创建应用程序网关和重写 HTTP 标头Create an application gateway and rewrite HTTP headers

可以使用 Azure PowerShell 在创建新的自动缩放和区域冗余的应用程序网关 SKU 时配置重写 HTTP 请求和响应标头的规则You can use Azure PowerShell to configure rules to rewrite HTTP request and response headers when you create the new autoscaling and zone-redundant application gateway SKU

在本文中,学习如何:In this article, you learn how to:

  • 创建自动缩放虚拟网络Create an autoscale virtual network
  • 创建保留的公共 IPCreate a reserved public IP
  • 设置应用程序网关基础结构Set up your application gateway infrastructure
  • 指定 http 标头重写规则配置Specify your http header rewrite rule configuration
  • 指定自动缩放Specify autoscale
  • 创建应用程序网关Create the application gateway
  • 测试应用程序网关Test the application gateway

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

先决条件Prerequisites

本文要求在本地运行 Azure PowerShell。This article requires that you run Azure PowerShell locally. 必须安装 Az 模块 1.0.0 或更高版本。You must have Az module version 1.0.0 or later installed. 依次运行 Import-Module AzGet-Module Az 以查找版本。Run Import-Module Az and thenGet-Module Az to find the version. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 验证 PowerShell 版本以后,请运行 Connect-AzAccount -Environment AzureChinaCloud,以便创建与 Azure 的连接。After you verify the PowerShell version, run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

登录 AzureSign in to Azure

Connect-AzAccount -Environment AzureChinaCloud
Select-AzSubscription -Subscription "<sub name>"

创建资源组Create a resource group

在某个可用的位置创建资源组。Create a resource group in one of the available locations.

$location = "China North 2"
$rg = "<rg name>"

#Create a new Resource Group
New-AzResourceGroup -Name $rg -Location $location

创建虚拟网络Create a virtual network

为自动缩放的应用程序网关创建一个包含一个专用子网的虚拟网络。Create a virtual network with one dedicated subnet for an autoscaling application gateway. 目前,在每个专用子网中,只能部署一个自动缩放的应用程序网关。Currently only one autoscaling application gateway can be deployed in each dedicated subnet.

#Create VNet with two subnets
$sub1 = New-AzVirtualNetworkSubnetConfig -Name "AppGwSubnet" -AddressPrefix "10.0.0.0/24"
$sub2 = New-AzVirtualNetworkSubnetConfig -Name "BackendSubnet" -AddressPrefix "10.0.1.0/24"
$vnet = New-AzvirtualNetwork -Name "AutoscaleVNet" -ResourceGroupName $rg `
       -Location $location -AddressPrefix "10.0.0.0/16" -Subnet $sub1, $sub2

创建保留的公共 IPCreate a reserved public IP

将 PublicIPAddress 的分配方法指定为 Static 。Specify the allocation method of PublicIPAddress as Static. 自动缩放应用程序网关 VIP 只能为静态。An autoscaling application gateway VIP can only be static. 不支持动态 IP。Dynamic IPs are not supported. 只支持标准 PublicIpAddress SKU。Only the standard PublicIpAddress SKU is supported.

#Create static public IP
$pip = New-AzPublicIpAddress -ResourceGroupName $rg -name "AppGwVIP" `
       -location $location -AllocationMethod Static -Sku Standard

检索详细信息Retrieve details

在本地对象中检索资源组、子网和 IP 的详细信息,以便创建应用程序网关的 IP 配置详细信息。Retrieve details of the resource group, subnet, and IP in a local object to create the IP configuration details for the application gateway.

$resourceGroup = Get-AzResourceGroup -Name $rg
$publicip = Get-AzPublicIpAddress -ResourceGroupName $rg -name "AppGwVIP"
$vnet = Get-AzvirtualNetwork -Name "AutoscaleVNet" -ResourceGroupName $rg
$gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name "AppGwSubnet" -VirtualNetwork $vnet

配置基础结构Configure the infrastructure

使用与现有的标准应用程序网关相同的格式配置 IP 配置、前端 IP 配置、后端池、HTTP 设置、证书、端口和侦听器。Configure the IP config, front-end IP config, back-end pool, HTTP settings, certificate, port, and listener in an identical format to the existing Standard application gateway. 新 SKU 与标准 SKU 遵循相同的对象模型。The new SKU follows the same object model as the Standard SKU.

$ipconfig = New-AzApplicationGatewayIPConfiguration -Name "IPConfig" -Subnet $gwSubnet
$fip = New-AzApplicationGatewayFrontendIPConfig -Name "FrontendIPCOnfig" -PublicIPAddress $publicip
$pool = New-AzApplicationGatewayBackendAddressPool -Name "Pool1" `
       -BackendIPAddresses testbackend1.chinanorth.chinacloudapp.cn, testbackend2.chinanorth.chinacloudapp.cn
$fp01 = New-AzApplicationGatewayFrontendPort -Name "HTTPPort" -Port 80

$listener01 = New-AzApplicationGatewayHttpListener -Name "HTTPListener" `
             -Protocol Http -FrontendIPConfiguration $fip -FrontendPort $fp01

$setting = New-AzApplicationGatewayBackendHttpSettings -Name "BackendHttpSetting1" `
          -Port 80 -Protocol Http -CookieBasedAffinity Disabled

指定 HTTP 标头重写规则配置Specify your HTTP header rewrite rule configuration

配置重写 http 标头所需的新对象:Configure the new objects required to rewrite the http headers:

  • RequestHeaderConfiguration:此对象用于指定要重写的请求标头字段以及需要重写的原始标头的新值。RequestHeaderConfiguration: this object is used to specify the request header fields that you intend to rewrite and the new value that the original headers need to be rewritten to.

  • ResponseHeaderConfiguration:此对象用于指定要重写的响应标头字段以及需要重写的原始标头的新值。ResponseHeaderConfiguration: this object is used to specify the response header fields that you intend to rewrite and the new value that the original headers need to be rewritten to.

  • ActionSet:此对象包含上面指定的请求和响应标头的配置。ActionSet: this object contains the configurations of the request and response headers specified above.

  • RewriteRule:此对象包含上面指定的所有“actionSets” 。RewriteRule: this object contains all the actionSets specified above.

  • RewriteRuleSet - 此对象包含所有 rewriteRules,并且需要附加到(基本或基于路径的)请求路由规则 。RewriteRuleSet- this object contains all the rewriteRules and will need to be attached to a request routing rule - basic or path-based.

    $requestHeaderConfiguration = New-AzApplicationGatewayRewriteRuleHeaderConfiguration -HeaderName "X-isThroughProxy" -HeaderValue "True"
    $responseHeaderConfiguration = New-AzApplicationGatewayRewriteRuleHeaderConfiguration -HeaderName "Strict-Transport-Security" -HeaderValue "max-age=31536000"
    $actionSet = New-AzApplicationGatewayRewriteRuleActionSet -RequestHeaderConfiguration $requestHeaderConfiguration -ResponseHeaderConfiguration $responseHeaderConfiguration    
    $rewriteRule = New-AzApplicationGatewayRewriteRule -Name rewriteRule1 -ActionSet $actionSet    
    $rewriteRuleSet = New-AzApplicationGatewayRewriteRuleSet -Name rewriteRuleSet1 -RewriteRule $rewriteRule
    

指定路由规则Specify the routing rule

创建请求路由规则。Create a request routing rule. 创建此重写配置后,会通过路由规则将其附加到源侦听器。Once created, this rewrite configuration is attached to the source listener via the routing rule. 使用基本路由规则时,标头重写配置与源侦听器相关联,并且是全局标头重写。When using a basic routing rule, the header rewrite configuration is associated with a source listener and is a global header rewrite. 使用基于路径的路由规则时,将在 URL 路径映射中定义标头重写配置。When a path-based routing rule is used, the header rewrite configuration is defined on the URL path map. 因此,它仅适用于站点的特定路径区域。So, it only applies to the specific path area of a site. 下面创建了一个基本的路由规则并附加了重写规则集。Below, a basic routing rule is created and the rewrite rule set is attached.

$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name "Rule1" -RuleType basic `
         -BackendHttpSettings $setting -HttpListener $listener01 -BackendAddressPool $pool -RewriteRuleSet $rewriteRuleSet

指定自动缩放Specify autoscale

现在可以为应用程序网关指定自动缩放配置。Now you can specify the autoscale configuration for the application gateway. 支持两种自动缩放配置类型:Two autoscaling configuration types are supported:

  • 固定容量模式Fixed capacity mode. 在此模式下,应用程序网关不自动缩放,而是在固定缩放单元容量下运行。In this mode, the application gateway does not autoscale and operates at a fixed Scale Unit capacity.

    $sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2 -Capacity 2
    
  • 自动缩放模式Autoscaling mode. 在此模式下,应用程序网关根据应用程序流量模式自动缩放。In this mode, the application gateway autoscales based on the application traffic pattern.

    $autoscaleConfig = New-AzApplicationGatewayAutoscaleConfiguration -MinCapacity 2
    $sku = New-AzApplicationGatewaySku -Name Standard_v2 -Tier Standard_v2
    

创建应用程序网关Create the application gateway

创建应用程序网关,包括冗余区域和自动缩放配置。Create the application gateway and include redundancy zones and the autoscale configuration.

$appgw = New-AzApplicationGateway -Name "AutoscalingAppGw" -Zone 1,2,3 -ResourceGroupName $rg -Location $location -BackendAddressPools $pool -BackendHttpSettingsCollection $setting -GatewayIpConfigurations $ipconfig -FrontendIpConfigurations $fip -FrontendPorts $fp01 -HttpListeners $listener01 -RequestRoutingRules $rule01 -Sku $sku -AutoscaleConfiguration $autoscaleConfig -RewriteRuleSet $rewriteRuleSet

测试应用程序网关Test the application gateway

使用 Get-AzPublicIPAddress 获取应用程序网关的公共 IP 地址。Use Get-AzPublicIPAddress to get the public IP address of the application gateway. 复制该公共 IP 地址或 DNS 名称,并将其粘贴到浏览器的地址栏。Copy the public IP address or DNS name, and then paste it into the address bar of your browser.

Get-AzPublicIPAddress -ResourceGroupName $rg -Name AppGwVIP

清理资源Clean up resources

首先浏览使用应用程序网关创建的资源。First explore the resources that were created with the application gateway. 然后,如果不再需要资源组、应用程序网关和所有相关资源,可以使用 Remove-AzResourceGroup 命令将其删除。Then, when they're no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, application gateway, and all related resources.

Remove-AzResourceGroup -Name $rg

后续步骤Next steps