-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathAdd-WebAppToAppGw.ps1
404 lines (360 loc) · 23.6 KB
/
Add-WebAppToAppGw.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
## End-to-End SSL
# .\Add-WebAppToAppGw.ps1
# -ResourceGroupName "rgname"
# -ApplicationGatewayName "appgw-name"
# -BackendPoolName "ase_pool"
# -BackendIPAddress "172.16.3.9"
# -BackendFQDN "webapp1.internal.domain.com"
# -WebappName "webapp1"
# -FrontendHost "webapp1endtoend"
# -FrontendRootZoneName "domain.com"
# -FrontendSSLCertificateName "domain.com-frontend-sslcertificate"
# -FrontendSSLCertificatePath "path\to\wildcard_domain_com.pfx"
# -BackendAuthenticationCertificateName "ase-ilb-public-certificate"
# -SSLEndToEnd
## SSL Termination
# .\Add-WebAppToAppGw.ps1
# -ResourceGroupName "rgname"
# -ApplicationGatewayName "appgw-name"
# -BackendPoolName "ase_pool"
# -BackendIPAddress "172.16.3.9"
# -BackendFQDN "webapp1.internal.domain.com"
# -WebappName "webapp1"
# -FrontendHost "webapp1ssloffload"
# -FrontendRootZoneName "domain.com"
# -FrontendSSLCertificateName "domain.com-frontend-sslcertificate"
# -FrontendSSLCertificatePath "path\to\wildcard_domain_com.pfx"
# -SSLTermination
## HTTP Only
# .\Add-WebAppToAppGw.ps1
# -ResourceGroupName "rgname"
# -ApplicationGatewayName "appgw-name"
# -BackendPoolName "ase_pool"
# -BackendIPAddress "172.16.3.9"
# -BackendFQDN "webapp1.internal.domain.com"
# -WebappName "webapp1"
# -FrontendHost "webapp1nossl"
# -FrontendRootZoneName "domain.com"
Param(
[Parameter(Mandatory = $true)][string] $ResourceGroupName,
[Parameter(Mandatory = $true)][string] $ApplicationGatewayName,
[Parameter(Mandatory = $false)][string] $BackendPoolName = "ase-pool",
[Parameter(Mandatory = $true)][string] $BackendIPAddress,
[Parameter(Mandatory = $true)][string] $BackendFQDN,
[Parameter(Mandatory = $true)][string] $WebappName,
[Parameter(Mandatory = $true)][string] $FrontendHost,
[Parameter(Mandatory = $true)][string] $FrontendRootZoneName,
[Parameter(Mandatory = $false)][string] $FrontendSSLCertificateName,
[Parameter(Mandatory = $false)][string] $FrontendSSLCertificatePath,
[Parameter(Mandatory = $false)][string] $BackendAuthenticationCertificateName = "ase-ilb-public-certificate",
[switch] $SSLOnly,
[switch] $SSLEndToEnd,
[switch] $SSLTermination,
[switch] $NoDNS
)
# Define names
$FrontendFQDN = $FrontendHost+"."+$FrontendRootZoneName
$frontendPortHttpName = "appgw-frontendPort-http"
$frontendPortHttpsName = "appgw-frontendPort-https"
$fqdnListnerHttpName = "${FrontendFQDN}-listener-http"
$fqdnListnerHttpsName = "${FrontendFQDN}-listener-https"
$backendHttpProbeName = "${BackendFQDN}-probe-http"
$backendHttpsProbeName = "${BackendFQDN}-probe-https"
$backendHttpSettingName = "${FrontendFQDN}-${BackendFQDN}-backendsetting-http"
$backendHttpsSettingName = "${FrontendFQDN}-${BackendFQDN}-backendsetting-https"
$backendHttpRuleName = "${FrontendFQDN}-${BackendFQDN}-rule-http"
$backendHttpsRuleName = "${FrontendFQDN}-${BackendFQDN}-rule-https"
$backendHttpsTerminationRuleName = "${FrontendFQDN}-${BackendFQDN}-rule-offload-https"
$placeholderBackendPoolName = "placeholder_pool"
$placeholderHttpSettingName = "placeholder-setting-http"
$placeholderHttpListenerName = "placeholder-listener-http"
$placeholderHttpRuleName = "placeholder-rule"
# Load the application gateway
Write-Host -foregroundcolor Magenta "SSL Only switch: $SSLOnly"
Write-Host -foregroundcolor Magenta "SSLEndToEnd switch: $SSLEndToEnd"
Write-Host -foregroundcolor Magenta "SSLTermination switch: $SSLTermination"
# Quick sanity checks
if($SSLOnly -and !($SSLEndToEnd -or $SSLTermination)) {
Write-Host -foregroundcolor Red "Invalid state: You requested SSL only but you didn't specify the SSL Mode. You need to pass in either -SSLEndToEnd or -SSLTermination."
Exit 1
}
if($SSLEndToEnd -and $SSLTermination) {
Write-Host -foregroundcolor Red "Invalid state: You requested both SSL End-to-End and SSL Termination. You need to pass in either -SSLEndToEnd or -SSLTermination but not both."
Exit 1
}
Write-Host "Getting Application Gateway '$ApplicationGatewayName' details`n"
$appgw = Get-AzureRmApplicationGateway -ResourceGroupName $ResourceGroupName -Name $ApplicationGatewayName -ErrorAction Stop
# Clean up the placeholder Backend Pool created with the ARM template, as it will interfere with the proper operations
Write-Host -foregroundcolor Yellow "Checking if Placeholder Backend Pool '$placeholderBackendPoolName' exists"
$placeholderPool = $appgw.BackendAddressPools | Where-Object {$_.Name -eq $placeholderBackendPoolName}
if($placeholderPool) {
Write-Host -foregroundcolor Cyan "`tIt exist. Deleting it."
$appgw = Remove-AzureRmApplicationGatewayBackendAddressPool -ApplicationGateway $appgw -Name $placeholderBackendPoolName
}
else {
Write-Host -foregroundcolor Green "`tBackend Pool '$placeholderBackendPoolName' doesn't exist. Moving on."
}
# Clean up the placeholder Http Setting created with the ARM template, as it will interfere with the proper operations
Write-Host -foregroundcolor Yellow "Checking if Placeholder HTTP Setting '$placeholderHttpSettingName' exists"
$placeholderHttpSetting = $appgw.BackendHttpSettingsCollection | Where-Object {$_.Name -eq $placeholderHttpSettingName}
if($placeholderHttpSetting) {
Write-Host -foregroundcolor Cyan "`tIt exist. Deleting it."
$appgw = Remove-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $appgw -Name $placeholderHttpSettingName
}
else {
Write-Host -foregroundcolor Green "`tHTTP Setting '$placeholderBackendPoolName' doesn't exist. Moving on."
}
# Clean up the placeholder Http Listener created with the ARM template, as it will interfere with the proper operations
Write-Host -foregroundcolor Yellow "Checking if Placeholder HTTP Listener '$placeholderHttpListenerName' exists"
$placeholderHttpListener = $appgw.HttpListeners | Where-Object {$_.Name -eq $placeholderHttpListenerName}
if($placeholderHttpListener) {
Write-Host -foregroundcolor Cyan "`tIt exist. Deleting it."
$appgw = Remove-AzureRmApplicationGatewayHttpListener -ApplicationGateway $appgw -Name $placeholderHttpListenerName
}
else {
Write-Host -foregroundcolor Green "`tHTTP Listener '$placeholderHttpListenerName' doesn't exist. Moving on."
}
# Clean up the placeholder Request Routing Rule created with the ARM template, as it will interfere with the proper operations
Write-Host -foregroundcolor Yellow "Checking if Placeholder Request Routing Rule '$placeholderHttpRuleName' exists"
$placeholderRule = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $placeholderHttpRuleName}
if($placeholderRule) {
Write-Host -foregroundcolor Cyan "`tIt exist. Deleting it."
$appgw = Remove-AzureRmApplicationGatewayRequestRoutingRule -ApplicationGateway $appgw -Name $placeholderHttpRuleName
}
else {
Write-Host -foregroundcolor Green "`tRequest Routing Rule '$placeholderHttpRuleName' doesn't exist. Moving on."
}
# Try to get the pool by name. If it doesn't exist, create it with its backend ip address
Write-Host -foregroundcolor Yellow "Checking if Backend Pool '$BackendPoolName' exists"
$pool = $appgw.BackendAddressPools | Where-Object {$_.Name -eq $BackendPoolName}
if(!$pool) {
Write-Host -foregroundcolor Cyan "`tIt doesn't exist. Creating Backend Pool '$BackendPoolName'"
$pool = New-AzureRmApplicationGatewayBackendAddressPool -Name $BackendPoolName
}
else {
Write-Host -foregroundcolor Green "`tBackend Pool '$BackendPoolName' exists"
}
# Check if the existing (or just created) pool contains the Backend IP address
Write-Host -foregroundcolor Yellow "Checking if Backend Pool '$BackendPoolName' contains Backend IP '$BackendIPAddress'"
$backendAddressExists = $pool | Where-Object {$_.BackendAddresses | Where-Object {$_.IpAddress -eq $BackendIPAddress}}
if(!$backendAddressExists) {
# Add the IP to the pool's Backend IPs
Write-Host -foregroundcolor Cyan "`tAdding Backend IP '$BackendIPAddress' to Backend Pool '$BackendPoolName'"
$appgw = Add-AzureRmApplicationGatewayBackendAddressPool -ApplicationGateway $appgw -Name $BackendPoolName -BackendIPAddresses $BackendIPAddress
$pool = $appgw.BackendAddressPools | Where-Object {$_.Name -eq $BackendPoolName}
}
else {
Write-Host -foregroundcolor Green "`tBackend Pool '$BackendPoolName' contains Backend IP '$BackendIPAddress'"
}
# Public Frontend IP Configuration
$fipConfig = $appgw.FrontendIPConfigurations | Where-Object {$_.PublicIPAddress -ne $null}
# Non-SSL operations, executed if the SSL Only flag is false
if(!$SSLOnly) {
Write-Host -foregroundcolor Magenta "`nRunning through Non-SSL functionality.."
# Get listeners for hostname
$listenerHttp = $appgw.HttpListeners | Where-Object {$_.Name -eq $fqdnListnerHttpName}
# If HTTP listener doesn't exist and we didn't pass the SSL only switch, create it
Write-Host -foregroundcolor Yellow "`tChecking if HTTP Listener exists for frontend FQDN '$FrontendFQDN'."
if(!$listenerHttp) {
Write-Host -foregroundcolor Cyan "`t`tNo HTTP Listener exists for '$FrontendFQDN'. Creating it."
$fpHttp = $appgw.FrontendPorts| Where-Object {$_.Port -eq 80}
if(!$fpHttp) {
Write-Host -foregroundcolor Cyan "`tCreating Frontend Port 80"
$appgw = Add-AzureRmApplicationGatewayFrontendPort -ApplicationGateway $appgw -Name $frontendPortHttpName -Port 80
$fpHttp = $appgw.FrontendPorts| Where-Object {$_.Name -eq $frontendPortHttpName}
}
$appgw = Add-AzureRmApplicationGatewayHttpListener -ApplicationGateway $appgw -Name $fqdnListnerHttpName -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fpHttp -HostName $FrontendFQDN
$listenerHttp = $appgw.HttpListeners | Where-Object {$_.Name -eq $fqdnListnerHttpName}
}
else {
Write-Host -foregroundcolor Green "`t`tHTTP Listener exists for '$FrontendFQDN'."
}
# Get probes for backend
$probeHttp = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpProbeName}
# If HTTP probe doesn't exist and we didn't pass the SSL only switch, create it
Write-Host -foregroundcolor Yellow "`tChecking if HTTP Probe exists for backend FQDN '$BackendFQDN'."
if(!$probeHttp) {
Write-Host -foregroundcolor Cyan "`t`tNo HTTP Probe exists for '$BackendFQDN'. Creating it."
$appgw = Add-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $appgw -Name $backendHttpProbeName -Protocol Http -HostName $BackendFQDN -Path "/" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
$probeHttp = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpProbeName}
}
else {
Write-Host -foregroundcolor Green "`t`tHTTP Probe exists for '$BackendFQDN'."
}
# Get backend setting associated with probe
$backendSettingHttp = $appgw.BackendHttpSettingsCollection | Where-Object {$_.Name -eq $backendHttpSettingName}
Write-Host -foregroundcolor Yellow "`tChecking if HTTP Backend Setting exists for the created probe."
if(!$backendSettingHttp) {
Write-Host -foregroundcolor Cyan "`t`tNo HTTP Backend Setting exists for HTTP probe. Creating it."
$appgw = Add-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $appgw -Name $backendHttpSettingName -Port 80 -Protocol Http -CookieBasedAffinity Disabled -Probe $probeHttp -RequestTimeout 30
$backendSettingHttp = $appgw.BackendHttpSettingsCollection| Where-Object {$_.Name -eq $backendHttpSettingName}
}
else {
Write-Host -foregroundcolor Green "`t`tHTTP Backend Setting exists for probe."
}
# Finally, create the rule if it doesn't exist
Write-Host -foregroundcolor Yellow "`tChecking if Request Routing Rule exists for the pool, listener and backend setting combination."
$ruleHttp = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpRuleName}
if(!$ruleHttp) {
Write-Host -foregroundcolor Cyan "`t`tNo Request Routing Rule exists for the pool, listener and backend setting combination. Creating it."
$appgw = Add-AzureRmApplicationGatewayRequestRoutingRule -ApplicationGateway $appgw -Name $backendHttpRuleName -RuleType basic -BackendHttpSettings $backendSettingHttp -HttpListener $listenerHttp -BackendAddressPool $pool
$ruleHttp = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpRuleName}
}
else {
Write-Host -foregroundcolor Green "`t`tBackend HTTP Setting exists for this probe."
}
}
# SSL operations, executed if SSLEndToEnd or SSLTermination flags are true
if($SSLEndToEnd -or $SSLTermination) {
Write-Host -foregroundcolor Magenta "`nRunning through SSL functionality.."
# Get listeners for hostname
$listenerHttps = $appgw.HttpListeners | Where-Object {$_.Name -eq $fqdnListnerHttpsName}
# If the HTTPS listener doesn't exist and we passed in either SSL End to End or SSL Termination switches, create it
Write-Host -foregroundcolor Yellow "`tChecking if HTTPS Listener exists for frontend FQDN '$FrontendFQDN'."
if(!$listenerHttps) {
Write-Host -foregroundcolor Cyan "`t`tNo HTTPS Listener exists for '$FrontendFQDN'. Creating it with SSL certificate named '$FrontendSSLCertificateName'"
$cert = $appgw.SslCertificates | Where-Object {$_.Name -eq $FrontendSSLCertificateName}
Write-Host -foregroundcolor Yellow "`tChecking if SSL Certificate '$FrontendSSLCertificateName' exists."
if(!$cert) {
Write-Host -foregroundcolor Green "`tCreating SSL Certificate. Will prompt you for password now."
$SecurePassword = Read-Host -AsSecureString "Enter certificate password:"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
$certificatePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$appgw = Add-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $appgw -Name $FrontendSSLCertificateName -CertificateFile $FrontendSSLCertificatePath -Password $certificatePassword
$cert = $appgw.SslCertificates | Where-Object {$_.Name -eq $FrontendSSLCertificateName}
}
else {
Write-Host -foregroundcolor Green "`t`tSSL Certificate exists."
}
$fpHttps = $appgw.FrontendPorts| Where-Object {$_.Port -eq 443}
if(!$fpHttps) {
Write-Host -foregroundcolor Cyan "`tCreating Frontend Port 443"
$appgw = Add-AzureRmApplicationGatewayFrontendPort -ApplicationGateway $appgw -Name $frontendPortHttpsName -Port 443
$fpHttps = $appgw.FrontendPorts| Where-Object {$_.Name -eq $frontendPortHttpsName}
}
$appgw = Add-AzureRmApplicationGatewayHttpListener -ApplicationGateway $appgw -Name $fqdnListnerHttpsName -Protocol Https -FrontendIPConfiguration $fipconfig -FrontendPort $fpHttps -HostName $FrontendFQDN -RequireServerNameIndication true -SslCertificate $cert
$listenerHttps = $appgw.HttpListeners | Where-Object {$_.Name -eq $fqdnListnerHttpsName}
}
else {
Write-Host -foregroundcolor Green "`t`tHTTPS Listener exists for '$FrontendFQDN'."
}
# Now it is time to check the SSL mode requested
# MODE: SSL End to End
if($SSLEndToEnd) {
Write-Host -foregroundcolor Magenta "`n`tRunning through End-to-End SSL functionality.."
# Get probes for backend. Probe will be SSL since we're doing end-to-end SSL.
$probeHttps = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpsProbeName}
# If HTTPS probe doesn't exist, create it
Write-Host -foregroundcolor Yellow "`t`tChecking if HTTPS Probe exists for backend FQDN '$BackendFQDN'."
if(!$probeHttps) {
Write-Host -foregroundcolor Cyan "`t`t`tNo HTTPS Probe exists for '$BackendFQDN'. Creating it."
$appgw = Add-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $appgw -Name $backendHttpsProbeName -Protocol Https -HostName $BackendFQDN -Path "/" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
$probeHttps = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpsProbeName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tHTTPS Probe exists for '$BackendFQDN'."
}
Write-Host -foregroundcolor Yellow "`t`tEnd-to-End SSL was requested. Will check if the backend authentication certificate '$BackendAuthenticationCertificateName' exists."
# Try and find a matching certificate on the Application Gateway
$backendAuthCertificate = $appgw.AuthenticationCertificates | Where-Object { $_.Name -eq $BackendAuthenticationCertificateName }
if(!$backendAuthCertificate) {
Write-Host -foregroundcolor Red "Invalid state: End to end SSL requested but unable to load Backend Authentication Certificate named from path '$BackendAuthenticationCertificateName'. Make sure a certificate of this name exists in the Application Gateway."
Exit 1
}
else {
Write-Host -foregroundcolor Green "`t`t`tBackend Authentication Certificate exists."
}
# Now that we have the certificate in place, create the probe and bind them using an HTTP setting
# Get backend setting associated with HTTPS probe.
$backendSettingHttps = $appgw.BackendHttpSettingsCollection | Where-Object {$_.Name -eq $backendHttpsSettingName}
Write-Host -foregroundcolor Yellow "`t`tChecking if HTTPS Backend Setting exists for the created probe."
if(!$backendSettingHttps) {
Write-Host -foregroundcolor Cyan "`t`t`tNo HTTPS Backend Setting exists for HTTP probe. Creating End-to-End SSL setting."
$appgw = Add-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $appgw -Name $backendHttpsSettingName -Port 443 -AuthenticationCertificates $backendAuthCertificate -Protocol Https -CookieBasedAffinity Disabled -Probe $probeHttps -RequestTimeout 30
$backendSettingHttps = $appgw.BackendHttpSettingsCollection| Where-Object {$_.Name -eq $backendHttpsSettingName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tBackend HTTPS Setting exists for this probe."
}
# Finally, create the rule if it doesn't exist
Write-Host -foregroundcolor Yellow "`t`tChecking if Request Routing Rule exists for the pool, listener and backend setting combination."
$ruleHttps = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpsRuleName}
if(!$ruleHttps) {
Write-Host -foregroundcolor Cyan "`t`t`tNo Request Routing Rule exists for the pool, listener and backend setting combination. Creating it."
$appgw = Add-AzureRmApplicationGatewayRequestRoutingRule -ApplicationGateway $appgw -Name $backendHttpsRuleName -RuleType basic -BackendHttpSettings $backendSettingHttps -HttpListener $listenerHttps -BackendAddressPool $pool
$ruleHttps = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpsRuleName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tBackend HTTPS Setting exists for this probe."
}
}
# MODE: SSL Termination
elseif($SSLTermination) {
Write-Host -foregroundcolor Magenta "`n`tRunning through SSL Termination functionality.."
# Get probes for backend. Probe will be non-SSL since we're doing SSL termination on the gateway
$probeHttp = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpProbeName}
# If HTTP probe doesn't exist, create it
Write-Host -foregroundcolor Yellow "`t`tChecking if HTTP Probe exists for backend FQDN '$BackendFQDN'."
if(!$probeHttp) {
Write-Host -foregroundcolor Cyan "`t`t`tNo HTTP Probe exists for '$BackendFQDN'. Creating it."
$appgw = Add-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $appgw -Name $backendHttpProbeName -Protocol Http -HostName $BackendFQDN -Path "/" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
$probeHttp = $appgw.Probes | Where-Object {$_.Name -eq $backendHttpProbeName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tHTTP Probe exists for '$BackendFQDN'."
}
# Get backend setting associated with HTTP probe.
$backendSettingHttp = $appgw.BackendHttpSettingsCollection | Where-Object {$_.Name -eq $backendHttpSettingName}
Write-Host -foregroundcolor Yellow "`t`tChecking if HTTP Backend Setting exists for the created probe."
if(!$backendSettingHttp) {
Write-Host -foregroundcolor Cyan "`t`t`tNo HTTP Backend Setting exists for HTTP probe. Creating it."
$appgw = Add-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $appgw -Name $backendHttpSettingName -Port 80 -Protocol Http -CookieBasedAffinity Disabled -Probe $probeHttp -RequestTimeout 30
$backendSettingHttp = $appgw.BackendHttpSettingsCollection| Where-Object {$_.Name -eq $backendHttpSettingName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tBackend HTTP Setting exists for this probe."
}
# Finally, create the rule if it doesn't exist
Write-Host -foregroundcolor Yellow "`t`tChecking if Request Routing Rule exists for the pool, listener and backend setting combination."
$ruleHttpOffload = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpsTerminationRuleName}
if(!$ruleHttpOffload) {
Write-Host -foregroundcolor Cyan "`t`t`tNo Request Routing Rule exists for the pool, listener and backend setting combination. Creating it."
$appgw = Add-AzureRmApplicationGatewayRequestRoutingRule -ApplicationGateway $appgw -Name $backendHttpsTerminationRuleName -RuleType basic -BackendHttpSettings $backendSettingHttp -HttpListener $listenerHttps -BackendAddressPool $pool
$ruleHttpOffload = $appgw.RequestRoutingRules | Where-Object {$_.Name -eq $backendHttpsTerminationRuleName}
}
else {
Write-Host -foregroundcolor Green "`t`t`tBackend HTTP Setting exists for this probe."
}
}
}
# Make sure that the web app is configured to accept requests from this FrontendFQDN
Write-Host -foregroundcolor Yellow "`nMaking sure the Azure Web App is configured to accept requests from '$FrontendFQDN'.."
$webapp = Get-AzureRmWebApp -ResourceGroupName $ResourceGroupName -Name $WebappName
$frontendFQDNIsEnabled = $webapp.HostNames -contains $FrontendFQDN
if(!$frontendFQDNIsEnabled) {
Write-Host -foregroundcolor Cyan "`tAdding '$FrontendFQDN' to HostNames"
$webapp.HostNames.Add($FrontendFQDN)
$webapp = Set-AzureRmWebApp -ResourceGroupName $ResourceGroupName -Name $WebappName -HostNames $webapp.HostNames
}
else {
Write-Host -foregroundcolor Green "`tHostname already enabled."
}
# Set DNS A records pointing the FQDN to the Frontend IP of the Application Gateway, only if the NoDNS flag is not passed
if(!$NoDNS) {
Write-Host -foregroundcolor Yellow "`nChecking if there is an A Record for '$FrontendHost' in zone '$FrontendRootZoneName'"
$zoneRecord = Get-AzureRmDnsRecordSet -ResourceGroupName $ResourceGroupName -ZoneName $FrontendRootZoneName -RecordType A
$aRecord = $zoneRecord | Where-Object {$_.Name -eq $FrontendHost}
if(!$aRecord) {
Write-Host -foregroundcolor Cyan "`tSetting DNS A Record for '$FrontendHost' in zone '$FrontendRootZoneName'"
$appgwPublicIp = Get-AzureRmPublicIpAddress -ResourceGroupName $ResourceGroupName | Where-Object {$_.Id -eq $appgw.FrontendIPConfigurations.PublicIpAddress.Id}
$aRecord = New-AzureRmDnsRecordSet -Name $FrontendHost -RecordType A -ZoneName $FrontendRootZoneName -ResourceGroupName $ResourceGroupName -Ttl 3600 -DnsRecords (New-AzureRmDnsRecordConfig -IPv4Address $appgwPublicIp.IpAddress)
}
else {
Write-Host -foregroundcolor Green "`tA Record already exists."
}
}
# Update the configuration
Write-Host "`nUpdating Application Gateway configuration.."
$appgw = $appgw | Set-AzureRmApplicationGateway
# Done
Write-Host "`nDone!"