Azure App Gateway Tutorial

Azure Application Gateway is a layer 7 load balancer that provides application delivery controller (ADC) functionality, such as SSL termination, cookie-based session affinity, and URL path-based routing. It is a fully managed service that can automatically scale up or down based on traffic demand.

In this tutorial, we will cover how to create an Azure Application Gateway using the Azure Portal and the Azure CLI.

Prerequisites

Before we start, you’ll need the following:

  • An Azure account with an active subscription
  • A virtual network with at least two subnets (one for the application gateway and one for the backend servers)
  • A backend server pool with at least two virtual machines running the same application
  • A valid SSL certificate for HTTPS traffic

Creating an Azure Application Gateway using the Azure Portal

  1. Log in to the Azure Portal at https://portal.azure.com/.
  2. Click on “+ Create a resource” button on the left-hand side of the page.
  3. Search for “Application Gateway” in the search bar and select it.
  4. Click on “Create” to start the creation process.
  5. Provide the following information in the “Basics” tab:
    • Resource group: Select the resource group you want to use or create a new one.
    • Name: Choose a name for the application gateway.
    • Region: Select the region where you want to deploy the application gateway.
    • Tier: Choose the tier that meets your requirements. Standard or WAF are usually recommended for production workloads.
    • Virtual network: Select the virtual network you want to use.
    • Subnet: Select the subnet where you want to deploy the application gateway.
  6. Click on “Next: Frontends” to move to the next tab.
  7. Provide the following information in the “Frontends” tab:
    • Public IP address: Choose whether to use an existing public IP address or create a new one.
    • Listener: Choose the protocol (HTTP or HTTPS) and port number for the listener.
    • SSL certificate: Choose whether to use an existing certificate or upload a new one.
    • HTTP/2: Choose whether to enable HTTP/2 protocol.
  8. Click on “Next: Backends” to move to the next tab.
  9. Provide the following information in the “Backends” tab:
    • Backend pool: Create a new backend pool and add the IP addresses or FQDNs of your backend servers.
    • Health probes: Create a new health probe and configure the settings to check the availability of your backend servers.
  10. Click on “Next: Configuration” to move to the next tab.
  11. Provide the following information in the “Configuration” tab:
    • Session persistence: Choose the session affinity method you want to use (cookie-based or source IP).
    • URL path-based routing: Choose whether to enable URL path-based routing and configure the rules.
  12. Click on “Next: Tags” to move to the next tab.
  13. Add any relevant tags and click on “Review + create”.
  14. Review the settings and click on “Create” to deploy the application gateway.

Creating an Azure Application Gateway using the Azure CLI

  1. Open a terminal or command prompt and log in to the Azure CLI using the command “az login”.
  2. Create a new resource group using the command
az group create --name <resource-group-name> --location <location>

3. Create a new public IP address using the command 

az network public-ip create --name <public-ip-name> --resource-group <resource-group-name> --allocation-method Static- -sku Standard

Replace <public-ip-name> with a name of your choice and <resource-group-name> with the name of the resource group you created in step 2.

4. Create a new application gateway using the command “az network application-gateway create”. Provide the following information as command arguments:

  • –name: Choose a name for the application gateway.
  • –resource-group: Specify the name of the resource group you created in step 2.
  • –location: Specify the location where you want to deploy the application gateway.
  • –capacity: Choose the capacity (number of instances) you want to deploy.
  • –sku: Choose the SKU that meets your requirements. Standard_v2 or WAF_v2 are usually recommended for production workloads.
  • –vnet-name: Specify the name of the virtual network you want to use.
  • –subnet: Specify the name of the subnet where you want to deploy the application gateway.
  • –public-ip-address: Specify the name or ID of the public IP address you created in step 3.
  • –http-settings-cookie-based-affinity: Specify whether to enable cookie-based affinity.
  • –http-settings-port: Specify the port number for the listener.
  • –http-settings-protocol: Specify the protocol (HTTP or HTTPS) for the listener.
  • –ssl-cert: Specify the name or ID of the SSL certificate you want to use.
  • –servers: Specify the IP addresses or FQDNs of your backend servers.
  • –probe-name: Choose a name for the health probe.
  • –probe-protocol: Specify the protocol (HTTP or HTTPS) for the health probe.
  • –probe-path: Specify the path to use for the health probe.
  • –probe-interval: Specify the interval (in seconds) between health probes.
  • –probe-timeout: Specify the timeout (in seconds) for each health probe.
  1. Verify that the application gateway was created successfully using the command
az network application-gateway show --name <application-gateway-name> --resource-group <resource-group-name>

Replace <application-gateway-name> with the name of the application gateway you created and <resource-group-name> with the name of the resource group you created in step 2.

Conclusion

In this tutorial, we covered how to create an Azure Application Gateway using both the Azure Portal and the Azure CLI. The Azure Portal provides a graphical user interface for creating and managing resources, while the Azure CLI provides a command-line interface for automating tasks and integrating with other tools. Both methods are valid options depending on your preferences and workflow.