快速入門:使用 Azure 應用程式閘道引導網路流量 - ARM 範本Quickstart: Direct web traffic with Azure Application Gateway - ARM template

在此快速入門中,您將使用 Azure Resource Manager 範本 (ARM 範本) 建立 Azure 應用程式閘道。In this quickstart, you use an Azure Resource Manager template (ARM template) to create an Azure Application Gateway. 然後您會測試應用程式閘道,以確保其運作正常。Then you test the application gateway to make sure it works correctly.

ARM 範本是一個 JavaScript 物件標記法 (JSON) 檔案,會定義專案的基礎結構和設定。An ARM template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. 範本會使用宣告式語法。The template uses declarative syntax. 在宣告式語法中,您可以描述預期的部署,而不需要撰寫程式設計命令順序來建立部署。In declarative syntax, you describe your intended deployment without writing the sequence of programming commands to create the deployment.

您也可以使用 Azure 入口網站Azure PowerShellAzure CLI 來完成本快速入門。You can also complete this quickstart using the Azure portal, Azure PowerShell, or Azure CLI.

注意

本文已更新為使用 Azure Az PowerShell 模組。This article has been updated to use the Azure Az PowerShell module. Az PowerShell 模組是用來與 Azure 互動的建議 PowerShell 模組。The Az PowerShell module is the recommended PowerShell module for interacting with Azure. 若要開始使用 Az PowerShell 模組,請參閱安裝 Azure PowerShellTo get started with the Az PowerShell module, see Install Azure PowerShell. 若要瞭解如何遷移至 Az PowerShell 模組,請參閱將 Azure PowerShell 從 AzureRM 遷移至 Az。To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

如果您的環境符合必要條件,而且您很熟悉 ARM 範本,請選取 [部署至 Azure] 按鈕。If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. 範本會在 Azure 入口網站中開啟。The template will open in the Azure portal.

部署至 AzureDeploy to Azure

必要條件Prerequisites

檢閱範本Review the template

為了簡單起見,此範本會建立簡單的設定,包括公用前端 IP、在此應用程式閘道上裝載單一網站的基本接聽程式、基本的要求路由規則,以及後端集區中的兩部虛擬機器。For the sake of simplicity, this template creates a simple setup with a public front-end IP, a basic listener to host a single site on the application gateway, a basic request routing rule, and two virtual machines in the backend pool.

本快速入門中使用的範本是來自 Azure 快速入門範本The template used in this quickstart is from Azure Quickstart Templates

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "adminUsername": {
      "type": "string",
      "metadata": {
        "description": "Admin username for the backend servers"
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Password for the admin account on the backend servers"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for all resources."
      }
    },
    "vmSize": {
      "type": "string",
      "defaultValue": "Standard_B2ms",
      "metadata": {
        "description": "Size of the virtual machine."
      }
    }
  },
  "variables": {
    "virtualMachines_myVM_name": "myVM",
    "virtualNetworks_myVNet_name": "myVNet",
    "net_interface": "net-int",
    "ipconfig_name": "ipconfig",
    "publicIPAddress": "public_ip",
    "nsg_name": "vm-nsg",
    "applicationGateways_myAppGateway_name": "myAppGateway",
    "vnet_prefix": "10.0.0.0/16",
    "ag_subnet_prefix": "10.0.0.0/24",
    "backend_subnet_prefix": "10.0.1.0/24"
  },
  "resources": [
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2020-06-01",
      "name": "[concat(variables('nsg_name'), copyIndex(1))]",
      "location": "[parameters('location')]",
      "copy": {
        "name": "nsg-loop",
        "count": 2
      },
      "properties": {
        "securityRules": [
          {
            "name": "RDP",
            "properties": {
              "protocol": "TCP",
              "sourcePortRange": "*",
              "destinationPortRange": "3389",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 300,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2020-06-01",
      "name": "[concat(variables('publicIPAddress'), copyIndex())]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "copy": {
        "name": "publicip-loop",
        "count": 3
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2020-06-01",
      "name": "[variables('virtualNetworks_myVNet_name')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[variables('vnet_prefix')]"
          ]
        },
        "subnets": [
          {
            "name": "myAGSubnet",
            "properties": {
              "addressPrefix": "[variables('ag_subnet_prefix')]",
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          },
          {
            "name": "myBackendSubnet",
            "properties": {
              "addressPrefix": "[variables('backend_subnet_prefix')]",
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          }
        ],
        "enableDdosProtection": false,
        "enableVmProtection": false
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2020-06-01",
      "name": "[concat(variables('virtualMachines_myVM_name'), copyIndex(1))]",
      "location": "[parameters('location')]",
      "copy": {
        "name": "vm-loop",
        "count": 2
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('net_interface'), copyIndex(1)))]"
      ],
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmSize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "MicrosoftWindowsServer",
            "offer": "WindowsServer",
            "sku": "2016-Datacenter",
            "version": "latest"
          },
          "osDisk": {
            "osType": "Windows",
            "createOption": "FromImage",
            "caching": "ReadWrite",
            "managedDisk": {
              "storageAccountType": "StandardSSD_LRS"
            },
            "diskSizeGB": 127
          }
        },
        "osProfile": {
          "computerName": "[concat(variables('virtualMachines_myVM_name'), copyIndex(1))]",
          "adminUsername": "[parameters('adminUsername')]",
          "adminPassword": "[parameters('adminPassword')]",
          "windowsConfiguration": {
            "provisionVMAgent": true,
            "enableAutomaticUpdates": true
          },
          "allowExtensionOperations": true
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('net_interface'), copyIndex(1)))]"
            }
          ]
        }
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "2020-06-01",
      "name": "[concat(variables('virtualMachines_myVM_name'), copyIndex(1),'/IIS')]",
      "location": "[parameters('location')]",
      "copy": {
        "name": "ext-loop",
        "count": 2
      },
      "dependsOn": [
        "[resourceId('Microsoft.Compute/virtualMachines', concat(variables('virtualMachines_myVM_name'), copyIndex(1)))]"
      ],
      "properties": {
        "autoUpgradeMinorVersion": true,
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.4",
        "settings": {
          "commandToExecute": "powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"
        }
      }
    },
    {
      "type": "Microsoft.Network/applicationGateways",
      "apiVersion": "2020-06-01",
      "name": "[variables('applicationGateways_myAppGateway_name')]",
      "location": "[parameters('location')]",
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworks_myVNet_name'))]",
        "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddress'), '0'))]"
      ],
      "properties": {
        "sku": {
          "name": "Standard_v2",
          "tier": "Standard_v2"
        },
        "gatewayIPConfigurations": [
          {
            "name": "appGatewayIpConfig",
            "properties": {
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworks_myVNet_name'), 'myAGSubnet')]"
              }
            }
          }
        ],
        "frontendIPConfigurations": [
          {
            "name": "appGwPublicFrontendIp",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddress'), '0'))]"
              }
            }
          }
        ],
        "frontendPorts": [
          {
            "name": "port_80",
            "properties": {
              "port": 80
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "myBackendPool",
            "properties": {
            }
          }
        ],
        "backendHttpSettingsCollection": [
          {
            "name": "myHTTPSetting",
            "properties": {
              "port": 80,
              "protocol": "Http",
              "cookieBasedAffinity": "Disabled",
              "pickHostNameFromBackendAddress": false,
              "requestTimeout": 20
            }
          }
        ],
        "httpListeners": [
          {
            "name": "myListener",
            "properties": {
              "frontendIPConfiguration": {
                "id": "[resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', variables('applicationGateways_myAppGateway_name'), 'appGwPublicFrontendIp')]"
              },
              "frontendPort": {
                "id": "[resourceId('Microsoft.Network/applicationGateways/frontendPorts', variables('applicationGateways_myAppGateway_name'), 'port_80')]"
              },
              "protocol": "Http",
              "requireServerNameIndication": false
            }
          }
        ],
        "requestRoutingRules": [
          {
            "name": "myRoutingRule",
            "properties": {
              "ruleType": "Basic",
              "httpListener": {
                "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGateways_myAppGateway_name'), 'myListener')]"
              },
              "backendAddressPool": {
                "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGateways_myAppGateway_name'), 'myBackendPool')]"
              },
              "backendHttpSettings": {
                "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGateways_myAppGateway_name'), 'myHTTPSetting')]"
              }
            }
          }
        ],
        "enableHttp2": false,
        "autoscaleConfiguration": {
          "minCapacity": 0,
          "maxCapacity": 10
        }
      }
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2020-06-01",
      "name": "[concat(variables('net_interface'), copyIndex(1))]",
      "location": "[parameters('location')]",
      "copy": {
        "name": "int-loop",
        "count": 2
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddress'), copyIndex(1)))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworks_myVNet_name'))]",
        "[resourceId('Microsoft.Network/applicationGateways', variables('applicationGateways_myAppGateway_name'))]",
        "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg_name'), copyIndex(1)))]"
      ],
      "properties": {
        "ipConfigurations": [
          {
            "name": "[concat(variables('ipconfig_name'), copyIndex(1))]",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('publicIPAddress'), copyIndex(1)))]"
              },
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworks_myVNet_name'), 'myBackendSubnet')]"
              },
              "primary": true,
              "privateIPAddressVersion": "IPv4",
              "applicationGatewayBackendAddressPools": [
                {
                  "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGateways_myAppGateway_name'), 'myBackendPool')]"
                }
              ]
            }
          }
        ],
        "enableAcceleratedNetworking": false,
        "enableIPForwarding": false,
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(variables('nsg_name'), copyIndex(1)))]"
        }
      }
    }
  ]
}

範本中定義了多個 Azure 資源:Multiple Azure resources are defined in the template:

部署範本Deploy the template

將 ARM 範本部署到 Azure:Deploy the ARM template to Azure:

  1. 選取 [部署至 Azure] 以登入 Azure 並開啟範本。Select Deploy to Azure to sign in to Azure and open the template. 此範本會在執行 IIS 的後端集區中建立應用程式閘道、網路基礎結構和兩個虛擬機器。The template creates an application gateway, the network infrastructure, and two virtual machines in the backend pool running IIS.

    部署至 AzureDeploy to Azure

  2. 選取或建立資源群組,輸入虛擬機器系統管理員的使用者名稱和密碼。Select or create your resource group, type the virtual machine administrator user name and password.

  3. 選取 [檢閱 + 建立],然後選取 [建立]。Select Review + Create and then select Create.

    部署可能需要 20 分鐘或更久的時間才能完成。The deployment can take 20 minutes or longer to complete.

驗證部署Validate the deployment

雖然不需要 IIS 即可建立應用程式閘道,但仍會加以安裝以確認 Azure 是否已成功建立應用程式閘道。Although IIS isn't required to create the application gateway, it's installed to verify if Azure successfully created the application gateway. 使用 IIS 測試應用程式閘道:Use IIS to test the application gateway:

  1. 在 [概觀] 頁面上尋找應用程式閘道的公用 IP 位址。記錄應用程式閘道公用 IP 位址 或者,您可以選取 [所有資源],並在搜尋方塊中輸入 myAGPublicIPAddress,然後在搜尋結果中加以選取。Find the public IP address for the application gateway on its Overview page.Record application gateway public IP address Or, you can select All resources, enter myAGPublicIPAddress in the search box, and then select it in the search results. Azure 會在 [概觀] 頁面上顯示公用 IP 位址。Azure displays the public IP address on the Overview page.

  2. 將公用 IP 位址複製並貼到您瀏覽器的網址列,以瀏覽該 IP 位址。Copy the public IP address, and then paste it into the address bar of your browser to browse that IP address.

  3. 檢查回應。Check the response. 有效的回應會確認應用程式閘道已成功建立,並可與後端順利連線。A valid response verifies that the application gateway was successfully created and can successfully connect with the backend.

    測試應用程式閘道

    多次重新整理瀏覽器後,您應該會看到 myVM1 和 myVM2 的連線。Refresh the browser multiple times and you should see connections to both myVM1 and myVM2.

清除資源Clean up resources

當您不再需要先前為應用程式閘道建立的資源時,請刪除資源群組。When you no longer need the resources that you created with the application gateway, delete the resource group. 這會移除應用程式閘道和所有相關資源。This removes the application gateway and all the related resources.

呼叫 Remove-AzResourceGroup Cmdlet 以刪除資源群組:To delete the resource group, call the Remove-AzResourceGroup cmdlet:

Remove-AzResourceGroup -Name <your resource group name>

後續步驟Next steps