如何使用App服务设置Azure应用网关

smdnsysy  于 2023-02-16  发布在  其他
关注(0)|答案(1)|浏览(174)

我正在尝试使用自签名证书设置Azure应用程序网关。在没有https的情况下,第一步是尝试使用端口80建立http。当我尝试使用appgateway公共IP浏览应用程序时,它将其重定向到https://myappname.azurewebsites.net:80,我不知道这里出了什么问题。我专门编写了一个重写规则来覆盖站点,但在这种情况下,站点加载没有重定向(正如预期的那样)并且工作正常。我想了解为什么它导航到myappname.azurewebsites.net:80而不仅仅是myappname.azurewebsites.net。我正在跟踪this
以下是没有现有端口80规则的相同的PowerShell脚本的简化版本

$webAppFQDN = "myapp.azurewebsites.net"
$rgName = "acsrg001"
$appGwName = "acsag002"
$appGwBackendPoolNameForAppSvc = "acspebpool001"
$httpSettingsName = "acspehttpsettings001"
$httpListenerName = "acspelistener001"
$reqRoutingRuleName = "acspelatestrule001"

$gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName
Add-AzApplicationGatewayBackendAddressPool -Name $appGwBackendPoolNameForAppSvc -ApplicationGateway $gw -BackendFqdns $webAppFQDN
Set-AzApplicationGateway -ApplicationGateway $gw

$gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName
Add-AzApplicationGatewayBackendHttpSettings -Name $httpSettingsName -ApplicationGateway $gw -Protocol Https -Port 443 -PickHostNameFromBackendAddress -CookieBasedAffinity Disabled -RequestTimeout 30
Set-AzApplicationGateway -ApplicationGateway $gw

$gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName
$port = $gw.FrontendPorts | Where-Object {$_.Port -eq 80}
$listener = $gw.HttpListeners | Where-Object {$_.Protocol.ToString().ToLower() -eq "http" -and $_.FrontendPort.Id -eq $port.Id}
if ($listener -eq $null){
    $frontendIpConfig = $gw.FrontendIpConfigurations | Where-Object {$_.PublicIpAddress -ne $null}
    Add-AzApplicationGatewayHttpListener -Name $httpListenerName -ApplicationGateway $gw -Protocol Http -FrontendIPConfiguration $frontendIpConfig -FrontendPort $port
    Set-AzApplicationGateway -ApplicationGateway $gw
}

$gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName
$httpListener = Get-AzApplicationGatewayHttpListener -Name $httpListenerName -ApplicationGateway $gw
$httpSettings = Get-AzApplicationGatewayBackendHttpSettings -Name $httpSettingsName -ApplicationGateway $gw
$backendPool = Get-AzApplicationGatewayBackendAddressPool -Name $appGwBackendPoolNameForAppSvc -ApplicationGateway $gw
Add-AzApplicationGatewayRequestRoutingRule -Name $reqRoutingRuleName -ApplicationGateway $gw -RuleType Basic -BackendHttpSettings $httpSettings -HttpListener $httpListener -BackendAddressPool $backendPool -Priority 1
Set-AzApplicationGateway -ApplicationGateway $gw

$gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName
Get-AzApplicationGatewayBackendHealth -ResourceGroupName $rgName -Name $appGwName
wkyowqbh

wkyowqbh1#

我尝试在我的环境中重现相同的脚本,得到了如下相同的结果:

Sku                                 : Microsoft.Azure.Commands.Network.Models.PSApplicationGatewaySku
SslPolicy                           : 
GatewayIPConfigurations             : {appGatewayIpConfig}
AuthenticationCertificates          : {}
SslCertificates                     : {}
TrustedRootCertificates             : {}
TrustedClientCertificates           : {}
FrontendIPConfigurations            : {appGwPublicFrontendIp}
FrontendPorts                       : {port_80}
Probes                              : {}
BackendAddressPools                 : {back, pool1, backendpool007}
BackendHttpSettingsCollection       : {http}
SslProfiles                         : {}
HttpListeners                       : {listhttp}
UrlPathMaps                         : {}
RequestRoutingRules                 : {rule1}
RewriteRuleSets                     : {}
RedirectConfigurations              : {rule1}
WebApplicationFirewallConfiguration : 
FirewallPolicy                      : 
AutoscaleConfiguration              : Microsoft.Azure.Commands.Network.Models.PSApplicationGatewayAutoscaleConfiguration
CustomErrorConfigurations           : {}
PrivateLinkConfigurations           : {}
PrivateEndpointConnections          : {}
EnableHttp2                         : False
EnableFips                          : 
ForceFirewallPolicyAssociation      : 
Zones                               : {}
OperationalState                    : Running
ProvisioningState                   : Succeeded
Identity                            : 
GatewayIpConfigurationsText         : [
                                        {
                                          "Subnet": {
                                            "Id": "/subscriptions/6ca9eff3-3c2d-420e-875e-ea526b412ca0/resourceGroups/imran/providers/Microsoft.Network/virtualNetworks/imran-vnet/su
                                      bnets/appsubnet"
                                          },
                                          "ProvisioningState": "Succeeded",
                                          "Type": "Microsoft.Network/applicationGateways/gatewayIPConfigurations",
                                          "Name": "appGatewayIpConfig",
                                          "Etag": "W/\"2494e0c1-b1fc-4840-896e-a39e9ebf0846\"",
                                          "Id": "/subscriptions/6ca9eff3-3c2d-420e-875e-ea526b412ca0/resourceGroups/imran/providers/Microsoft.Network/applicationGateways/imran/gatew
                                      ayIPConfigurations/appGatewayIpConfig"
                                        }

此问题可能会导致应用程序网关中的反向代理具有不同的主机名,其中一个后端应用程序服务器可能会导致Cookie或重定向URL发生故障。例如,会话状态可能会丢失、身份验证可能会失败,或者后端URL可能会无意中发现后端URL。
要解决此问题,请尝试使用自定义域在后端池中添加自定义域使用Application Gateway配置应用程序服务以及证书沿着并添加后端服务器的身份验证受信任根证书,如下所示:

在设置下的应用网关中,单击后端目标中的规则-〉添加应用服务的后端池,并在HTTP配置中添加相应的应用网关。

您可以查看类似的螺纹参考
作者:
吉拉尼·夏尔马 *
Azure application gateway with Web App - Gateway IP wont work

相关问题