Azure应用程序网关WAF_V2无法进行ARM部署

编程问答 2022-08-16

问题描述

在部署具有多个侦听器的App网关waf_v2时出错。对于单个列表器,它工作正常。

错误

{“代码”:“ DeploymentFailed”,“消息”:“至少一项资源部署操作失败。请列出部署操作以了解详细信息。请参阅https://aka.ms/DeployOperations获取使用详细信息。”,“详细信息”:[ {“代码”:“ BadRequest”,“消息”:“ {\ r \ n”错误“:{\ r \ n”代码“:” ApplicationGatewayHttpListenersUsingSameFrontendPortAndFrontendIpConfig“,\ r \ n”消息“:”应用程序的两个Http侦听器网关journal-listner和attachmentmgmt-listner使用相同的前端端口/subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1 / frontendPorts / frontendPorts和FrontendIpConfiguration /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendIPConfigurations/P。 r \ n“详细信息”:[] \ r \ n} \ r \ n}“}]}

模板代码

  // Application Gateway
{
  "name": "[parameters('applicationGatewayName')]","type": "Microsoft.Network/applicationGateways","apiVersion": "2020-03-01","location": "[parameters('location')]","zones": "[parameters('availabilityZones')]","properties": {
    "sku": {
      "name": "WAF_v2","tier": "WAF_v2","capacity": "[parameters('capacity')]"
    },"sslCertificates": [
      {
        "name": "[parameters('certName')]","properties": {
          "data": "[parameters('certData')]","password": "[parameters('certPassword')]"
        }
      }
    ],"gatewayIPConfigurations": [
      {
        "name": "gatewayIp","properties": {
          "subnet": {
            "id": "[variables('subnetRef')]"
          }
        }
      }
    ],"trustedRootCertificates": "[parameters('trustedRootCertificates')]","frontendIPConfigurations": [
      {
        "name": "PublicFrontendIp","properties": {
          "privateIPAllocationMethod": "Dynamic","publicIPAddress": {
            "id": "[parameters('publicIpResourceId')]"
          }
        }
      },{
        "name": "PrivateFrontendIp","properties": {
          "privateIPAddress": "[parameters('privateIPAddress')]","privateIPAllocationMethod": "Static","subnet": {
            "id": "[variables('subnetRef')]"
          }
        }
      }
    ],"frontendPorts": [
      {
        "name": "frontendPorts","properties": {
          "Port": 443
        }
      }
    ],"backendAddresspools": "[parameters('backendAddresspools')]","probes": "[parameters('probes')]","copy": [
      {
        "name": "backendHttpSettingsCollection","count": "[length(parameters('backendHttpSettings'))]","input": {
          "name": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].name]","properties": {
            "port": 443,"pickHostNameFromBackendAddress": true,"protocol": "Https","probeEnabled": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probeEnabled]","probe": {
              "id": "[resourceId('Microsoft.Network/applicationGateways/probes',parameters('applicationGatewayName'),parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probe)]"
            }
          }
        }
      },{
        "name": "httpListeners","count": "[length(parameters('httpListeners'))]","input": {
          "name": "[parameters('httpListeners')[copyIndex('httpListeners')].name]","properties": {
            "protocol": "Https",// Set hostname if it exists
            "hostName": "[if(contains(parameters('httpListeners')[copyIndex('httpListeners')],'hostName'),parameters('httpListeners')[copyIndex('httpListeners')].hostName,'')]","sslCertificate": {
              "id": "[concat(variables('applicationGatewayId'),'/sslCertificates/',parameters('httpListeners')[copyIndex('httpListeners')].sslCertificateName)]"
            },"frontendIPConfiguration": {
              "id": "[concat(variables('applicationGatewayId'),'/frontendIPConfigurations/PrivateFrontendIp')]"
            },"frontendPort": {
              "id": "[concat(variables('applicationGatewayId'),'/frontendPorts/frontendPorts')]"
            }
          }
        }
      },{
        "name": "requestRoutingRules","count": "[length(parameters('requestRoutingRules'))]","input": {
          "name": "[parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].name]","properties": {
            "ruleType": "Basic","backendAddresspool": {
              "id": "[concat(variables('applicationGatewayId'),'/backendAddresspools/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendpoolName)]"
            },"backendHttpSettings": {
              "id": "[concat(variables('applicationGatewayId'),'/backendHttpSettingsCollection/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendHttpSetting)]"
            },"httpListener": {
              "id": "[concat(variables('applicationGatewayId'),'/httpListeners/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].httpListener)]"
            }
          }
        }
      }
    ],"redirectConfigurations": "[parameters('redirectConfigurations')]","enableHttp2": "[parameters('enableHttp2')]","webApplicationFirewallConfiguration": "[variables('webApplicationFirewallConfiguration')]","urlPathMaps": "[parameters('urlPathMaps')]","authenticationCertificates": "[parameters('authenticationCertificates')]","sslPolicy": {
      "policyType": "Predefined","policyName": "AppGwSslPolicy20170401S"
    },"rewriteRuleSets": "[parameters('rewriteRuleSets')]"
  }
}

使用的参数:

"backendHttpSettings": {
  "value": [
    {
      "name": "https-attachment","probeEnabled": true,"probe": "attachment-probe"
    },{
      "name": "https-journal","probe": "journal-probe"
    }
  ]
},"backendAddresspools": {
  "value": [
    {
      "name": "AttachmentServicePool","properties": {
        "backendAddresses": [
          {
            "fqdn": "attachmentmgmt-svc-api-dev-euw.aseentdev.sys.dom"
          }
        ]
      }
    },{
    "name": "journalServicePool","properties": {
        "backendAddresses": [
          {
            "fqdn": "journalmgmt-svc-api-dev-euw.aseentdev.sys.dom"
          }
        ]
      }
    }
  ]
},"availabilityZones": {
  "value": [
    1,2
  ]
},"probes": {
  "value": [

    {
      "name": "attachment-probe","properties": {
        "protocol": "Https","PickHostNameFromBackendHttpSettings": true,"path": "/index.htm","interval": 5,"timeout": 10,"match": {
          "statusCodes": [
            200
          ],"body": "SUCCESS"
        }
      }
    },{
      "name": "journal-probe","body": "SUCCESS"
        }
      }
    }
  ]
},"httpListeners": {
  "value": [
    {
      "name": "attachmentmgmt-listner","sslCertificateName": "abc"
    },{
      "name": "journal-listner","sslCertificateName": "abc"
    }
  ]
},"urlPathMaps": {
  "value": []
},"requestRoutingRules": {
  "value": [

    {
      "name": "attachment-routing-rule","backendpoolName": "AttachmentServicePool","backendHttpSetting": "https-attachment","httpListener": "attachmentmgmt-listner"
    },{
      "name": "journal-routing-rule","backendpoolName": "journalServicePool","backendHttpSetting": "https-journal","httpListener": "journal-listner"
    }
  ]
},

解决方法

您不能在同一端口上创建两个基本侦听器。多站点侦听器可以使用不同的端口或两个不同的主机名。

enter image description here

,

通过传递httplistner主机名的参数文件更改工作正常。

"httpListeners": {
"value": [
{
  "name": "listner1","sslCertificateName": "ABC","hostName": "wb.abc.dom"
},{
  "name": "listner2","hostName": "wb1.abc.dom"
}  
]
}
azureazureazureazure-application-gatewayazure-devops