使用 Azure PowerShell 创建支持基于 URL 路径的重定向的应用程序网关Create an application gateway with URL path-based redirection using Azure PowerShell

创建应用程序网关时,可以使用 Azure PowerShell 配置基于 URL 的路由规则You can use Azure PowerShell to configure URL-based routing rules when you create an application gateway. 在本教程中,将使用虚拟机规模集创建后端池。In this tutorial, you create backend pools using virtual machine scale sets. 然后创建 URL 路由规则,以确保 Web 流量重定向到相应的后端池。You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 设置网络Set up the network
  • 创建应用程序网关Create an application gateway
  • 添加侦听器和路由规则Add listeners and routing rules
  • 为后端池创建虚拟机规模集Create virtual machine scale sets for backend pools

下面的示例演示来自端口 8080 和 8081 并定向到相同后端池的站点流量:The following example shows site traffic coming from both ports 8080 and 8081 and being directed to the same backend pools:

URL 路由示例

如果需要,也可以使用 Azure CLI 完成本教程中的步骤。If you prefer, you can complete this tutorial using Azure CLI.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a Trial before you begin.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

如果选择在本地安装并使用 PowerShell,则本教程需要 Azure PowerShell 模块 1.0.0 或更高版本。If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 1.0.0 or later. 若要查找版本,请运行 Get-Module -ListAvailable AzTo find the version, run Get-Module -ListAvailable Az . 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

创建资源组Create a resource group

资源组是在其中部署和管理 Azure 资源的逻辑容器。A resource group is a logical container into which Azure resources are deployed and managed. 使用 New-AzResourceGroup 创建 Azure 资源组。Create an Azure resource group using New-AzResourceGroup.

New-AzResourceGroup -Name myResourceGroupAG -Location chinanorth

创建网络资源Create network resources

使用 New-AzVirtualNetworkSubnetConfig 创建 myBackendSubnetmyAGSubnet 的子网配置。Create the subnet configurations for myBackendSubnet and myAGSubnet using New-AzVirtualNetworkSubnetConfig. 使用 New-AzVirtualNetwork 和子网配置创建名为 myVNet 的虚拟网络。Create the virtual network named myVNet using New-AzVirtualNetwork with the subnet configurations. 最后使用 New-AzPublicIpAddress 创建名为 myAGPublicIPAddress 的公共 IP 地址。And finally, create the public IP address named myAGPublicIPAddress using New-AzPublicIpAddress. 这些资源用于提供与应用程序网关及其关联资源的网络连接。These resources are used to provide network connectivity to the application gateway and its associated resources.

$backendSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myBackendSubnet `
  -AddressPrefix 10.0.1.0/24

$agSubnetConfig = New-AzVirtualNetworkSubnetConfig `
  -Name myAGSubnet `
  -AddressPrefix 10.0.2.0/24

New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myVNet `
  -AddressPrefix 10.0.0.0/16 `
  -Subnet $backendSubnetConfig, $agSubnetConfig

New-AzPublicIpAddress `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -Name myAGPublicIPAddress `
  -AllocationMethod Dynamic

创建应用程序网关Create an application gateway

本部分将创建支持应用程序网关的资源,然后最终创建应用程序网关。In this section, you create resources that support the application gateway, and then finally create it. 创建的资源包括:The resources that you create include:

  • IP 配置和前端端口 - 将先前创建的子网关联到应用程序网关,并分配一个端口以用于访问它。IP configurations and frontend port - Associates the subnet that you previously created to the application gateway and assigns a port to use to access it.
  • 默认池 - 所有应用程序网关必须至少具有一个后端服务器池。Default pool - All application gateways must have at least one backend pool of servers.
  • 默认侦听器和规则 - 默认侦听器侦听已分配的端口上的流量,默认规则将流量发送到默认池。Default listener and rule - The default listener listens for traffic on the port that was assigned and the default rule sends traffic to the default pool.

创建 IP 配置和前端端口Create the IP configurations and frontend port

使用 New-AzApplicationGatewayIPConfiguration 将前面创建的 myAGSubnet 关联到应用程序网关。Associate myAGSubnet that you previously created to the application gateway using New-AzApplicationGatewayIPConfiguration. 使用 New-AzApplicationGatewayFrontendIPConfigmyAGPublicIPAddress 分配给应用程序网关。Assign myAGPublicIPAddress to the application gateway using New-AzApplicationGatewayFrontendIPConfig. 然后,可以使用 New-AzApplicationGatewayFrontendPort 创建 HTTP 端口。And then you can create the HTTP port using New-AzApplicationGatewayFrontendPort.

$vnet = Get-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Name myVNet

$subnet=$vnet.Subnets[0]

$pip = Get-AzPublicIpAddress `
  -ResourceGroupName myResourceGroupAG `
  -Name myAGPublicIPAddress

$gipconfig = New-AzApplicationGatewayIPConfiguration `
  -Name myAGIPConfig `
  -Subnet $subnet

$fipconfig = New-AzApplicationGatewayFrontendIPConfig `
  -Name myAGFrontendIPConfig `
  -PublicIPAddress $pip

$frontendport = New-AzApplicationGatewayFrontendPort `
  -Name myFrontendPort `
  -Port 80

创建默认池和设置Create the default pool and settings

使用 New-AzApplicationGatewayBackendAddressPool 为应用程序网关创建名为 appGatewayBackendPool 的默认后端池。Create the default backend pool named appGatewayBackendPool for the application gateway using New-AzApplicationGatewayBackendAddressPool. 使用 New-AzApplicationGatewayBackendHttpSettings 配置后端池的设置。Configure the settings for the backend pool using New-AzApplicationGatewayBackendHttpSettings.

$defaultPool = New-AzApplicationGatewayBackendAddressPool `
  -Name appGatewayBackendPool

$poolSettings = New-AzApplicationGatewayBackendHttpSettings `
  -Name myPoolSettings `
  -Port 80 `
  -Protocol Http `
  -CookieBasedAffinity Enabled `
  -RequestTimeout 120

创建默认侦听器和规则Create the default listener and rule

应用程序网关需要侦听器才能适当地将流量路由到后端池。A listener is required to enable the application gateway to route traffic appropriately to a backend pool. 在本教程中,将创建多个侦听器。In this tutorial, you create multiple listeners. 第一个基本侦听器应在根 URL 收到流量。The first basic listener expects traffic at the root URL. 其他侦听器应在特定 URL(如 http://52.168.55.24:8080/images/http://52.168.55.24:8081/video/)收到流量。The other listeners expect traffic at specific URLs, such as http://52.168.55.24:8080/images/ or http://52.168.55.24:8081/video/.

使用 New-AzApplicationGatewayHttpListener 以及前面创建的前端配置和前端端口创建名为 defaultListener 的侦听器。Create a listener named defaultListener using New-AzApplicationGatewayHttpListener with the frontend configuration and frontend port that you previously created. 侦听器需要使用规则来了解哪个后端池使用传入流量。A rule is required for the listener to know which backend pool to use for incoming traffic. 使用 New-AzApplicationGatewayRequestRoutingRule 创建一个名为 rule1 的基本规则。Create a basic rule named rule1 using New-AzApplicationGatewayRequestRoutingRule.

$defaultlistener = New-AzApplicationGatewayHttpListener `
  -Name defaultListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $frontendport

$frontendRule = New-AzApplicationGatewayRequestRoutingRule `
  -Name rule1 `
  -RuleType Basic `
  -HttpListener $defaultlistener `
  -BackendAddressPool $defaultPool `
  -BackendHttpSettings $poolSettings

创建应用程序网关Create the application gateway

现在已创建所需的支持资源,请使用 New-AzApplicationGatewaySku 为名为 myAppGateway 的应用程序网关指定参数,然后再使用 New-AzApplicationGateway 创建它。Now that you created the necessary supporting resources, specify parameters for the application gateway named myAppGateway using New-AzApplicationGatewaySku, and then create it using New-AzApplicationGateway.

$sku = New-AzApplicationGatewaySku `
  -Name Standard_Medium `
  -Tier Standard `
  -Capacity 2

New-AzApplicationGateway `
  -Name myAppGateway `
  -ResourceGroupName myResourceGroupAG `
  -Location chinanorth `
  -BackendAddressPools $defaultPool `
  -BackendHttpSettingsCollection $poolSettings `
  -FrontendIpConfigurations $fipconfig `
  -GatewayIpConfigurations $gipconfig `
  -FrontendPorts $frontendport `
  -HttpListeners $defaultlistener `
  -RequestRoutingRules $frontendRule `
  -Sku $sku

添加后端池和端口Add backend pools and ports

可以使用 Add-AzApplicationGatewayBackendAddressPool 向应用程序网关添加后端池。You can add backend pools to your application gateway by using Add-AzApplicationGatewayBackendAddressPool. 在此示例中,将创建 imagesBackendPoolvideoBackendPoolIn this example, imagesBackendPool and videoBackendPool are created. 使用 Add-AzApplicationGatewayFrontendPort 添加池的前端端口。You add the frontend port for the pools using Add-AzApplicationGatewayFrontendPort. 然后使用 Set-AzApplicationGateway 提交对应用程序网关所做的更改。You then submit the changes to the application gateway using Set-AzApplicationGateway.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

Add-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name imagesBackendPool

Add-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name videoBackendPool

Add-AzApplicationGatewayFrontendPort `
  -ApplicationGateway $appgw `
  -Name bport `
  -Port 8080

Add-AzApplicationGatewayFrontendPort `
  -ApplicationGateway $appgw `
  -Name rport `
  -Port 8081

Set-AzApplicationGateway -ApplicationGateway $appgw

添加侦听器和规则Add listeners and rules

添加侦听器Add listeners

使用 Add-AzApplicationGatewayHttpListener 添加路由流量所需的名为 backendListenerredirectedListener 的侦听器。Add the listeners named backendListener and redirectedListener that are needed to route traffic using Add-AzApplicationGatewayHttpListener.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$backendPort = Get-AzApplicationGatewayFrontendPort `
  -ApplicationGateway $appgw `
  -Name bport

$redirectPort = Get-AzApplicationGatewayFrontendPort `
  -ApplicationGateway $appgw `
  -Name rport

$fipconfig = Get-AzApplicationGatewayFrontendIPConfig `
  -ApplicationGateway $appgw

Add-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name backendListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $backendPort

Add-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name redirectedListener `
  -Protocol Http `
  -FrontendIPConfiguration $fipconfig `
  -FrontendPort $redirectPort

Set-AzApplicationGateway -ApplicationGateway $appgw

添加默认 URL 路径映射Add the default URL path map

URL 路径映射可确保将特定的 URL 路由到特定的后端池。URL path maps make sure that specific URLs are routed to specific backend pools. 可以使用 New-AzApplicationGatewayPathRuleConfigAdd-AzApplicationGatewayUrlPathMapConfig 创建名为 imagePathRulevideoPathRule 的 URL 路径映射。You can create the URL path maps named imagePathRule and videoPathRule using New-AzApplicationGatewayPathRuleConfig and Add-AzApplicationGatewayUrlPathMapConfig.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$poolSettings = Get-AzApplicationGatewayBackendHttpSettings `
  -ApplicationGateway $appgw `
  -Name myPoolSettings

$imagePool = Get-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name imagesBackendPool

$videoPool = Get-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name videoBackendPool

$defaultPool = Get-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name appGatewayBackendPool

$imagePathRule = New-AzApplicationGatewayPathRuleConfig `
  -Name imagePathRule `
  -Paths "/images/*" `
  -BackendAddressPool $imagePool `
  -BackendHttpSettings $poolSettings

$videoPathRule = New-AzApplicationGatewayPathRuleConfig `
  -Name videoPathRule `
  -Paths "/video/*" `
  -BackendAddressPool $videoPool `
  -BackendHttpSettings $poolSettings

Add-AzApplicationGatewayUrlPathMapConfig `
  -ApplicationGateway $appgw `
  -Name urlpathmap `
  -PathRules $imagePathRule, $videoPathRule `
  -DefaultBackendAddressPool $defaultPool `
  -DefaultBackendHttpSettings $poolSettings

Set-AzApplicationGateway -ApplicationGateway $appgw

添加重定向配置Add redirection configuration

可以使用 Add-AzApplicationGatewayRedirectConfiguration 为侦听器配置重定向。You can configure redirection for the listener using Add-AzApplicationGatewayRedirectConfiguration.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$backendListener = Get-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name backendListener

$redirectConfig = Add-AzApplicationGatewayRedirectConfiguration `
  -ApplicationGateway $appgw `
  -Name redirectConfig `
  -RedirectType Found `
  -TargetListener $backendListener `
  -IncludePath $true `
  -IncludeQueryString $true

Set-AzApplicationGateway -ApplicationGateway $appgw

添加重定向 URL 路径映射Add the redirection URL path map

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$poolSettings = Get-AzApplicationGatewayBackendHttpSettings `
  -ApplicationGateway $appgw `
  -Name myPoolSettings

$defaultPool = Get-AzApplicationGatewayBackendAddressPool `
  -ApplicationGateway $appgw `
  -Name appGatewayBackendPool

$redirectConfig = Get-AzApplicationGatewayRedirectConfiguration `
  -ApplicationGateway $appgw `
  -Name redirectConfig

$redirectPathRule = New-AzApplicationGatewayPathRuleConfig `
  -Name redirectPathRule `
  -Paths "/images/*" `
  -RedirectConfiguration $redirectConfig

Add-AzApplicationGatewayUrlPathMapConfig `
  -ApplicationGateway $appgw `
  -Name redirectpathmap `
  -PathRules $redirectPathRule `
  -DefaultBackendAddressPool $defaultPool `
  -DefaultBackendHttpSettings $poolSettings

Set-AzApplicationGateway -ApplicationGateway $appgw

添加路由规则Add routing rules

路由规则可将 URL 映射与所创建的侦听器相关联。The routing rules associate the URL maps with the listeners that you created. 可以使用 Add-AzApplicationGatewayRequestRoutingRule 添加名为 defaultRuleredirectedRule 的规则。You can add the rules named defaultRule and redirectedRule using Add-AzApplicationGatewayRequestRoutingRule.

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$backendlistener = Get-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name backendListener

$redirectlistener = Get-AzApplicationGatewayHttpListener `
  -ApplicationGateway $appgw `
  -Name redirectedListener

$urlPathMap = Get-AzApplicationGatewayUrlPathMapConfig `
  -ApplicationGateway $appgw `
  -Name urlpathmap

$redirectPathMap = Get-AzApplicationGatewayUrlPathMapConfig `
  -ApplicationGateway $appgw `
  -Name redirectpathmap

Add-AzApplicationGatewayRequestRoutingRule `
  -ApplicationGateway $appgw `
  -Name defaultRule `
  -RuleType PathBasedRouting `
  -HttpListener $backendlistener `
  -UrlPathMap $urlPathMap

Add-AzApplicationGatewayRequestRoutingRule `
  -ApplicationGateway $appgw `
  -Name redirectedRule `
  -RuleType PathBasedRouting `
  -HttpListener $redirectlistener `
  -UrlPathMap $redirectPathMap

Set-AzApplicationGateway -ApplicationGateway $appgw

创建虚拟机规模集Create virtual machine scale sets

在此示例中,将创建三个虚拟机规模集以支持所创建的三个后端池。In this example, you create three virtual machine scale sets that support the three backend pools that you created. 创建的规模集分别名为 myvmss1myvmss2myvmss3The scale sets that you create are named myvmss1, myvmss2, and myvmss3. 每个规模集包含两个在其上安装了 IIS 的虚拟机实例。Each scale set contains two virtual machine instances on which you install IIS. 配置 IP 设置时将规模集分配给后端池。You assign the scale set to the backend pool when you configure the IP settings.

$vnet = Get-AzVirtualNetwork `
  -ResourceGroupName myResourceGroupAG `
  -Name myVNet

$appgw = Get-AzApplicationGateway `
  -ResourceGroupName myResourceGroupAG `
  -Name myAppGateway

$backendPool = Get-AzApplicationGatewayBackendAddressPool `
  -Name appGatewayBackendPool `
  -ApplicationGateway $appgw

$imagesPool = Get-AzApplicationGatewayBackendAddressPool `
  -Name imagesBackendPool `
  -ApplicationGateway $appgw

$videoPool = Get-AzApplicationGatewayBackendAddressPool `
  -Name videoBackendPool `
  -ApplicationGateway $appgw

for ($i=1; $i -le 3; $i++)
{
  if ($i -eq 1)
  {
     $poolId = $backendPool.Id
  }
  if ($i -eq 2) 
  {
    $poolId = $imagesPool.Id
  }
  if ($i -eq 3)
  {
    $poolId = $videoPool.Id
  }

  $ipConfig = New-AzVmssIpConfig `
    -Name myVmssIPConfig$i `
    -SubnetId $vnet.Subnets[1].Id `
    -ApplicationGatewayBackendAddressPoolsId $poolId

  $vmssConfig = New-AzVmssConfig `
    -Location chinanorth `
    -SkuCapacity 2 `
    -SkuName Standard_DS2 `
    -UpgradePolicyMode Automatic

  Set-AzVmssStorageProfile $vmssConfig `
    -ImageReferencePublisher MicrosoftWindowsServer `
    -ImageReferenceOffer WindowsServer `
    -ImageReferenceSku 2016-Datacenter `
    -ImageReferenceVersion latest `
    -OsDiskCreateOption FromImage

  Set-AzVmssOsProfile $vmssConfig `
    -AdminUsername azureuser `
    -AdminPassword "Azure123456!" `
    -ComputerNamePrefix myvmss$i

  Add-AzVmssNetworkInterfaceConfiguration `
    -VirtualMachineScaleSet $vmssConfig `
    -Name myVmssNetConfig$i `
    -Primary $true `
    -IPConfiguration $ipConfig

  New-AzVmss `
    -ResourceGroupName myResourceGroupAG `
    -Name myvmss$i `
    -VirtualMachineScaleSet $vmssConfig
}

安装 IISInstall IIS

$publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/appgatewayurl.ps1"); 
  "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File appgatewayurl.ps1" }

for ($i=1; $i -le 3; $i++)
{
  $vmss = Get-AzVmss -ResourceGroupName myResourceGroupAG -VMScaleSetName myvmss$i

  Add-AzVmssExtension -VirtualMachineScaleSet $vmss `
    -Name "customScript" `
    -Publisher "Microsoft.Compute" `
    -Type "CustomScriptExtension" `
    -TypeHandlerVersion 1.8 `
    -Setting $publicSettings

  Update-AzVmss `
    -ResourceGroupName myResourceGroupAG `
    -Name myvmss$i `
    -VirtualMachineScaleSet $vmss
}

测试应用程序网关Test the application gateway

可以使用 Get-AzPublicIPAddress 获取应用程序网关的公共 IP 地址。You can use Get-AzPublicIPAddress to get the public IP address of the application gateway. 复制该公共 IP 地址,并将其粘贴到浏览器的地址栏。Copy the public IP address, and then paste it into the address bar of your browser. 例如,http://52.168.55.24http://52.168.55.24:8080/images/test.htmhttp://52.168.55.24:8080/video/test.htmhttp://52.168.55.24:8081/images/test.htmSuch as, http://52.168.55.24, http://52.168.55.24:8080/images/test.htm, http://52.168.55.24:8080/video/test.htm, or http://52.168.55.24:8081/images/test.htm.

Get-AzPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress

在应用程序网关中测试基 URL

将 URL 更改为 http://<ip-address>:8080/images/test.htm(将 <ip-address> 替换为自己的 IP 地址),应会看到如以下示例所示的内容:Change the URL to http://<ip-address>:8080/images/test.htm, substituting your IP address for <ip-address>, and you should see something like the following example:

在应用程序网关中测试映像 URL

将 URL 更改为 http://<ip-address>:8080/video/test.htm(请将 <ip-address> 替换为自己的 IP 地址),应会看到如以下示例所示的内容:Change the URL to http://<ip-address>:8080/video/test.htm, substituting your IP address for <ip-address>, and you should see something like the following example:

在应用程序网关中测试视频 URL

现在,将 URL 更改为 http://<ip-address>:8081/images/test.htm(请将 <ip-address> 替换为自己的 IP 地址),应会在 http://<ip-address>:8080/images 中看到重定向回映像后端池的流量。Now, change the URL to http://<ip-address>:8081/images/test.htm, substituting your IP address for <ip-address>, and you should see traffic redirected back to the images backend pool at http://<ip-address>:8080/images.

清理资源Clean up resources

如果不再需要资源组、应用程序网关和所有相关资源,可以使用 Remove-AzResourceGroup 将其删除。When no longer needed, remove the resource group, application gateway, and all related resources using Remove-AzResourceGroup.

Remove-AzResourceGroup -Name myResourceGroupAG

后续步骤Next steps