Document Details

# Fully qualified default domain name of the web app: $webAppFQDN = "<nameofwebapp>.azurewebsite.net" # For Application Gateway: both name, resource group and name for the backend pool to create: $rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $appGwBackendPoolNameForAppSvc = "<name for backend pool to be added>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Add a new Backend Pool with App Service in there: Add-AzApplicationGatewayBackendAddressPool -Name $appGwBackendPoolNameForAppSvc -ApplicationGateway $gw -BackendFqdns $webAppFQDN # Update Application Gateway with the new added Backend Pool: Set-AzApplicationGateway -ApplicationGateway $gw

# This script assumes that: # - a certificate was imported in Azure Key Vault already # - a managed identity was assigned to Application Gateway with access to the certificate # - there is no HTTP listener defined yet for HTTPS on port 443 $rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $appGwSSLCertificateName = "<name for ssl cert to be created within Application Gateway" $appGwSSLCertificateKeyVaultSecretId = "<key vault secret id for the SSL certificate to use>" $httpListenerName = "<name for the listener to add>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Create SSL certificate object for Application Gateway: Add-AzApplicationGatewaySslCertificate -Name $appGwSSLCertificateName -ApplicationGateway $gw -KeyVaultSecretId $appGwSSLCertificateKeyVaultSecretId $sslCert = Get-AzApplicationGatewaySslCertificate -Name $appGwSSLCertificateName -ApplicationGateway $gw # Fetch public ip associated with Application Gateway: $ipAddressResourceId = $gw.FrontendIPConfigurations.PublicIPAddress.Id $ipAddressResource = Get-AzResource -ResourceId $ipAddressResourceId $publicIp = Get-AzPublicIpAddress -ResourceGroupName $ipAddressResource.ResourceGroupName -Name $ipAddressResource.Name $frontendIpConfig = $gw.FrontendIpConfigurations | Where-Object {$_.PublicIpAddress -ne $null} $port = New-AzApplicationGatewayFrontendPort -Name "port_443" -Port 443 Add-AzApplicationGatewayFrontendPort -Name "port_443" -ApplicationGateway $gw -Port 443 Add-AzApplicationGatewayHttpListener -Name $httpListenerName -ApplicationGateway $gw -Protocol Https -FrontendIPConfiguration $frontendIpConfig -FrontendPort $port -SslCertificate $sslCert # Update Application Gateway with the new HTTPS listener: Set-AzApplicationGateway -ApplicationGateway $gw

$rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $httpListenerName = "<name for the listener to add if not exists yet>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Check if HTTP listener on port 80 already exists: $port = $gw.FrontendPorts | Where-Object {$_.Port -eq 80} $listener = $gw.HttpListeners | Where-Object {$_.Protocol.ToString().ToLower() -eq "http" -and $_.FrontendPort.Id -eq $port.Id} if ($listener -eq $null){ $frontendIpConfig = $gw.FrontendIpConfigurations | Where-Object {$_.PublicIpAddress -ne $null} Add-AzApplicationGatewayHttpListener -Name $httpListenerName -ApplicationGateway $gw -Protocol Http -FrontendIPConfiguration $frontendIpConfig -FrontendPort $port # Update Application Gateway with the new HTTPS listener: Set-AzApplicationGateway -ApplicationGateway $gw }

$rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $httpListenerName = "<name for existing http listener (without rule) to route traffic from>" $httpSettingsName = "<name for http settings to use>" $appGwBackendPoolNameForAppSvc = "<name for backend pool to route to>" $reqRoutingRuleName = "<name for request routing rule to be added>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Get HTTP Settings: $httpListener = Get-AzApplicationGatewayHttpListener -Name $httpListenerName -ApplicationGateway $gw $httpSettings = Get-AzApplicationGatewayBackendHttpSettings -Name $httpSettingsName -ApplicationGateway $gw $backendPool = Get-AzApplicationGatewayBackendAddressPool -Name $appGwBackendPoolNameForAppSvc -ApplicationGateway $gw # Add routing rule: Add-AzApplicationGatewayRequestRoutingRule -Name $reqRoutingRuleName -ApplicationGateway $gw -RuleType Basic -BackendHttpSettings $httpSettings -HttpListener $httpListener -BackendAddressPool $backendPool # Update Application Gateway with the new routing rule: Set-AzApplicationGateway -ApplicationGateway $gw

$customDomainName = "<FQDN for custom domain pointing to Application Gateway>" Invoke-WebRequest $customDomainName

# Configure Application Gateway to connect to App Service using the incoming hostname $rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $customProbeName = "<name for custom health probe>" $customDomainName = "<FQDN for custom domain associated with App Service>" $httpSettingsName = "<name for http settings to be created>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Add custom health probe using custom domain name: Add-AzApplicationGatewayProbeConfig -Name $customProbeName -ApplicationGateway $gw -Protocol Https -HostName $customDomainName -Path "/" -Interval 30 -Timeout 120 -UnhealthyThreshold 3 $probe = Get-AzApplicationGatewayProbeConfig -Name $customProbeName -ApplicationGateway $gw # Add HTTP Settings to use towards App Service: Add-AzApplicationGatewayBackendHttpSettings -Name $httpSettingsName -ApplicationGateway $gw -Protocol Https -Port 443 -Probe $probe -CookieBasedAffinity Disabled -RequestTimeout 30 # Update Application Gateway with the new added HTTP settings and probe: Set-AzApplicationGateway -ApplicationGateway $gw

# Configure Application Gateway to connect to backend using default App Service hostname $rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" $httpSettingsName = "<name for http settings to be created>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Add HTTP Settings to use towards App Service: Add-AzApplicationGatewayBackendHttpSettings -Name $httpSettingsName -ApplicationGateway $gw -Protocol Https -Port 443 -PickHostNameFromBackendAddress -CookieBasedAffinity Disabled -RequestTimeout 30 # Update Application Gateway with the new added HTTP settings and probe: Set-AzApplicationGateway -ApplicationGateway $gw

$rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Check health: Get-AzApplicationGatewayBackendHealth -ResourceGroupName $rgName -Name $appGwName

$rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Check health: Get-AzApplicationGatewayBackendHealth -ResourceGroupName $rgName -Name $appGwName

$rgName = "<name of resource group for App Gateway>" $appGwName = "<name of the App Gateway>" # Get existing Application Gateway: $gw = Get-AzApplicationGateway -Name $appGwName -ResourceGroupName $rgName # Get ip address: $ipAddressResourceId = $gw.FrontendIPConfigurations.PublicIPAddress.Id $ipAddressResource = Get-AzResource -ResourceId $ipAddressResourceId $publicIp = Get-AzPublicIpAddress -ResourceGroupName $ipAddressResource.ResourceGroupName -Name $ipAddressResource.Name Write-Host "Public ip address for Application Gateway is $($publicIp.IpAddress)" Invoke-WebRequest "http://$($publicIp.IpAddress)"