快速入门:通过 Azure PowerShell 使用 Azure 应用程序网关定向 Web 流量Quickstart: Direct web traffic with Azure Application Gateway using Azure PowerShell

在本快速入门中,你将使用 Azure PowerShell 创建一个应用程序网关。In this quickstart, you use Azure PowerShell to create an application gateway. 然后对其进行测试以确保其正常运行。Then you test it to make sure it works correctly.

该应用程序网关将应用程序 Web 流量定向到后端池中的特定资源。The application gateway directs application web traffic to specific resources in a backend pool. 你将向端口分配侦听器,创建规则,并向后端池中添加资源。You assign listeners to ports, create rules, and add resources to a backend pool. 为简单起见,本文使用了带有公共前端 IP 的简单设置、一个在应用程序网关上托管单个站点的基本侦听器、一个基本的请求路由规则,以及后端池中的两台虚拟机。For the sake of simplicity, this article uses a simple setup with a public front-end IP, a basic listener to host a single site on the application gateway, a basic request routing rule, and two virtual machines in the backend pool.

还可以使用 Azure CLIAzure 门户完成本快速入门。You can also complete this quickstart using Azure CLI or the Azure portal.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

先决条件Prerequisites

连接到 AzureConnect to Azure

若要连接到 Azure,请运行 Connect-AzAccount -Environment AzureChinaCloudTo connect with Azure, run Connect-AzAccount -Environment AzureChinaCloud.

创建资源组Create a resource group

在 Azure 中,可将相关的资源分配到资源组。In Azure, you allocate related resources to a resource group. 可以使用现有资源组,也可以创建新组。You can either use an existing resource group or create a new one.

若要创建新的资源组,请使用 New-AzResourceGroup cmdlet:To create a new resource group, use the New-AzResourceGroup cmdlet:

New-AzResourceGroup -Name myResourceGroupAG -Location chinanorth2

创建网络资源Create network resources

Azure 需要一个虚拟网络才能在创建的资源之间通信。For Azure to communicate between the resources that you create, it needs a virtual network. 应用程序网关子网只能包含应用程序网关。The application gateway subnet can contain only application gateways. 不允许其他资源。No other resources are allowed. 可为应用程序网关创建新的子网,或者使用现有的子网。You can either create a new subnet for Application Gateway or use an existing one. 本示例将创建两个子网:一个用于应用程序网关,另一个用于后端服务器。In this example, you create two subnets in this example: one for the application gateway, and another for the backend servers. 可根据用例将应用程序网关的前端 IP 配置为公共或专用 IP。You can configure the Frontend IP of the Application Gateway to be Public or Private as per your use case. 本示例将选择公共前端 IP。In this example, you'll choose a Public Frontend IP.

  1. 使用 New-AzVirtualNetworkSubnetConfig 创建子网配置。Create the subnet configurations using New-AzVirtualNetworkSubnetConfig.
  2. 使用 New-AzVirtualNetwork 创建使用这些子网配置的虚拟网络。Create the virtual network with the subnet configurations using New-AzVirtualNetwork.
  3. 使用 New-AzPublicIpAddress 创建公共 IP 地址。Create the public IP address using New-AzPublicIpAddress.
$agSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myAGSubnet `
  -AddressPrefix 10.0.1.0/24
$backendSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myBackendSubnet `
  -AddressPrefix 10.0.2.0/24
New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth2 `
  -Name myVNet `
  -AddressPrefix 10.0.0.0/16 `
  -Subnet $agSubnetConfig, $backendSubnetConfig
New-AzPublicIpAddress `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth2 `
  -Name myAGPublicIPAddress `
  -AllocationMethod Static `
  -Sku Standard

创建应用程序网关Create an application gateway

创建 IP 配置和前端端口Create the IP configurations and frontend port

  1. 使用 New-AzApplicationGatewayIPConfiguration 创建配置,用以将创建的子网与应用程序网关相关联。Use New-AzApplicationGatewayIPConfiguration to create the configuration that associates the subnet you created with the application gateway.
  2. 使用 New-AzApplicationGatewayFrontendIPConfig 创建配置,用以将前面创建的公共 IP 地址分配给应用程序网关。Use New-AzApplicationGatewayFrontendIPConfig to create the configuration that assigns the public IP address that you previously created to the application gateway.
  3. 使用 New-AzApplicationGatewayFrontendPort 分配端口 80 以访问应用程序网关。Use New-AzApplicationGatewayFrontendPort to assign port 80 to access the application gateway.
$vnet   = Get-AzVirtualNetwork -ResourceGroupName myResourceGroupAG -Name myVNet
$subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name myAGSubnet
$pip    = Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress 
$gipconfig = New-AzApplicationGatewayIPConfiguration `
  -Name myAGIPConfig `
  -Subnet $subnet
$fipconfig = New-AzApplicationGatewayFrontendIPConfig `
  -Name myAGFrontendIPConfig `
  -PublicIPAddress $pip
$frontendport = New-AzApplicationGatewayFrontendPort `
  -Name myFrontendPort `
  -Port 80

创建后端池Create the backend pool

  1. 使用 New-AzApplicationGatewayBackendAddressPool 创建应用程序网关的后端池。Use New-AzApplicationGatewayBackendAddressPool to create the backend pool for the application gateway. 后端池此时将为空。The backend pool will be empty for now. 在下一部分中创建后端服务器 NIC 时,会将它们添加到后端池中。When you create the backend server NICs in the next section, you will add them to the backend pool.
  2. 使用 New-AzApplicationGatewayBackendHttpSetting 配置后端池的设置。Configure the settings for the backend pool with New-AzApplicationGatewayBackendHttpSetting.
$backendPool = New-AzApplicationGatewayBackendAddressPool `
  -Name myAGBackendPool
$poolSettings = New-AzApplicationGatewayBackendHttpSetting `
  -Name myPoolSettings `
  -Port 80 `
  -Protocol Http `
  -CookieBasedAffinity Enabled `
  -RequestTimeout 30

创建侦听器并添加规则Create the listener and add a rule

Azure 需要一个侦听器才能使应用程序网关以适当方式将流量路由到后端池。Azure requires a listener to enable the application gateway for routing traffic appropriately to the backend pool. Azure 还需要一项规则,使侦听器了解将哪个后端池用于传入流量。Azure also requires a rule for the listener to know which backend pool to use for incoming traffic.

  1. 使用 New-AzApplicationGatewayHttpListener 以及前面创建的前端配置和前端端口创建侦听器。Create a listener using New-AzApplicationGatewayHttpListener with the frontend configuration and frontend port that you previously created.
  2. 使用 New-AzApplicationGatewayRequestRoutingRule 创建名为 rule1 的规则。Use New-AzApplicationGatewayRequestRoutingRule to create a rule named rule1.
$defaultlistener = New-AzApplicationGatewayHttpListener `
  -Name myAGListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $frontendport
$frontendRule = New-AzApplicationGatewayRequestRoutingRule `
  -Name rule1 `
  -RuleType Basic `
  -HttpListener $defaultlistener `
  -BackendAddressPool $backendPool `
  -BackendHttpSettings $poolSettings

创建应用程序网关Create the application gateway

创建所需的支持资源以后,即可创建应用程序网关:Now that you've created the necessary supporting resources, create the application gateway:

  1. 使用 New-AzApplicationGatewaySku 指定应用程序网关的参数。Use New-AzApplicationGatewaySku to specify parameters for the application gateway.
  2. 使用 New-AzApplicationGateway 创建应用程序网关。Use New-AzApplicationGateway to create the application gateway.
$sku = New-AzApplicationGatewaySku `
  -Name Standard_v2 `
  -Tier Standard_v2 `
  -Capacity 2
New-AzApplicationGateway `
  -Name myAppGateway `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth2 `
  -BackendAddressPools $backendPool `
  -BackendHttpSettingsCollection $poolSettings `
  -FrontendIpConfigurations $fipconfig `
  -GatewayIpConfigurations $gipconfig `
  -FrontendPorts $frontendport `
  -HttpListeners $defaultlistener `
  -RequestRoutingRules $frontendRule `
  -Sku $sku

后端服务器Backend servers

现在已创建了应用程序网关,接下来创建将托管网站的后端虚拟机。Now that you have created the Application Gateway, create the backend virtual machines which will host the websites. 后端可以包含 NIC、虚拟机规模集、公共 IP、内部 IP、完全限定的域名 (FQDN) 和多租户后端(例如 Azure 应用服务)。Backend can be composed of NICs, virtual machine scale sets, public IPs, internal IPs, fully qualified domain names (FQDN), and multi-tenant back-ends like Azure App Service. 在此示例中,将创建两个虚拟机,供 Azure 用作应用程序网关的后端服务器。In this example, you create two virtual machines for Azure to use as backend servers for the application gateway. 还可以在虚拟机上安装 IIS,以验证 Azure 是否已成功创建应用程序网关。You also install IIS on the virtual machines to verify that Azure successfully created the application gateway.

创建两个虚拟机Create two virtual machines

  1. 使用 Get-AzApplicationGatewayBackendAddressPool 获取最近创建的应用程序网关后端池配置。Get the recently created Application Gateway backend pool configuration with Get-AzApplicationGatewayBackendAddressPool.
  2. 使用 New-AzNetworkInterface 创建网络接口。Create a network interface with New-AzNetworkInterface.
  3. 使用 New-AzVMConfig 创建虚拟机配置。Create a virtual machine configuration with New-AzVMConfig.
  4. 使用 New-AzVM 创建虚拟机。Create the virtual machine with New-AzVM.

运行以下代码示例来创建虚拟机时,Azure 会提示你输入凭据。When you run the following code sample to create the virtual machines, Azure prompts you for credentials. 输入 azureuser 作为用户名并输入一个密码:Enter azureuser for the user name and a password:

$appgw = Get-AzApplicationGateway -ResourceGroupName myResourceGroupAG -Name myAppGateway
$backendPool = Get-AzApplicationGatewayBackendAddressPool -Name myAGBackendPool -ApplicationGateway $appgw
$vnet   = Get-AzVirtualNetwork -ResourceGroupName myResourceGroupAG -Name myVNet
$subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name myBackendSubnet
$cred = Get-Credential
for ($i=1; $i -le 2; $i++)
{
  $nic = New-AzNetworkInterface `
    -Name myNic$i `
    -ResourceGroupName myResourceGroupAG `
    -Location ChinaNorth2 `
    -Subnet $subnet `
    -ApplicationGatewayBackendAddressPool $backendpool
  $vm = New-AzVMConfig `
    -VMName myVM$i `
    -VMSize Standard_DS2_v2
  Set-AzVMOperatingSystem `
    -VM $vm `
    -Windows `
    -ComputerName myVM$i `
    -Credential $cred
  Set-AzVMSourceImage `
    -VM $vm `
    -PublisherName MicrosoftWindowsServer `
    -Offer WindowsServer `
    -Skus 2016-Datacenter `
    -Version latest
  Add-AzVMNetworkInterface `
    -VM $vm `
    -Id $nic.Id
  Set-AzVMBootDiagnostic `
    -VM $vm `
    -Disable
  New-AzVM -ResourceGroupName myResourceGroupAG -Location ChinaNorth2 -VM $vm
  Set-AzVMExtension `
    -ResourceGroupName myResourceGroupAG `
    -ExtensionName IIS `
    -VMName myVM$i `
    -Publisher Microsoft.Compute `
    -ExtensionType CustomScriptExtension `
    -TypeHandlerVersion 1.4 `
    -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' `
    -Location ChinaNorth2
}

测试应用程序网关Test the application gateway

虽然不需 IIS 即可创建应用程序网关,但本快速入门中安装了它,用来验证 Azure 是否已成功创建应用程序网关。Although IIS isn't required to create the application gateway, you installed it in this quickstart to verify whether Azure successfully created the application gateway. 使用 IIS 测试应用程序网关:Use IIS to test the application gateway:

  1. 运行 Get-AzPublicIPAddress 获取应用程序网关的公共 IP 地址。Run Get-AzPublicIPAddress to get the public IP address of the application gateway.
  2. 复制该公共 IP 地址,并将其粘贴到浏览器的地址栏。Copy and paste the public IP address into the address bar of your browser. 刷新浏览器时,应该会看到虚拟机的名称。When you refresh the browser, you should see the name of the virtual machine. 有效响应验证应用程序网关是否已成功创建,以及是否能够成功连接后端。A valid response verifies that the application gateway was successfully created and it can successfully connect with the backend.
Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress

测试应用程序网关

清理资源Clean up resources

如果不再需要通过应用程序网关创建的资源,请删除资源组。When you no longer need the resources that you created with the application gateway, delete the resource group. 删除资源组时,也会删除应用程序网关和及其所有的相关资源。When you delete the resource group, you also delete the application gateway and all its related resources.

若要删除资源组,请调用 Remove-AzResourceGroup cmdlet:To delete the resource group, call the Remove-AzResourceGroup cmdlet:

Remove-AzResourceGroup -Name myResourceGroupAG

后续步骤Next steps