title: Create an application gateway with internal redirection - Azure PowerShell | Microsoft Docs description: Learn how to create an application gateway that redirects internal web traffic to the appropriate backend pool of servers using Azure Powershell. services: application-gateway author: vhorne manager: jpconnock editor: tysonn
ms.service: application-gateway ms.devlang: na ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services ms.date: 01/23/2018 ms.author: victorh
You can use Azure Powershell to configure web traffic redirection when you create an application gateway. In this tutorial, you define a backend pool using a virtual machines scale set. You then configure listeners and rules based on domains that you own to make sure web traffic arrives at the appropriate pool. This tutorial assumes that you own multiple domains and uses examples of www.contoso.com and www.contoso.org.
In this article, you learn how to:
[!div class="checklist"]
- Set up the network
- Create an application gateway
- Add listeners and redirection rule
- Create a virtual machine scale set with the backend pool
- Create a CNAME record in your domain
If you don't have an Azure subscription, create a free account before you begin.
[!INCLUDE cloud-shell-powershell.md]
If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 3.6 or later. To find the version, run Get-Module -ListAvailable AzureRM . If you need to upgrade, see Install Azure PowerShell module. If you are running PowerShell locally, you also need to run Connect-AzureRmAccount to create a connection with Azure.
A resource group is a logical container into which Azure resources are deployed and managed. Create an Azure resource group using New-AzureRmResourceGroup.
New-AzureRmResourceGroup -Name myResourceGroupAG -Location eastus
Create the subnet configurations for myBackendSubnet and myAGSubnet using New-AzureRmVirtualNetworkSubnetConfig. Create the virtual network named myVNet using New-AzureRmVirtualNetwork with the subnet configurations. And finally, create the public IP address named myAGPublicIPAddress using New-AzureRmPublicIpAddress. These resources are used to provide network connectivity to the application gateway and its associated resources.
$backendSubnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
-Name myBackendSubnet `
-AddressPrefix 10.0.1.0/24
$agSubnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
-Name myAGSubnet `
-AddressPrefix 10.0.2.0/24
$vnet = New-AzureRmVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-Name myVNet `
-AddressPrefix 10.0.0.0/16 `
-Subnet $backendSubnetConfig, $agSubnetConfig
$pip = New-AzureRmPublicIpAddress `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-Name myAGPublicIPAddress `
-AllocationMethod Dynamic
Associate myAGSubnet that you previously created to the application gateway using New-AzureRmApplicationGatewayIPConfiguration. Assign myAGPublicIPAddress to the application gateway using New-AzureRmApplicationGatewayFrontendIPConfig. And then you can create the HTTP port using New-AzureRmApplicationGatewayFrontendPort.
$vnet = Get-AzureRmVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Name myVNet
$subnet=$vnet.Subnets[0]
$pip = Get-AzureRmPublicIpAddress `
-ResourceGroupName myResourceGroupAG `
-Name myAGPublicIPAddress
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration `
-Name myAGIPConfig `
-Subnet $subnet
$fipconfig = New-AzureRmApplicationGatewayFrontendIPConfig `
-Name myAGFrontendIPConfig `
-PublicIPAddress $pip
$frontendPort = New-AzureRmApplicationGatewayFrontendPort `
-Name myFrontendPort `
-Port 80
Create a backend pool named contosoPool for the application gateway using New-AzureRmApplicationGatewayBackendAddressPool. Configure the settings for the backend pool using New-AzureRmApplicationGatewayBackendHttpSettings.
$contosoPool = New-AzureRmApplicationGatewayBackendAddressPool `
-Name contosoPool
$poolSettings = New-AzureRmApplicationGatewayBackendHttpSettings `
-Name myPoolSettings `
-Port 80 `
-Protocol Http `
-CookieBasedAffinity Enabled `
-RequestTimeout 120
A listener is required to enable the application gateway to route traffic appropriately to the backend pool. In this tutorial, you create two listeners for your two domains. In this example, listeners are created for the domains of www.contoso.com and www.contoso.org.
Create the first listener named contosoComListener using New-AzureRmApplicationGatewayHttpListener with the frontend configuration and frontend port that you previously created. A rule is required for the listener to know which backend pool to use for incoming traffic. Create a basic rule named contosoComRule using New-AzureRmApplicationGatewayRequestRoutingRule.
$contosoComlistener = New-AzureRmApplicationGatewayHttpListener `
-Name contosoComListener `
-Protocol Http `
-FrontendIPConfiguration $fipconfig `
-FrontendPort $frontendPort `
-HostName "www.contoso.com"
$frontendRule = New-AzureRmApplicationGatewayRequestRoutingRule `
-Name contosoComRule `
-RuleType Basic `
-HttpListener $contosoComListener `
-BackendAddressPool $contosoPool `
-BackendHttpSettings $poolSettings
Now that you created the necessary supporting resources, specify parameters for the application gateway named myAppGateway using New-AzureRmApplicationGatewaySku, and then create it using New-AzureRmApplicationGateway.
$sku = New-AzureRmApplicationGatewaySku `
-Name Standard_Medium `
-Tier Standard `
-Capacity 2
$appgw = New-AzureRmApplicationGateway `
-Name myAppGateway `
-ResourceGroupName myResourceGroupAG `
-Location eastus `
-BackendAddressPools $contosoPool `
-BackendHttpSettingsCollection $poolSettings `
-FrontendIpConfigurations $fipconfig `
-GatewayIpConfigurations $gipconfig `
-FrontendPorts $frontendPort `
-HttpListeners $contosoComListener `
-RequestRoutingRules $frontendRule `
-Sku $sku
Add the listener named contosoOrgListener that's needed to redirect traffic using Add-AzureRmApplicationGatewayHttpListener.
$appgw = Get-AzureRmApplicationGateway `
-ResourceGroupName myResourceGroupAG `
-Name myAppGateway
$frontendPort = Get-AzureRmApplicationGatewayFrontendPort `
-Name myFrontendPort `
-ApplicationGateway $appgw
$ipconfig = Get-AzureRmApplicationGatewayFrontendIPConfig `
-Name myAGFrontendIPConfig `
-ApplicationGateway $appgw
Add-AzureRmApplicationGatewayHttpListener `
-ApplicationGateway $appgw `
-Name contosoOrgListener `
-Protocol Http `
-FrontendIPConfiguration $ipconfig `
-FrontendPort $frontendPort `
-HostName "www.contoso.org"
Set-AzureRmApplicationGateway -ApplicationGateway $appgw
You can configure redirection for the listener using Add-AzureRmApplicationGatewayRedirectConfiguration.
$appgw = Get-AzureRmApplicationGateway `
-ResourceGroupName myResourceGroupAG `
-Name myAppGateway
$contosoComlistener = Get-AzureRmApplicationGatewayHttpListener `
-Name contosoComListener `
-ApplicationGateway $appgw
$contosoOrglistener = Get-AzureRmApplicationGatewayHttpListener `
-Name contosoOrgListener `
-ApplicationGateway $appgw
Add-AzureRmApplicationGatewayRedirectConfiguration `
-ApplicationGateway $appgw `
-Name redirectOrgtoCom `
-RedirectType Found `
-TargetListener $contosoComListener `
-IncludePath $true `
-IncludeQueryString $true
Set-AzureRmApplicationGateway -ApplicationGateway $appgw
You can then associate the redirection configuration to a new rule named contosoOrgRule using Add-AzureRmApplicationGatewayRequestRoutingRule.
$appgw = Get-AzureRmApplicationGateway `
-ResourceGroupName myResourceGroupAG `
-Name myAppGateway
$contosoOrglistener = Get-AzureRmApplicationGatewayHttpListener `
-Name contosoOrgListener `
-ApplicationGateway $appgw
$redirectConfig = Get-AzureRmApplicationGatewayRedirectConfiguration `
-Name redirectOrgtoCom `
-ApplicationGateway $appgw
Add-AzureRmApplicationGatewayRequestRoutingRule `
-ApplicationGateway $appgw `
-Name contosoOrgRule `
-RuleType Basic `
-HttpListener $contosoOrgListener `
-RedirectConfiguration $redirectConfig
Set-AzureRmApplicationGateway -ApplicationGateway $appgw
In this example, you create a virtual machine scale set that supports the backend pool that you created. The scale set that you create is named myvmss and contains two virtual machine instances on which you install IIS. You assign the scale set to the backend pool when you configure the IP settings.
$vnet = Get-AzureRmVirtualNetwork `
-ResourceGroupName myResourceGroupAG `
-Name myVNet
$appgw = Get-AzureRmApplicationGateway `
-ResourceGroupName myResourceGroupAG `
-Name myAppGateway
$backendPool = Get-AzureRmApplicationGatewayBackendAddressPool `
-Name contosoPool `
-ApplicationGateway $appgw
$ipConfig = New-AzureRmVmssIpConfig `
-Name myVmssIPConfig `
-SubnetId $vnet.Subnets[1].Id `
-ApplicationGatewayBackendAddressPoolsId $backendPool.Id
$vmssConfig = New-AzureRmVmssConfig `
-Location eastus `
-SkuCapacity 2 `
-SkuName Standard_DS2 `
-UpgradePolicyMode Automatic
Set-AzureRmVmssStorageProfile $vmssConfig `
-ImageReferencePublisher MicrosoftWindowsServer `
-ImageReferenceOffer WindowsServer `
-ImageReferenceSku 2016-Datacenter `
-ImageReferenceVersion latest
Set-AzureRmVmssOsProfile $vmssConfig `
-AdminUsername azureuser `
-AdminPassword "Azure123456!" `
-ComputerNamePrefix myvmss
Add-AzureRmVmssNetworkInterfaceConfiguration `
-VirtualMachineScaleSet $vmssConfig `
-Name myVmssNetConfig `
-Primary $true `
-IPConfiguration $ipConfig
New-AzureRmVmss `
-ResourceGroupName myResourceGroupAG `
-Name myvmss `
-VirtualMachineScaleSet $vmssConfig
$publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/appgatewayurl.ps1");
"commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File appgatewayurl.ps1" }
$vmss = Get-AzureRmVmss -ResourceGroupName myResourceGroupAG -VMScaleSetName myvmss
Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss `
-Name "customScript" `
-Publisher "Microsoft.Compute" `
-Type "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-Setting $publicSettings
Update-AzureRmVmss `
-ResourceGroupName myResourceGroupAG `
-Name myvmss `
-VirtualMachineScaleSet $vmss
After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. You can use Get-AzureRmPublicIPAddress to get the DNS address of the application gateway. Copy the fqdn value of the DNSSettings and use it as the value of the CNAME record that you create. The use of A-records is not recommended because the VIP may change when the application gateway is restarted.
Get-AzureRmPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress
Enter your domain name into the address bar of your browser. Such as, http://www.contoso.com.
Change the address to your other domain, for example http://www.contoso.org and you should see that the traffic has been redirected back to the listener for www.contoso.com.
In this article, you learned how to:
[!div class="checklist"]
- Set up the network
- Create an application gateway
- Add listeners and redirection rule
- Create a virtual machine scale set with the backend pools
- Create a CNAME record in your domain
[!div class="nextstepaction"] Learn more about what you can do with application gateway