快速入門:使用 Azure 應用程式閘道引導網路流量 - Bicep
在本快速入門中,您會使用 Bicep 來建立 Azure 應用程式閘道。 然後您會測試應用程式閘道,以確保其運作正常。 此範例會使用標準 v2 SKU。
Bicep 是使用宣告式語法來部署 Azure 資源的特定領域語言 (DSL)。 其提供簡潔的語法、可靠的類型安全,並支援程式碼重複使用。 Bicep 能夠為您在 Azure 中的基礎結構即程式碼解決方案,提供最佳的製作體驗。
注意
應用程式閘道前端現在可支援雙堆疊 IP 位址 (預覽版)。 您現在可以建立最多四個前端 IP 位址,包括兩個 IPv4 位址 (公用和私人) 與兩個 IPv6 位址 (公用和私人)。
必要條件
- 具有有效訂用帳戶的 Azure 帳戶。 免費建立帳戶。
檢閱 Bicep 檔案
此 Bicep 檔案會建立簡單的設定,包括公用前端 IP 位址、在此應用程式閘道上裝載單一網站的基本接聽程式、基本的要求路由規則,以及後端集區中的兩部虛擬機器。
本快速入門中使用的 Bicep 檔案是來自 Azure 快速入門範本。
@description('Admin username for the backend servers')
param adminUsername string
@description('Password for the admin account on the backend servers')
@secure()
param adminPassword string
@description('Location for all resources.')
param location string = resourceGroup().location
@description('Size of the virtual machine.')
param vmSize string = 'Standard_B2ms'
var virtualMachineName = 'myVM'
var virtualNetworkName = 'myVNet'
var networkInterfaceName = 'net-int'
var ipconfigName = 'ipconfig'
var publicIPAddressName = 'public_ip'
var nsgName = 'vm-nsg'
var applicationGateWayName = 'myAppGateway'
var virtualNetworkPrefix = '10.0.0.0/16'
var subnetPrefix = '10.0.0.0/24'
var backendSubnetPrefix = '10.0.1.0/24'
resource nsg 'Microsoft.Network/networkSecurityGroups@2023-09-01' = [for i in range(0, 2): {
name: '${nsgName}${i + 1}'
location: location
properties: {
securityRules: [
{
name: 'RDP'
properties: {
protocol: 'Tcp'
sourcePortRange: '*'
destinationPortRange: '3389'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
access: 'Allow'
priority: 300
direction: 'Inbound'
}
}
]
}
}]
resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-09-01' = [for i in range(0, 3): {
name: '${publicIPAddressName}${i}'
location: location
sku: {
name: 'Standard'
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
idleTimeoutInMinutes: 4
}
}]
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-09-01' = {
name: virtualNetworkName
location: location
properties: {
addressSpace: {
addressPrefixes: [
virtualNetworkPrefix
]
}
subnets: [
{
name: 'myAGSubnet'
properties: {
addressPrefix: subnetPrefix
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
}
{
name: 'myBackendSubnet'
properties: {
addressPrefix: backendSubnetPrefix
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
}
]
enableDdosProtection: false
enableVmProtection: false
}
}
resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-09-01' = [for i in range(0, 2): {
name: '${virtualMachineName}${i + 1}'
location: location
properties: {
hardwareProfile: {
vmSize: vmSize
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2016-Datacenter'
version: 'latest'
}
osDisk: {
osType: 'Windows'
createOption: 'FromImage'
caching: 'ReadWrite'
managedDisk: {
storageAccountType: 'StandardSSD_LRS'
}
diskSizeGB: 127
}
}
osProfile: {
computerName: '${virtualMachineName}${i + 1}'
adminUsername: adminUsername
adminPassword: adminPassword
windowsConfiguration: {
provisionVMAgent: true
enableAutomaticUpdates: true
}
allowExtensionOperations: true
}
networkProfile: {
networkInterfaces: [
{
id: resourceId('Microsoft.Network/networkInterfaces', '${networkInterfaceName}${i + 1}')
}
]
}
}
dependsOn: [
networkInterface
]
}]
resource virtualMachine_IIS 'Microsoft.Compute/virtualMachines/extensions@2023-09-01' = [for i in range(0, 2): {
name: '${virtualMachineName}${(i + 1)}/IIS'
location: location
properties: {
autoUpgradeMinorVersion: true
publisher: 'Microsoft.Compute'
type: 'CustomScriptExtension'
typeHandlerVersion: '1.4'
settings: {
commandToExecute: 'powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path "C:\\inetpub\\wwwroot\\Default.htm" -Value $($env:computername)'
}
}
dependsOn: [
virtualMachine
]
}]
resource applicationGateWay 'Microsoft.Network/applicationGateways@2023-09-01' = {
name: applicationGateWayName
location: location
properties: {
sku: {
name: 'Standard_v2'
tier: 'Standard_v2'
}
gatewayIPConfigurations: [
{
name: 'appGatewayIpConfig'
properties: {
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, 'myAGSubnet')
}
}
}
]
frontendIPConfigurations: [
{
name: 'appGwPublicFrontendIp'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: resourceId('Microsoft.Network/publicIPAddresses', '${publicIPAddressName}0')
}
}
}
]
frontendPorts: [
{
name: 'port_80'
properties: {
port: 80
}
}
]
backendAddressPools: [
{
name: 'myBackendPool'
properties: {}
}
]
backendHttpSettingsCollection: [
{
name: 'myHTTPSetting'
properties: {
port: 80
protocol: 'Http'
cookieBasedAffinity: 'Disabled'
pickHostNameFromBackendAddress: false
requestTimeout: 20
}
}
]
httpListeners: [
{
name: 'myListener'
properties: {
frontendIPConfiguration: {
id: resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', applicationGateWayName, 'appGwPublicFrontendIp')
}
frontendPort: {
id: resourceId('Microsoft.Network/applicationGateways/frontendPorts', applicationGateWayName, 'port_80')
}
protocol: 'Http'
requireServerNameIndication: false
}
}
]
requestRoutingRules: [
{
name: 'myRoutingRule'
properties: {
ruleType: 'Basic'
priority: 1
httpListener: {
id: resourceId('Microsoft.Network/applicationGateways/httpListeners', applicationGateWayName, 'myListener')
}
backendAddressPool: {
id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGateWayName, 'myBackendPool')
}
backendHttpSettings: {
id: resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', applicationGateWayName, 'myHTTPSetting')
}
}
}
]
enableHttp2: false
autoscaleConfiguration: {
minCapacity: 0
maxCapacity: 10
}
}
dependsOn: [
virtualNetwork
publicIPAddress[0]
]
}
resource networkInterface 'Microsoft.Network/networkInterfaces@2023-09-01' = [for i in range(0, 2): {
name: '${networkInterfaceName}${i + 1}'
location: location
properties: {
ipConfigurations: [
{
name: '${ipconfigName}${i + 1}'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: resourceId('Microsoft.Network/publicIPAddresses', '${publicIPAddressName}${i + 1}')
}
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, 'myBackendSubnet')
}
primary: true
privateIPAddressVersion: 'IPv4'
applicationGatewayBackendAddressPools: [
{
id: resourceId('Microsoft.Network/applicationGateways/backendAddressPools', applicationGateWayName, 'myBackendPool')
}
]
}
}
]
enableAcceleratedNetworking: false
enableIPForwarding: false
networkSecurityGroup: {
id: resourceId('Microsoft.Network/networkSecurityGroups', '${nsgName}${i + 1}')
}
}
dependsOn: [
publicIPAddress
applicationGateWay
nsg
]
}]
output location string = location
output name string = applicationGateWay.name
output resourceGroupName string = resourceGroup().name
output resourceId string = applicationGateWay.id
提示
您可以修改 resource\applicationGateWay\properties\sku 底下的 Name 和 Tier 參數值,以使用不同的 SKU。 例如: Basic 。
Bicep 檔案中定義了多個 Azure 資源:
- Microsoft.Network/applicationgateways
- Microsoft.Network/publicIPAddresses:一個用於應用程式閘道,兩個用於虛擬機器。
- Microsoft.Network/networkSecurityGroups
- Microsoft.Network/virtualNetworks
- Microsoft.Compute/virtualMachines:兩個虛擬機器
- Microsoft.Network/networkInterfaces:兩個用於虛擬機器
- Microsoft.Compute/virtualMachine/extensions:可設定 IIS 和網頁
部署 Bicep 檔案
將 Bicep 檔案以 main.bicep 儲存至本機電腦。
使用 Azure CLI 或 Azure PowerShell 部署 Bicep 檔案。
az group create --name myResourceGroupAG --location eastus az deployment group create --resource-group myResourceGroupAG --template-file main.bicep --parameters adminUsername=<admin-username>注意
將 <admin-username> 取代為後端伺服器的系統管理員使用者名稱。 系統也會提示您輸入 adminPassword。
當部署完成時,您應該會看到指出部署成功的訊息。
驗證部署
使用 Azure 入口網站、Azure CLI 或 Azure PowerShell 來列出資源群組中已部署的資源。
az resource list --resource-group myResourceGroupAG
清除資源
不再需要時,請使用 Azure 入口網站、Azure CLI 或 Azure PowerShell 來刪除資源群組及其資源。
az group delete --name myResourceGroupAG