https://docs.microsoft.com/ja-jp/azure/application-gateway/tutorial-ssl-cli
オレオレ証明書作成
yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out appgwcert.crt Can't load /home/yuta/.rnd into RNG 139982984253888:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/yuta/.rnd Generating a RSA private key ...............+++++ .......................................+++++ writing new private key to 'privateKey.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:*.vamdemic.com Email Address []: yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ openssl pkcs12 -export -out appgwcert.pfx -inkey privateKey.key -in appgwcert.crt Enter Export Password:Azure123456! Verifying - Enter Export Password:Azure123456!
アプリケーションゲートウェイを作る
# リソースグループ作成
az group create --name myResourceGroupAG-test --location eastus
# ネットワーク作成
az network vnet create \
--name myVNet \
--resource-group myResourceGroupAG-test \
--location eastus \
--address-prefix 10.0.0.0/16 \
--subnet-name myAGSubnet \
--subnet-prefix 10.0.1.0/24
az network vnet subnet create \
--name myBackendSubnet \
--resource-group myResourceGroupAG-test \
--vnet-name myVNet \
--address-prefix 10.0.2.0/24
az network public-ip create \
--resource-group myResourceGroupAG-test \
--name myAGPublicIPAddress \
--allocation-method Static \
--sku Standard
# アプリケーションゲートウェイ作成
az network application-gateway create \
--name myAppGateway \
--location eastus \
--resource-group myResourceGroupAG-test \
--vnet-name myVNet \
--subnet myAGsubnet \
--capacity 2 \
--sku Standard_v2 \
--http-settings-cookie-based-affinity Disabled \
--frontend-port 443 \
--http-settings-port 80 \
--http-settings-protocol Http \
--public-ip-address myAGPublicIPAddress \
--cert-file appgwcert.pfx \
--cert-password "Azure123456!"
# 仮想スケールセット作成
az vmss create \
--name myvmss \
--resource-group myResourceGroupAG-test \
--image UbuntuLTS \
--admin-username azureuser \
--admin-password Azure123456! \
--instance-count 2 \
--vnet-name myVNet \
--subnet myBackendSubnet \
--vm-sku Standard_DS2 \
--upgrade-policy-mode Automatic \
--app-gateway myAppGateway \
--backend-pool-name appGatewayBackendPool
# 拡張機能でのNginxをインストール
az vmss extension set \
--publisher Microsoft.Azure.Extensions \
--version 2.0 \
--name CustomScript \
--resource-group myResourceGroupAG-test \
--vmss-name myvmss \
--settings '{ "fileUris": ["https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/install_nginx.sh"],"commandToExecute": "./install_nginx.sh" }'
拡張機能をインストールするとこんな感じになる
パブリックIPアドレスを取得する
az network public-ip show \ --resource-group myResourceGroupAG-test \ --name myAGPublicIPAddress \ --query [ipAddress] \ --output tsv
アクセスする
