快速入门:使用 Azure 应用程序网关定向 Web 流量 - Azure PowerShellQuickstart: Direct web traffic with Azure Application Gateway - Azure PowerShell

本快速入门介绍如何使用 Azure PowerShell 快速创建应用程序网关。This quickstart shows you how to use Azure PowerShell to quickly create an application gateway. 创建应用程序网关后,可对其进行测试,以确保正常工作。After creating the application gateway, you then test it to make sure it's working correctly. 使用 Azure 应用程序网关可为端口分配侦听器、创建规则以及向后端池添加资源,以便将应用程序 Web 流量定向到特定资源。With Azure Application Gateway, you direct your application web traffic to specific resources by assigning listeners to ports, creating rules, and adding resources to a backend pool. 为方便演示,本文使用了一种简单的设置,其中包括一个公共前端 IP、一个用于在此应用程序网关上托管单个站点的基本侦听器、两个用于后端池的虚拟机,以及一个基本请求路由规则。For the sake of simplicity, this article uses a simple setup with a public front-end IP, a basic listener to host a single site on this application gateway, two virtual machines used for the backend pool, and a basic request routing rule.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

先决条件Prerequisites

Azure PowerShell 模块Azure PowerShell module

如果选择在本地安装并使用 Azure PowerShell,则本教程需要安装 Azure PowerShell 模块 1.0.0 或更高版本。If you choose to install and use Azure PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0.0 or later.

  1. 若要查找版本,请运行 Get-Module -ListAvailable AzTo find the version, run Get-Module -ListAvailable Az. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module.
  2. 若要创建与 Azure 的连接,请运行 Connect-AzAccount -Environment AzureChinaCloudTo create a connection with Azure, run Connect-AzAccount -Environment AzureChinaCloud.

资源组Resource group

在 Azure 中,可将相关的资源分配到资源组。In Azure, you allocate related resources to a resource group. 可以使用现有资源组,也可以创建新组。You can either use an existing resource group or create a new one. 在此示例中,将使用 New-AzResourceGroup cmdlet 创建新的资源组,如下所示:In this example, you'll create a new resource group by using the New-AzResourceGroup cmdlet as follows:

New-AzResourceGroup -Name myResourceGroupAG -Location chinanorth

所需的网络资源Required network resources

Azure 需要一个虚拟网络才能在创建的资源之间通信。For Azure to communicate between the resources that you create, it needs a virtual network. 应用程序网关子网只能包含应用程序网关。The application gateway subnet can contain only application gateways. 不允许其他资源。No other resources are allowed. 可为应用程序网关创建新的子网,或者使用现有的子网。You can either create a new subnet for Application Gateway or use an existing one. 本示例将创建两个子网:一个用于应用程序网关,另一个用于后端服务器。In this example, you create two subnets in this example: one for the application gateway, and another for the backend servers. 可根据用例将应用程序网关的前端 IP 配置为公共或专用 IP。You can configure the Frontend IP of the Application Gateway to be Public or Private as per your use case. 本示例将选择公共前端 IP。In this example, you'll choose a Public Frontend IP.

  1. 通过调用 New-AzVirtualNetworkSubnetConfig 创建子网配置。Create the subnet configurations by calling New-AzVirtualNetworkSubnetConfig.
  2. 通过调用 New-AzVirtualNetwork 创建带有子网配置的虚拟网络。Create the virtual network with the subnet configurations by calling New-AzVirtualNetwork.
  3. 通过调用 New-AzPublicIpAddress 创建公共 IP 地址。Create the public IP address by calling New-AzPublicIpAddress.
$agSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myAGSubnet `
  -AddressPrefix 10.0.1.0/24
$backendSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myBackendSubnet `
  -AddressPrefix 10.0.2.0/24
New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myVNet `
  -AddressPrefix 10.0.0.0/16 `
  -Subnet $agSubnetConfig, $backendSubnetConfig
New-AzPublicIpAddress `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myAGPublicIPAddress `
  -AllocationMethod Static `
  -Sku Standard

后端服务器Backend servers

后端可以包含 NIC、虚拟机规模集、公共 IP、内部 IP、完全限定的域名 (FQDN) 和多租户后端(例如 Azure 应用服务)。Backend can be composed of NICs, virtual machine scale sets, public IPs, internal IPs, fully qualified domain names (FQDN), and multi-tenant back-ends like Azure App Service. 在此示例中,将创建两个虚拟机,供 Azure 用作应用程序网关的后端服务器。In this example, you create two virtual machines for Azure to use as backend servers for the application gateway. 还可以在虚拟机上安装 IIS,以验证 Azure 是否已成功创建应用程序网关。You also install IIS on the virtual machines to verify that Azure successfully created the application gateway.

创建两个虚拟机Create two virtual machines

  1. 使用 New-AzNetworkInterface 创建网络接口。Create a network interface with New-AzNetworkInterface.
  2. 使用 New-AzVMConfig 创建虚拟机配置。Create a virtual machine configuration with New-AzVMConfig.
  3. 使用 New-AzVM 创建虚拟机。Create the virtual machine with New-AzVM.

运行以下代码示例来创建虚拟机时,Azure 会提示你输入凭据。When you run the following code sample to create the virtual machines, Azure prompts you for credentials. 输入azureuser 作为用户名,输入 Azure123456!Enter azureuser for the user name and Azure123456! 作为密码:for the password:

$vnet   = Get-AzVirtualNetwork -ResourceGroupName myResourceGroupAG -Name myVNet
$subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name myBackendSubnet
$cred = Get-Credential
for ($i=1; $i -le 2; $i++)
{
  $nic = New-AzNetworkInterface `
    -Name myNic$i `
    -ResourceGroupName myResourceGroupAG `
    -Location ChinaNorth `
    -SubnetId $subnet.Id
  $vm = New-AzVMConfig `
    -VMName myVM$i `
    -VMSize Standard_DS2_v2
  Set-AzVMOperatingSystem `
    -VM $vm `
    -Windows `
    -ComputerName myVM$i `
    -Credential $cred
  Set-AzVMSourceImage `
    -VM $vm `
    -PublisherName MicrosoftWindowsServer `
    -Offer WindowsServer `
    -Skus 2016-Datacenter `
    -Version latest
  Add-AzVMNetworkInterface `
    -VM $vm `
    -Id $nic.Id
  Set-AzVMBootDiagnostic `
    -VM $vm `
    -Disable
  New-AzVM -ResourceGroupName myResourceGroupAG -Location ChinaNorth -VM $vm
  Set-AzVMExtension `
    -ResourceGroupName myResourceGroupAG `
    -ExtensionName IIS `
    -VMName myVM$i `
    -Publisher Microsoft.Compute `
    -ExtensionType CustomScriptExtension `
    -TypeHandlerVersion 1.4 `
    -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' `
    -Location ChinaNorth
}

创建应用程序网关Create an application gateway

创建 IP 配置和前端端口Create the IP configurations and frontend port

  1. 使用 New-AzApplicationGatewayIPConfiguration 创建配置,将创建的子网与应用程序网关相关联。Use New-AzApplicationGatewayIPConfiguration to create the configuration that associates the subnet you created with the application gateway.
  2. 使用 New-AzApplicationGatewayFrontendIPConfig 创建配置,以将前面创建的公共 IP 地址分配给应用程序网关。Use New-AzApplicationGatewayFrontendIPConfig to create the configuration that assigns the public IP address that you previously created to the application gateway.
  3. 使用 New-AzApplicationGatewayFrontendPort 分配用于访问应用程序网关的端口 80。Use New-AzApplicationGatewayFrontendPort to assign port 80 to access the application gateway.
$vnet   = Get-AzVirtualNetwork -ResourceGroupName myResourceGroupAG -Name myVNet
$subnet = Get-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name myAGSubnet
$pip    = Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress 
$gipconfig = New-AzApplicationGatewayIPConfiguration `
  -Name myAGIPConfig `
  -Subnet $subnet
$fipconfig = New-AzApplicationGatewayFrontendIPConfig `
  -Name myAGFrontendIPConfig `
  -PublicIPAddress $pip
$frontendport = New-AzApplicationGatewayFrontendPort `
  -Name myFrontendPort `
  -Port 80

创建后端池Create the backend pool

  1. 使用 New-AzApplicationGatewayBackendAddressPool 为应用程序网关创建后端池。Use New-AzApplicationGatewayBackendAddressPool to create the backend pool for the application gateway.
  2. 使用 New-AzApplicationGatewayBackendHttpSetting 配置后端池的设置。Configure the settings for the backend pool with New-AzApplicationGatewayBackendHttpSetting.
$address1 = Get-AzNetworkInterface -ResourceGroupName myResourceGroupAG -Name myNic1
$address2 = Get-AzNetworkInterface -ResourceGroupName myResourceGroupAG -Name myNic2
$backendPool = New-AzApplicationGatewayBackendAddressPool `
  -Name myAGBackendPool `
  -BackendIPAddresses $address1.ipconfigurations[0].privateipaddress, $address2.ipconfigurations[0].privateipaddress
$poolSettings = New-AzApplicationGatewayBackendHttpSetting `
  -Name myPoolSettings `
  -Port 80 `
  -Protocol Http `
  -CookieBasedAffinity Enabled `
  -RequestTimeout 120

创建侦听器并添加规则Create the listener and add a rule

Azure 需要一个侦听器才能使应用程序网关以适当方式将流量路由到后端池。Azure requires a listener to enable the application gateway for routing traffic appropriately to the backend pool. Azure 还需要一项规则,使侦听器了解将哪个后端池用于传入流量。Azure also requires a rule for the listener to know which backend pool to use for incoming traffic.

  1. 使用 New-AzApplicationGatewayHttpListener 以及前面创建的前端配置和前端端口创建侦听器。Create a listener by using New-AzApplicationGatewayHttpListener with the frontend configuration and frontend port that you previously created.
  2. 使用 New-AzApplicationGatewayRequestRoutingRule 创建一个名为 rule1 的规则。Use New-AzApplicationGatewayRequestRoutingRule to create a rule named rule1.
$defaultlistener = New-AzApplicationGatewayHttpListener `
  -Name myAGListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $frontendport
$frontendRule = New-AzApplicationGatewayRequestRoutingRule `
  -Name rule1 `
  -RuleType Basic `
  -HttpListener $defaultlistener `
  -BackendAddressPool $backendPool `
  -BackendHttpSettings $poolSettings

创建应用程序网关Create the application gateway

创建所需的支持资源以后,即可创建应用程序网关:Now that you've created the necessary supporting resources, create the application gateway:

  1. 使用 New-AzApplicationGatewaySku 指定应用程序网关的参数。Use New-AzApplicationGatewaySku to specify parameters for the application gateway.
  2. 使用 New-AzApplicationGateway 创建应用程序网关。Use New-AzApplicationGateway to create the application gateway.
$sku = New-AzApplicationGatewaySku `
  -Name Standard_v2 `
  -Tier Standard_v2 `
  -Capacity 2
New-AzApplicationGateway `
  -Name myAppGateway `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -BackendAddressPools $backendPool `
  -BackendHttpSettingsCollection $poolSettings `
  -FrontendIpConfigurations $fipconfig `
  -GatewayIpConfigurations $gipconfig `
  -FrontendPorts $frontendport `
  -HttpListeners $defaultlistener `
  -RequestRoutingRules $frontendRule `
  -Sku $sku

测试应用程序网关Test the application gateway

虽然不需 IIS 即可创建应用程序网关,但本快速入门中安装了它,用来验证 Azure 是否已成功创建应用程序网关。Although IIS isn't required to create the application gateway, you installed it in this quickstart to verify whether Azure successfully created the application gateway. 使用 IIS 测试应用程序网关:Use IIS to test the application gateway:

  1. 运行 Get-AzPublicIPAddress 获取应用程序网关的公共 IP 地址。Run Get-AzPublicIPAddress to get the public IP address of the application gateway.
  2. 复制该公共 IP 地址,并将其粘贴到浏览器的地址栏。Copy and paste the public IP address into the address bar of your browser. 刷新浏览器时,应该会看到虚拟机的名称。When you refresh the browser, you should see the name of the virtual machine. 有效响应验证应用程序网关是否已成功创建,以及是否能够成功连接后端。A valid response verifies that the application gateway was successfully created and it can successfully connect with the backend.
Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress

测试应用程序网关

清理资源Clean up resources

如果不再需要通过应用程序网关创建的资源,请删除资源组。When you no longer need the resources that you created with the application gateway, remove the resource group. 删除资源组时,也会删除应用程序网关和及其所有的相关资源。By removing the resource group, you also remove the application gateway and all its related resources.

若要删除资源组,请调用 Remove-AzResourceGroup cmdlet,如下所示:To remove the resource group, call the Remove-AzResourceGroup cmdlet as follows:

Remove-AzResourceGroup -Name myResourceGroupAG

后续步骤Next steps