Я последовал этому скрипту быстрого запуска с нужными мне изменениями
https://github.com/Azure/azure-quickstart-templates/blob/master/201-application-gateway-2vms-iis-ssl/azuredeploy.json
Но я получаю ошибку
11:43:49 PM - Resource Microsoft.Network/applicationGateways 'testAppGw' failed with message '{
"error": {
"code": "InvalidResourceReference",
"message": "Resource Microsoft.Network/applicationGateways/testAppGw/frontendIPConfigurations/appPiP referenced by resource /subscriptions/0443e/resourceGroups/RG/providers/Microsoft.Network/applicationGateways/testAppGw/httpListeners/listener was not found. Please make sure that the referenced resource exists, and that both resources are in the same region."
Мой код:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGatewayName": {
"type": "string",
"defaultValue": "testappgw",
"metadata": {
"description": "Application Gateway Name"
}
},
"location": {
"type": "string",
"metadata": {
"description": "Application Gateway Location"
}
},
"applicationGatewaySize": {
"type": "string",
"allowedValues": [
"WAF_Medium",
"WAF_Large"
],
"defaultValue": "WAF_Medium",
"metadata": {
"description": "Application Gateway size, using WAF"
}
},
"wafMode": {
"type": "string",
"allowedValues": [
"Detection",
"Prevention"
],
"defaultValue": "Detection",
"metadata": {
"description": "WAF Mode"
}
},
"wafRuleSetVersion": {
"type": "string",
"allowedValues": [
"3.0",
"2.2.9"
],
"metadata": {
"description": "Version of the WAF OWASP rule set type."
}
},
"appGwPublicIpName": {
"type": "string",
"defaultValue": "testappgw",
"metadata": {
"description": "Application Gateway Public IP Name"
}
},
"createNewVirtualNetwork": {
"type": "bool",
"metadata": {
"description": "Use an existing virtual network or create a new one "
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "Name of the virtual network the Application Gateway is located in"
}
},
"virtualNetworkAddressPrefix": {
"type": "string",
"metadata": {
"description": "Prefix of the virtual network"
}
},
"appGWSubnetName": {
"type": "string",
"defaultValue": "testappgw",
"metadata": {
"description": "Application Gateway Subnet name"
}
},
"appGatewaySubnetPrefix": {
"type": "string",
"metadata": {
"description": "Prefix of the subnet that the application gateway is located in"
}
},
"appGWNsgName": {
"type": "string",
"metadata": {
"description": "Name of the network security group for the app gateway subnet"
}
},
"applicationGatewayInstanceCount": {
"type": "int",
"allowedValues": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10
],
"defaultValue": 1,
"metadata": {
"description": "application gateway instance count"
}
},
"httpListenerName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name for http listener"
}
},
"httpListenerHostName": {
"type": "string",
"metadata": {
"description": "Host name for HTTP Listener"
}
},
"httpListenerServerNameIndication": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "True or False to require server name indication"
}
},
"frontEndPortName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of the application gateway front end port"
}
},
"frontEndPort": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Front end port"
}
},
"frontEndProtocol": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Http or Https"
}
},
"backendAddressPoolName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name for the backend pool"
}
},
"backendIPAddresses": {
"type": "array",
"metadata": {
"description": "backend pool ip addresses"
}
},
"backEndPort": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "backend port"
}
},
"backEndProtocol": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Http or Https"
}
},
"cookieBasedAffinity": {
"type": "string",
"allowedValues": [
"Disabled",
"Enabled"
],
"metadata": {
"description": "Value to use cookie based affinity. Acceptable values are Disabled, Enabled"
}
},
"SSLCertificateName": {
"type": "string",
"metadata": {
"description": "Name for the SSLcert"
}
},
"frontendCertData": {
"type": "string",
"metadata": {
"description": "Base-64 encoded form of the .pfx file. This is the cert terminating on the Application Gateway."
}
},
"frontendCertPassword": {
"type": "securestring",
"metadata": {
"description": "Password for .pfx certificate"
}
},
"routingRulesName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Name of routing rules request"
}
},
"routingRulesType": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Routing rule type. Acceptable values are Basic and PathBasedRouting"
}
}
},
"variables": {
"appGatewaySubnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('appGWsubnetName'))]",
"appGwPublicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('appGwPublicIpName'))]",
"applicationGatewayID": "[resourceId('Microsoft.Network/applicationGateways',parameters('applicationGatewayName'))]"
},
"resources": [
{
"apiVersion": "2017-03-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('appGwPublicIpName')]",
"location": "[parameters('location')]",
"tags": {
"displayName": "[parameters('appGwPublicIpName')]"
},
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[parameters('appGwNsgName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "Allow80",
"properties": {
"description": "Allow 80 from Internet",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "Allow443",
"properties": {
"description": "Allow 443 from Internet",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "Internet",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 102,
"direction": "Inbound"
}
},
{
"name": "AllowAppGwProbes",
"properties": {
"description": "Allow ports for App Gw probes",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "65503-65534 ",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 103,
"direction": "Inbound"
}
}
]
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/virtualNetworks",
"condition": "[parameters('createNewVirtualNetwork')]",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('appGWSubnetName')]",
"properties": {
"addressPrefix": "[parameters('appGatewaySubnetPrefix')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('appGwNsgName'))]"
}
}
}
]
}
},
{
"apiVersion": "2017-06-01",
"name": "[parameters('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"tags": {
"displayName": "ApplicationGateway"
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/publicIPAddresses/', parameters('appGwPublicIpName'))]"
],
"properties": {
"sku": {
"name": "[parameters('applicationGatewaySize')]",
"tier": "WAF",
"capacity": "[parameters('applicationGatewayInstanceCount')]"
},
"sslCertificates": [
{
"name": "[parameters('SSLCertificateName')]",
"properties": {
"data": "[parameters('frontendCertData')]",
"password": "[parameters('frontendCertPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('appGatewaySubnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"PublicIPAddress": {
"id": "[variables('appGwPublicIPRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": "[parameters('frontendPort')]"
}
}
],
"backendAddressPools": [
{
"name": "[parameters('backendAddressPoolName')]",
"properties": {
"BackendAddresses": "[parameters('backendIPAddresses')]"
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": "[parameters('backendPort')]",
"Protocol": "[parameters('backendProtocol')]",
"CookieBasedAffinity": "[parameters('CookieBasedAffinity')]"
}
}
],
"httpListeners": [
{
"name": "[parameters('httpListenerName')]",
"properties": {
"FrontendIPConfiguration": {
"Id": "[concat(variables('applicationGatewayID'), '/frontendIPConfigurations/',parameters('appGwPublicIpName'))]"
},
"FrontendPort": {
"Id": "[concat(variables('applicationGatewayID'), '/frontendPorts/', parameters('frontEndPortName'))]"
},
"Protocol": "[parameters('frontendProtocol')]",
"SslCertificate": {
"Id": "[concat(variables('applicationGatewayID'), '/sslCertificates/', parameters('SSLCertificateName'))]"
},
"HostName": "[parameters('httpListenerHostName')]",
"RequireServerNameIndication": "[parameters('httpListenerServerNameIndication')]"
}
}
],
"requestRoutingRules": [
{
"Name": "[parameters('routingRulesName')]",
"properties": {
"RuleType": "[parameters('routingRulesType')]",
"httpListener": {
"id": "[concat(variables('applicationGatewayID'), '/httpListeners/', parameters('httpListenerName'))]"
},
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayID'), '/backendAddressPools/', parameters('backendAddressPoolName'))]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayID'), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
],
"webApplicationFirewallConfiguration": {
"enabled": true,
"firewallMode": "[parameters('wafMode')]",
"ruleSetType": "OWASP",
"ruleSetVersion": "[parameters('wafRuleSetVersion')]",
"disabledRuleGroups": []
}
}
}
],
"outputs": {}
}
Я запускаю его так:
New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName `
-Name $deploymentName `
-Mode Incremental `
-TemplateUri ($templateUri + $templateToken) `
-location $location `
-applicationGatewayName $applicationGatewayName `
-applicationGatewaySize $applicationGatewaySize `
-wafMode $wafMode `
-wafRuleSetVersion $wafRuleSetVersion `
-appGwPublicIpName $appGwPublicIpName `
-createNewVirtualNetwork $createNewVirtualNetwork `
-virtualNetworkName $virtualNetworkName `
-virtualNetworkAddressPrefix $virtualNetworkAddressPrefix `
-appGWSubnetName $appGWSubnetName `
-appGatewaySubnetPrefix $appGatewaySubnetPrefix `
-appGWNsgName $appGWNsgName `
-applicationGatewayInstanceCount $applicationGatewayInstanceCount `
-httpListenerName $httpListenerName `
-httpListenerHostName $httpListenerHostName `
-httpListenerServerNameIndication $httpListenerServerNameIndication `
-frontEndPort $frontEndPort `
-frontEndProtocol $frontEndProtocol `
-backendAddressPoolName $backendAddressPoolName `
-backendIPAddresses $backendIPAddresses `
-backEndPort $backEndPort `
-backEndProtocol $backEndProtocol `
-cookieBasedAffinity $cookieBasedAffinity `
-SSLCertificateName $SSLCertificateName `
-frontendCertData $frontendCertData `
-frontendCertPassword $frontendCertSecuredPassword `
-routingRulesName $routingRulesName `
-routingRulesType $routingRulesType `
| Out-Null
edit: я изменил способ привязки идентификатора для порта внешнего интерфейса для настроек прослушивателя и обновил код пула внутренних адресов.