https://docs.microsoft.com/ja-jp/azure/application-gateway/tutorial-ssl-cli
オレオレ証明書作成
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out appgwcert.crt Can't load /home/yuta/.rnd into RNG 139982984253888:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/yuta/.rnd Generating a RSA private key ...............+++++ .......................................+++++ writing new private key to 'privateKey.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:*.vamdemic.com Email Address []: yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ yuta@DESKTOP-V36210S:/mnt/c/Users/carlo$ openssl pkcs12 -export -out appgwcert.pfx -inkey privateKey.key -in appgwcert.crt Enter Export Password:Azure123456! Verifying - Enter Export Password:Azure123456! |
アプリケーションゲートウェイを作る
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# リソースグループ作成 az group create --name myResourceGroupAG-test --location eastus # ネットワーク作成 az network vnet create \ --name myVNet \ --resource-group myResourceGroupAG-test \ --location eastus \ --address-prefix 10.0.0.0/16 \ --subnet-name myAGSubnet \ --subnet-prefix 10.0.1.0/24 az network vnet subnet create \ --name myBackendSubnet \ --resource-group myResourceGroupAG-test \ --vnet-name myVNet \ --address-prefix 10.0.2.0/24 az network public-ip create \ --resource-group myResourceGroupAG-test \ --name myAGPublicIPAddress \ --allocation-method Static \ --sku Standard # アプリケーションゲートウェイ作成 az network application-gateway create \ --name myAppGateway \ --location eastus \ --resource-group myResourceGroupAG-test \ --vnet-name myVNet \ --subnet myAGsubnet \ --capacity 2 \ --sku Standard_v2 \ --http-settings-cookie-based-affinity Disabled \ --frontend-port 443 \ --http-settings-port 80 \ --http-settings-protocol Http \ --public-ip-address myAGPublicIPAddress \ --cert-file appgwcert.pfx \ --cert-password "Azure123456!" # 仮想スケールセット作成 az vmss create \ --name myvmss \ --resource-group myResourceGroupAG-test \ --image UbuntuLTS \ --admin-username azureuser \ --admin-password Azure123456! \ --instance-count 2 \ --vnet-name myVNet \ --subnet myBackendSubnet \ --vm-sku Standard_DS2 \ --upgrade-policy-mode Automatic \ --app-gateway myAppGateway \ --backend-pool-name appGatewayBackendPool # 拡張機能でのNginxをインストール az vmss extension set \ --publisher Microsoft.Azure.Extensions \ --version 2.0 \ --name CustomScript \ --resource-group myResourceGroupAG-test \ --vmss-name myvmss \ --settings '{ "fileUris": ["https://raw.githubusercontent.com/Azure/azure-docs-powershell-samples/master/application-gateway/iis/install_nginx.sh"],"commandToExecute": "./install_nginx.sh" }' |
拡張機能をインストールするとこんな感じになる
パブリックIPアドレスを取得する
|
1 2 3 4 5 |
az network public-ip show \ --resource-group myResourceGroupAG-test \ --name myAGPublicIPAddress \ --query [ipAddress] \ --output tsv |
アクセスする
