Nota
El acceso a esta página requiere autorización. Puede intentar iniciar sesión o cambiar directorios.
El acceso a esta página requiere autorización. Puede intentar cambiar los directorios.
本快速入门中将使用 Bicep 创建一个 Azure 应用程序网关。 然后,我们对应用程序网关进行测试,确保其正常运行。 此示例中使用了标准 v2 SKU。
Bicep 是一种特定于域的语言 (DSL),使用声明性语法来部署 Azure 资源。 它提供简明的语法、可靠的类型安全性以及对代码重用的支持。 Bicep 会针对你的 Azure 基础结构即代码解决方案提供最佳创作体验。
Nota
应用程序网关前端现在支持双堆栈 IP 地址(预览版)。 现在,可以创建最多四个前端 IP 地址:两个 IPv4 地址(公共和专用)和两个 IPv6 地址(公共和专用)。
- 具有活动订阅的 Azure 帐户。 创建帐户。
此 Bicep 文件创建了一个简单的设置,其中包含带有公共前端 IP 地址的简单设置、一个在应用程序网关上托管单个站点的基本侦听器、一个基本请求路由规则,以及后端池中的两台虚拟机。
本快速入门中使用的 Bicep 文件来自 Azure 快速入门模板
@description('Admin username for the backend servers')
param adminUsername string
@description('Password for the admin account on the backend servers')
@secure()
param adminPassword string
@description('Location for all resources.')
param location string = resourceGroup().location
@description('Size of the virtual machine.')
param vmSize string = 'Standard_B2ms'
var virtualMachineName = 'myVM'
var virtualNetworkName = 'myVNet'
var networkInterfaceName = 'net-int'
var ipconfigName = 'ipconfig'
var publicIPAddressName = 'public_ip'
var nsgName = 'vm-nsg'
var applicationGateWayName = 'myAppGateway'
var virtualNetworkPrefix = '10.0.0.0/16'
var subnetPrefix = '10.0.0.0/24'
var backendSubnetPrefix = '10.0.1.0/24'
resource nsg 'Microsoft.Network/networkSecurityGroups@2023-09-01' = [for i in range(0, 2): {
name: '${nsgName}${i + 1}'
location: location
properties: {
securityRules: [
{
name: 'RDP'
properties: {
protocol: 'Tcp'
sourcePortRange: '*'
destinationPortRange: '3389'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
access: 'Allow'
priority: 300
direction: 'Inbound'
}
}
]
}
}]
resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-09-01' = [for i in range(0, 3): {
name: '${publicIPAddressName}${i}'
location: location
sku: {
name: 'Standard'
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
idleTimeoutInMinutes: 4
}
}]
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-09-01' = {
name: virtualNetworkName
location: location
properties: {
addressSpace: {
addressPrefixes: [
virtualNetworkPrefix
]
}
subnets: [
{
name: 'myAGSubnet'
properties: {
addressPrefix: subnetPrefix
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
}
{
name: 'myBackendSubnet'
properties: {
addressPrefix: backendSubnetPrefix
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
}
]
enableDdosProtection: false
enableVmProtection: false
}
}
resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-09-01' = [for i in range(0, 2): {
name: '${virtualMachineName}${i + 1}'
location: location
properties: {
hardwareProfile: {
vmSize: vmSize
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2016-Datacenter'
version: 'latest'
}
osDisk: {
osType: 'Windows'
createOption: 'FromImage'
caching: 'ReadWrite'
managedDisk: {
storageAccountType: 'StandardSSD_LRS'
}
diskSizeGB: 127
}
}
osProfile: {
computerName: '${virtualMachineName}${i + 1}'
adminUsername: adminUsername
adminPassword: adminPassword
windowsConfiguration: {
provisionVMAgent: true
enableAutomaticUpdates: true
}
allowExtensionOperations: true
}
networkProfile: {
networkInterfaces: [
{
id: resourceId('Microsoft.Network/networkInterfaces', '${networkInterfaceName}${i + 1}')
}
]
}
}
dependsOn: [
networkInterface
]
}]
resource virtualMachine_IIS 'Microsoft.Compute/virtualMachines/extensions@2023-09-01' = [for i in range(0, 2): {
name: '${virtualMachineName}${(i + 1)}/IIS'
location: location
properties: {
autoUpgradeMinorVersion: true
publisher: 'Microsoft.Compute'
type: 'CustomScriptExtension'
typeHandlerVersion: '1.4'
settings: {
commandToExecute: 'powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path "C:\\inetpub\\wwwroot\\Default.htm" -Value $($env:computername)'
}
}
dependsOn: [
virtualMachine
]
}]
resource applicationGateWay 'Microsoft.Network/applicationGateways@2023-09-01' = {
name: applicationGateWayName
location: location
properties: {
sku: {
name: 'Standard_v2'
tier: 'Standard_v2'
}
gatewayIPConfigurations: [
{
name: 'appGatewayIpConfig'
properties: {
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, 'myAGSubnet')
}
}
}
]
frontendIPConfigurations: [
{
name: 'appGwPublicFrontendIp'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: resourceId('Microsoft.Network/publicIPAddresses', '${publicIPAddressName}0')
}
}
}
]
frontendPorts: [
{
name: 'port_80'
properties: {
port: 80
}
}
]
backendAddressPools: [
{
name: 'myBackendPool'
properties: {}
}
]
backendHttpSettingsCollection: [
{
name: 'myHTTPSetting'
properties: {
port: 80
protocol: 'Http'
cookieBasedAffinity: 'Disabled'
pickHostNameFromBackendAddress: false
requestTimeout: 20
}
}
]
httpListeners: [
{
name: 'myListener'
properties: {
frontendIPConfiguration: {
id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', applicationGateWayName, 'appGwPublicFrontendIp')
}
frontendPort: {
id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', applicationGateWayName, 'port_80')
}
protocol: 'Http'
requireServerNameIndication: false
}
}
]
requestRoutingRules: [
{
name: 'myRoutingRule'
properties: {
ruleType: 'Basic'
priority: 1
httpListener: {
id: resourceId('Microsoft.Network/applicationGateways/httpListeners', applicationGateWayName, 'myListener')
}
backendAddressPool: {
id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGateWayName, 'myBackendPool')
}
backendHttpSettings: {
id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', applicationGateWayName, 'myHTTPSetting')
}
}
}
]
enableHttp2: false
autoscaleConfiguration: {
minCapacity: 0
maxCapacity: 10
}
}
dependsOn: [
virtualNetwork
publicIPAddress[0]
]
}
resource networkInterface 'Microsoft.Network/networkInterfaces@2023-09-01' = [for i in range(0, 2): {
name: '${networkInterfaceName}${i + 1}'
location: location
properties: {
ipConfigurations: [
{
name: '${ipconfigName}${i + 1}'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: resourceId('Microsoft.Network/publicIPAddresses', '${publicIPAddressName}${i + 1}')
}
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, 'myBackendSubnet')
}
primary: true
privateIPAddressVersion: 'IPv4'
applicationGatewayBackendAddressPools: [
{
id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGateWayName, 'myBackendPool')
}
]
}
}
]
enableAcceleratedNetworking: false
enableIPForwarding: false
networkSecurityGroup: {
id: resourceId('Microsoft.Network/networkSecurityGroups', '${nsgName}${i + 1}')
}
}
dependsOn: [
publicIPAddress
applicationGateWay
nsg
]
}]
output location string = location
output name string = applicationGateWay.name
output resourceGroupName string = resourceGroup().name
output resourceId string = applicationGateWay.id
Sugerencia
可以在 resource\applicationGateWay\properties\sku
下修改 Name
和 Tier
参数的值以使用不同的 SKU。 例如:Basic
。
该 Bicep 文件中定义了多个 Azure 资源:
- Microsoft.Network/applicationgateways
- Microsoft.Network/publicIPAddresses:一个用于应用程序网关,两个用于虚拟机。
- Microsoft.Network/networkSecurityGroups
- Microsoft.Network/virtualNetworks
- Microsoft.Compute/virtualMachines:两个虚拟机
- Microsoft.Network/networkInterfaces:两个用于虚拟机
- Microsoft.Compute/virtualMachine/extensions:用于配置 IIS 和网页
将该 Bicep 文件另存为本地计算机上的 main.bicep。
使用 Azure CLI 或 Azure PowerShell 来部署该 Bicep 文件。
az group create --name myResourceGroupAG --location chinanorth2 az deployment group create --resource-group myResourceGroupAG --template-file main.bicep --parameters adminUsername=<admin-username>
Nota
将 <admin-username> 替换为后端服务器的管理员用户名。 系统还会提示输入 adminPassword。
部署完成后,应会看到一条指出部署成功的消息。
使用 Azure 门户、Azure CLI 或 Azure PowerShell 列出资源组中已部署的资源。
az resource list --resource-group myResourceGroupAG
如果不再需要资源组及其资源,请使用 Azure 门户、Azure CLI 或 Azure PowerShell 将其删除。
az group delete --name myResourceGroupAG