使用 ARM 模板將 Azure Web App 連接到 vNet
[英]Connect Azure Web App to vNet using ARM template
問題描述
我正在嘗試編寫 Azure 中一堆資源的設置腳本,作為其中的一部分,我需要一個 Web 應用程序,以便能夠通過 vNet 與在 VM 上運行的服務進行通信。
我創建了一個模板,它似乎做了它應該做的一切來創建連接,但由於某種原因沒有建立連接。 在門戶中查看顯示該站點已連接到 vNet 並且證書已同步,但 vNet 網關上的點到站點配置顯示沒有活動連接。
但是,如果我斷開 Web 應用與 vNet 的連接,然后使用 Azure 門戶中的設置按鈕重新連接到同一個 vNet,一切正常。
我的模板中肯定缺少某些東西,但是在過去的幾個小時中我無法弄清楚是什么
這是我的 ARM 模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('infrastructureNsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vnetName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "10.1.0.0/17",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"name": "infrastructure",
"properties": {
"addressPrefix": "10.1.254.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
}
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "10.1.128.0/24"
}
}
]
},
"resources": [ ],
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
]
},
{
"type": "Microsoft.Web/sites",
"kind": "api",
"name": "[variables('gatewaySiteName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewaySiteName')]",
"hostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]"
],
"enabledHostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]"
],
"hostNameSslStates": [
{
"name": "[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
},
{
"name": "[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]"
},
"resources": [],
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
]
},
{
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"kind": "",
"name": "[variables('gatewayServerFarmName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewayServerFarmName')]",
"numberOfWorkers": 1
},
"resources": [ ],
"dependsOn": [ ]
},
{
"name": "[variables('vnetGatewayIpName')]",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"name": "[variables('vnetGatewayName')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('vnetGatewayIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('vnetName'),'GatewaySubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('vnetGatewayIpName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"172.16.201.0/24"
]
},
"vpnClientRootCertificates": [
{
"name": "AppServiceCertificate.cer",
"properties": {
"PublicCertData": "[reference(concat('Microsoft.Web/sites/', variables('gatewaySiteName'), '/virtualNetworkConnections/virtualNetworkConnections')).certBlob]"
}
}
]
}
}
},
{
"name": "[variables('gatewayVnetConnectionName')]",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"location": "[parameters('location')]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('gatewaySiteName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
}
}
]
}
3 個解決方案
解決方案1
3 2016-09-15 18:49:50
我永遠無法僅通過 ARM 模板來完成這項工作。 但是,如果您可以在創建后多使用一個 PowerShell 命令,它就可以很好地工作:
# Set VNET Integration for Web App
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe"
$WebApp = "LearningMomentsInProduction"
$PropertiesObject = @{
vnetName = "JimAreYouSureThisIsTheStagingVNET";
}
Set-AzureRmResource -PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroup `
-ResourceType Microsoft.Web/sites/config `
-ResourceName $WebApp/web `
-ApiVersion 2015-08-01 -Force -Verbose |
Select -expand Properties |
Select VnetName
# Expected output:
#
# VnetName
# --------
# JimAreYouSureThisIsTheStagingVNET
#
# At this point your Web App is hooked up to the VNET
編輯:
這不符合我的想法。
要重新同步點到站點證書:
$ResourceGroup = "WeMadeThatInWestEuropeDidntWe" # VNET Name or Gateway name, try with gateway name! $vnetName = "JimAreYouSureThisIsTheStagingVNET"; $PropertiesObject = @{ resyncRequired = "true" } Set-AzureRmResource -PropertyObject $PropertiesObject -ResourceGroupName $ResourceGroup ` -ResourceType Microsoft.Web/sites/virtualNetworkConnections ` -ResourceName $VnetName -ApiVersion 2015-08-01 ` -Force -Verbose
解決方案2
1 2016-09-08 20:56:32
在 Azure 門戶中正確配置后找到正確設置的一個好方法是查看引擎蓋。 這可以通過查看https://resources.azure.com/或 Azure 門戶中的 資源瀏覽器來完成。
在這里,您將找到處於工作狀態的 json,並將其與您的 ARM 模板進行比較。 設置不能一對一復制,但很接近。 祝你好運找到差異。
解決方案3
1 2019-08-04 12:19:09
你把它作為站點內的嵌套資源:
(這假設所有內容都在相同的訂閱和資源組下,否則,您將需要修改resourceId()的參數)
"properties":[],
"resources": [
{
"name": "[concat(variables('webappSiteName'), '/', variables('webappSiteName'), '-vnetIntegration')]",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"apiVersion": "2018-02-01",
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', 'vnetname')]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webappSiteName'))]"
]
}
]
至少,這是必需的,但是, Microsoft.Web/sites/virtualNetworkConnections資源必須提供客戶端證書數據(必須在 vnet 網關的 P2S 連接中配置),這是根據文檔的屬性certBlob這是:
一個證書文件 (.cer) blob,其中包含用於驗證 Point-To-Site VPN 連接的私鑰的公鑰。
讓該子節點為我工作,如果您不指定證書信息,您的 Web 應用程序將顯示錯誤,指出證書不同步。
在線參考virtualNetworkConnections 文檔
希望這可以幫助。
具有自定義vnet手臂模板的Azure Databricks將無法連接到自定義vnet
[英]Azure Databricks with custom vnet arm template won't connect to the custom vnet
如何使用 ARM 模板將 Azure VM 添加到現有 Vnet 或新 Vnet
[英]How can I add Azure VM to existing Vnet or new Vnet using ARM template
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
ARM模板中的Azure Vnet對等
具有自定義vnet手臂模板的Azure Databricks將無法連接到自定義vnet
如何使用 ARM 模板將 Azure VM 添加到現有 Vnet 或新 Vnet
Azure ARM 模板 vnet 對等不同訂閱
Azure API Manager ARM模板-vnet問題
將 Azure Function App 連接到 VNet
使用ARM模板在Azure Web App中安裝Bower組件
使用ARM模板更新現有VNET的DNS
Azure Web應用程序設置已還原為手臂模板
使用Azure CLI或API的Web App Vnet集成
相關標簽