Deploy Azure Application Gateway (v1) with http to https redirect

Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that it can do much more, like SSL offloading, autoscaling, redirection, multiple site hosting and the most import of all, it can include a web application firewall (WAF)

Afbeeldingsresultaat voor azure application gateway

With all the features that the Azure application gateway provides, we should be able to setup multiple websites listening on different ports and url’s behind one Azure Application Gateway with just one external IP address.

With this guide you should be able to setup an application gateway with multiple site hostname match and http to https redirect. In this manual we will be using Atlassian Jira and Confluence as an example.

So what are we going to setup:

  • Deploy Azure application gateway
  • Configure 2 external URL’s (jira.2azure.nl and confluence.2azure.nl)
  • We will redirect port 80 to 443 for both websites
  • Jira will be listening on port 8080 internally (Default port)
  • Confluence will be listening on port 8090 internally (Default port)

For this guide the VNET, subnets and the virtual machine hosting both websites have already been deployed. During this guide we will not deploy a Web Application Firewall, I will tell more about that in upcoming blog article.

The setup in an overview.

Let’s get started with the deployment and configuration of the Azure Application Gateway.

Prerequisites:
– Dedicated subnet for the Azure Application Gateway
– Connectivity between the AGW and the virtual machines.
– SSL Certificate
– DNS Access

Step 1: In the Azure portal we will be deploying the Azure Gateway. Create a name, select a Tier, with the desired size, subscription, resource group and location.

Select your virtual network, subnet, Public IP Address and upload your HTTPS certificate, click OK and deploy your Gateway.

Step 2: The deployment might take up to 30 minutes to complete, but after that we should see something similar in the config as below.

Go to the Backend pools, and click on the default appGatewayBackendPool.

Now we will need to select to where we will need to redirect all incoming requests to. So the Target will be our Virtual Machine hosting the confluence services. So make sure that you select the right Target, Virtual Machine and NIC. Click Save when done.

Step 3: We will now be configuring the ports where we can forward traffic to on your VM. Go to HTTP settings, and click on Add.

Here we are going to create a listener for the Jira website that is listening by default on port 8080 on the webserver. So fill in a name, and the port. For easy overview I used the final end user URL.

We will do the same for confluence, that is listening on port 8090

The final result should like this. As you can see, there is a blue exclamation mark telling you that it’s still updating, I would advise to wait until the update is complete.

Step 4: Next step is to configure the external listeners. You want to make sure that the correct websites ends at the right port on the virtual machine. So lets create a Multi-Site listener in the Listeners tab.

First we will create the listener on HTTPS, we will do the HTTP redirect in the next step. So repeat this step for both Jira and the Confluence URL. You might be required to reupload your certificate again by clicking Renew or edit selected certificate.

Next we will need to create the HTTP listener rule, so create again a multi-site listener for both the Jira and the Confluence rol, this time create a new port that listens on Port 80.

Step 5: Now we will need to create the rules that will do all the work, and connect all lines. So go to the Rules tab, and add a Basic Rule.

First we will create the rule to redirect jira.2azure.nl to the virtual machine on port 8080.

Second create a rule to redirect confluence.2azure.nl to the virtual machine on port 8090.

We will need to create 2 more rules, and that is the HTTP to HTTPS redirect. Make 2 basic rules with the settings as below, for both URL’s.

Step 6: Cleanup default settings, we will need to delete all default settings. So now first delete the default appGatewayBackendHTTP setting at HTTP Settings.

Confirm delete….

Now do the same with the default HTTP listener

Confirm again…

You should now be able to test your websites. If there is something wrong, first check your Backend health, this should give you a good idea about the redirects to your virtual machine in the backend.

If you have any questions, suggestions or recommendations or improvements, please let me know! I hope this helped to get you up and running with Azure Application Gateway.

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *