使用 Azure CLI 创建应用程序网关Create an application gateway by using the Azure CLI

Azure 应用程序网关是第 7 层负载均衡器。Azure Application Gateway is a layer-7 load balancer. 它在不同服务器之间提供故障转移和性能路由 HTTP 请求,而不管它们是在云中还是本地。It provides failover, performance-routing HTTP requests between different servers, whether they are on the cloud or on-premises. 应用程序网关具有下述与应用程序传送功能:HTTP 负载均衡、基于 Cookie 的会话相关性、安全套接字层 (SSL) 卸载、自定义运行状况探测,以及多站点支持。Application gateway has the following application delivery features: HTTP load balancing, cookie-based session affinity, and Secure Sockets Layer (SSL) offload, custom health probes, and support for multi-site.

先决条件:安装 Azure CLIPrerequisite: Install the Azure CLI

若要执行本文中的步骤,需安装 Azure CLI登录 AzureTo perform the steps in this article, you need to install the Azure CLI and you need to sign in Azure.

Note

如果没有 Azure 帐户,则需要注册一个。If you don't have an Azure account, you need one. 在此处注册试用版Go sign up for a trial here.

方案Scenario

在此方案中,将学习如何使用 Azure 门户创建应用程序网关。In this scenario, you learn how to create an application gateway using the Azure portal.

此方案将:This scenario will:

  • 创建包含两个实例的中型应用程序网关。Create a medium application gateway with two instances.
  • 创建名为“ContosoVNET”且包含 10.0.0.0/16 保留 CIDR 块的虚拟网络。Create a virtual network named ContosoVNET with a reserved CIDR block of 10.0.0.0/16.
  • 创建名为 subnet01 且使用 10.0.0.0/28 作为其 CIDR 块的子网。Create a subnet called subnet01 that uses 10.0.0.0/28 as its CIDR block.

Note

针对应用程序网关进行的其他配置(包括自定义运行状况探测、后端池地址以及其他规则)是在对应用程序网关配置以后配置的,不是在初始部署期间配置的。Additional configuration of the application gateway, including custom health probes, backend pool addresses, and additional rules are configured after the application gateway is configured and not during initial deployment.

准备阶段Before you begin

Azure 应用程序网关需要自己的子网。Azure Application Gateway requires its own subnet. 在创建虚拟网络时,请确保保留足够的地址空间,以便设置多个子网。When creating a virtual network, ensure that you leave enough address space to have multiple subnets. 将应用程序网关部署到子网后,只能向该子网添加其他应用程序网关。Once you deploy an application gateway to a subnet, only additional application gateways are able to be added to the subnet.

登录 AzureSign in to Azure

打开 Azure 命令提示符并登录。Open the Azure Command Prompt, and sign in.

azure login -e AzureChinaCloud

键入前述示例后,会提供代码。Once you type the preceding example, a code is provided. 在浏览器中导航到 https://aka.ms/deviceloginchina,继续登录过程。Navigate to https://aka.ms/deviceloginchina in a browser to continue the sign on process.

显示设备登录信息的 cmd

在浏览器中,输入收到的代码。In the browser, enter the code you received. 将重定向至登录页。You are redirected to a sign-in page.

用于输入代码的浏览器

输入代码后即已登录,关闭浏览器以继续完成方案。Once the code has been entered you are signed in, close the browser to continue on with the scenario.

已成功登录

切换到 Resource Manager 模式Switch to Resource Manager Mode

azure config mode arm

创建资源组Create the resource group

在创建应用程序网关前,会创建资源组以包含应用程序网关。Before creating the application gateway, a resource group is created to contain the application gateway. 以下显示该命令。The following shows the command.

azure group create `
--name ContosoRG `
--location chinanorth

创建虚拟网络Create a virtual network

创建资源组后,会为应用程序网关创建虚拟网络。Once the resource group is created, a virtual network is created for the application gateway. 在以下示例中,地址空间为前述方案说明中定义的 10.0.0.0/16。In the following example, the address space was as 10.0.0.0/16 as defined in the preceding scenario notes.

azure network vnet create `
--name ContosoVNET `
--address-prefixes 10.0.0.0/16 `
--resource-group ContosoRG `
--location chinanorth

创建子网Create a subnet

创建虚拟网络后,会为应用程序网关添加子网。After the virtual network is created, a subnet is added for the application gateway. 如果计划搭配使用应用程序网关和与其在同一虚拟网络中托管的 Web 应用,请确保为其他子网留出足够的空间。If you plan to use application gateway with a web app hosted in the same virtual network as the application gateway, be sure to leave enough room for another subnet.

azure network vnet subnet create `
--resource-group ContosoRG `
--name subnet01 `
--vnet-name ContosoVNET `
--address-prefix 10.0.0.0/28 

创建应用程序网关Create the application gateway

创建虚拟网络和子网后,即已满足应用程序网关的先决条件。Once the virtual network and subnet are created, the pre-requisites for the application gateway are complete. 此外,以下步骤还需要之前导出的 .pfx 证书和证书密码:用于后端的 IP 地址是后端服务器的 IP 地址。Additionally a previously exported .pfx certificate and the password for the certificate are required for the following step: The IP addresses used for the backend are the IP addresses for your backend server. 这些值可以是虚拟网络中的专用 IP、公共 IP 或后端服务器的完全限定域名。These values can be either private IPs in the virtual network, public ips, or fully qualified domain names for your backend servers.

azure network application-gateway create `
--name AdatumAppGateway `
--location chinanorth `
--resource-group ContosoRG `
--vnet-name ContosoVNET `
--subnet-name subnet01 `
--servers 134.170.185.46,134.170.188.221,134.170.185.50 `
--capacity 2 `
--sku-tier Standard `
--routing-rule-type Basic `
--frontend-port 80 `
--http-settings-cookie-based-affinity Enabled `
--http-settings-port 80 `
--http-settings-protocol http `
--frontend-port http `
--sku-name Standard_Medium

Note

如需在创建过程中能够提供的参数的列表,请运行以下命令: azure network application-gateway create --helpFor a list of parameters that can be provided during creation run the following command: azure network application-gateway create --help.

此示例会创建基本的应用程序网关,提供的默认设置适用于侦听器、后端池、后端 http 设置以及规则。This example creates a basic application gateway with default settings for the listener, backend pool, backend http settings, and rules. 预配成功后,即可根据部署修改这些设置。You can modify these settings to suit your deployment once the provisioning is successful. 如果在之前的步骤中已使用后端池定义 Web 应用程序,则在创建后,负载均衡即会开始。If you already have your web application defined with the backend pool in the preceding steps, once created, load balancing begins.

后续步骤Next steps

访问创建自定义运行状况探测,了解如何创建自定义运行状况探测Learn how to create custom health probes by visiting Create a custom health probe

访问 配置 SSL 卸载Learn how to configure SSL Offloading and take the costly SSL decryption off your web servers by visiting Configure SSL Offload