使用适用于 Azure Resource Manager 的 PowerShell 创建 Azure 应用程序网关的自定义探测Create a custom probe for Azure Application Gateway by using PowerShell for Azure Resource Manager

在本文中,将使用 PowerShell 向现有应用程序网关添加自定义探测。In this article, you add a custom probe to an existing application gateway with PowerShell. 如果应用程序包含特定运行状况检查页面。或者未在默认 Web 应用程序上提供成功的响应,那么它们非常适合使用自定义探测。Custom probes are useful for applications that have a specific health check page or for applications that do not provide a successful response on the default web application.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

先决条件:安装 Azure PowerShell 模块Prerequisite: Install the Azure PowerShell module

若要执行本文中的步骤,需要安装和配置 Azure PowerShell 模块To perform the steps in this article, you need to install and configure the Azure PowerShell module. 请务必完成所有指令。Be sure to complete all of the instructions. 安装完成后,请登录到 Azure,然后选择订阅。After the installation is finished, sign in to Azure and select your subscription.

Note

需要一个 Azure 帐户来完成这些步骤。You need an Azure account to complete these steps. 如果没有 Azure 帐户,可以注册试用帐户If you don't have an Azure account, you can sign up for a trial account.

创建使用自定义探测的应用程序网关Create an application gateway with a custom probe

登录并创建资源组Sign in and create resource group

  1. 使用 Connect-AzAccount -Environment AzureChinaCloud 进行身份验证。Use Connect-AzAccount -Environment AzureChinaCloud to authenticate.

    Connect-AzAccount -Environment AzureChinaCloud
    
  2. 获取该帐户的订阅。Get the subscriptions for the account.

    Get-AzSubscription
    
  3. 选择要使用的 Azure 订阅。Choose which of your Azure subscriptions to use.

    Select-AzSubscription -Subscriptionid '{subscriptionGuid}'
    
  4. 创建资源组。Create a resource group. 如果已有资源组,可跳过此步骤。You can skip this step if you have an existing resource group.

    New-AzResourceGroup -Name appgw-rg -Location 'China North'
    

Azure Resource Manager 要求所有资源组指定一个位置。Azure Resource Manager requires that all resource groups specify a location. 此位置用作该资源组中的资源的默认位置。This location is used as the default location for resources in that resource group. 请确保用于创建应用程序网关的所有命令都使用相同的资源组。Make sure that all commands to create an application gateway use the same resource group.

在上述示例中,我们在位置“中国北部”创建了名为“appgw-RG”的资源组。In the preceding example, we created a resource group called appgw-RG in location China North.

创建虚拟网络和子网Create a virtual network and a subnet

以下示例将为应用程序网关创建虚拟网络和子网。The following example creates a virtual network and a subnet for the application gateway. 应用程序网关需要具有自己的子网才可供使用。Application gateway requires its own subnet for use. 为此,为应用程序网关创建的子网应小于 VNET 的地址空间,以便创建和使用其他子网。For this reason, the subnet created for the application gateway should be smaller than the address space of the VNET to allow for other subnets to be created and used.

# Assign the address range 10.0.0.0/24 to a subnet variable to be used to create a virtual network.
$subnet = New-AzVirtualNetworkSubnetConfig -Name subnet01 -AddressPrefix 10.0.0.0/24

# Create a virtual network named appgwvnet in resource group appgw-rg for the China North region using the prefix 10.0.0.0/16 with subnet 10.0.0.0/24.
$vnet = New-AzVirtualNetwork -Name appgwvnet -ResourceGroupName appgw-rg -Location 'China North' -AddressPrefix 10.0.0.0/16 -Subnet $subnet

# Assign a subnet variable for the next steps, which create an application gateway.
$subnet = $vnet.Subnets[0]

创建前端配置的公共 IP 地址Create a public IP address for the front-end configuration

在中国北部区域的 appgw-rg 资源组中创建公共 IP 资源 publicIP01Create a public IP resource publicIP01 in resource group appgw-rg for the China North region. 此示例使用公共 IP 地址作为应用程序网关的前端 IP 地址。This example uses a public IP address for the front-end IP address of the application gateway. 应用程序网关要求公共 IP 地址具有动态创建的 DNS 名称,因此在公共 IP 地址创建过程中不能指定 -DomainNameLabelApplication gateway requires the public IP address to have a dynamically created DNS name therefore the -DomainNameLabel cannot be specified during the creation of the public IP address.

$publicip = New-AzPublicIpAddress -ResourceGroupName appgw-rg -Name publicIP01 -Location 'China North' -AllocationMethod Dynamic

创建应用程序网关Create an application gateway

在创建应用程序网关之前设置所有配置项。You set up all configuration items before creating the application gateway. 以下示例将创建应用程序网关资源所需的配置项。The following example creates the configuration items that are needed for an application gateway resource.

组件Component 说明Description
网关 IP 配置Gateway IP configuration 应用程序网关的 IP 配置。An IP configuration for an application gateway.
后端池Backend pool 由 IP 地址、FQDN 或 NIC 组成的池,这些池成员供托管 Web 应用程序的应用程序服务器使用A pool of IP addresses, FQDN's, or NICs that are to the application servers that host the web application
运行状况探测Health probe 用于监视后端池成员运行状况的自定义探测A custom probe used to monitor the health of the backend pool members
HTTP 设置HTTP settings 端口、协议、基于 cookie 的相关性、探测和超时等一系列设置。A collection of settings including, port, protocol, cookie-based affinity, probe, and timeout. 这些设置决定将流量路由到后端池成员的方式These settings determine how traffic is routed to the backend pool members
前端端口Frontend port 应用程序网关在该端口上侦听流量The port that the application gateway listens for traffic on
侦听器Listener 协议、前端 IP 配置和前端端口的组合。A combination of a protocol, frontend IP configuration, and frontend port. 侦听器用于侦听传入请求。This is what listens for incoming requests.
规则Rule 基于 HTTP 设置将流量路由到相应的后端。Routes the traffic to the appropriate backend based on HTTP settings.
# Creates an application gateway Frontend IP configuration named gatewayIP01
$gipconfig = New-AzApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $subnet

#Creates a back-end IP address pool named pool01 with IP addresses 134.170.185.46, 134.170.188.221, 134.170.185.50.
$pool = New-AzApplicationGatewayBackendAddressPool -Name pool01 -BackendIPAddresses 134.170.185.46, 134.170.188.221, 134.170.185.50

# Creates a probe that will check health at http://contoso.com/path/path.htm
$probe = New-AzApplicationGatewayProbeConfig -Name probe01 -Protocol Http -HostName 'contoso.com' -Path '/path/path.htm' -Interval 30 -Timeout 120 -UnhealthyThreshold 8

# Creates the backend http settings to be used. This component references the $probe created in the previous command.
$poolSetting = New-AzApplicationGatewayBackendHttpSettings -Name poolsetting01 -Port 80 -Protocol Http -CookieBasedAffinity Disabled -Probe $probe -RequestTimeout 80

# Creates a frontend port for the application gateway to listen on port 80 that will be used by the listener.
$fp = New-AzApplicationGatewayFrontendPort -Name frontendport01 -Port 80

# Creates a frontend IP configuration. This associates the $publicip variable defined previously with the front-end IP that will be used by the listener.
$fipconfig = New-AzApplicationGatewayFrontendIPConfig -Name fipconfig01 -PublicIPAddress $publicip

# Creates the listener. The listener is a combination of protocol and the frontend IP configuration $fipconfig and frontend port $fp created in previous steps.
$listener = New-AzApplicationGatewayHttpListener -Name listener01  -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fp

# Creates the rule that routes traffic to the backend pools.  In this example we create a basic rule that uses the previous defined http settings and backend address pool.  It also associates the listener to the rule
$rule = New-AzApplicationGatewayRequestRoutingRule -Name rule01 -RuleType Basic -BackendHttpSettings $poolSetting -HttpListener $listener -BackendAddressPool $pool

# Sets the SKU of the application gateway, in this example we create a small standard application gateway with 2 instances.
$sku = New-AzApplicationGatewaySku -Name Standard_Small -Tier Standard -Capacity 2

# The final step creates the application gateway with all the previously defined components.
$appgw = New-AzApplicationGateway -Name appgwtest -ResourceGroupName appgw-rg -Location 'China North' -BackendAddressPools $pool -Probes $probe -BackendHttpSettingsCollection $poolSetting -FrontendIpConfigurations $fipconfig  -GatewayIpConfigurations $gipconfig -FrontendPorts $fp -HttpListeners $listener -RequestRoutingRules $rule -Sku $sku

将探测添加到现有应用程序网关Add a probe to an existing application gateway

以下代码片段将向现有应用程序网关添加探测。The following code snippet adds a probe to an existing application gateway.

# Load the application gateway resource into a PowerShell variable by using Get-AzApplicationGateway.
$getgw =  Get-AzApplicationGateway -Name appgwtest -ResourceGroupName appgw-rg

# Create the probe object that will check health at http://contoso.com/path/path.htm
$getgw = Add-AzApplicationGatewayProbeConfig -ApplicationGateway $getgw -Name probe01 -Protocol Http -HostName 'contoso.com' -Path '/path/custompath.htm' -Interval 30 -Timeout 120 -UnhealthyThreshold 8

# Set the backend HTTP settings to use the new probe
$getgw = Set-AzApplicationGatewayBackendHttpSettings -ApplicationGateway $getgw -Name $getgw.BackendHttpSettingsCollection.name -Port 80 -Protocol Http -CookieBasedAffinity Disabled -Probe $probe -RequestTimeout 120

# Save the application gateway with the configuration changes
Set-AzApplicationGateway -ApplicationGateway $getgw

从现有应用程序网关中删除探测Remove a probe from an existing application gateway

以下代码片段将从现有应用程序网关删除探测。The following code snippet removes a probe from an existing application gateway.

# Load the application gateway resource into a PowerShell variable by using Get-AzApplicationGateway.
$getgw =  Get-AzApplicationGateway -Name appgwtest -ResourceGroupName appgw-rg

# Remove the probe from the application gateway configuration object
$getgw = Remove-AzApplicationGatewayProbeConfig -ApplicationGateway $getgw -Name $getgw.Probes.name

# Set the backend HTTP settings to remove the reference to the probe. The backend http settings now use the default probe
$getgw = Set-AzApplicationGatewayBackendHttpSettings -ApplicationGateway $getgw -Name $getgw.BackendHttpSettingsCollection.name -Port 80 -Protocol http -CookieBasedAffinity Disabled

# Save the application gateway with the configuration changes
Set-AzApplicationGateway -ApplicationGateway $getgw

获取应用程序网关 DNS 名称Get application gateway DNS name

创建网关后,下一步是配置用于通信的前端。Once the gateway is created, the next step is to configure the front end for communication. 使用公共 IP 时,应用程序网关需要动态分配的 DNS 名称,这会造成不方便。When using a public IP, application gateway requires a dynamically assigned DNS name, which is not friendly. 若要确保最终用户可以访问应用程序网关,可以使用 CNAME 记录以指向应用程序网关的公共终结点。To ensure end users can hit the application gateway a CNAME record can be used to point to the public endpoint of the application gateway. 在 Azure 中配置自定义域名Configuring a custom domain name for in Azure. 为此,可使用附加到应用程序网关的 PublicIPAddress 元素检索应用程序网关及其关联的 IP/DNS 名称的详细信息。To do this, retrieve details of the application gateway and its associated IP/DNS name using the PublicIPAddress element attached to the application gateway. 应使用应用程序网关的 DNS 名称来创建 CNAME 记录,使两个 Web 应用程序都指向此 DNS 名称。The application gateway's DNS name should be used to create a CNAME record, which points the two web applications to this DNS name. 不建议使用 A 记录,因为重新启动应用程序网关后 VIP 可能会变化。The use of A-records is not recommended since the VIP may change on restart of application gateway.

Get-AzPublicIpAddress -ResourceGroupName appgw-RG -Name publicIP01
Name                     : publicIP01
ResourceGroupName        : appgw-RG
Location                 : chinanorth
Id                       : /subscriptions/<subscription_id>/resourceGroups/appgw-RG/providers/Microsoft.Network/publicIPAddresses/publicIP01
Etag                     : W/"00000d5b-54ed-4907-bae8-99bd5766d0e5"
ResourceGuid             : 00000000-0000-0000-0000-000000000000
ProvisioningState        : Succeeded
Tags                     : 
PublicIpAllocationMethod : Dynamic
IpAddress                : xx.xx.xxx.xx
PublicIpAddressVersion   : IPv4
IdleTimeoutInMinutes     : 4
IpConfiguration          : {
                                "Id": "/subscriptions/<subscription_id>/resourceGroups/appgw-RG/providers/Microsoft.Network/applicationGateways/appgwtest/frontendIP
                            Configurations/frontend1"
                            }
DnsSettings              : {
                                "Fqdn": "00000000-0000-xxxx-xxxx-xxxxxxxxxxxx.chinacloudapp.cn"
                            }

后续步骤Next steps

访问以下文档,了解如何配置 SSL 卸载:配置 SSL 卸载Learn to configure SSL offloading by visiting: Configure SSL Offload