我试图在Azure中编写一堆资源的脚本,作为其中的一部分,我需要一个Web应用程序,以便能够通过vNet与VM上运行的服务进行通信 .
我创建了一个模板,它似乎做了创建连接所需的一切,但由于某种原因没有 Build 连接 . 查看门户网站显示该站点已连接到vNet并且证书已同步,但vNet网关上的点对站配置未显示活动连接 .
但是,如果我从vNet断开Web应用程序的连接,然后使用Azure门户中的设置按钮重新连接到同一个vNet,一切都可以正常工作 .
我的模板中肯定有一些东西,但是过去几个小时看起来我无法解决问题
这是我的ARM模板
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('nsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('infrastructureNsgName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"securityRules": []
},
"resources": [ ],
"dependsOn": [ ]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('vnetName')]",
"apiVersion": "2016-03-30",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"subnets": [
{
"name": "default",
"properties": {
"addressPrefix": "10.1.0.0/17",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"name": "infrastructure",
"properties": {
"addressPrefix": "10.1.254.0/24",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
}
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "10.1.128.0/24"
}
}
]
},
"resources": [ ],
"dependsOn": [
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('infrastructureNsgName'))]"
]
},
{
"type": "Microsoft.Web/sites",
"kind": "api",
"name": "[variables('gatewaySiteName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewaySiteName')]",
"hostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]"
],
"enabledHostNames": [
"[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]"
],
"hostNameSslStates": [
{
"name": "[concat(variables('gatewaySiteName'),'.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
},
{
"name": "[concat(variables('gatewaySiteName'),'.scm.azurewebsites.net')]",
"sslState": 0,
"thumbprint": null,
"ipBasedSslState": 0
}
],
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]"
},
"resources": [],
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('gatewayServerFarmName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
]
},
{
"type": "Microsoft.Web/serverfarms",
"sku": {
"name": "S1",
"tier": "Standard",
"size": "S1",
"family": "S",
"capacity": 1
},
"kind": "",
"name": "[variables('gatewayServerFarmName')]",
"apiVersion": "2015-08-01",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('gatewayServerFarmName')]",
"numberOfWorkers": 1
},
"resources": [ ],
"dependsOn": [ ]
},
{
"name": "[variables('vnetGatewayIpName')]",
"type": "Microsoft.Network/publicIPAddresses",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"name": "[variables('vnetGatewayName')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"apiVersion": "2015-06-15",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('vnetGatewayIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('vnetName'),'GatewaySubnet')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('vnetGatewayIpName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": false,
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"172.16.201.0/24"
]
},
"vpnClientRootCertificates": [
{
"name": "AppServiceCertificate.cer",
"properties": {
"PublicCertData": "[reference(concat('Microsoft.Web/sites/', variables('gatewaySiteName'), '/virtualNetworkConnections/virtualNetworkConnections')).certBlob]"
}
}
]
}
}
},
{
"name": "[variables('gatewayVnetConnectionName')]",
"type": "Microsoft.Web/sites/virtualNetworkConnections",
"location": "[parameters('location')]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('gatewaySiteName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('vnetName'))]"
],
"properties": {
"vnetResourceId": "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
}
}
]
}
2 回答
我只能通过ARM模板来完成这项工作 . 但是,如果您可以在创建后再花费一个PowerShell命令,那么它可以很好地工作:
编辑:
这不符合我的想法 .
要重新同步Point-to-site证书:
$ ResourceGroup =“WeMadeThatInWestEuropeDidntWe”
#VNET名称或网关名称,尝试使用网关名称!
$ vnetName =“JimAreYouSureThisIsTheStagingVNET”;
$ PropertiesObject = @
Set-AzureRmResource -PropertyObject $ PropertiesObject -ResourceGroupName $ ResourceGroup
-ResourceType Microsoft.Web / sites / virtualNetworkConnections-ResourceName $ VnetName
-ApiVersion 2015-08-01`
-Force -Verbose
在Azure门户中将其配置正确后找到正确设置的一种好方法是深入了解 . 这可以通过查看Azure门户中的https://resources.azure.com/或Resource Explorer来完成 .
在这里,您将找到它正在工作状态的json,并将它们与您的ARM模板进行比较 . 这些设置无法一对一复制,但接近完成 . 找到差异,祝你好运 .