Fabrício Sanchez fabriciosanchez
fabriciosanchez
/ ag-whitelist-bep.ps1
Created
April 10, 2020 20:19
Creates a whitelist certification for backend pools.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 7 - upload cert for SSL-enabled backend pool resources | |
| $authcert = New-AzApplicationGatewayAuthenticationCertificate ` | |
| -Name "whitelistcert" ` | |
| -CertificateFile $gatewayCertCerPath |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 6 - create custom probes for API-M endpoints | |
| $apimprobe = New-AzApplicationGatewayProbeConfig ` | |
| -Name "apim-api-probe" ` | |
| -Protocol "Https" ` | |
| -HostName $gatewayHostname ` | |
| -Path "/status-0123456789abcdef" ` | |
| -Interval 30 ` | |
| -Timeout 120 ` | |
| -UnhealthyThreshold 8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 5 - configure HTTP listeners for the App Gateway | |
| $listener = New-AzApplicationGatewayHttpListener ` | |
| -Name "apim-api-listener" ` | |
| -Protocol "Https" ` | |
| -FrontendIPConfiguration $fipconfig01 ` | |
| -FrontendPort $fp01 ` | |
| -SslCertificate $cert ` | |
| -HostName $gatewayHostname ` | |
| -RequireServerNameIndication true |
fabriciosanchez
/ ag-certificates-configuration.ps1
Created
April 10, 2020 19:32
Creating certificate configuration for AG.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 4 - configure certs for the App Gateway | |
| $cert = New-AzApplicationGatewaySslCertificate ` | |
| -Name "apim-gw-cert" ` | |
| -CertificateFile $gatewayCertPfxPath ` | |
| -Password $certPwd | |
| $certPortal = New-AzApplicationGatewaySslCertificate ` | |
| -Name "apim-portal-cert" ` | |
| -CertificateFile $portalCertPfxPath ` | |
| -Password $certPortalPwd |
fabriciosanchez
/ ag-frontend-ip-configuration.ps1
Created
April 10, 2020 19:09
Creates a frontend IP configuration.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 3 - configure the front-end IP with the public IP endpoint | |
| $fipconfig01 = New-AzApplicationGatewayFrontendIPConfig ` | |
| -Name "frontend1" ` | |
| -PublicIPAddress $publicip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # step 2 - configure the front-end IP port for the public IP endpoint | |
| $fp01 = New-AzApplicationGatewayFrontendPort ` | |
| -Name "frontend-port443" ` | |
| -Port 443 |
fabriciosanchez
/ ag-ip-configuration.ps1
Created
April 10, 2020 18:58
Creates a new IP configuration for AG.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create Application Gateway configuration | |
| # step 1 - create App GW IP config | |
| $gipconfig = New-AzApplicationGatewayIPConfiguration ` | |
| -Name "gatewayIP" ` | |
| -Subnet $appgatewaysubnetdata |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a public IP address for the Application Gateway front-end | |
| $publicip = New-AzPublicIpAddress ` | |
| -ResourceGroupName $resGroupName ` | |
| -name "aumanager-appgw-pip" ` | |
| -location $location ` | |
| -AllocationMethod Dynamic |
fabriciosanchez
/ apim-certificates-setup.ps1
Created
April 10, 2020 18:18
Defining configuration for certificates in APIM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Specify cert configuration | |
| $gatewayHostname = "api.americasuniversity.net" | |
| $portalHostname = "portal.americasuniversity.net" | |
| $gatewayCertCerPath = "C:\AmericasUniversity\certs\api\api.americasuniversity.net.cer" | |
| $gatewayCertPfxPath = "C:\AmericasUniversity\certs\api\api.americasuniversity.net.pfx" | |
| $portalCertPfxPath = "C:\AmericasUniversity\certs\portaldev\portal.americasuniversity.net.pfx" | |
| $gatewayCertPfxPassword = "cert-api-password" | |
| $portalCertPfxPassword = "cert-portal-password" | |
| # Convert to secure string before send it over HTTP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an API Management VNET object | |
| $apimVirtualNetwork = New-AzApiManagementVirtualNetwork -SubnetResourceId $apimsubnetdata.Id | |
| # Create an API-M service inside the VNET | |
| $apimServiceName = "aumanager-apim" | |
| $apimOrganization = "Americas University" | |
| $apimAdminEmail = "{alias}@americasuniversity.net" | |
| $apimService = New-AzApiManagement ` | |
| -ResourceGroupName $resGroupName ` |