Create an application gateway with external redirection using the Azure CLI
You can use the Azure CLI to configure web traffic redirection when you create an application gateway. In this tutorial, you configure a listener and rule that redirects web traffic that arrives at the application gateway to an external site.
In this article, you learn how to:
- Set up the network
- Create a listener and redirection rule
- Create an application gateway
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
- This tutorial requires version 2.0.4 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using az group create.
The following example creates a resource group named myResourceGroupAG in the eastus location.
az group create --name myResourceGroupAG --location eastus
Create network resources
Create the virtual network named myVNet and the subnet named myAGSubnet using az network vnet create. Create the public IP address named myAGPublicIPAddress using az network public-ip create. These resources are used to provide network connectivity to the application gateway and its associated resources.
az network vnet create \ --name myVNet \ --resource-group myResourceGroupAG \ --location eastus \ --address-prefix 10.0.0.0/16 \ --subnet-name myAGSubnet \ --subnet-prefix 10.0.1.0/24 az network public-ip create \ --resource-group myResourceGroupAG \ --name myAGPublicIPAddress
Create an application gateway
You can use az network application-gateway create to create the application gateway named myAppGateway. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to myAGSubnet and myPublicIPAddress that you previously created.
az network application-gateway create \ --name myAppGateway \ --location eastus \ --resource-group myResourceGroupAG \ --vnet-name myVNet \ --subnet myAGsubnet \ --capacity 2 \ --sku Standard_Medium \ --http-settings-cookie-based-affinity Disabled \ --frontend-port 8080 \ --http-settings-port 80 \ --http-settings-protocol Http \ --public-ip-address myAGPublicIPAddress
It may take several minutes for the application gateway to be created. After the application gateway is created, you can see these new features of it:
- appGatewayBackendPool - An application gateway must have at least one backend address pool.
- appGatewayBackendHttpSettings - Specifies that port 80 and an HTTP protocol is used for communication.
- appGatewayHttpListener - The default listener associated with appGatewayBackendPool.
- appGatewayFrontendIP - Assigns myAGPublicIPAddress to appGatewayHttpListener.
- rule1 - The default routing rule that is associated with appGatewayHttpListener.
Add the redirection configuration
Add the redirection configuration that sends traffic from www.consoto.org to the listener for www.contoso.com to the application gateway using az network application-gateway redirect-config create.
az network application-gateway redirect-config create \ --name myredirect \ --gateway-name myAppGateway \ --resource-group myResourceGroupAG \ --type Temporary \ --target-url "https://bing.com"
Add a listener and routing rule
A listener is required to enable the application gateway to appropriately route traffic. Create the listener using az network application-gateway http-listener create with the frontend port created with az network application-gateway frontend-port create. A rule is required for the listener to know where to send incoming traffic. Create a basic rule named redirectRule using az network application-gateway rule create.
az network application-gateway frontend-port create \ --port 80 \ --gateway-name myAppGateway \ --resource-group myResourceGroupAG \ --name redirectPort az network application-gateway http-listener create \ --name redirectListener \ --frontend-ip appGatewayFrontendIP \ --frontend-port redirectPort \ --resource-group myResourceGroupAG \ --gateway-name myAppGateway az network application-gateway rule create \ --gateway-name myAppGateway \ --name redirectRule \ --resource-group myResourceGroupAG \ --http-listener redirectListener \ --rule-type Basic \ --redirect-config myredirect
Test the application gateway
To get the public IP address of the application gateway, you can use az network public-ip show. Copy the public IP address, and then paste it into the address bar of your browser.
You should see bing.com appear in your browser.