Azure API 使用网关在 VNET 中进行管理(502 - Web 服务器在充当网关或代理服务器时收到无效响应)
Azure API Management in VNET with Gateway (502 - Web server received an invalid response while acting as a gateway or proxy server)
我需要在带有应用程序网关的内部 VNET 中集成 Azure API 管理。我使用了微软的手册:
Integrate API Management in an internal VNET with Application Gateway
我为自定义域使用了自签名证书。
这是使用应用程序网关在内部 VNET 中进行管理的图 API
我根据以下手册开发了PowerShell脚本Integrate API Management in an internal VNET with Application Gateway
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="xxxxx@xxxxx.com"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "yyyyyy@xxxxx.com"
$apiHostname = "api.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 10
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 11
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 12
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 14
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 15
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 16
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 17
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 18
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 19
$listener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 20
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 22
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 23
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 24
$echoapiRule = New-AzureRmApplicationGatewayPathRuleConfig -Name "externalapis" -Paths "/echo/*" -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolSetting
Write-Host("Step 24 [New-AzureRmApplicationGatewayPathRuleConfig] completed") $colors
#Step 25
$urlPathMap = New-AzureRmApplicationGatewayUrlPathMapConfig -Name "urlpathmap" -PathRules $echoapiRule -DefaultBackendAddressPool $apimProxyBackendPool -DefaultBackendHttpSettings $apimPoolSetting
Write-Host("Step 25 [New-AzureRmApplicationGatewayUrlPathMapConfig] completed") $colors
#Step 26
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType PathBasedRouting -HttpListener $listener -UrlPathMap $urlPathMap
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 27
$sku = New-AzureRmApplicationGatewaySku -Name WAF_Medium -Tier WAF -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 28
$config = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
Write-Host("Step 28 [New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration] completed") $colors
#Step 29
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener -UrlPathMaps $urlPathMap -RequestRoutingRules $rule01 -Sku $sku -WebApplicationFirewallConfig $config -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 30
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 31
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
配置脚本运行成功。没有任何错误。但是,如果我尝试通过网关访问 Echo API,则会出现错误:“502 - Web 服务器在充当网关或代理服务器时收到无效响应。”如果我使用Azure API 没有内部虚拟网络的管理服务运行良好。
我浏览了几本手册:
How to use Azure API Management with virtual networks
Troubleshooting bad gateway errors in Application Gateway
Control network traffic flow with network security groups
我找到了这些详细信息:
配置 Azure 应用程序网关后,用户可能遇到的错误之一是 "Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server"。出现此错误的主要原因可能有以下几个:
Azure Application Gateway 的后端池未配置或为空。
None VM 规模集中的 VM 或实例运行状况良好。
后端 VM 或 VM 规模集实例未响应默认运行状况探测。
自定义运行状况探测的配置无效或不正确。用户请求的请求超时或连接问题。
我的问题是
- 我需要配置虚拟机吗?
- 我是否需要使用 Azure 网络安全组为我拥有的子网配置防火墙规则?
- 我应该以 Base-64 编码还是 DER 编码二进制格式导出自定义域自签名证书以将其上传到 Azure?
- 如何解决我的问题?
- Microsoft 手册 Integrate API Management in an internal VNET with Application Gateway 遗漏了什么?
- 如何解决502错误?
- 您需要创建一个 VM 以在内部测试 APIM(您可以使用 this 指南)
- 否,除非您想限制某种流量
- 问题不清楚,请上传到具体位置,但Azure服务通常接受base64编码的证书
- 在 VNet 中创建一个 VM 并尝试访问 API 管理
- 不知道,可能什么都没有,我很少在 MS 文档中看到明显错误的东西
- 确保 HTTP 探测显示正常,检查 API 网关配置,如果您使用证书与 APIM 通信,您应该确保 APIM 接受证书
Post Integrate API Management in an internal VNET with Application Gateway 涵盖仅通过应用程序网关公开 Gateway/Proxy 的部分 API 的场景。
如果您还想通过应用程序网关访问开发者 Portal/Publisher 门户。您需要按照文档 Create AppGateway to access multiple web application
进行操作
我已经尝试捕捉这里步骤的变化(可能有小错别字)
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiPortalHostname = "myapi.portal.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="xxxxx@xxxxx.com"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "yyyyyy@xxxxx.com"
$apiHostname = "api.mydomain.com"
$portalHostname = "portal.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate <!-- This Certificate is *.mydomain.com -->
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 11
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 12
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 13
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
$portalHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$portalHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 14
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $portalHostnameConfig -ProxyHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 15
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 16
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 17
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 18
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 19
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 20
$apimlistener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $appGatewayHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
$apimportallistener = New-AzureRmApplicationGatewayHttpListener -Name listener02 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $apiPortalHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
$apimportalprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimportalprobe -Protocol Https -HostName $apiPortalHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
#Step 22
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 23
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
$apimPoolPortalSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolPortalSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimportalprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 24
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 25
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType Basic -HttpListener $apimlistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
$rule02 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule2" -RuleType Basic -HttpListener $apimportallistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 26
$sku = New-AzureRmApplicationGatewaySku -Name Standard_Medium -Tier Standard -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 27
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting, $apimPoolPortalSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $apimlistener, $apimportallistener -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe, $apimportalprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 28
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 29
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
终于解决了(502)网关问题。问题出在 Integrate API Management in an internal VNET with Application Gateway 手册中。
错行:
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
要为 API 代理设置自定义域名,应使用 -ProxyHostnameConfiguration $proxyHostnameConfig 而不是 -PortalHostnameConfiguration $proxyHostnameConfig
实际上,我在 Integrate API Management in an internal VNET with Application Gateway 手册中发现了 2 个错误。
贡献#1、#2和Integrate API Management in an internal VNET with Application Gateway手册现已更新。
我需要在带有应用程序网关的内部 VNET 中集成 Azure API 管理。我使用了微软的手册: Integrate API Management in an internal VNET with Application Gateway
我为自定义域使用了自签名证书。
这是使用应用程序网关在内部 VNET 中进行管理的图 API
我根据以下手册开发了PowerShell脚本Integrate API Management in an internal VNET with Application Gateway
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="xxxxx@xxxxx.com"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "yyyyyy@xxxxx.com"
$apiHostname = "api.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 10
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 11
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 12
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 14
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 15
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 16
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 17
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 18
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 19
$listener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 20
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 22
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 23
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 24
$echoapiRule = New-AzureRmApplicationGatewayPathRuleConfig -Name "externalapis" -Paths "/echo/*" -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolSetting
Write-Host("Step 24 [New-AzureRmApplicationGatewayPathRuleConfig] completed") $colors
#Step 25
$urlPathMap = New-AzureRmApplicationGatewayUrlPathMapConfig -Name "urlpathmap" -PathRules $echoapiRule -DefaultBackendAddressPool $apimProxyBackendPool -DefaultBackendHttpSettings $apimPoolSetting
Write-Host("Step 25 [New-AzureRmApplicationGatewayUrlPathMapConfig] completed") $colors
#Step 26
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType PathBasedRouting -HttpListener $listener -UrlPathMap $urlPathMap
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 27
$sku = New-AzureRmApplicationGatewaySku -Name WAF_Medium -Tier WAF -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 28
$config = New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
Write-Host("Step 28 [New-AzureRmApplicationGatewayWebApplicationFirewallConfiguration] completed") $colors
#Step 29
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $listener -UrlPathMaps $urlPathMap -RequestRoutingRules $rule01 -Sku $sku -WebApplicationFirewallConfig $config -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 30
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 31
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
配置脚本运行成功。没有任何错误。但是,如果我尝试通过网关访问 Echo API,则会出现错误:“502 - Web 服务器在充当网关或代理服务器时收到无效响应。”如果我使用Azure API 没有内部虚拟网络的管理服务运行良好。
我浏览了几本手册: How to use Azure API Management with virtual networks
Troubleshooting bad gateway errors in Application Gateway
Control network traffic flow with network security groups
我找到了这些详细信息:
配置 Azure 应用程序网关后,用户可能遇到的错误之一是 "Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server"。出现此错误的主要原因可能有以下几个:
Azure Application Gateway 的后端池未配置或为空。
None VM 规模集中的 VM 或实例运行状况良好。
后端 VM 或 VM 规模集实例未响应默认运行状况探测。
自定义运行状况探测的配置无效或不正确。用户请求的请求超时或连接问题。
我的问题是
- 我需要配置虚拟机吗?
- 我是否需要使用 Azure 网络安全组为我拥有的子网配置防火墙规则?
- 我应该以 Base-64 编码还是 DER 编码二进制格式导出自定义域自签名证书以将其上传到 Azure?
- 如何解决我的问题?
- Microsoft 手册 Integrate API Management in an internal VNET with Application Gateway 遗漏了什么?
- 如何解决502错误?
- 您需要创建一个 VM 以在内部测试 APIM(您可以使用 this 指南)
- 否,除非您想限制某种流量
- 问题不清楚,请上传到具体位置,但Azure服务通常接受base64编码的证书
- 在 VNet 中创建一个 VM 并尝试访问 API 管理
- 不知道,可能什么都没有,我很少在 MS 文档中看到明显错误的东西
- 确保 HTTP 探测显示正常,检查 API 网关配置,如果您使用证书与 APIM 通信,您应该确保 APIM 接受证书
Post Integrate API Management in an internal VNET with Application Gateway 涵盖仅通过应用程序网关公开 Gateway/Proxy 的部分 API 的场景。
如果您还想通过应用程序网关访问开发者 Portal/Publisher 门户。您需要按照文档 Create AppGateway to access multiple web application
进行操作我已经尝试捕捉这里步骤的变化(可能有小错别字)
#Configuration
$organizationName = "TestOrg1"
$resourceGroupName = "API-Management-in-VNET-with-Gateway-Test"
$appGatewayHostname = "myapi.azure-api.net"
$apiPortalHostname = "myapi.portal.azure-api.net"
$apiManagementServiceName = "MyApi"
#Credentials
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$azureAccountName ="xxxxx@xxxxx.com"
$azurePassword = "xxxxxx"
#Configuration
$location = "South Central US"
$apiManagementAdminEmail = "yyyyyy@xxxxx.com"
$apiHostname = "api.mydomain.com"
$portalHostname = "portal.mydomain.com"
$sslPort = 443
#Network
$virtualNetworkAddressPrefix = "10.0.0.0/16"
$gatewaySubnetAddressPrefix = "10.0.0.0/24"
$apiManagementSubnetAddressPrefix = "10.0.1.0/24"
#Certificate <!-- This Certificate is *.mydomain.com -->
$pfxCertificatePassword = "xxxxxxxxxxxx"
$certificateThumbprint = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$pfxCertificateFilename = $PSScriptRoot + "\PfxCert.pfx"
$cerCertificateFilename = $PSScriptRoot + "\CerCert.cer"
#Output colors
$foregroundColor = "green"
$backgroundColor = "black"
#Log
$ErrorActionPreference = "SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
$date = (get-date).tostring("MM-dd-yyyy-HH-mm-ss")
$logFile = $PSScriptRoot + "\log\CreateApiManagementEnvLog-" + $date + ".txt"
Start-Transcript -path $logFile
$startTime = Get-Date
Write-Host("Start Time: " + $startTime)
$azurePasswordSecureString = ConvertTo-SecureString $azurePassword -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePasswordSecureString)
$colors = "-foregroundcolor $foregroundColor -backgroundcolor $backgroundcolor"
#Step 01
Login-AzureRmAccount -Credential $credentials
Write-Host("Step 01 [Login-AzureRmAccount] completed") $colors
#Step 02
Get-AzureRmSubscription -Subscriptionid $subscriptionId | Select-AzureRmSubscription
Write-Host("Step 02 [Get-AzureRmSubscription] completed") $colors
#Step 03
New-AzureRmResourceGroup -Name $resourceGroupName -Location $location
Write-Host("Step 03 [New-AzureRmResourceGroup] completed") $colors
#Step 04
$appgatewaysubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim01 -AddressPrefix $gatewaySubnetAddressPrefix
Write-Host("Step 04 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 05
$apimsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name apim02 -AddressPrefix $apiManagementSubnetAddressPrefix
Write-Host("Step 05 [New-AzureRmVirtualNetworkSubnetConfig] completed") $colors
#Step 06
$vnet = New-AzureRmVirtualNetwork -Name appgwvnet -ResourceGroupName $resourceGroupName -Location $location -AddressPrefix $virtualNetworkAddressPrefix -Subnet $appgatewaysubnet,$apimsubnet
Write-Host("Step 06 [New-AzureRmVirtualNetwork] completed") $colors
#Step 07
$appgatewaysubnetdata=$vnet.Subnets[0]
Write-Host("Step 07 [$appgatewaysubnetdata] completed") $colors
#Step 08
$apimsubnetdata=$vnet.Subnets[1]
Write-Host("Step 08 [$apimsubnetdata] completed") $colors
#Step 10
$apimVirtualNetwork = New-AzureRmApiManagementVirtualNetwork -Location $location -SubnetResourceId $apimsubnetdata.Id
Write-Host("Step 09 [New-AzureRmApiManagementVirtualNetwork] completed") $colors
#Step 11
$apimService = New-AzureRmApiManagement -ResourceGroupName "$resourceGroupName" -Location $location -Name $apiManagementServiceName -Organization $organizationName -AdminEmail $apiManagementAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Premium"
Write-Host("Step 10 [New-AzureRmApiManagement] completed") $colors
#Step 12
$certUploadResult = Import-AzureRmApiManagementHostnameCertificate -ResourceGroupName "$resourceGroupName" -Name $apiManagementServiceName -HostnameType "Proxy" -PfxPath $pfxCertificateFilename -PfxPassword $pfxCertificatePassword -PassThru
Write-Host("Step 11 [Import-AzureRmApiManagementHostnameCertificate] completed") $colors
#Step 13
$proxyHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$apiHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
$portalHostnameConfig = New-AzureRmApiManagementHostnameConfiguration -CertificateThumbprint $certificateThumbprint -Hostname "$portalHostname"
Write-Host("Step 12 [New-AzureRmApiManagementHostnameConfiguration] completed") $colors
#Step 14
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $portalHostnameConfig -ProxyHostnameConfiguration $proxyHostnameConfig
Write-Host("Step 13 [Set-AzureRmApiManagementHostnames] completed") $colors
#Step 15
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -name publicIP01 -location $location -AllocationMethod Dynamic
Write-Host("Step 14 [New-AzureRmPublicIpAddress] completed") $colors
#Step 16
$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name gatewayIP01 -Subnet $appgatewaysubnetdata
Write-Host("Step 15 [New-AzureRmApplicationGatewayIPConfiguration] completed") $colors
#Step 17
$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name 'port01' -Port $sslPort
Write-Host("Step 16 [New-AzureRmApplicationGatewayFrontendPort] completed") $colors
#Step 18
$fipconfig01 = New-AzureRmApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
Write-Host("Step 17 [New-AzureRmApplicationGatewayFrontendIPConfig] completed") $colors
#Step 19
$cert = New-AzureRmApplicationGatewaySslCertificate -Name cert01 -CertificateFile $pfxCertificateFilename -Password $pfxCertificatePassword
Write-Host("Step 18 [New-AzureRmApplicationGatewaySslCertificate] completed") $colors
#Step 20
$apimlistener = New-AzureRmApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $appGatewayHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
$apimportallistener = New-AzureRmApplicationGatewayHttpListener -Name listener02 -Protocol Https -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -SslCertificate $cert -HostName $apiPortalHostname
Write-Host("Step 19 [New-AzureRmApplicationGatewayHttpListener] completed") $colors
#Step 21
$apimprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimproxyprobe -Protocol Https -HostName $appGatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
$apimportalprobe = New-AzureRmApplicationGatewayProbeConfig -Name apimportalprobe -Protocol Https -HostName $apiPortalHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
Write-Host("Step 20 [New-AzureRmApplicationGatewayProbeConfig] completed") $colors
#Step 22
$authcert = New-AzureRmApplicationGatewayAuthenticationCertificate -Name 'whitelistcert1' -CertificateFile $cerCertificateFilename
Write-Host("Step 21 [New-AzureRmApplicationGatewayAuthenticationCertificate] completed") $colors
#Step 23
$apimPoolSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
$apimPoolPortalSetting = New-AzureRmApplicationGatewayBackendHttpSettings -Name "apimPoolPortalSetting" -Port $sslPort -Protocol Https -CookieBasedAffinity Disabled -Probe $apimportalprobe -AuthenticationCertificates $authcert -RequestTimeout 180
Write-Host("Step 22 [New-AzureRmApplicationGatewayBackendHttpSettings] completed") $colors
#Step 24
$apimProxyBackendPool = New-AzureRmApplicationGatewayBackendAddressPool -Name apimbackend -BackendIPAddresses $apimService.StaticIPs[0]
Write-Host("Step 23 [New-AzureRmApplicationGatewayBackendAddressPool] completed") $colors
#Step 25
$rule01 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType Basic -HttpListener $apimlistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
$rule02 = New-AzureRmApplicationGatewayRequestRoutingRule -Name "rule2" -RuleType Basic -HttpListener $apimportallistener
Write-Host("Step 26 [New-AzureRmApplicationGatewayRequestRoutingRule] completed") $colors
#Step 26
$sku = New-AzureRmApplicationGatewaySku -Name Standard_Medium -Tier Standard -Capacity 2
Write-Host("Step 27 [New-AzureRmApplicationGatewaySku] completed") $colors
#Step 27
$appgw = New-AzureRmApplicationGateway -Name appgwtest -ResourceGroupName $resourceGroupName -Location $location -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting, $apimPoolPortalSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -HttpListeners $apimlistener, $apimportallistener -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslCertificates $cert -AuthenticationCertificates $authcert -Probes $apimprobe, $apimportalprobe
Write-Host("Step 29 [New-AzureRmApplicationGateway] completed") $colors
#Step 28
Get-AzureRmPublicIpAddress -ResourceGroupName $resourceGroupName -Name publicIP01
Write-Host("Step 30 [Get-AzureRmPublicIpAddress] completed") $colors
#Step 29
Write-Host("Step 31 You need to create CNAME record for custom api domain(see DnsSettingsText -> fqdn)") $colors
#Done
Write-Host("Done") $colors
$endTime = Get-Date
$elapsedTime = New-Timespan –Start $startTime –End $endTime
Write-Host("End Time: " + $endTime) $colors
Write-Host("Elapsed Time: " + $elapsedTime) $colors
Write-Host "Press any key to continue ..." $colors
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Stop-Transcript
终于解决了(502)网关问题。问题出在 Integrate API Management in an internal VNET with Application Gateway 手册中。
错行:
#Step 13
$result = Set-AzureRmApiManagementHostnames -Name $apiManagementServiceName -ResourceGroupName "$resourceGroupName" –PortalHostnameConfiguration $proxyHostnameConfig
要为 API 代理设置自定义域名,应使用 -ProxyHostnameConfiguration $proxyHostnameConfig 而不是 -PortalHostnameConfiguration $proxyHostnameConfig
实际上,我在 Integrate API Management in an internal VNET with Application Gateway 手册中发现了 2 个错误。
贡献#1、#2和Integrate API Management in an internal VNET with Application Gateway手册现已更新。