Azure 应用程序网关 WAF_V2 ARM 部署失败
Azure Application Gateway WAF_V2 failing ARM deployment
部署 App 网关 waf_v2 时出现错误,其中有一个以上的侦听器。对于单个监听器,它工作正常。
错误:
{"code":"DeploymentFailed","message":"至少一个资源部署操作失败。请列出部署操作以获取详细信息。请参阅 https://aka.ms/DeployOperations 了解使用详情。","详细信息" :[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "ApplicationGatewayHttpListenersUsingSameFrontendPortAndFrontendIpConfig",\r\n "message": "应用程序网关 journal-listner 和 attachmentmgmt-listner 的两个 Http 侦听器使用相同的前端端口 /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendPorts/frontendPorts 和 FrontendIpConfiguration /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendIPConfigurations/PrivateFrontendIp。",\r\n "详情": []\r\n }\r\n}"}]}
模板代码:
// Application Gateway
{
"name": "[parameters('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"zones": "[parameters('availabilityZones')]",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2",
"capacity": "[parameters('capacity')]"
},
"sslCertificates": [
{
"name": "[parameters('certName')]",
"properties": {
"data": "[parameters('certData')]",
"password": "[parameters('certPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "gatewayIp",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"trustedRootCertificates": "[parameters('trustedRootCertificates')]",
"frontendIPConfigurations": [
{
"name": "PublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIpResourceId')]"
}
}
},
{
"name": "PrivateFrontendIp",
"properties": {
"privateIPAddress": "[parameters('privateIPAddress')]",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "frontendPorts",
"properties": {
"Port": 443
}
}
],
"backendAddressPools": "[parameters('backendAddressPools')]",
"probes": "[parameters('probes')]",
"copy": [
{
"name": "backendHttpSettingsCollection",
"count": "[length(parameters('backendHttpSettings'))]",
"input": {
"name": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].name]",
"properties": {
"port": 443,
"pickHostNameFromBackendAddress": true,
"protocol": "Https",
"probeEnabled": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probeEnabled]",
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', parameters('applicationGatewayName'), parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probe)]"
}
}
}
},
{
"name": "httpListeners",
"count": "[length(parameters('httpListeners'))]",
"input": {
"name": "[parameters('httpListeners')[copyIndex('httpListeners')].name]",
"properties": {
"protocol": "Https",
// Set hostname if it exists
"hostName": "[if(contains(parameters('httpListeners')[copyIndex('httpListeners')], 'hostName'), parameters('httpListeners')[copyIndex('httpListeners')].hostName, '')]",
"sslCertificate": {
"id": "[concat(variables('applicationGatewayId'), '/sslCertificates/',parameters('httpListeners')[copyIndex('httpListeners')].sslCertificateName)]"
},
"frontendIPConfiguration": {
"id": "[concat(variables('applicationGatewayId'), '/frontendIPConfigurations/PrivateFrontendIp')]"
},
"frontendPort": {
"id": "[concat(variables('applicationGatewayId'), '/frontendPorts/frontendPorts')]"
}
}
}
},
{
"name": "requestRoutingRules",
"count": "[length(parameters('requestRoutingRules'))]",
"input": {
"name": "[parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].name]",
"properties": {
"ruleType": "Basic",
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayId'), '/backendAddressPools/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendpoolName)]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayId'), '/backendHttpSettingsCollection/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendHttpSetting)]"
},
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].httpListener)]"
}
}
}
}
],
"redirectConfigurations": "[parameters('redirectConfigurations')]",
"enableHttp2": "[parameters('enableHttp2')]",
"webApplicationFirewallConfiguration": "[variables('webApplicationFirewallConfiguration')]",
"urlPathMaps": "[parameters('urlPathMaps')]",
"authenticationCertificates": "[parameters('authenticationCertificates')]",
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"rewriteRuleSets": "[parameters('rewriteRuleSets')]"
}
}
使用的参数:
"backendHttpSettings": {
"value": [
{
"name": "https-attachment",
"probeEnabled": true,
"probe": "attachment-probe"
},
{
"name": "https-journal",
"probeEnabled": true,
"probe": "journal-probe"
}
]
},
"backendAddressPools": {
"value": [
{
"name": "AttachmentServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "attachmentmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
},
{
"name": "journalServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "journalmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
}
]
},
"availabilityZones": {
"value": [
1,
2
]
},
"probes": {
"value": [
{
"name": "attachment-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
},
{
"name": "journal-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
}
]
},
"httpListeners": {
"value": [
{
"name": "attachmentmgmt-listner",
"sslCertificateName": "abc"
},
{
"name": "journal-listner",
"sslCertificateName": "abc"
}
]
},
"urlPathMaps": {
"value": []
},
"requestRoutingRules": {
"value": [
{
"name": "attachment-routing-rule",
"backendpoolName": "AttachmentServicePool",
"backendHttpSetting": "https-attachment",
"httpListener": "attachmentmgmt-listner"
},
{
"name": "journal-routing-rule",
"backendpoolName": "journalServicePool",
"backendHttpSetting": "https-journal",
"httpListener": "journal-listner"
}
]
},
您不能在同一端口上创建两个基本侦听器。对多站点侦听器使用不同的端口或两个不同的主机名。
通过为 httplistner 传递主机名更改参数文件效果很好。
"httpListeners": {
"value": [
{
"name": "listner1",
"sslCertificateName": "ABC",
"hostName": "wb.abc.dom"
},
{
"name": "listner2",
"sslCertificateName": "ABC",
"hostName": "wb1.abc.dom"
}
]
}
部署 App 网关 waf_v2 时出现错误,其中有一个以上的侦听器。对于单个监听器,它工作正常。
错误:
{"code":"DeploymentFailed","message":"至少一个资源部署操作失败。请列出部署操作以获取详细信息。请参阅 https://aka.ms/DeployOperations 了解使用详情。","详细信息" :[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "ApplicationGatewayHttpListenersUsingSameFrontendPortAndFrontendIpConfig",\r\n "message": "应用程序网关 journal-listner 和 attachmentmgmt-listner 的两个 Http 侦听器使用相同的前端端口 /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendPorts/frontendPorts 和 FrontendIpConfiguration /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendIPConfigurations/PrivateFrontendIp。",\r\n "详情": []\r\n }\r\n}"}]}
模板代码:
// Application Gateway
{
"name": "[parameters('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"zones": "[parameters('availabilityZones')]",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2",
"capacity": "[parameters('capacity')]"
},
"sslCertificates": [
{
"name": "[parameters('certName')]",
"properties": {
"data": "[parameters('certData')]",
"password": "[parameters('certPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "gatewayIp",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"trustedRootCertificates": "[parameters('trustedRootCertificates')]",
"frontendIPConfigurations": [
{
"name": "PublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIpResourceId')]"
}
}
},
{
"name": "PrivateFrontendIp",
"properties": {
"privateIPAddress": "[parameters('privateIPAddress')]",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "frontendPorts",
"properties": {
"Port": 443
}
}
],
"backendAddressPools": "[parameters('backendAddressPools')]",
"probes": "[parameters('probes')]",
"copy": [
{
"name": "backendHttpSettingsCollection",
"count": "[length(parameters('backendHttpSettings'))]",
"input": {
"name": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].name]",
"properties": {
"port": 443,
"pickHostNameFromBackendAddress": true,
"protocol": "Https",
"probeEnabled": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probeEnabled]",
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', parameters('applicationGatewayName'), parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probe)]"
}
}
}
},
{
"name": "httpListeners",
"count": "[length(parameters('httpListeners'))]",
"input": {
"name": "[parameters('httpListeners')[copyIndex('httpListeners')].name]",
"properties": {
"protocol": "Https",
// Set hostname if it exists
"hostName": "[if(contains(parameters('httpListeners')[copyIndex('httpListeners')], 'hostName'), parameters('httpListeners')[copyIndex('httpListeners')].hostName, '')]",
"sslCertificate": {
"id": "[concat(variables('applicationGatewayId'), '/sslCertificates/',parameters('httpListeners')[copyIndex('httpListeners')].sslCertificateName)]"
},
"frontendIPConfiguration": {
"id": "[concat(variables('applicationGatewayId'), '/frontendIPConfigurations/PrivateFrontendIp')]"
},
"frontendPort": {
"id": "[concat(variables('applicationGatewayId'), '/frontendPorts/frontendPorts')]"
}
}
}
},
{
"name": "requestRoutingRules",
"count": "[length(parameters('requestRoutingRules'))]",
"input": {
"name": "[parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].name]",
"properties": {
"ruleType": "Basic",
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayId'), '/backendAddressPools/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendpoolName)]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayId'), '/backendHttpSettingsCollection/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendHttpSetting)]"
},
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].httpListener)]"
}
}
}
}
],
"redirectConfigurations": "[parameters('redirectConfigurations')]",
"enableHttp2": "[parameters('enableHttp2')]",
"webApplicationFirewallConfiguration": "[variables('webApplicationFirewallConfiguration')]",
"urlPathMaps": "[parameters('urlPathMaps')]",
"authenticationCertificates": "[parameters('authenticationCertificates')]",
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"rewriteRuleSets": "[parameters('rewriteRuleSets')]"
}
}
使用的参数:
"backendHttpSettings": {
"value": [
{
"name": "https-attachment",
"probeEnabled": true,
"probe": "attachment-probe"
},
{
"name": "https-journal",
"probeEnabled": true,
"probe": "journal-probe"
}
]
},
"backendAddressPools": {
"value": [
{
"name": "AttachmentServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "attachmentmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
},
{
"name": "journalServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "journalmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
}
]
},
"availabilityZones": {
"value": [
1,
2
]
},
"probes": {
"value": [
{
"name": "attachment-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
},
{
"name": "journal-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
}
]
},
"httpListeners": {
"value": [
{
"name": "attachmentmgmt-listner",
"sslCertificateName": "abc"
},
{
"name": "journal-listner",
"sslCertificateName": "abc"
}
]
},
"urlPathMaps": {
"value": []
},
"requestRoutingRules": {
"value": [
{
"name": "attachment-routing-rule",
"backendpoolName": "AttachmentServicePool",
"backendHttpSetting": "https-attachment",
"httpListener": "attachmentmgmt-listner"
},
{
"name": "journal-routing-rule",
"backendpoolName": "journalServicePool",
"backendHttpSetting": "https-journal",
"httpListener": "journal-listner"
}
]
},
您不能在同一端口上创建两个基本侦听器。对多站点侦听器使用不同的端口或两个不同的主机名。
通过为 httplistner 传递主机名更改参数文件效果很好。
"httpListeners": {
"value": [
{
"name": "listner1",
"sslCertificateName": "ABC",
"hostName": "wb.abc.dom"
},
{
"name": "listner2",
"sslCertificateName": "ABC",
"hostName": "wb1.abc.dom"
}
]
}