Интегрируйте управление API во внутреннюю VNET со шлюзом приложений - PullRequest
Новая
       76

Интегрируйте управление API во внутреннюю VNET со шлюзом приложений

0 голосов
/ 25 февраля 2020

Я разработал сценарий PowerShell на основе следующего руководства. Интегрируйте управление API во внутренний VNET со шлюзом приложений https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway 

##log in to the Azure account

Connect-AzAccount


##Create Resource group

New-AzResourceGroup -Name Network -Location westeurope
New-AzResourceGroup -Name Security -Location westeurope
New-AzResourceGroup -Name Application -Location westeurope

##Create DDOS protection plan

$ddosProtectionPlan = New-AzDdosProtectionPlan -ResourceGroupName Security -Name DdosProtectionPlanName -Location "westeurope"

##create the subnet

$appgatewaysubnet = New-AzVirtualNetworkSubnetConfig -Name "apim01" -AddressPrefix "10.0.0.0/24"

$apimsubnet = New-AzVirtualNetworkSubnetConfig -Name "apim02" -AddressPrefix "10.0.1.0/24"

##create the VNet

$vnet = New-AzVirtualNetwork -Name "appgwvnet" -ResourceGroupName Network -Location westeurope -AddressPrefix "10.0.0.0/16" -Subnet $appgatewaysubnet,$apimsubnet -DdosProtectionPlanId $ddosProtectionPlan.Id

##Assign a subnet variable

$appgatewaysubnetdata = $vnet.Subnets[0]
$apimsubnetdata = $vnet.Subnets[1]

##Create an API Management Virtual Network object using the subnet $apimsubnetdata

$apimVirtualNetwork = New-AzApiManagementVirtualNetwork -SubnetResourceId $apimsubnetdata.Id

##Create an API Management service inside the Virtual Network

$apimServiceName = "starAPImanagment123"       # API Management service instance name
$apimOrganization = "star"         # organization name
$apimAdminEmail = "aanwar@ejada.com" # administrator's email address
$apimService = New-AzApiManagement -ResourceGroupName Application -Location westeurope -Name $apimServiceName -Organization $apimOrganization -AdminEmail $apimAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Developer"

##Test
$gatewayHostname = "api.star.net"                 # API gateway host
$portalHostname = "portal.star.net"               # API developer portal host
$proxyHostnameConfig = New-AzApiManagementCustomHostnameConfiguration -Hostname $gatewayHostname -HostnameType Proxy 
$portalHostnameConfig = New-AzApiManagementCustomHostnameConfiguration -Hostname $portalHostname -HostnameType DeveloperPortal 

$apimService.ProxyCustomHostnameConfiguration = $proxyHostnameConfig
$apimService.PortalCustomHostnameConfiguration = $portalHostnameConfig
Set-AzApiManagement -InputObject $apimService



##Create a public IP

$publicip = New-AzPublicIpAddress -ResourceGroupName Network -name "publicIP01" -location westeurope -AllocationMethod Dynamic

##Create an application gateway IP configuration in the back-end IP pool

$gipconfig = New-AzApplicationGatewayIPConfiguration -Name "gatewayIP01" -Subnet $appgatewaysubnetdata

##Configure the front-end IP port for the public IP endpoint

$fp01 = New-AzApplicationGatewayFrontendPort -Name "port01"  -Port 443
$fipconfig01 = New-AzApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip

##Test2
$listener = New-AzApplicationGatewayHttpListener -Name "listener01" -Protocol "Https" -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -HostName $gatewayHostname -RequireServerNameIndication true
$portalListener = New-AzApplicationGatewayHttpListener -Name "listener02" -Protocol "Https" -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -HostName $portalHostname -RequireServerNameIndication true


$apimprobe = New-AzApplicationGatewayProbeConfig -Name "apimproxyprobe" -Protocol "Https" -HostName $gatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
$apimPortalProbe = New-AzApplicationGatewayProbeConfig -Name "apimportalprobe" -Protocol "Https" -HostName $portalHostname -Path "/signin" -Interval 60 -Timeout 300 -UnhealthyThreshold 8


$apimPoolSetting = New-AzApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port 443 -Protocol "Https" -CookieBasedAffinity "Disabled" -Probe $apimprobe -RequestTimeout 180
$apimPoolPortalSetting = New-AzApplicationGatewayBackendHttpSettings -Name "apimPoolPortalSetting" -Port 443 -Protocol "Https" -CookieBasedAffinity "Disabled" -Probe $apimPortalProbe -RequestTimeout 180

##Configure a back-end IP address pool

$apimProxyBackendPool = New-AzApplicationGatewayBackendAddressPool -Name "apimbackend" -BackendIPAddresses $apimService.PrivateIPAddresses[0]

##Create rules for the Application Gateway

$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType Basic -HttpListener $listener -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolSetting
$rule02 = New-AzApplicationGatewayRequestRoutingRule -Name "rule2" -RuleType Basic -HttpListener $portalListener -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolPortalSetting

##Configure the number of instances and size for the Application Gateway

$sku = New-AzApplicationGatewaySku -Name "WAF_Medium" -Tier "WAF" -Capacity 2

##Configure WAF to be in "Prevention" mode

$config = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"

##Create an Application Gateway 

$appgwName = "apim-app-gw"
$appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName Network -Location westeurope -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting, $apimPoolPortalSetting  -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -Sku $sku -WebApplicationFirewallConfig $config -Probes $apimprobe, $apimPortalProbe

Get-AzPublicIpAddress -ResourceGroupNam`e Network -Name "publicIP01"`

, но получил сообщение, которое не могу понять это командлет New-AzApplicationGateway в конвейере команд 1 Задайте значения для следующих параметров: (Введите!? для справки.) HttpListeners [0]: RwquestRoutingRules [0]:

примечание: я не ставил никакой сертификации в моем сценарии.

любезно советую

1 Ответ

0 голосов
/ 28 февраля 2020

В команде New-AzApplicationGateway необходимо указать также прослушиватели:

-HttpListeners $ listener, $ portalListener

...