应用程序网关的多站点托管功能Application Gateway multiple site hosting

使用多站点托管功能可以在应用程序网关的同一端口上配置多个 Web 应用程序。Multiple site hosting enables you to configure more than one web application on the same port of an application gateway. 它可以将多达 100 多个网站添加到一个应用程序网关中,从而为部署配置更有效的拓扑。It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. 每个网站都可以定向到自己的后端池。Each website can be directed to its own backend pool. 例如,contoso.com、fabrikam.com 和 adatum.com,这三个域指向应用程序网关的 IP 地址。For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. 你将创建三个多站点侦听器,并为每个侦听器配置相应的端口和协议设置。You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.

此外,你还可以在多站点侦听器中定义通配符主机名,每个侦听器最多可以定义 5 个主机名。You can also define wildcard host names in a multi-site listener and up to 5 host names per listener. 若要了解详细信息,请参阅侦听器中的通配符主机名To learn more, see wildcard host names in listener.

多站点应用程序网关

重要

对于 v1 SKU,规则按照它们在门户中列出的顺序进行处理。Rules are processed in the order they are listed in the portal for the v1 SKU. 对于 v2 SKU,完全匹配具有更高的优先级。For the v2 SKU, exact matches have higher precedence. 我们强烈建议先配置多站点侦听器,然后再配置基本侦听器。It is highly recommended to configure multi-site listeners first prior to configuring a basic listener. 这可以确保将流量路由到适当的后端。This will ensure that traffic gets routed to the right back end. 如果基本侦听器先列出并且与传入请求匹配,则该侦听器将处理该请求。If a basic listener is listed first and matches an incoming request, it gets processed by that listener.

http://contoso.com 的请求路由到 ContosoServerPool,对 http://fabrikam.com 的请求路由到 FabrikamServerPool。Requests for http://contoso.com are routed to ContosoServerPool, and http://fabrikam.com are routed to FabrikamServerPool.

同样,可以在同一应用程序网关部署中托管同一父域的多个子域。Similarly, you can host multiple subdomains of the same parent domain on the same application gateway deployment. 例如,可以在单个应用程序网关部署中托管 http://blog.contoso.comhttp://app.contoso.comFor example, you can host http://blog.contoso.com and http://app.contoso.com on a single application gateway deployment.

侦听器中的通配符主机名(预览)Wildcard host names in listener (Preview)

应用程序网关允许使用多站点 HTTP(S) 侦听器进行基于主机的路由。Application Gateway allows host-based routing using multi-site HTTP(S) listener. 现在,你可以在主机名中使用通配符(如星号 (*) 和问号 (?)),并且可以在每个多站点 HTTP(S) 侦听器上使用最多 5 个主机名。Now, you have the ability to use wildcard characters like asterisk (*) and question mark (?) in the host name, and up to 5 host names per multi-site HTTP(S) listener. 例如,*.contoso.comFor example, *.contoso.com.

在主机名中使用通配符,你可以在单个侦听器中匹配多个主机名。Using a wildcard character in the host name, you can match multiple host names in a single listener. 例如,*.contoso.com 可以与 ecom.contoso.comb2b.contoso.comcustomer1.b2b.contoso.com 等匹配。For example, *.contoso.com can match with ecom.contoso.com, b2b.contoso.com as well as customer1.b2b.contoso.com and so on. 使用主机名数组,你可以为侦听器配置多个主机名,以将请求路由到后端池。Using an array of host names, you can configure more than one host name for a listener, to route requests to a backend pool. 例如,侦听器可以包含接受两个主机名的请求的 contoso.com, fabrikam.comFor example, a listener can contain contoso.com, fabrikam.com which will accept requests for both the host names.

通配符侦听器

备注

此功能处于预览状态,仅适用于应用程序网关 Standard_v2 和 WAF_v2 SKU。This feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. 若要了解关于预览的详细信息,请参阅此处的使用条款To learn more about previews, see terms of use here.

备注

此功能目前仅通过 Azure PowerShellAzure CLI 提供。This feature is currently available only through Azure PowerShell and Azure CLI. 门户支持即将推出。Portal support is coming soon. 请注意,由于门户支持并非完全可用,因此,如果仅使用 HostNames 参数,侦听器将在门户中显示为基本侦听器,并且侦听器列表视图的“主机名”列将不会显示已配置的主机名。Please note that since portal support is not fully available, if you are using only the HostNames parameter, the listener will appear as a Basic listener in the portal and the Host name column of the listener list view will not show the host names that are configured. 对于通配符侦听器的任何更改,请确保使用 Azure PowerShell 或 CLI,直到门户中支持这些更改为止。For any changes to a wildcard listener, make sure you use Azure PowerShell or CLI until it's supported in the portal.

Azure PowerShell 中,必须使用 -HostNames 而不是 -HostNameIn Azure PowerShell, you must use -HostNames instead of -HostName. 使用 HostNames 时,你可以通过逗号分隔值的形式提及最多 5 个主机名并使用通配符。With HostNames, you can mention up to 5 host names as comma-separated values and use wildcard characters. 例如: -HostNames "*.contoso.com,*.fabrikam.com"For example, -HostNames "*.contoso.com,*.fabrikam.com"

Azure CLI 中,必须使用 --host-names 而不是 --host-nameIn Azure CLI, you must use --host-names instead of --host-name. 使用 host-names 时,你可以通过逗号分隔值的形式提及最多 5 个主机名并使用通配符。With host-names, you can mention up to 5 host names as comma-separated values and use wildcard characters. 例如: --host-names "*.contoso.com,*.fabrikam.com"For example, --host-names "*.contoso.com,*.fabrikam.com"

“主机名”字段中允许使用的字符:Allowed characters in the host names field:

  • (A-Z,a-z,0-9) - 字母数字字符(A-Z,a-z,0-9) - alphanumeric characters
  • - - 连字符或减号- - hyphen or minus
  • . - 句点作为分隔符. - period as a delimiter
  • * - 可以在允许的范围内匹配多个字符* - can match with multiple characters in the allowed range
  • ? - 可以在允许的范围内匹配单个字符? - can match with a single character in the allowed range

在侦听器中使用通配符和多个主机名的条件:Conditions for using wildcard characters and multiple host names in a listener:

  • 单个侦听器中最多只能提及 5 个主机名You can only mention up to 5 host names in a single listener
  • 星号 * 只能在域样式名或主机名的组件中提到一次。Asterisk * can be mentioned only once in a component of a domain style name or host name. 例如,component1 .component2.component3。For example, component1 .component2.component3. (*.contoso-*.com) 是有效的。(*.contoso-*.com) is valid.
  • 在一个主机名中,最多只能有两个星号 *There can only be up to two asterisks * in a host name. 例如,*.contoso.* 有效,但 *.contoso.*.*.com 无效。For example, *.contoso.* is valid and *.contoso.*.*.com is invalid.
  • 主机名中最多只能有 4 个通配符。There can only be a maximum of 4 wildcard characters in a host name. 例如,????.contoso.comw??.contoso*.edu.* 有效,但是 ????.contoso.* 无效。For example, ????.contoso.com, w??.contoso*.edu.* are valid, but ????.contoso.* is invalid.
  • 在主机名的组件中一同使用星号 * 和问号 ?*?``?***)是无效的。Using asterisk * and question mark ? together in a component of a host name (*? or ?* or **) is invalid. 例如,*?.contoso.com**.contoso.com 均无效。For example, *?.contoso.com and **.contoso.com are invalid.

在侦听器中使用通配符或多个主机名的注意事项和限制:Considerations and limitations of using wildcard or multiple host names in a listener:

  • SSL 终止和端到端 SSL 要求你将协议配置为 HTTPS,并上传要在侦听器配置中使用的证书。SSL termination and End-to-End SSL requires you to configure the protocol as HTTPS and upload a certificate to be used in the listener configuration. 如果它是多站点侦听器,你还可以输入主机名(通常为 SSL 证书的 CN)。If it is a multi-site listener, you can input the host name as well, usually this is the CN of the SSL certificate. 在侦听器中指定多个主机名或使用通配符时,必须考虑以下事项:When you are specifying multiple host names in the listener or use wildcard characters, you must consider the following:
    • 如果它是通配符主机名,如 *.contoso.com,则必须上传带有 CN(如 *.contoso.com)的通配符证书If it is a wildcard hostname like *.contoso.com, you must upload a wildcard certificate with CN like *.contoso.com
    • 如果同一侦听器中提及了多个主机名,则必须上传一个 CN 与所提及的主机名匹配的 SAN 证书(使用者替代名称)。If multiple host names are mentioned in the same listener, you must upload a SAN certificate (Subject Alternative Names) with the CNs matching the host names mentioned.
  • 不能使用正则表达式来提及主机名。You cannot use a regular expression to mention the host name. 只能使用星号 (*) 和问号 (?) 等通配符来构成主机名模式。You can only use wildcard characters like asterisk (*) and question mark (?) to form the host name pattern.
  • 对于后端运行状况检查,无法对每个 HTTP 设置关联多项自定义探测For backend health check, you cannot associate multiple custom probes per HTTP settings. 相反,你可以在后端探测其中一个网站,或使用“127.0.0.1”探测后端服务器的 localhost。Instead, you can probe one of the websites at the backend or use “127.0.0.1” to probe the localhost of the backend server. 但是,在侦听器中使用通配符或多个主机名时,系统将根据规则类型(基本或基于路径),将针对所有指定域模式的请求路由到后端池。However, when you are using wildcard or multiple host names in a listener, the requests for all the specified domain patterns will be routed to the backend pool depending on the rule type (basic or path-based).
  • 属性“hostname”采用一个字符串作为输入,你只能在其中提及一个非通配符域名,而“hostnames”采用字符串数组作为输入,你最多可以在其中提及 5 个通配符域名。The properties “hostname" takes one string as input, where you can mention only one non-wildcard domain name and “hostnames” takes an array of strings as input, where you can mention up to 5 wildcard domain names. 但不能同时使用这两个属性。But both the properties cannot be used at once.
  • 不能通过使用通配符或多个主机名的目标侦听器创建重定向规则。You cannot create a redirection rule with a target listener which uses wildcard or multiple host names.

有关如何在多站点侦听器中配置通配符主机名的分步指南,请参阅使用 Azure PowerShell使用 Azure CLI 创建多站点。See create multi-site using Azure PowerShell or using Azure CLI for the step-by-step guide on how to configure wildcard host names in a multi-site listener.

主机标头和服务器名称指示 (SNI)Host headers and Server Name Indication (SNI)

可以通过三种常用机制在同一基础结构上启用多站点托管功能。There are three common mechanisms for enabling multiple site hosting on the same infrastructure.

  1. 托管多个 Web 应用程序时,每个唯一的 IP 地址可以托管一个应用程序。Host multiple web applications each on a unique IP address.
  2. 使用主机名在同一 IP 地址上托管多个 Web 应用程序。Use host name to host multiple web applications on the same IP address.
  3. 使用不同的端口在同一 IP 地址上托管多个 Web 应用程序。Use different ports to host multiple web applications on the same IP address.

当前,应用程序网关支持一个公共 IP 地址,用于侦听流量。Currently Application Gateway supports a single public IP address where it listens for traffic. 因此,目前不支持多个有自己的 IP 地址的应用程序。So multiple applications, each with its own IP address is currently not supported.

应用程序网关支持多个应用程序,每个应用程序侦听不同的端口,但此方案要求应用程序接受非标准端口上的流量。Application Gateway supports multiple applications each listening on different ports, but this scenario requires the applications to accept traffic on non-standard ports. 这通常不是所需的配置。This is often not a configuration that you want.

应用程序网关需要使用 HTTP 1.1 主机标头才能在相同的公共 IP 地址和端口上托管多个网站。Application Gateway relies on HTTP 1.1 host headers to host more than one website on the same public IP address and port. 在应用程序网关上托管的站点也可以通过服务器名称指示 (SNI) TLS 扩展来支持 TLS 卸载。The sites hosted on application gateway can also support TLS offload with Server Name Indication (SNI) TLS extension. 这种情况意味着,客户端浏览器和后端 Web 场必须支持 RFC 6066 中定义的 HTTP/1.1 和 TLS 扩展。This scenario means that the client browser and backend web farm must support HTTP/1.1 and TLS extension as defined in RFC 6066.

后续步骤Next steps

了解如何在应用程序网关中配置多站点托管Learn how to configure multiple site hosting in Application Gateway

可以访问 Resource Manager template using multiple site hosting(使用多站点托管的 Resource Manager 模板),了解如何进行基于模板的端到端部署。You can visit Resource Manager template using multiple site hosting for an end to end template-based deployment.