Reputation: 2333
How to use Multiple/Wildcard hosttype in Azure Application Gateway for various API endpoints
I have configured Azure application gateway for a Front End (FE) Web App and an API Web App (Backend) Both the app services are private endpoint enabled and VNET integrated The FE web app is working fine
But the API app or the backend App is being called by Mulesoft which is sitting in AWS This API or BE app has multiple APIs, so one API calling another API
Right now in the Listener Type in App Gateway , it is set to "Multi site" with Host Type --> Single and the URL is "my-api-dev.contoso.com".
This is the friendly URL of my BE web app which is set as Custom Domain in my Web App
So in order to achieve my use case as mentioned above, what do i need to do in the App Gateway listener for this API Backend App ?
Should i choose Hosttype "Multiple/Wildcard" and then what do i specify in there?
From Mulesoft the format of the APIs that are being called are :
"my-api-dev.contoso.com//token",
"my-api-dev.contoso.com/api/shippingnotice",
so on and so forth.
I am using Terraform to configure my App Gateway
So in Terraform, where do i make the change ?
Is it in this part of the code where i am specifying "url_path_map" ? here?
url_path_map = {
api = {
name = "api-path"
default_backend_address_pool_name = "api-pool"
default_backend_http_settings_name = "api-http"
path_rules = [
{
name = "api-path-rule"
paths = ["/api/*"]
backend_address_pool_name = "api-pool"
backend_http_settings_name = "api-http"
firewall_policy_id = azurerm_web_application_firewall_policy.web_application_firewall_policy.id
}
]
}
}
Looking forward to some help on this
Upvotes: 0
Views: 809
Answers (1)
Reputation: 10859
In url_path_map , you can define path rules one after the other with path_rule for the backend with proper api and http settings.
The url_path_map is used to specify Path patterns to back-end server pool mappings.
Please check below code .
example:
resource "azurerm_virtual_network" "vnet" {
name = "kavyavnet"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "integrationsubnet" {
name = "integrationsubnet"
resource_group_name = data.azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
delegation {
name = "delegation"
service_delegation {
name = "Microsoft.Web/serverFarms"
}
}
}
resource "azurerm_subnet" "endpointsubnet" {
name = "endpointsubnet"
resource_group_name = data.azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
private_endpoint_network_policies_enabled = true
}
resource "azurerm_service_plan" "appserviceplan" {
name = "kaaappserviceplan"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
os_type = "Windows"
sku_name = "P1v2"
}
resource "azurerm_windows_web_app" "frontwebapp" {
name = "myfrntendappnme"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
service_plan_id = azurerm_service_plan.appserviceplan.id
site_config {}
app_settings = {
"WEBSITE_DNS_SERVER": "168.63.129.16",
"WEBSITE_VNET_ROUTE_ALL": "1"
}
}
resource "azurerm_app_service_virtual_network_swift_connection" "vnetintegrationconnection" {
app_service_id = azurerm_windows_web_app.frontwebapp.id
subnet_id = azurerm_subnet.integrationsubnet.id
}
resource "azurerm_windows_web_app" "backwebapp" {
name = "backendappnm"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
service_plan_id = azurerm_service_plan.appserviceplan.id
site_config {}
}
resource "azurerm_private_dns_zone" "dnsprivatezone" {
name = "privatelink.azurewebsites.net"
resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "dnszonelink" {
name = "dnszonelink"
resource_group_name = data.azurerm_resource_group.example.name
private_dns_zone_name = azurerm_private_dns_zone.dnsprivatezone.name
virtual_network_id = azurerm_virtual_network.vnet.id
}
resource "azurerm_private_endpoint" "privateendpoint" {
name = "backwebappprivateendpoint"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
subnet_id = azurerm_subnet.endpointsubnet.id
private_dns_zone_group {
name = "privatednszonegroup"
private_dns_zone_ids = [azurerm_private_dns_zone.dnsprivatezone.id]
}
private_service_connection {
name = "privateendpointconnection"
private_connection_resource_id = azurerm_windows_web_app.backwebapp.id
subresource_names = ["sites"]
is_manual_connection = false
}
}
resource "azurerm_public_ip" "pip" {
name = "acceptanceTestPublicIp1"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
allocation_method = "Static"
sku = "Standard"
tags = {
environment = "Production"
}
}
resource "azurerm_network_security_group" "myNSG" {
name = "kavya-nsg"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
security_rule {
name = "Allow_Port_65200_to_65535"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "65200-65535"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "myNSGAssociation"
{
subnet_id = azurerm_subnet.integrationsubnet.id
network_security_group_id = azurerm_network_security_group.myNSG.id
}
resource "azurerm_application_gateway" "main" {
name = "myAppGateway"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.integrationsubnet.id
}
frontend_port {
name = var.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = var.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.pip.id
}
backend_address_pool {
name = var.backend_address_pool_name
}
backend_http_settings {
name = var.http_setting_name
cookie_based_affinity = "Disabled"
port = 80
protocol = "Http"
request_timeout = 60
}
url_path_map {
name = "myurl-path-map"
default_backend_address_pool_name = var.backend_address_pool_name
default_backend_http_settings_name = var.http_setting_name
#path rule 1
path_rule {
name = "api-token-rule"
paths = ["/app1/*"]
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
}
#path rule 2
path_rule {
name = "api-shippingnotice-rule"
paths = ["/api2/*"]
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
}
}
http_listener {
name = var.listener_name
frontend_ip_configuration_name = var.frontend_ip_configuration_name
frontend_port_name = var.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = var.request_routing_rule_name
rule_type = "Basic"
http_listener_name = var.listener_name
backend_address_pool_name = var.backend_address_pool_name
backend_http_settings_name = var.http_setting_name
priority = 1
}
}
Note : For the above configuration, make sure to allow incoming Internet traffic on TCP ports 65503-65534 for the Application Gateway v1 SKU and TCP ports 65200-65535 for the v2 SKU
Please also check Reference: GitHub - kumarvna/terraform-azurerm-application-gateway: Terraform module to create Azure Application gateway
Upvotes: 0
Related Questions
- InternalServerError for Application Gateway and API Management - Azure/Terraform
- Is it possible to add a new listener, backend address pool, and request routing rule(s) to an existing Azure Application Gateway using Terraform?
- Azure Application Gateway not showing VM from other VNet in backend pool
- Azure App Service behind Azure Application Gateway
- Should I use one or multiple Azure App Gateway with multiple environments (dev, test, prod)?
- Azure Application gateway integration with apim in two different vnets
- Configure Application Gateway with API Management using Azure Portal
- Application Gateway 502 error when configuring it for Azure Web App