应用程序网关配置概述Application Gateway configuration overview

Azure 应用程序网关由多个组件构成,可根据不同的方案以不同的方式配置这些组件。Azure Application Gateway consists of several components that you can configure in various ways for different scenarios. 本文将会介绍如何配置每个组件。This article shows you how to configure each component.

应用程序网关组件流程图

此图演示了包含三个侦听器的应用程序。This image illustrates an application that has three listeners. 前两个侦听器是分别用于 http://acme.com/*http://fabrikam.com/* 的多站点侦听器,The first two are multi-site listeners for http://acme.com/* and http://fabrikam.com/*, respectively. 两者在端口 80 上侦听。Both listen on port 80. 第三个侦听器是支持端到端传输层安全性 (TLS) 终止(前称为“安全套接字层 (SSL) 终止”)的基本侦听器。The third is a basic listener that has end-to-end Transport Layer Security (TLS) termination, previously known as Secure Sockets Layer (SSL) termination.

基础结构Infrastructure

应用程序网关基础结构包括虚拟网络、子网、网络安全组和用户定义路由。The Application Gateway infrastructure includes the virtual network, subnets, network security groups, and user defined routes.

有关详细信息,请参阅应用程序网关基础结构配置For more information, see Application Gateway infrastructure configuration.

前端 IP 地址Front-end IP address

可将应用程序网关配置为使用公共 IP 地址和/或专用 IP 地址。You can configure the application gateway to have a public IP address, a private IP address, or both. 托管需要由客户端在 Internet 中通过面向 Internet 的虚拟 IP (VIP) 访问的后端时,必须使用公共 IP。A public IP is required when you host a back end that clients must access over the Internet via an Internet-facing virtual IP (VIP).

有关详细信息,请参阅应用程序网关前端 IP 地址配置For more information, see Application Gateway front-end IP address configuration.

侦听器Listeners

侦听器是一个逻辑实体,它可以使用端口、协议、主机和 IP 地址检查传入的连接请求。A listener is a logical entity that checks for incoming connection requests by using the port, protocol, host, and IP address. 配置侦听器时,必须输入与网关上传入请求中的对应值相匹配的值。When you configure the listener, you must enter values for these that match the corresponding values in the incoming request on the gateway.

有关详细信息,请参阅应用程序网关侦听器配置For more information, see Application Gateway listener configuration.

请求路由规则Request routing rules

使用 Azure 门户创建应用程序网关时,可创建一个默认规则 (rule1)。When you create an application gateway by using the Azure portal, you create a default rule (rule1). 此规则会将默认侦听器 (appGatewayHttpListener) 绑定到默认后端池 (appGatewayBackendPool) 和默认后端 HTTP 设置 (appGatewayBackendHttpSettings)。This rule binds the default listener (appGatewayHttpListener) with the default back-end pool (appGatewayBackendPool) and the default back-end HTTP settings (appGatewayBackendHttpSettings). 创建网关后,可以编辑该默认规则的设置,或创建新的规则。After you create the gateway, you can edit the settings of the default rule or create new rules.

有关详细信息,请参阅应用程序网关请求传递规则For more information, see Application Gateway request routing rules.

HTTP 设置HTTP settings

应用程序网关使用此处指定的配置将流量路由到后端服务器。The application gateway routes traffic to the back-end servers by using the configuration that you specify here. 创建 HTTP 设置后,必须将其关联到一个或多个请求路由规则。After you create an HTTP setting, you must associate it with one or more request-routing rules.

有关详细信息,请参阅应用程序网关 HTTP 设置配置For more information, see Application Gateway HTTP settings configuration.

后端池Back-end pool

可将后端池指向四种类型的后端成员:特定的虚拟机、虚拟机规模集、IP 地址/FQDN 或应用服务。You can point a back-end pool to four types of backend members: a specific virtual machine, a virtual machine scale set, an IP address/FQDN, or an app service.

创建后端池后,必须将其关联到一个或多个请求路由规则。After you create a back-end pool, you must associate it with one or more request-routing rules. 此外,必须为应用程序网关上的每个后端池配置运行状况探测。You must also configure health probes for each back-end pool on your application gateway. 满足请求路由规则条件时,应用程序网关会将流量转发到相应后端池中正常运行的服务器(是否正常由运行状况探测决定)。When a request-routing rule condition is met, the application gateway forwards the traffic to the healthy servers (as determined by the health probes) in the corresponding back-end pool.

运行状况探测Health probes

应用程序网关默认会监视其后端中所有资源的运行状况。An application gateway monitors the health of all resources in its back end by default. 但是,我们强烈建议为每个后端 HTTP 设置创建一个自定义探测,以便更好地控制运行状况监视。But we strongly recommend that you create a custom probe for each back-end HTTP setting to get greater control over health monitoring. 若要了解如何配置自定义探测,请参阅自定义运行状况探测设置To learn how to configure a custom probe, see Custom health probe settings.

备注

创建自定义运行状况探测后,需将其关联到后端 HTTP 设置。After you create a custom health probe, you need to associate it to a back-end HTTP setting. 只有在将相应的 HTTP 设置通过规则显式关联到某个侦听器之后,自定义探测才会监视后端池的运行状况。A custom probe won't monitor the health of the back-end pool unless the corresponding HTTP setting is explicitly associated with a listener using a rule.

后续步骤Next steps

了解应用程序网关组件后,可以:Now that you know about Application Gateway components, you can: