Prerequisites

All droplets must be within an Azure Resource Group, configured with a valid name and location.

The App Gateway must be in its own subnet.

You will need either a self-signed SSL certificate or a signed SSL certificate to configure the App Gateway in this tutorial.

Example Topology

This tutorial takes you through creating a basic network infrastructure, with a single Azure Virtual Machine and Azure SQL Server with an Azure App Gateway.

The configuration of the App Gateway includes configuring HTTP to HTTPS redirect.

The purpose of this tutorial is to demonstrate configuring Azure App Gateway. Please reach out if you would like further information.

Configure the Network Infrastructure

First, we will drag, drop & configure our Azure Resource Group and then build our initial network infrastructure to connect our Azure App Gateway.

  1. Drag & drop an Azure Resource Group onto your blueprint

  2. On the Properties Panel set the Name and Location for Resource Group A

  3. Drag & drop an Azure Virtual Network into Resource Group A

  4. Set the Name for your Virtual Network and set the Address Space to 10.0.0.0/16

  5. Drag & drop an Azure Subnet into your Virtual Network (this will automatically add an NSG)

  6. Delete the NSG from Subnet A

  7. Set the Name for your Subnet A and set the address prefix to 10.0.1.0/24

  8. Drag & drop a second Azure Subnet into your Virtual Network (this will automatically add an NSG)

  9. Set the Name for Subnet B and set the address prefix to 10.0.2.0/24

  10. Set the Name for the NSG

  11. Drag & drop an Azure Virtual Machine into the Subnet

  12. Set the Name for the Virtual Machine

  13. Under 'Storage Profile' set the OS Disk Name for the Virtual Machine

  14. Under 'Network Interfaces' set the Network Interface Card Name for the Virtual Machine

  15. On the Network Interface Card click 'Add new IP Configurations'

  16. On the IP Configuration set the 'Private IP Address' to 10.0.2.10

  17. Set the 'Private IP Allocation' to 'Static'

  18. Set the 'Private IP Address Version' to IPv4

  19. Under 'OS Profile' set the Computer Name, Admin Username and Password secret parameter for the Virtual Machine

Add the App Gateway & Create IP Configurations & Frontend Port

Now we can add our App Gateway and configure the IP configurations and frontend ports.

  1. Drag & drop an Azure Application Gateway into the dock of Subnet A

  2. Set the Name property of the Application Gateway

  3. Select SKU and set Name to Standard_Medium from the dropdown

  4. Set 'Tier' to 'Standard'

  5. Set 'Capacity' to 2

  6. Select 'Frontend IP Configurations' from the properties tree

  7. Click 'Add new Frontend IP Configuration'

  8. Set the Name of the Frontend IP Configuration e.g. myAGIPConfig

  9. Click 'Add new Public IP Address'

  10. Set the Name of the Public IP Address e.g. myAGPublicIPAddress

  11. Set 'Public IP Allocation Method' to 'Dynamic'

  12. Set 'IP Address Version' to 'IPv4'

  13. Set the SKU property to 'Basic'

  14. Select 'Frontend Ports' from the property tree and click 'Add new Frontend Port'

  15. Set the Name property for the Frontend Port e.g. httpsPort

  16. Set the Port property to 443

Create App Gateway Backend Pool & Settings

The next step is to configure our backend pools. Backend pools route requests to backend servers which serve the request. Click here for more information on App Gateway components.

  1. Select Backend Address Pool from the properties tree

  2. Click 'Add new Backend Address Pool'

  3. Set the Name of the Backend Address Pool

  4. Click 'Add new Backend Address'

  5. Set the 'IP Address' to 10.0.2.10 (the IP of your Azure Virtual Machine)

  6. Select 'Backend HTTP Settings Collection' from the property tree

  7. Click 'Add new Backend HTTP Settings Collection'

  8. Set the Name property of the Backend HTTP Settings Collection

  9. Set the 'Port' to 80

  10. Set 'Protocol' to Http from the dropdown menu

  11. Set 'Cookie Based Affinity' to 'Enabled'

  12. Set 'Request Timeout' to 120

Configure the SSL Certificate

To secure the traffic on the App Gateway we need to configure the SSL certificate. To complete this part of the tutorial you will need either a self-signed base64 encoded certificate or a commercial, signed certificate.

  1. Select 'SSL Certificates' from the property tree

  2. Click 'Add new SSL Certificate'

  3. Select the new SSL Certificate and set the Name property

  4. Paste the certificate's base-64 encoded data into the 'Data' field

  5. Set the Secret Parameter of the SSL Certificate 'Password' property

Create the Default HTTPS (443) Listener and Rule

Now we need to configure the default listener and rule. A listener is required to enable the application gateway to route traffic appropriately to the backend pool. In this example, you create a basic listener that listens for HTTPS traffic at the root URL.

  1. Select HTTP Listeners from the properties tree

  2. Click 'Add new HTTP Listener'

  3. Set the Name of the 'HTTP Listener' e.g. httpsListener

  4. Set the Frontend IP Configuration to the Frontend IP configuration created earlier

  5. Set the Frontend Port to the HTTPS frontend port created earlier

  6. Set the Protocol to Https from the dropdown menu

  7. Set the SSL Certificate property to the SSL Certificate configured earlier

  8. Select 'Request Routing Rules' from the property tree

  9. Click 'Add new Request Routing Rule'

  10. Set the Name of the rule e.g. rule1

  11. Set the 'Rule Type' to Basic

  12. Set the 'Backend Address Pool' to the Backend Address Pool configured earlier

  13. Set the 'Backend HTTP Settings' to the Backend HTTP Settings Collection

  14. Set the 'HTTP Listener' to the HTTPS that was listener that was just configured

Add a Listener and Redirection Rule for HTTP (80) Traffic

We now need to setup the configuration for HTTP redirection to HTTPS.

  1. Select 'Frontend Ports' from the property tree and click 'Add new Frontend Port'

  2. Set the Name property for the Frontend Port e.g. httpPort

  3. Set the Port property to 80

  4. Select HTTP Listeners from the property tree

  5. Click Add new HTTP Listener

  6. Set the Name of the 'HTTP Listener' e.g. httpListener

  7. Set the Frontend IP Configuration to the Frontend IP configuration created earlier

  8. Set the Frontend Port to the HTTP port that was just configured

  9. Set the Protocol to Http from the dropdown menu

  10. Select 'Redirect Configurations' from the property tree

  11. Click 'Add new Redirect Configuration'

  12. Set the Name property e.g. httpToHttps

  13. Set 'Redirect Type' to permanent from the dropdown menu

  14. Set 'Target Listener' to the HTTPS Listener created earlier

  15. Set 'Include Path' to 'True'

  16. Set 'Include Query String' to 'True'

  17. Select 'Request Routing Rules' from the property tree

  18. Click 'Add new Request Routing Rule'

  19. Set the Name of the rule e.g. rule2

  20. Set the 'Rule Type' to Basic

  21. Set the 'HTTP Listener' to the HTTP listener just created e.g. httpListener

  22. Set the 'Redirect Configuration' to the Redirect Configuration e.g. httpToHttps

That's it. You've now configured an internet facing Azure Application Gateway set to accept HTTPS traffic on port 443 and forward it to your backend Azure Virtual Machine. You also configured HTTP on port 80 to redirect to HTTPS.

Optional: Configure an Azure SQL Server Backend

An additional step is to configure an Azure SQL Server for use with the Azure Virtual Machine. This is a common topology for web applications that require a SQL database backend.

  1. Drag & drop an Azure SQL instance into Resource Group A

  2. Set the name of the Azure SQL Server (this can only be lowercase, numbers, and hyphens)

  3. Set the Administrator Login Name

  4. Set the Secret Parameter for the Administrator Login Password

  5. Select 'Databases' and create a new database by clicking 'Add new Database'

  6. Set the name for the database, e.g. mydatabase (this can only be lowercase, numbers, and hyphens)

  7. Set the 'Edition' property to Basic (the 'Edition' property is the main influence on the cost of deploying Azure SQL Server. Unless you have any specific requirements we recommend using the Basic edition)

You can now save, then publish your blueprint. You can then head over the Pipelines area to configure a deployment pipeline and deploy your Azure Application Gateway design to Azure.

Did this answer your question?