教程:通过 Azure CLI 使用基于 URL 路径的重定向创建应用程序网关Tutorial: Create an application gateway with URL path-based redirection using the Azure CLI

创建应用程序网关时可以使用 Azure CLI 配置基于 URL 路径的路由规则You can use the Azure CLI to configure URL path-based routing rules when you create an application gateway. 在本教程中,使用虚拟机规模集创建后端池。In this tutorial, you create backend pools using virtual machine scale sets. 然后创建 URL 路由规则,以确保 Web 流量重定向到相应的后端池。You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 设置网络Set up the network
  • 创建应用程序网关Create an application gateway
  • 添加侦听器和路由规则Add listeners and routing rules
  • 为后端池创建虚拟机规模集Create virtual machine scale sets for backend pools

下面的示例演示来自端口 8080 和 8081 并定向到相同后端池的站点流量:The following example shows site traffic coming from both ports 8080 and 8081 and being directed to the same backend pools:

URL 路由示例

如果需要,可以使用 Azure PowerShell 完成本教程中的步骤。If you prefer, you can complete this tutorial using Azure PowerShell.

如果没有 Azure 订阅,请在开始之前创建一个试用帐户If you don't have an Azure subscription, create a Trial account before you begin.

如果选择在本地安装并使用 CLI,此快速入门教程要求运行 Azure CLI 2.0.4 版或更高版本。If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. 若要查找版本,请运行 az --versionTo find the version, run az --version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

创建资源组Create a resource group

资源组是在其中部署和管理 Azure 资源的逻辑容器。A resource group is a logical container into which Azure resources are deployed and managed. 使用 az group create 创建资源组。Create a resource group using az group create.

以下示例在“chinanorth”位置创建名为“myResourceGroupAG”的资源组。The following example creates a resource group named myResourceGroupAG in the chinanorth location.

az group create --name myResourceGroupAG --location chinanorth

创建网络资源Create network resources

使用 az network vnet create 创建名为 myVNet 的虚拟网络和名为 myAGSubnet 的子网。Create the virtual network named myVNet and the subnet named myAGSubnet using az network vnet create. 然后,可以使用 az network vnet subnet create 添加后端服务器所需的名为 myBackendSubnet 的子网。You can then add the subnet named myBackendSubnet that's needed by the backend servers using az network vnet subnet create. 使用 az network public-ip create 创建名为 myAGPublicIPAddress 的公共 IP 地址。Create the public IP address named myAGPublicIPAddress using az network public-ip create.

az network vnet create \
  --name myVNet \
  --resource-group myResourceGroupAG \
  --location chinanorth \
  --address-prefix 10.0.0.0/16 \
  --subnet-name myAGSubnet \
  --subnet-prefix 10.0.1.0/24

az network vnet subnet create \
  --name myBackendSubnet \
  --resource-group myResourceGroupAG \
  --vnet-name myVNet \
  --address-prefix 10.0.2.0/24

az network public-ip create \
  --resource-group myResourceGroupAG \
  --name myAGPublicIPAddress

创建应用程序网关Create an application gateway

使用 az network application-gateway create 创建名为 myAppGateway 的应用程序网关。Use az network application-gateway create to create the application gateway named myAppGateway. 使用 Azure CLI 创建应用程序网关时,请指定配置信息,例如容量、sku 和 HTTP 设置。When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. 将应用程序网关分配给之前创建的 myAGSubnetmyPublicIPAddressThe application gateway is assigned to myAGSubnet and myPublicIPAddress that you previously created.

az network application-gateway create \
  --name myAppGateway \
  --location chinanorth \
  --resource-group myResourceGroupAG \
  --vnet-name myVNet \
  --subnet myAGsubnet \
  --capacity 2 \
  --sku Standard_Medium \
  --http-settings-cookie-based-affinity Disabled \
  --frontend-port 80 \
  --http-settings-port 80 \
  --http-settings-protocol Http \
  --public-ip-address myAGPublicIPAddress

创建应用程序网关可能需要几分钟时间。It may take several minutes for the application gateway to be created. 创建应用程序网关后,可以看到以下新功能:After the application gateway is created, you can see these new features:

  • appGatewayBackendPool - 应用程序网关必须至少具有一个后端地址池。appGatewayBackendPool - An application gateway must have at least one backend address pool.
  • appGatewayBackendHttpSettings - 指定将端口 80 和 HTTP 协议用于通信。appGatewayBackendHttpSettings - Specifies that port 80 and an HTTP protocol is used for communication.
  • appGatewayHttpListener - 与 appGatewayBackendPool 关联的默认侦听器。appGatewayHttpListener - The default listener associated with appGatewayBackendPool.
  • appGatewayFrontendIP - 将 myAGPublicIPAddress 分配给 appGatewayHttpListenerappGatewayFrontendIP - Assigns myAGPublicIPAddress to appGatewayHttpListener.
  • rule1 - 与 appGatewayHttpListener 关联的默认路由规则。rule1 - The default routing rule that is associated with appGatewayHttpListener.

添加后端池和端口Add backend pools and ports

可以使用 az network application-gateway address-pool create 将名为 imagesBackendPoolvideoBackendPool 的后端地址池添加到应用程序网关。You can add backend address pools named imagesBackendPool and videoBackendPool to your application gateway by using az network application-gateway address-pool create. 使用 az network application-gateway frontend-port create 为池添加前端端口。You add the frontend ports for the pools using az network application-gateway frontend-port create.

az network application-gateway address-pool create \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --name imagesBackendPool

az network application-gateway address-pool create \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --name videoBackendPool

az network application-gateway frontend-port create \
  --port 8080 \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --name bport

az network application-gateway frontend-port create \
  --port 8081 \
  --gateway-name myAppGateway \
  --resource-group myResourceGroupAG \
  --name rport

添加侦听器和规则Add listeners and rules

添加侦听器Add listeners

使用 az network application-gateway http-listener create 添加路由流量所需的名为 backendListenerredirectedListener 的后端侦听器。Add the backend listeners named backendListener and redirectedListener that are needed to route traffic using az network application-gateway http-listener create.

az network application-gateway http-listener create \
  --name backendListener \
  --frontend-ip appGatewayFrontendIP \
  --frontend-port bport \
  --resource-group myResourceGroupAG \
  --gateway-name myAppGateway

az network application-gateway http-listener create \
  --name redirectedListener \
  --frontend-ip appGatewayFrontendIP \
  --frontend-port rport \
  --resource-group myResourceGroupAG \
  --gateway-name myAppGateway

添加默认 URL 路径映射Add the default URL path map

URL 路径映射可确保将特定的 URL 路由到特定的后端池。URL path maps make sure that specific URLs are routed to specific backend pools. 可以分别使用 az network application-gateway url-path-map createaz network application-gateway url-path-map rule create 创建名为 imagePathRulevideoPathRule 的 URL 路径映射You can create URL path maps named imagePathRule and videoPathRule using az network application-gateway url-path-map create and az network application-gateway url-path-map rule create

az network application-gateway url-path-map create \
  --gateway-name myAppGateway \
  --name urlpathmap \
  --paths /images/* \
  --resource-group myResourceGroupAG \
  --address-pool imagesBackendPool \
  --default-address-pool appGatewayBackendPool \
  --default-http-settings appGatewayBackendHttpSettings \
  --http-settings appGatewayBackendHttpSettings \
  --rule-name imagePathRule

az network application-gateway url-path-map rule create \
  --gateway-name myAppGateway \
  --name videoPathRule \
  --resource-group myResourceGroupAG \
  --path-map-name urlpathmap \
  --paths /video/* \
  --address-pool videoBackendPool

添加重定向配置Add redirection configuration

可以使用 az network application-gateway redirect-config create 为侦听器配置重定向。You can configure redirection for the listener using az network application-gateway redirect-config create.

az network application-gateway redirect-config create \
  --gateway-name myAppGateway \
  --name redirectConfig \
  --resource-group myResourceGroupAG \
  --type Found \
  --include-path true \
  --include-query-string true \
  --target-listener backendListener

添加重定向 URL 路径映射Add the redirection URL path map

az network application-gateway url-path-map create \
  --gateway-name myAppGateway \
  --name redirectpathmap \
  --paths /images/* \
  --resource-group myResourceGroupAG \
  --redirect-config redirectConfig \
  --rule-name redirectPathRule

添加路由规则Add routing rules

路由规则可将 URL 路径映射与所创建的侦听器相关联。The routing rules associate the URL path maps with the listeners that you created. 可以使用 az network application-gateway rule create 添加名为 defaultRuleredirectedRule 的规则。You can add the rules named defaultRule and redirectedRule using az network application-gateway rule create.

az network application-gateway rule create \
  --gateway-name myAppGateway \
  --name defaultRule \
  --resource-group myResourceGroupAG \
  --http-listener backendListener \
  --rule-type PathBasedRouting \
  --url-path-map urlpathmap \
  --address-pool appGatewayBackendPool

az network application-gateway rule create \
  --gateway-name myAppGateway \
  --name redirectedRule \
  --resource-group myResourceGroupAG \
  --http-listener redirectedListener \
  --rule-type PathBasedRouting \
  --url-path-map redirectpathmap \
  --address-pool appGatewayBackendPool

创建虚拟机规模集Create virtual machine scale sets

在此示例中,将创建三个虚拟机规模集以支持所创建的三个后端池。In this example, you create three virtual machine scale sets that support the three backend pools that you created. 创建的规模集分别名为 myvmss1myvmss2myvmss3The scale sets that you create are named myvmss1, myvmss2, and myvmss3. 每个规模集包含两个在其上安装了 NGINX 的虚拟机实例。Each scale set contains two virtual machine instances on which you install NGINX.

for i in `seq 1 3`; do
  if [ $i -eq 1 ]
  then
    poolName="appGatewayBackendPool" 
  fi
  if [ $i -eq 2 ]
  then
    poolName="imagesBackendPool"
  fi
  if [ $i -eq 3 ]
  then
    poolName="videoBackendPool"
  fi

  az vmss create \
    --name myvmss$i \
    --resource-group myResourceGroupAG \
    --image UbuntuLTS \
    --admin-username azureuser \
    --admin-password Azure123456! \
    --instance-count 2 \
    --vnet-name myVNet \
    --subnet myBackendSubnet \
    --vm-sku Standard_DS2 \
    --upgrade-policy-mode Automatic \
    --app-gateway myAppGateway \
    --backend-pool-name $poolName
done

安装 NGINXInstall NGINX

for i in `seq 1 3`; do
  az vmss extension set \
    --publisher Microsoft.Azure.Extensions \
    --version 2.0 \
    --name CustomScript \
    --resource-group myResourceGroupAG \
    --vmss-name myvmss$i \
    --settings '{ "fileUris": ["https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/install_nginx.sh"], "commandToExecute": "./install_nginx.sh" }'

done

测试应用程序网关Test the application gateway

若要获取应用程序网关的公共 IP 地址,请使用 az network public-ip showTo get the public IP address of the application gateway, use az network public-ip show. 复制该公共 IP 地址,并将其粘贴到浏览器的地址栏。Copy the public IP address, and then paste it into the address bar of your browser. 例如,http://40.121.222.19http://40.121.222.19:8080/images/test.htmhttp://40.121.222.19:8080/video/test.htmhttp://40.121.222.19:8081/images/test.htmSuch as, http://40.121.222.19, http://40.121.222.19:8080/images/test.htm, http://40.121.222.19:8080/video/test.htm, or http://40.121.222.19:8081/images/test.htm.

az network public-ip show \
  --resource-group myResourceGroupAG \
  --name myAGPublicIPAddress \
  --query [ipAddress] \
  --output tsv

在应用程序网关中测试基 URL

将 URL 更改为 http://<ip-address>:8080/images/test.html(请将 <ip-address> 替换为自己的 IP 地址),应会看到如以下示例所示的内容:Change the URL to http://<ip-address>:8080/images/test.html, substituting your IP address for <ip-address>, and you should see something like the following example:

在应用程序网关中测试映像 URL

将 URL 更改为 http://<ip-address>:8080/video/test.html(请将 <ip-address> 替换为自己的 IP 地址),应会看到如以下示例所示的内容:Change the URL to http://<ip-address>:8080/video/test.html, substituting your IP address for <ip-address>, and you should see something like the following example:

在应用程序网关中测试视频 URL

现在,将 URL 更改为 http://<ip-address>:8081/images/test.htm(请将 <ip-address> 替换为自己的 IP 地址),应会在 http://<ip-address>:8080/images 中看到重定向回映像后端池的流量。Now, change the URL to http://<ip-address>:8081/images/test.htm, substituting your IP address for <ip-address>, and you should see traffic redirected back to the images backend pool at http://<ip-address>:8080/images.

清理资源Clean up resources

当不再需要资源组、应用程序网关以及所有相关资源时,请将其删除。When no longer needed, remove the resource group, application gateway, and all related resources.

az group delete --name myResourceGroupAG --location chinanorth

后续步骤Next steps