快速入门:使用 Azure 应用程序网关定向 Web 流量 - Azure CLIQuickstart: Direct web traffic with Azure Application Gateway - Azure CLI

本快速入门介绍如何使用 Azure CLI 创建应用程序网关。This quickstart shows you how to use Azure CLI to create an application gateway. 创建应用程序网关后,可对其进行测试,以确保正常工作。After creating the application gateway, you test it to make sure it's working correctly. 使用 Azure 应用程序网关可为端口分配侦听器、创建规则以及向后端池添加资源,以便将应用程序 Web 流量定向到特定资源。With Azure Application Gateway, you direct your application web traffic to specific resources by assigning listeners to ports, creating rules, and adding resources to a backend pool. 为方便演示,本文使用了一种简单的设置,其中包括一个公共前端 IP、一个用于在此应用程序网关上托管单个站点的基本侦听器、两个用于后端池的虚拟机,以及一个基本请求路由规则。For the sake of simplicity, this article uses a simple setup with a public front-end IP, a basic listener to host a single site on this application gateway, two virtual machines used for the backend pool, and a basic request routing rule.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

先决条件Prerequisites

Azure CLIAzure CLI

如果选择在本地安装并使用 CLI,请运行 Azure CLI 2.0.4 或更高版本。If you choose to install and use the CLI locally, run Azure CLI version 2.0.4 or later. 若要查找版本,请运行 az --versionTo find the version, run az --version. 有关安装或升级的信息,请参阅安装 Azure CLIFor information about installing or upgrading, see Install Azure CLI.

资源组Resource group

在 Azure 中,可将相关的资源分配到资源组。In Azure, you allocate related resources to a resource group. 使用 az group create 创建资源组。Create a resource group by using az group create.

以下示例在“chinanorth”位置创建名为“myResourceGroupAG”的资源组。The following example creates a resource group named myResourceGroupAG in the chinanorth location.

az group create --name myResourceGroupAG --location chinanorth

所需的网络资源Required network resources

Azure 需要一个虚拟网络才能在创建的资源之间通信。For Azure to communicate between the resources that you create, it needs a virtual network. 应用程序网关子网只能包含应用程序网关。The application gateway subnet can contain only application gateways. 不允许其他资源。No other resources are allowed. 可为应用程序网关创建新的子网,或者使用现有的子网。You can either create a new subnet for Application Gateway or use an existing one. 本示例将创建两个子网:一个用于应用程序网关,另一个用于后端服务器。In this example, you create two subnets in this example: one for the application gateway, and another for the backend servers. 可根据用例将应用程序网关的前端 IP 配置为公共或专用 IP。You can configure the Frontend IP of the Application Gateway to be Public or Private as per your use case. 本示例选择了公共前端 IP。In this example, we will choose a Public Frontend IP.

若要创建虚拟网络和子网,请使用 az network vnet createTo create the virtual network and subnet, you use az network vnet create. 运行 az network public-ip create 即可创建公共 IP 地址。Run az network public-ip create to create the public IP address.

az network vnet create `
  --name myVNet `
  --resource-group myResourceGroupAG `
  --location chinanorth `
  --address-prefix 10.0.0.0/16 `
  --subnet-name myAGSubnet `
  --subnet-prefix 10.0.1.0/24
az network vnet subnet create `
  --name myBackendSubnet `
  --resource-group myResourceGroupAG `
  --vnet-name myVNet   `
  --address-prefix 10.0.2.0/24
az network public-ip create `
  --resource-group myResourceGroupAG `
  --name myAGPublicIPAddress

后端服务器Backend servers

后端可以包含 NIC、虚拟机规模集、公共 IP、内部 IP、完全限定的域名 (FQDN) 和多租户后端(例如 Azure 应用服务)。Backend can be composed of NICs, virtual machine scale sets, public IPs, internal IPs, fully qualified domain names (FQDN), and multi-tenant back-ends like Azure App Service. 在此示例中,将创建两个虚拟机,供 Azure 用作应用程序网关的后端服务器。In this example, you create two virtual machines for Azure to use as backend servers for the application gateway. 还可以在虚拟机上安装 IIS,以验证 Azure 是否已成功创建应用程序网关。You also install IIS on the virtual machines to verify that Azure successfully created the application gateway.

创建两个虚拟机Create two virtual machines

在虚拟机上安装 NGINX Web 服务器,验证是否已成功创建应用程序网关。Install the NGINX web server on the virtual machines to verify the application gateway was successfully created. 可使用 cloud-init 配置文件在 Linux 虚拟机上安装 NGINX 并运行“Hello World”Node.js 应用。You can use a cloud-init configuration file to install NGINX and run a "Hello World" Node.js app on a Linux virtual machine. 有关 cloud-init 的详细信息,请参阅 cloud-init 对 Azure 中虚拟机的支持For more information about cloud-init, see Cloud-init support for virtual machines in Azure.

在当前的 Shell 中,将以下配置复制并粘贴到名为 cloud-init.txt 的文件中。In your current shell, copy and paste the following configuration into a file named cloud-init.txt. 输入 editor cloud-init.txt 即可创建该文件。Enter editor cloud-init.txt to create the file.

#cloud-config
package_upgrade: true
packages:
  - nginx
  - nodejs
  - npm
write_files:
  - owner: www-data:www-data
  - path: /etc/nginx/sites-available/default
    content: |
      server {
        listen 80;
        location / {
          proxy_pass http://localhost:3000;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection keep-alive;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
        }
      }
  - owner: azureuser:azureuser
  - path: /home/azureuser/myapp/index.js
    content: |
      var express = require('express')
      var app = express()
      var os = require('os');
      app.get('/', function (req, res) {
        res.send('Hello World from host ' + os.hostname() + '!')
      })
      app.listen(3000, function () {
        console.log('Hello world app listening on port 3000!')
      })
runcmd:
  - service nginx restart
  - cd "/home/azureuser/myapp"
  - npm init
  - npm install express -y
  - nodejs index.js

使用 az network nic create 创建网络接口。Create the network interfaces with az network nic create. 若要创建虚拟机,请使用 az vm createTo create the virtual machines, you use az vm create.

for i in `seq 1 2`; do
  az network nic create `
    --resource-group myResourceGroupAG `
    --name myNic$i `
    --vnet-name myVNet `
    --subnet myBackendSubnet
  az vm create `
    --resource-group myResourceGroupAG `
    --name myVM$i `
    --nics myNic$i `
    --image UbuntuLTS `
    --admin-username azureuser `
    --generate-ssh-keys `
    --custom-data cloud-init.txt
done

创建应用程序网关Create the application gateway

使用 az network application-gateway create 创建应用程序网关。Create an application gateway by using az network application-gateway create. 使用 Azure CLI 创建应用程序网关时,请指定配置信息,例如容量、SKU 和 HTTP 设置。When you create an application gateway with the Azure CLI, you specify configuration information, such as capacity, SKU, and HTTP settings. 然后,Azure 将添加网络接口的专用 IP 地址作为应用程序网关后端池中的服务器。Azure then adds the private IP addresses of the network interfaces as servers in the backend pool of the application gateway.

address1=$(az network nic show --name myNic1 --resource-group myResourceGroupAG | grep "\"privateIpAddress\":" | grep -oE '[^ ]+$' | tr -d '",')
address2=$(az network nic show --name myNic2 --resource-group myResourceGroupAG | grep "\"privateIpAddress\":" | grep -oE '[^ ]+$' | tr -d '",')
az network application-gateway create `
  --name myAppGateway `
  --location chinanorth `
  --resource-group myResourceGroupAG `
  --capacity 2 `
  --sku Standard_Medium `
  --http-settings-cookie-based-affinity Enabled `
  --public-ip-address myAGPublicIPAddress `
  --vnet-name myVNet `
  --subnet myAGSubnet `
  --servers "$address1" "$address2"

Azure 可能需要长达 30 分钟的时间来创建应用程序网关。It can take up to 30 minutes for Azure to create the application gateway. 创建该网关以后,即可在“应用程序网关”页的“设置”部分查看以下设置:After it's created, you can view the following settings in the Settings section of the Application gateway page:

  • appGatewayBackendPool:位于“后端池”页。appGatewayBackendPool: Located on the Backend pools page. 它指定所需的后端池。It specifies the required backend pool.
  • appGatewayBackendHttpSettings:位于“HTTP设置”页。appGatewayBackendHttpSettings: Located on the HTTP settings page. 它指定应用程序网关使用端口 80 和 HTTP 协议进行通信。It specifies that the application gateway uses port 80 and the HTTP protocol for communication.
  • appGatewayHttpListener:位于“侦听器”页。appGatewayHttpListener: Located on the Listeners page. 它指定与 appGatewayBackendPool 关联的默认侦听器。It specifies the default listener associated with appGatewayBackendPool.
  • appGatewayFrontendIP:位于“前端 IP 配置”页。appGatewayFrontendIP: Located on the Frontend IP configurations page. 它将 myAGPublicIPAddress 分配到 appGatewayHttpListenerIt assigns myAGPublicIPAddress to appGatewayHttpListener.
  • rule1:位于“规则”页。rule1: Located on the Rules page. 它指定与 appGatewayHttpListener 关联的默认路由规则。It specifies the default routing rule that's associated with appGatewayHttpListener.

测试应用程序网关Test the application gateway

虽然 Azure 不需 NGINX Web 服务器即可创建应用程序网关,但本快速入门中安装了它,用来验证 Azure 是否已成功创建应用程序网关。Although Azure doesn't require an NGINX web server to create the application gateway, you installed it in this quickstart to verify whether Azure successfully created the application gateway. 若要获取新应用程序网关的公共 IP 地址,请使用 az network public-ip showTo get the public IP address of the new application gateway, use az network public-ip show.

az network public-ip show `
  --resource-group myResourceGroupAG `
  --name myAGPublicIPAddress `
  --query [ipAddress] `
  --output tsv

复制该公共 IP 地址,并将其粘贴到浏览器的地址栏。Copy and paste the public IP address into the address bar of your browser.

测试应用程序网关

刷新浏览器时,会看到另一 VM 的名称。When you refresh the browser, you should see the name of the second VM. 有效的响应中会确认已成功创建应用程序网关,并且它可以成功连接到后端。A valid response verifies that the application gateway was successfully created and it is able to successfully connect with the backend.

清理资源Clean up resources

如果不再需要通过应用程序网关创建的资源,请使用 az group delete 命令删除资源组。When you no longer need the resources that you created with the application gateway, use the az group delete command to remove the resource group. 删除资源组时,也会删除应用程序网关和及其所有的相关资源。By removing the resource group, you also remove the application gateway and all its related resources.

az group delete --name myResourceGroupAG

后续步骤Next steps