create vm
az vm create \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--name my-vm \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
install nginx
az vm extension set \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--vm-name my-vm \
--name customScript \
--publisher Microsoft.Azure.Extensions \
--version 2.1 \
--settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-welcome-to-azure/master/configure-nginx.sh"]}' \
--protected-settings '{"commandToExecute": "./configure-nginx.sh"}'
{
"autoUpgradeMinorVersion": true,
"enableAutomaticUpgrade": null,
"forceUpdateTag": null,
"id": "/subscriptions/b6ac359e-da6b-45e0-a514-5a7952a913d7/resourceGroups/learn-41bdf3c1-8f16-43ee-a489-95350f41767e/providers/Microsoft.Compute/virtualMachines/my-vm/extensions/customScript",
"instanceView": null,
"location": "westus",
"name": "customScript",
"protectedSettings": null,
"protectedSettingsFromKeyVault": null,
"provisioningState": "Succeeded",
"publisher": "Microsoft.Azure.Extensions",
"resourceGroup": "learn-41bdf3c1-8f16-43ee-a489-95350f41767e",
"settings": {
"fileUris": [
"https://raw.githubusercontent.com/MicrosoftDocs/mslearn-welcome-to-azure/master/configure-nginx.sh"
]
},
"suppressFailures": null,
"tags": null,
"type": "Microsoft.Compute/virtualMachines/extensions",
"typeHandlerVersion": "2.1",
"typePropertiesType": "customScript"
}
list ip addresses
az vm list-ip-addresses
[
{
"virtualMachine": {
"name": "my-vm",
"network": {
"privateIpAddresses": [
"10.0.0.4"
],
"publicIpAddresses": [
{
"id": "/subscriptions/b6ac359e-da6b-45e0-a514-5a7952a913d7/resourceGroups/learn-41bdf3c1-8f16-43ee-a489-95350f41767e/providers/Microsoft.Network/publicIPAddresses/my-vmPublicIP",
"ipAddress": "20.237.147.253",
"ipAllocationMethod": "Dynamic",
"name": "my-vmPublicIP",
"resourceGroup": "learn-41bdf3c1-8f16-43ee-a489-95350f41767e"
}
]
},
"resourceGroup": "learn-41bdf3c1-8f16-43ee-a489-95350f41767e"
}
}
]
save ip address to the variable
IPADDRESS="$(az vm list-ip-addresses \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--name my-vm \
--query "[].virtualMachine.network.publicIpAddresses[*].ipAddress" \
--output tsv)"
echo $IPADDRESS
20.237.147.253
try query nginx service
curl --connect-timeout 5 http://$IPADDRESS
houston we have a problem
curl: (28) Connection timeout after 5001 ms
list network groups
az network nsg list \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--query '[].name' \
--output tsv
my-vmNSG
check a network group rules
az network nsg rule list \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--nsg-name my-vmNSG
[
{
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "22",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"be6a8f0a-5ae3-4b5e-9453-ed1da2a4dd1a\"",
"id": "/subscriptions/b6ac359e-da6b-45e0-a514-5a7952a913d7/resourceGroups/learn-41bdf3c1-8f16-43ee-a489-95350f41767e/providers/Microsoft.Network/networkSecurityGroups/my-vmNSG/securityRules/default-allow-ssh",
"name": "default-allow-ssh",
"priority": 1000,
"protocol": "Tcp",
"provisioningState": "Succeeded",
"resourceGroup": "learn-41bdf3c1-8f16-43ee-a489-95350f41767e",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
]
again list rules with tabular format
az network nsg rule list \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--nsg-name my-vmNSG \
--query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \
--output table
Name Priority Port Access
----------------- ---------- ------ --------
default-allow-ssh 1000 22 Allow
Priority - lower numbers means higher priority
allow access to port 80
az network nsg rule create \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--nsg-name my-vmNSG \
--name allow-http \
--protocol tcp \
--priority 100 \
--destination-port-range 80 \
--access Allow
{
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "80",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"775b1637-81f4-43e2-b8ed-42650b9ad358\"",
"id": "/subscriptions/b6ac359e-da6b-45e0-a514-5a7952a913d7/resourceGroups/learn-41bdf3c1-8f16-43ee-a489-95350f41767e/providers/Microsoft.Network/networkSecurityGroups/my-vmNSG/securityRules/allow-http",
"name": "allow-http",
"priority": 100,
"protocol": "Tcp",
"provisioningState": "Succeeded",
"resourceGroup": "learn-41bdf3c1-8f16-43ee-a489-95350f41767e",
"sourceAddressPrefix": "*",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
list rules again
az network nsg rule list \
--resource-group learn-41bdf3c1-8f16-43ee-a489-95350f41767e \
--nsg-name my-vmNSG \
--query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \
--output table
Name Priority Port Access
----------------- ---------- ------ --------
default-allow-ssh 1000 22 Allow
allow-http 100 80 Allow
check conncetion to port 80
curl --connect-timeout 5 http://$IPADDRESS
<html><body><h2>Welcome to Azure! My name is my-vm.</h2></body></html>