同的代理部署(使用相同的任务)到较旧的应用服务，不会出现任何问题。

这是任务的更多调试输出

2022-08-29T06:58:36.9268188Z ##[debug]Evaluating condition for step: 'Azure App Service Deploy: <web-app-name>'
2022-08-29T06:58:36.9271015Z ##[debug]Evaluating: SucceededNode()
2022-08-29T06:58:36.9271936Z ##[debug]Evaluating SucceededNode:
2022-08-29T06:58:36.9273450Z ##[debug]=> True
2022-08-29T06:58:36.9274425Z ##[debug]Result: True
2022-08-29T06:58:36.9275585Z ##[section]Starting: Azure App Service Deploy: <web-app-name>
2022-08-29T06:58:36.9487953Z ==============================================================================
2022-08-29T06:58:36.9488451Z Task         : Azure App Service deploy
2022-08-29T06:58:36.9489776Z Description  : Deploy to Azure App Service a web, mobile, or API app using Docker, Java, .NET, .NET Core, Node.js, PHP, Python, or Ruby
2022-08-29T06:58:36.9490336Z Version      : 4.209.0
2022-08-29T06:58:36.9490876Z Author       : Microsoft Corporation
2022-08-29T06:58:36.9491317Z Help         : https://aka.ms/azureappservicetroubleshooting
2022-08-29T06:58:36.9491850Z ==============================================================================
...
2022-08-29T06:58:53.9440557Z ##[debug]Constructed msDeploy comamnd line arguments
2022-08-29T06:58:53.9695944Z ##[debug]Unsupported installed version: 0 found for MSDeploy. version should be at least 3 or above
2022-08-29T06:58:53.9697127Z ##[debug]System.DefaultWorkingDirectory=C:\agent\_work\6\s
2022-08-29T06:58:53.9702761Z ##[debug]the argument string is:
2022-08-29T06:58:53.9705491Z ##[debug] -verb:sync -source:package="'C:\agent\_work\6\s\temp_web_package_07978929917578559.zip'" -dest:auto,ComputerName="'https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>'",UserName="'$<web-app-name>'",Password="'***'",AuthType="'Basic'" -setParam:name="'IIS Web Application Name'",value="'<web-app-name>'" -enableRule:AppOffline -retryAttempts:6 -retryInterval:10000 -enableRule:DoNotDeleteRule -userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0
2022-08-29T06:58:53.9709265Z ##[debug]converting the argument string into an array of arguments
2022-08-29T06:58:53.9710317Z ##[debug]the array of arguments is:
2022-08-29T06:58:53.9711711Z ##[debug]arg#0: -verb:sync
2022-08-29T06:58:53.9713334Z ##[debug]arg#1: -source:package='C:\agent\_work\6\s\temp_web_package_07978929917578559.zip'
2022-08-29T06:58:53.9715273Z ##[debug]arg#2: -dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic'
2022-08-29T06:58:53.9717577Z ##[debug]arg#3: -setParam:name='IIS Web Application Name',value='<web-app-name>'
2022-08-29T06:58:53.9718612Z ##[debug]arg#4: -enableRule:AppOffline
2022-08-29T06:58:53.9719669Z ##[debug]arg#5: -retryAttempts:6
2022-08-29T06:58:53.9720427Z ##[debug]arg#6: -retryInterval:10000
2022-08-29T06:58:53.9721771Z ##[debug]arg#7: -enableRule:DoNotDeleteRule
2022-08-29T06:58:53.9722766Z ##[debug]arg#8: -userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0
2022-08-29T06:58:53.9724003Z ##[debug]which 'msdeploy'
2022-08-29T06:58:53.9725442Z ##[debug]found: 'C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe'
2022-08-29T06:58:53.9729462Z ##[debug]C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe arg: ["-verb:sync","-source:package='C:\\agent\\_work\\6\\s\\temp_web_package_07978929917578559.zip'","-dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic'","-setParam:name='IIS Web Application Name',value='<web-app-name>'","-enableRule:AppOffline","-retryAttempts:6","-retryInterval:10000","-enableRule:DoNotDeleteRule","-userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0"]
2022-08-29T06:58:53.9734022Z ##[debug]C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe arg: ["-verb:sync","-source:package='C:\\agent\\_work\\6\\s\\temp_web_package_07978929917578559.zip'","-dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic'","-setParam:name='IIS Web Application Name',value='<web-app-name>'","-enableRule:AppOffline","-retryAttempts:6","-retryInterval:10000","-enableRule:DoNotDeleteRule","-userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0"]
2022-08-29T06:58:53.9737060Z ##[debug]exec tool: C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe
2022-08-29T06:58:53.9738352Z ##[debug]exec tool: C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe
2022-08-29T06:58:53.9739322Z ##[debug]arguments:
2022-08-29T06:58:53.9740006Z ##[debug]arguments:
2022-08-29T06:58:53.9740678Z ##[debug]   -verb:sync
2022-08-29T06:58:53.9741379Z ##[debug]   -verb:sync
2022-08-29T06:58:53.9742204Z ##[debug]   -source:package='C:\agent\_work\6\s\temp_web_package_07978929917578559.zip'
2022-08-29T06:58:53.9743119Z ##[debug]   -source:package='C:\agent\_work\6\s\temp_web_package_07978929917578559.zip'
2022-08-29T06:58:53.9744959Z ##[debug]   -dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic'
2022-08-29T06:58:53.9747056Z ##[debug]   -dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic'
2022-08-29T06:58:53.9749279Z ##[debug]   -setParam:name='IIS Web Application Name',value='<web-app-name>'
2022-08-29T06:58:53.9750909Z ##[debug]   -setParam:name='IIS Web Application Name',value='<web-app-name>'
2022-08-29T06:58:53.9752248Z ##[debug]   -enableRule:AppOffline
2022-08-29T06:58:53.9753313Z ##[debug]   -enableRule:AppOffline
2022-08-29T06:58:53.9754028Z ##[debug]   -retryAttempts:6
2022-08-29T06:58:53.9754723Z ##[debug]   -retryAttempts:6
2022-08-29T06:58:53.9755432Z ##[debug]   -retryInterval:10000
2022-08-29T06:58:53.9756145Z ##[debug]   -retryInterval:10000
2022-08-29T06:58:53.9756864Z ##[debug]   -enableRule:DoNotDeleteRule
2022-08-29T06:58:53.9757602Z ##[debug]   -enableRule:DoNotDeleteRule
2022-08-29T06:58:53.9758413Z ##[debug]   -userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0
2022-08-29T06:58:53.9759274Z ##[debug]   -userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0
2022-08-29T06:58:53.9762063Z [command]"C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe" -verb:sync -source:package='C:\agent\_work\6\s\temp_web_package_07978929917578559.zip' -dest:auto,ComputerName='https://<web-app-name>.scm.azurewebsites.net:443/msdeploy.axd?site=<web-app-name>',UserName='$<web-app-name>',Password='***',AuthType='Basic' -setParam:name='IIS Web Application Name',value='<web-app-name>' -enableRule:AppOffline -retryAttempts:6 -retryInterval:10000 -enableRule:DoNotDeleteRule -userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0
2022-08-29T06:58:54.3765154Z Info: Using ID '910feaf0-3047-457f-a972-6d9e37b399f5' for connections to the remote server.
2022-08-29T06:58:54.4771138Z ##[debug]Exit code 4294967295 received from tool 'C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe'
2022-08-29T06:58:54.4773207Z ##[debug]Exit code 4294967295 received from tool 'C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe'
2022-08-29T06:58:54.4776306Z ##[debug]STDIO streams have closed for tool 'C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe'
2022-08-29T06:58:54.4777999Z ##[debug]STDIO streams have closed for tool 'C:\agent\_work\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.209.0\node_modules\azure-pipelines-tasks-webdeployment-common\MSDeploy3.6\MSDeploy3.6\msdeploy.exe'
2022-08-29T06:58:54.4779606Z ##[debug]System.DefaultWorkingDirectory=C:\agent\_work\6\s
2022-08-29T06:58:54.4796284Z ##[debug]Deployment Failed with Error: Error: Error: Could not complete the request to remote agent URL 'https://<web-app-name>.scm.azurewebsites.net/msdeploy.axd?site=<web-app-name>'.
Error: The request was aborted: Could not create SSL/TLS secure channel.
Error count: 1.

同一代理还用于部署(使用相同的任务)到较旧的应用服务，不会出现任何问题。 工作部署和非工作部署的调试输出有一个区别

# working
-userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_426_0
# not working
-userAgent:VSTS_8cba2559-f093-44dd-97ca-eab9368422fd_build_407_0

但我不确定它控制什么以及如何控制该值，因为它再次在同一虚拟机上运行两次。

Answer 1

Error: The request was aborted: Could not create SSL/TLS secure channel.

该问题可能与自托管代理所在的虚拟机上的 TLS 版本有关。

默认情况下，.Net6 应用服务将使用 TLS1.2。您可以导航至应用服务 -> TLS/SSL 设置来检查设置。

然后您可以导航到 Azure VM 并检查 TLS1.2 是否已启用。 PowerShell script to check TLS 1.2

如果没有，您可以使用以下脚本启用TLS1.2。

If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

Write-Host 'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.' -ForegroundColor Cyan

更详细的信息，您可以引用这个文档:PowerShell script to enable TLS 1.2