| title | description | services | author | manager | editor | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create an application gateway with internal redirection - Azure CLI | Microsoft Docs |
Learn how to create an application gateway that redirects internal web traffic to the appropriate pool using the Azure CLI. |
application-gateway |
vhorne |
jpconnock |
tysonn |
application-gateway |
na |
article |
na |
infrastructure-services |
7/14/2018 |
victorh |
You can use the Azure CLI to configure web traffic redirection when you create an application gateway. In this tutorial, you create a backend pool using a virtual machines scale set. You then configure listeners and rules based on domains that you own to make sure web traffic arrives at the appropriate pool. This tutorial assumes that you own multiple domains and uses examples of www.contoso.com and www.contoso.org.
In this article, you learn how to:
[!div class="checklist"]
- Set up the network
- Create an application gateway
- Add listeners and redirection rule
- Create a virtual machine scale set with the backend pool
- Create a CNAME record in your domain
If you don't have an Azure subscription, create a free account before you begin.
[!INCLUDE cloud-shell-try-it.md]
If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. To find the version, run az --version. If you need to install or upgrade, see Install Azure CLI.
A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using az group create.
The following example creates a resource group named myResourceGroupAG in the eastus location.
az group create --name myResourceGroupAG --location eastus
Create the virtual network named myVNet and the subnet named myAGSubnet using az network vnet create. You can then add the subnet named myBackendSubnet that's needed by the backend pool of servers using az network vnet subnet create. Create the public IP address named myAGPublicIPAddress using az network public-ip create.
az network vnet create \
--name myVNet \
--resource-group myResourceGroupAG \
--location eastus \
--address-prefix 10.0.0.0/16 \
--subnet-name myAGSubnet \
--subnet-prefix 10.0.1.0/24
az network vnet subnet create \
--name myBackendSubnet \
--resource-group myResourceGroupAG \
--vnet-name myVNet \
--address-prefix 10.0.2.0/24
az network public-ip create \
--resource-group myResourceGroupAG \
--name myAGPublicIPAddress
You can use az network application-gateway create to create the application gateway named myAppGateway. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to myAGSubnet and myAGPublicIPAddress that you previously created.
az network application-gateway create \
--name myAppGateway \
--location eastus \
--resource-group myResourceGroupAG \
--vnet-name myVNet \
--subnet myAGsubnet \
--capacity 2 \
--sku Standard_Medium \
--http-settings-cookie-based-affinity Disabled \
--frontend-port 80 \
--http-settings-port 80 \
--http-settings-protocol Http \
--public-ip-address myAGPublicIPAddress
It may take several minutes for the application gateway to be created. After the application gateway is created, you can see these new features of it:
- appGatewayBackendPool - An application gateway must have at least one backend address pool.
- appGatewayBackendHttpSettings - Specifies that port 80 and an HTTP protocol is used for communication.
- appGatewayHttpListener - The default listener associated with appGatewayBackendPool.
- appGatewayFrontendIP - Assigns myAGPublicIPAddress to appGatewayHttpListener.
- rule1 - The default routing rule that is associated with appGatewayHttpListener.
A listener is required to enable the application gateway to route traffic appropriately to the backend pool. In this tutorial, you create two listeners for your two domains. In this example, listeners are created for the domains of www.contoso.com and www.contoso.org.
Add the backend listeners that are needed to route traffic using az network application-gateway http-listener create.
az network application-gateway http-listener create \
--name contosoComListener \
--frontend-ip appGatewayFrontendIP \
--frontend-port appGatewayFrontendPort \
--resource-group myResourceGroupAG \
--gateway-name myAppGateway \
--host-name www.contoso.com
az network application-gateway http-listener create \
--name contosoOrgListener \
--frontend-ip appGatewayFrontendIP \
--frontend-port appGatewayFrontendPort \
--resource-group myResourceGroupAG \
--gateway-name myAppGateway \
--host-name www.contoso.org
Add the redirection configuration that sends traffic from www.consoto.org to the listener for www.contoso.com in the application gateway using az network application-gateway redirect-config create.
az network application-gateway redirect-config create \
--name orgToCom \
--gateway-name myAppGateway \
--resource-group myResourceGroupAG \
--type Permanent \
--target-listener contosoComListener \
--include-path true \
--include-query-string true
Rules are processed in the order in which they are created, and traffic is directed using the first rule that matches the URL sent to the application gateway. The default basic rule that was created is not needed in this tutorial. In this example, you create two new rules named contosoComRule and contosoOrgRule and delete the default rule that was created. You can add the rules using az network application-gateway rule create.
az network application-gateway rule create \
--gateway-name myAppGateway \
--name contosoComRule \
--resource-group myResourceGroupAG \
--http-listener contosoComListener \
--rule-type Basic \
--address-pool appGatewayBackendPool
az network application-gateway rule create \
--gateway-name myAppGateway \
--name contosoOrgRule \
--resource-group myResourceGroupAG \
--http-listener contosoOrgListener \
--rule-type Basic \
--redirect-config orgToCom
az network application-gateway rule delete \
--gateway-name myAppGateway \
--name rule1 \
--resource-group myResourceGroupAG
In this example, you create a virtual machine scale set that supports the default backend pool that was created. The scale set that you create is named myvmss and contains two virtual machine instances on which you install NGINX.
az vmss create \
--name myvmss \
--resource-group myResourceGroupAG \
--image UbuntuLTS \
--admin-username azureuser \
--admin-password Azure123456! \
--instance-count 2 \
--vnet-name myVNet \
--subnet myBackendSubnet \
--vm-sku Standard_DS2 \
--upgrade-policy-mode Automatic \
--app-gateway myAppGateway \
--backend-pool-name appGatewayBackendPool
az vmss extension set \
--publisher Microsoft.Azure.Extensions \
--version 2.0 \
--name CustomScript \
--resource-group myResourceGroupAG \
--vmss-name myvmss \
--settings '{ "fileUris": ["https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/install_nginx.sh"],
"commandToExecute": "./install_nginx.sh" }'
After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use az network public-ip show to get the DNS address of the application gateway. Copy the fqdn value of the DNSSettings and use it as the value of the CNAME record that you create. The use of A-records is not recommended because the VIP may change when the application gateway is restarted.
az network public-ip show \
--resource-group myResourceGroupAG \
--name myAGPublicIPAddress \
--query [dnsSettings.fqdn] \
--output tsv
Enter your domain name into the address bar of your browser. Such as, http://www.contoso.com.
Change the address to your other domain, for example http://www.contoso.org and you should see that the traffic has been redirected back to the listener for www.contoso.com.
In this tutorial, you learned how to:
[!div class="checklist"]
- Set up the network
- Create an application gateway
- Add listeners and redirection rule
- Create a virtual machine scale set with the backend pool
- Create a CNAME record in your domain
[!div class="nextstepaction"] Learn more about what you can do with application gateway