In last blog we learned how to setup Azure Application Gateway using Terraform, in this blog we will see how to setup Azure Application Gateway using ARM template. Azure does provide you with lot of ARM template, but i wanted to start with minimum.
Alright, so we know Azure provides ready made templates and we can certainly use them, however I wanted to do it in such a way that with minimum efforts you can get going and then from there on you can play around with it little bit and keep improving. Additionally you will also learn how to setup an Listeners on 443 and associate SSL certificate.
Templates are available here:
Let’s understand the templates, firstly we will see the parameters files, all the values are set here and mostly you should be good by changing the values here and not in azuredeploy.json template.
All the key values are self explanatory and easy to understand, however the one you should pay the most attention is the “ssl_cert_data“, what i have done here is I have converted the certificate to “base64string” and then the complete string is copied in as the value for “ssl_cert_data“.
The PowerShell script that i have used is as below:
$fileContentBytes = get-content 'PATH OF YOUR PFX FILE' -Encoding Byte [System.Convert]::ToBase64String($fileContentBytes) | Out-File ‘pfx-encoded-bytes.txt’
Now let’s talk about the sections that we have setup.
Pretty straight forward, we are creating a Virtual Network and subnet.
Public IP: We need public IP for app gateway frontend configuration. We are using Standard SKU here because we need a static IP address.
App Gateway: Creating application gateway and the mandatory properties.
List of mandatory properties that you will have to create inside the properties section of application gateway.
gatewayIPConfigurations: Needed for associating application gateway with subnets.
frontendIPConfigurations: Associating the public IP address that we setup earlier as frontend IP.
frontendPorts: The port that we will be setting up for listeners e.g 443, 80.
backendAddressPools: Setting required to associate some backend web app or virtual machine to server the traffic, in this case for now i have associated www.hardeepbhamra.com
backendHttpSettingsCollection: Providing information on backend application, whether the backend is running on port 443 or 80, what protocol is being used, either https or http, whether you want to enable “cookieBasedAffinity” and what should be the “requestTimeout” setting so that if app gateway doesn’t get response back in set timeline then it will throw 500 errors.
httplisteners: This is to listen for request on specific domain at application gateway and this will consist of “frontendIPConfiguration”, “frontendPort”, “Protocol” and “SSLCertificate” if you are setting it up for https.
requestRoutingRules: The purpose of the rules are to associate the frontend with the backend, it acts as an bridge between frontend and backend settings, as you would see in the screenshot, you have httplisteners, backendaddresspools and backendhttpsettings defined here.
sslCertificates: lastly we have SSL certificates section where we will upload the pfx cert and the password for pfx.
That’s about it guys, remember the application gateway has 5 components to be configured so as to work efficiently and they are.
so feel free to comment or write if you got any queries or need any assistance.