使用 Azure PowerShell 创建支持内部重定向的应用程序网关Create an application gateway with internal redirection using Azure PowerShell

你可以使用 Azure Powershell 配置 web 流量重定向创建时应用程序网关You can use Azure Powershell to configure web traffic redirection when you create an application gateway. 在本教程中,将使用虚拟机规模集定义后端池。In this tutorial, you define a backend pool using a virtual machines scale set. 然后,基于所拥有的域配置侦听器和规则,以确保 Web 流量可到达相应池。You then configure listeners and rules based on domains that you own to make sure web traffic arrives at the appropriate pool. 本教程假定你拥有多个域,并使用示例 www.contoso.com 和 www.contoso.org 。This tutorial assumes that you own multiple domains and uses examples of www.contoso.com and www.contoso.org.

在本文中,学习如何:In this article, you learn how to:

  • 设置网络Set up the network
  • 创建应用程序网关Create an application gateway
  • 添加侦听器和重定向规则Add listeners and redirection rule
  • 使用后端池创建虚拟机规模集Create a virtual machine scale set with the backend pool
  • 在域中创建 CNAME 记录Create a CNAME record in your domain

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

如果选择在本地安装并使用 PowerShell,则本教程需要 Azure PowerShell 模块 1.0.0 或更高版本。If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0.0 or later. 若要查找版本,请运行 Get-Module -ListAvailable AzTo find the version, run Get-Module -ListAvailable Az . 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

创建资源组Create a resource group

资源组是在其中部署和管理 Azure 资源的逻辑容器。A resource group is a logical container into which Azure resources are deployed and managed. 使用 New-AzResourceGroup 创建 Azure 资源组。Create an Azure resource group using New-AzResourceGroup.

New-AzResourceGroup -Name myResourceGroupAG -Location chinanorth

创建网络资源Create network resources

使用 New-AzVirtualNetworkSubnetConfig 创建 myBackendSubnetmyAGSubnet 的子网配置。Create the subnet configurations for myBackendSubnet and myAGSubnet using New-AzVirtualNetworkSubnetConfig. 使用 New-AzVirtualNetwork 和子网配置创建名为 myVNet 的虚拟网络。Create the virtual network named myVNet using New-AzVirtualNetwork with the subnet configurations. 最后使用 New-AzPublicIpAddress 创建名为 myAGPublicIPAddress 的公共 IP 地址。And finally, create the public IP address named myAGPublicIPAddress using New-AzPublicIpAddress. 这些资源用于提供与应用程序网关及其关联资源的网络连接。These resources are used to provide network connectivity to the application gateway and its associated resources.

$backendSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myBackendSubnet `
  -AddressPrefix 10.0.1.0/24
$agSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myAGSubnet `
  -AddressPrefix 10.0.2.0/24
$vnet = New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myVNet `
  -AddressPrefix 10.0.0.0/16 `
  -Subnet $backendSubnetConfig, $agSubnetConfig
$pip = New-AzPublicIpAddress `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myAGPublicIPAddress `
  -AllocationMethod Dynamic

创建应用程序网关Create an application gateway

创建 IP 配置和前端端口Create the IP configurations and frontend port

使用 New-AzApplicationGatewayIPConfiguration 将前面创建的 myAGSubnet 关联到应用程序网关。Associate myAGSubnet that you previously created to the application gateway using New-AzApplicationGatewayIPConfiguration. 使用 New-AzApplicationGatewayFrontendIPConfigmyAGPublicIPAddress 分配给应用程序网关。Assign myAGPublicIPAddress to the application gateway using New-AzApplicationGatewayFrontendIPConfig. 然后,可以使用 New-AzApplicationGatewayFrontendPort 创建 HTTP 端口。And then you can create the HTTP port using New-AzApplicationGatewayFrontendPort.

$vnet = Get-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Name myVNet
$subnet=$vnet.Subnets[0]
$gipconfig = New-AzApplicationGatewayIPConfiguration `
  -Name myAGIPConfig `
  -Subnet $subnet
$fipconfig = New-AzApplicationGatewayFrontendIPConfig `
  -Name myAGFrontendIPConfig `
  -PublicIPAddress $pip
$frontendPort = New-AzApplicationGatewayFrontendPort `
  -Name myFrontendPort `
  -Port 80

创建后端池和设置Create the backend pool and settings

使用 New-AzApplicationGatewayBackendAddressPool 为应用程序网关创建名为 contosoPool 的后端池。Create a backend pool named contosoPool for the application gateway using New-AzApplicationGatewayBackendAddressPool. 使用 New-AzApplicationGatewayBackendHttpSettings 配置后端池的设置。Configure the settings for the backend pool using New-AzApplicationGatewayBackendHttpSettings.

$contosoPool = New-AzApplicationGatewayBackendAddressPool `
  -Name contosoPool 
$poolSettings = New-AzApplicationGatewayBackendHttpSettings `
  -Name myPoolSettings `
  -Port 80 `
  -Protocol Http `
  -CookieBasedAffinity Enabled `
  -RequestTimeout 120

创建第一个侦听器和规则Create the first listener and rule

应用程序网关需要侦听器才能适当地将流量路由到后端池。A listener is required to enable the application gateway to route traffic appropriately to the backend pool. 在本教程中,将为两个域创建两个侦听器。In this tutorial, you create two listeners for your two domains. 在此示例中,将为域 www.contoso.com 和 www.contoso.org 创建侦听器。In this example, listeners are created for the domains of www.contoso.com and www.contoso.org.

使用 New-AzApplicationGatewayHttpListener 以及前面创建的前端配置和前端端口创建名为 contosoComListener 的第一个侦听器。Create the first listener named contosoComListener using New-AzApplicationGatewayHttpListener with the frontend configuration and frontend port that you previously created. 侦听器需要使用规则来了解哪个后端池使用传入流量。A rule is required for the listener to know which backend pool to use for incoming traffic. 使用 New-AzApplicationGatewayRequestRoutingRule 创建一个名为 contosoComRule 的基本规则。Create a basic rule named contosoComRule using New-AzApplicationGatewayRequestRoutingRule.

$contosoComlistener = New-AzApplicationGatewayHttpListener `
  -Name contosoComListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $frontendPort `
  -HostName "www.contoso.com"
$frontendRule = New-AzApplicationGatewayRequestRoutingRule `
  -Name contosoComRule `
  -RuleType Basic `
  -HttpListener $contosoComListener `
  -BackendAddressPool $contosoPool `
  -BackendHttpSettings $poolSettings

创建应用程序网关Create the application gateway

现在已创建所需的支持资源,请使用 New-AzApplicationGatewaySku 为名为 myAppGateway 的应用程序网关指定参数,然后再使用 New-AzApplicationGateway 创建它。Now that you created the necessary supporting resources, specify parameters for the application gateway named myAppGateway using New-AzApplicationGatewaySku, and then create it using New-AzApplicationGateway.

$sku = New-AzApplicationGatewaySku `
  -Name Standard_Medium `
  -Tier Standard `
  -Capacity 2
$appgw = New-AzApplicationGateway `
  -Name myAppGateway `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -BackendAddressPools $contosoPool `
  -BackendHttpSettingsCollection $poolSettings `
  -FrontendIpConfigurations $fipconfig `
  -GatewayIpConfigurations $gipconfig `
  -FrontendPorts $frontendPort `
  -HttpListeners $contosoComListener `
  -RequestRoutingRules $frontendRule `
  -Sku $sku

添加第二个侦听器Add the second listener

使用 Add-AzApplicationGatewayHttpListener 添加重定向流量所需的名为 contosoOrgListener 的侦听器。Add the listener named contosoOrgListener that's needed to redirect traffic using Add-AzApplicationGatewayHttpListener.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway
$frontendPort = Get-AzApplicationGatewayFrontendPort `
  -Name myFrontendPort `
  -ApplicationGateway $appgw
$ipconfig = Get-AzApplicationGatewayFrontendIPConfig `
  -Name myAGFrontendIPConfig `
  -ApplicationGateway $appgw
Add-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name contosoOrgListener `
  -Protocol Http `
  -FrontendIPConfiguration $ipconfig `
  -FrontendPort $frontendPort `
  -HostName "www.contoso.org"
Set-AzApplicationGateway -ApplicationGateway $appgw

添加重定向配置Add the redirection configuration

可以使用 Add-AzApplicationGatewayRedirectConfiguration 为侦听器配置重定向。You can configure redirection for the listener using Add-AzApplicationGatewayRedirectConfiguration.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway
$contosoComlistener = Get-AzApplicationGatewayHttpListener `
  -Name contosoComListener `
  -ApplicationGateway $appgw
$contosoOrglistener = Get-AzApplicationGatewayHttpListener `
  -Name contosoOrgListener `
  -ApplicationGateway $appgw
Add-AzApplicationGatewayRedirectConfiguration `
  -ApplicationGateway $appgw `
  -Name redirectOrgtoCom `
  -RedirectType Found `
  -TargetListener $contosoComListener `
  -IncludePath $true `
  -IncludeQueryString $true
Set-AzApplicationGateway -ApplicationGateway $appgw

添加第二个路由规则Add the second routing rule

然后可以使用 Add-AzApplicationGatewayRequestRoutingRule 将重定向配置关联到名为 contosoOrgRule 的新规则。You can then associate the redirection configuration to a new rule named contosoOrgRule using Add-AzApplicationGatewayRequestRoutingRule.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway
$contosoOrglistener = Get-AzApplicationGatewayHttpListener `
  -Name contosoOrgListener `
  -ApplicationGateway $appgw
$redirectConfig = Get-AzApplicationGatewayRedirectConfiguration `
  -Name redirectOrgtoCom `
  -ApplicationGateway $appgw   
Add-AzApplicationGatewayRequestRoutingRule `
  -ApplicationGateway $appgw `
  -Name contosoOrgRule `
  -RuleType Basic `
  -HttpListener $contosoOrgListener `
  -RedirectConfiguration $redirectConfig
Set-AzApplicationGateway -ApplicationGateway $appgw

创建虚拟机规模集Create a virtual machine scale set

在此示例中,将创建一个虚拟机规模集以支持所创建的后端池。In this example, you create a virtual machine scale set that supports the backend pool that you created. 创建的规模集名为 myvmss,并包含两个在其上安装了 IIS 的虚拟机实例。The scale set that you create is named myvmss and contains two virtual machine instances on which you install IIS. 配置 IP 设置时将规模集分配给后端池。You assign the scale set to the backend pool when you configure the IP settings.

$vnet = Get-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Name myVNet
$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway
$backendPool = Get-AzApplicationGatewayBackendAddressPool `
  -Name contosoPool `
  -ApplicationGateway $appgw
$ipConfig = New-AzVmssIpConfig `
  -Name myVmssIPConfig `
  -SubnetId $vnet.Subnets[1].Id `
  -ApplicationGatewayBackendAddressPoolsId $backendPool.Id
$vmssConfig = New-AzVmssConfig `
  -Location chinanorth `
  -SkuCapacity 2 `
  -SkuName Standard_DS2 `
  -UpgradePolicyMode Automatic
Set-AzVmssStorageProfile $vmssConfig `
  -ImageReferencePublisher MicrosoftWindowsServer `
  -ImageReferenceOffer WindowsServer `
  -ImageReferenceSku 2016-Datacenter `
  -ImageReferenceVersion latest
  -OsDiskCreateOption FromImage
Set-AzVmssOsProfile $vmssConfig `
  -AdminUsername azureuser `
  -AdminPassword "Azure123456!" `
  -ComputerNamePrefix myvmss
Add-AzVmssNetworkInterfaceConfiguration `
  -VirtualMachineScaleSet $vmssConfig `
  -Name myVmssNetConfig `
  -Primary $true `
  -IPConfiguration $ipConfig
New-AzVmss `
  -ResourceGroupName myResourceGroupAG `
  -Name myvmss `
  -VirtualMachineScaleSet $vmssConfig

安装 IISInstall IIS

$publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/appgatewayurl.ps1");
  "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File appgatewayurl.ps1" }
$vmss = Get-AzVmss -ResourceGroupName myResourceGroupAG -VMScaleSetName myvmss
Add-AzVmssExtension -VirtualMachineScaleSet $vmss `
  -Name "customScript" `
  -Publisher "Microsoft.Compute" `
  -Type "CustomScriptExtension" `
  -TypeHandlerVersion 1.8 `
  -Setting $publicSettings
Update-AzVmss `
  -ResourceGroupName myResourceGroupAG `
  -Name myvmss `
  -VirtualMachineScaleSet $vmss

在域中创建 CNAME 记录Create CNAME record in your domain

使用其公共 IP 地址创建应用程序网关后,可以获取 DNS 地址并使用它在域中创建 CNAME 记录。After the application gateway is created with its public IP address, you can get the DNS address and use it to create a CNAME record in your domain. 可以使用 Get-AzPublicIPAddress 获取应用程序网关的 DNS 地址。You can use Get-AzPublicIPAddress to get the DNS address of the application gateway. 复制 DNSSettings 的 fqdn 值并使用它作为所创建的 CNAME 记录的值。Copy the fqdn value of the DNSSettings and use it as the value of the CNAME record that you create. 不建议使用 A 记录,因为重新启动应用程序网关后 VIP 可能会变化。The use of A-records is not recommended because the VIP may change when the application gateway is restarted.

Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress

测试应用程序网关Test the application gateway

在浏览器的地址栏中输入域名。Enter your domain name into the address bar of your browser. 例如,http://www.contoso.com。Such as, http://www.contoso.com.

在应用程序网关中测试 contoso 站点

将地址更改为其他域(例如 http://www.contoso.org ),应会看到流量已被重定向回 www.contoso.com 的侦听器。Change the address to your other domain, for example http://www.contoso.org and you should see that the traffic has been redirected back to the listener for www.contoso.com.

后续步骤Next steps

本文介绍了如何执行以下操作:In this article, you learned how to:

  • 设置网络Set up the network
  • 创建应用程序网关Create an application gateway
  • 添加侦听器和重定向规则Add listeners and redirection rule
  • 使用后端池创建虚拟机规模集Create a virtual machine scale set with the backend pools
  • 在域中创建 CNAME 记录Create a CNAME record in your domain