From 030dd56a36488ce31706d0bbe0a852f7f1f61848 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Sat, 5 Oct 2024 21:15:36 +0800 Subject: [PATCH 1/6] Update azuredeploy.json to updated APIs Update azuredeploy.json as it's calling old APIs and it does not work. in general, updated all the API version call for the resources and any dependencies fixed Application gateway requirements for the new API calls including changing the syntaxes fixed application gateway https health probes configuration changed the appgw nsg rules to accomodate azure's requirements --- .../azuredeploy.json | 584 +++++++++--------- 1 file changed, 296 insertions(+), 288 deletions(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index 9079eb30b0f0..5f771cff390c 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -17,29 +17,28 @@ }, "windowsOSVersion": { "type": "string", - "defaultValue": "2016-Datacenter", + "defaultValue": "2022-datacenter", "allowedValues": [ - "2012-R2-Datacenter", - "2016-Datacenter" + "2022-datacenter" + "2019-datacenter" ], "metadata": { - "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2012-R2-Datacenter, 2016-Datacenter." + "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2022-Datacenter, 2019-Datacenter." } }, "virtualMachineSize": { "type": "string", - "defaultValue": "Standard_D2_v3", + "defaultValue": "Standard_D2as_v5", "metadata": { - "description": "The virtual machine size. Allowed values: Standard_A1, Standard_A2, Standard_A3." + "description": "The virtual machine size." } }, "applicationGatewaySize": { "type": "string", "allowedValues": [ - "WAF_Medium", - "WAF_Large" + "WAF_v2" ], - "defaultValue": "WAF_Medium", + "defaultValue": "WAF_v2", "metadata": { "description": "Application Gateway size" } @@ -159,33 +158,34 @@ }, "resources": [ { - "comments": "Availability set for the web servers", - "type": "Microsoft.Compute/availabilitySets", - "sku": { - "name": "Aligned" - }, - "name": "[variables('webAvailabilitySetName')]", - "apiVersion": "2020-12-01", - "location": "[parameters('location')]", - "properties": { - "platformUpdateDomainCount": 5, - "platformFaultDomainCount": 2, - "virtualMachines": [ - { - "id": "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]" - }, - { - "id": "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" - } - ] + "comments": "Availability set for the web servers", + "type": "Microsoft.Compute/availabilitySets", + "sku": { + "name": "Aligned" + }, + "name": "[variables('webAvailabilitySetName')]", + "apiVersion": "2024-07-01", + "location": "[parameters('location')]", + "properties": { + "platformUpdateDomainCount": 5, + "platformFaultDomainCount": 2, + "virtualMachines": [ + { + "id": "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]" }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" - ] - }, + { + "id": "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]", + "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" + ] +} +, { - "apiVersion": "2016-03-30", + "apiVersion": "2024-03-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('vm1PublicIPAddressName')]", "location": "[parameters('location')]", @@ -194,7 +194,7 @@ } }, { - "apiVersion": "2016-03-30", + "apiVersion": "2024-03-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('vm2PublicIPAddressName')]", "location": "[parameters('location')]", @@ -203,12 +203,15 @@ } }, { - "apiVersion": "2017-03-01", + "apiVersion": "2024-03-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('appGwPublicIpName')]", "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, "properties": { - "publicIPAllocationMethod": "Dynamic" + "publicIPAllocationMethod": "Static" } }, { @@ -304,7 +307,7 @@ "description": "Allow ports for App Gw probes", "protocol": "Tcp", "sourcePortRange": "*", - "destinationPortRange": "65503-65534 ", + "destinationPortRange": "65200-65535 ", "sourceAddressPrefix": "*", "destinationAddressPrefix": "*", "access": "Allow", @@ -316,250 +319,250 @@ } }, { - "apiVersion": "2016-03-30", - "type": "Microsoft.Network/virtualNetworks", - "name": "[variables('virtualNetworkName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('webNsgName'))]", - "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('appGwNsgName'))]" - ], - "properties": { - "addressSpace": { - "addressPrefixes": [ - "[variables('addressPrefix')]" - ] - }, - "subnets": [ - { - "name": "[variables('webSubnetName')]", - "properties": { - "addressPrefix": "[variables('webSubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('webNsgName'))]" - } - } - }, - { - "name": "[variables('appGatewaySubnetName')]", - "properties": { - "addressPrefix": "[variables('appGatewaySubnetPrefix')]", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('appGwNsgName'))]" - } - } + "apiVersion": "2023-11-01", + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('webNsgName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups/', variables('appGwNsgName'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('webSubnetName')]", + "properties": { + "addressPrefix": "[variables('webSubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('webNsgName'))]" } - ] + } + }, + { + "name": "[variables('appGatewaySubnetName')]", + "properties": { + "addressPrefix": "[variables('appGatewaySubnetPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('appGwNsgName'))]" + } + } } - }, + ] + } +}, { - "apiVersion": "2016-03-30", - "type": "Microsoft.Network/networkInterfaces", - "name": "[variables('vm1NicName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses/', variables('vm1PublicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfigVm1", - "properties": { - "privateIPAddress": "[variables('vm1IpAddress')]", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('vm1PublicIPAddressName'))]" - }, - "subnet": { - "id": "[variables('webSubnetRef')]" - } - } + "apiVersion": "2024-03-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('vm1NicName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses/', variables('vm1PublicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfigVm1", + "properties": { + "privateIPAddress": "[variables('vm1IpAddress')]", + "privateIPAllocationMethod": "Static", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('vm1PublicIPAddressName'))]" + }, + "subnet": { + "id": "[variables('webSubnetRef')]" } - ] + } } - }, + ] + } +}, { - "apiVersion": "2016-03-30", - "type": "Microsoft.Network/networkInterfaces", - "name": "[variables('vm2NicName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses/', variables('vm2PublicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfigVm2", - "properties": { - "privateIPAddress": "[variables('vm2IpAddress')]", - "privateIPAllocationMethod": "Static", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('vm2PublicIPAddressName'))]" - }, - "subnet": { - "id": "[variables('webSubnetRef')]" - } - } + "apiVersion": "2024-03-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('vm2NicName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses/', variables('vm2PublicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfigVm2", + "properties": { + "privateIPAddress": "[variables('vm2IpAddress')]", + "privateIPAllocationMethod": "Static", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('vm2PublicIPAddressName'))]" + }, + "subnet": { + "id": "[variables('webSubnetRef')]" } - ] + } + } + ] + } +}, + { + "apiVersion": "2024-07-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('vm1Name')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces/', variables('vm1NicName'))]" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[variables('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vm1Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[parameters('windowsOSVersion')]", + "version": "latest" + }, + "osDisk": { + "name": "[variables('vm1Name')]", + "caching": "ReadWrite", + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Standard_LRS" + } } }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('vm1NicName'))]" + } + ] + } + }, + "resources": [ { - "apiVersion": "2016-04-30-preview", - "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('vm1Name')]", + "name": "Microsoft.Powershell.DSC", + "type": "extensions", "location": "[parameters('location')]", + "apiVersion": "2024-07-01", "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces/', variables('vm1NicName'))]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]" ], "properties": { - "hardwareProfile": { - "vmSize": "[variables('vmSize')]" - }, - "osProfile": { - "computerName": "[variables('vm1Name')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "[variables('imagePublisher')]", - "offer": "[variables('imageOffer')]", - "sku": "[parameters('windowsOSVersion')]", - "version": "latest" + "publisher": "Microsoft.Powershell", + "type": "DSC", + "typeHandlerVersion": "2.9", + "autoUpgradeMinorVersion": true, + "forceUpdateTag": "1.0", + "settings": { + "configuration": { + "url": "[variables('dscZipFullPath')]", + "script": "iisInstall.ps1", + "function": "InstallIIS" }, - "osDisk": { - "name": "[variables('vm1Name')]", - "caching": "ReadWrite", - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - } + "configurationArguments": { + "nodeName": "[variables('vm1Name')]", + "vmNumber": "vm1", + "backendCert": "[parameters('backendCertData')]", + "backendCertPw": "[parameters('backendCertPassword')]", + "backendCertDnsName": "[parameters('backendCertDnsName')]", + "webConfigPath": "[variables('webConfigFullPath')]", + "defaultHtmPath": "[variables('vm1DefaultHtmFullPath')]" } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('vm1NicName'))]" - } - ] } + } + } + ] +}, + { + "apiVersion": "2024-07-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('vm2Name')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces/', variables('vm2NicName'))]" + ], + "properties": { + "hardwareProfile": { + "vmSize": "[variables('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vm2Name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[parameters('windowsOSVersion')]", + "version": "latest" }, - "resources": [ + "osDisk": { + "name": "[variables('vm2Name')]", + "caching": "ReadWrite", + "createOption": "FromImage", + "managedDisk": { + "storageAccountType": "Standard_LRS" + } + } + }, + "networkProfile": { + "networkInterfaces": [ { - "name": "Microsoft.Powershell.DSC", - "type": "extensions", - "location": "[parameters('location')]", - "apiVersion": "2016-04-30-preview", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vm1Name'))]" - ], - "properties": { - "publisher": "Microsoft.Powershell", - "type": "DSC", - "typeHandlerVersion": "2.9", - "autoUpgradeMinorVersion": true, - "forceUpdateTag": "1.0", - "settings": { - "configuration": { - "url": "[variables('dscZipFullPath')]", - "script": "iisInstall.ps1", - "function": "InstallIIS" - }, - "configurationArguments": { - "nodeName": "[variables('vm1Name')]", - "vmNumber": "vm1", - "backendCert": "[parameters('backendCertData')]", - "backendCertPw": "[parameters('backendCertPassword')]", - "backendCertDnsName": "[parameters('backendCertDnsName')]", - "webConfigPath": "[variables('webConfigFullPath')]", - "defaultHtmPath": "[variables('vm1DefaultHtmFullPath')]" - } - } - } + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('vm2NicName'))]" } ] - }, + } + }, + "resources": [ { - "apiVersion": "2016-04-30-preview", - "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('vm2Name')]", + "name": "Microsoft.Powershell.DSC", + "type": "extensions", "location": "[parameters('location')]", + "apiVersion": "2024-07-01", "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces/', variables('vm2NicName'))]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" ], "properties": { - "hardwareProfile": { - "vmSize": "[variables('vmSize')]" - }, - "osProfile": { - "computerName": "[variables('vm2Name')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]" - }, - "storageProfile": { - "imageReference": { - "publisher": "[variables('imagePublisher')]", - "offer": "[variables('imageOffer')]", - "sku": "[parameters('windowsOSVersion')]", - "version": "latest" + "publisher": "Microsoft.Powershell", + "type": "DSC", + "typeHandlerVersion": "2.9", + "autoUpgradeMinorVersion": true, + "forceUpdateTag": "1.0", + "settings": { + "configuration": { + "url": "[variables('dscZipFullPath')]", + "script": "iisInstall.ps1", + "function": "InstallIIS" }, - "osDisk": { - "name": "[variables('vm2Name')]", - "caching": "ReadWrite", - "createOption": "FromImage", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - } - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('vm2NicName'))]" - } - ] - } - }, - "resources": [ - { - "name": "Microsoft.Powershell.DSC", - "type": "extensions", - "location": "[parameters('location')]", - "apiVersion": "2016-04-30-preview", - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('vm2Name'))]" - ], - "properties": { - "publisher": "Microsoft.Powershell", - "type": "DSC", - "typeHandlerVersion": "2.9", - "autoUpgradeMinorVersion": true, - "forceUpdateTag": "1.0", - "settings": { - "configuration": { - "url": "[variables('dscZipFullPath')]", - "script": "iisInstall.ps1", - "function": "InstallIIS" - }, - "configurationArguments": { - "nodeName": "[variables('vm2Name')]", - "vmNumber": "vm2", - "backendCert": "[parameters('backendCertData')]", - "backendCertPw": "[parameters('backendCertPassword')]", - "backendCertDnsName": "[parameters('backendCertDnsName')]", - "webConfigPath": "[variables('webConfigFullPath')]", - "defaultHtmPath": "[variables('vm2DefaultHtmFullPath')]" - } - } + "configurationArguments": { + "nodeName": "[variables('vm2Name')]", + "vmNumber": "vm2", + "backendCert": "[parameters('backendCertData')]", + "backendCertPw": "[parameters('backendCertPassword')]", + "backendCertDnsName": "[parameters('backendCertDnsName')]", + "webConfigPath": "[variables('webConfigFullPath')]", + "defaultHtmPath": "[variables('vm2DefaultHtmFullPath')]" } } - ] - }, + } + } + ] +}, { - "apiVersion": "2017-06-01", + "apiVersion": "2024-03-01", "name": "[variables('applicationGatewayName')]", "type": "Microsoft.Network/applicationGateways", "location": "[parameters('location')]", @@ -570,7 +573,7 @@ "properties": { "sku": { "name": "[parameters('applicationGatewaySize')]", - "tier": "WAF", + "tier": "WAF_v2", "capacity": "[parameters('capacity')]" }, "sslCertificates": [ @@ -592,7 +595,7 @@ } } ], - "authenticationCertificates": [ + "trustedRootCertificates": [ { "properties": { "data": "[parameters('backendPublicKeyData')]" @@ -653,10 +656,14 @@ "properties": { "Port": 443, "Protocol": "Https", + "cookieBasedAffinity": "Disabled", + "hostName": "[parameters('backendCertDnsName')]", + "pickHostNameFromBackendAddress": false, + "requestTimeout": 30, "CookieBasedAffinity": "Disabled", - "AuthenticationCertificates": [ + "TrustedRootCertificates": [ { - "Id": "[resourceId('Microsoft.Network/applicationGateways/authenticationCertificates', variables('applicationGatewayName'), 'appGatewayBackendCert')]" + "Id": "[resourceId('Microsoft.Network/applicationGateways/trustedRootCertificates', variables('applicationGatewayName'), 'appGatewayBackendCert')]" } ] } @@ -692,37 +699,39 @@ } ], "requestRoutingRules": [ - { - "Name": "HTTPRule", - "properties": { - "RuleType": "Basic", - "httpListener": { - "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpListener')]" - }, - "backendAddressPool": { - "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]" - }, - "backendHttpSettings": { - "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpSettings')]" - } - } - }, - { - "Name": "HTTPSRule", - "properties": { - "RuleType": "Basic", - "httpListener": { - "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpsListener')]" - }, - "backendAddressPool": { - "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]" - }, - "backendHttpSettings": { - "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpsSettings')]" - } - } - } - ], + { + "name": "HTTPRule", + "properties": { + "ruleType": "Basic", + "httpListener": { + "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpListener')]" + }, + "backendAddressPool": { + "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]" + }, + "backendHttpSettings": { + "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpSettings')]" + }, + "priority": 100 + } + }, + { + "name": "HTTPSRule", + "properties": { + "ruleType": "Basic", + "httpListener": { + "id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpsListener')]" + }, + "backendAddressPool": { + "id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]" + }, + "backendHttpSettings": { + "id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpsSettings')]" + }, + "priority": 200 + } + } +], "webApplicationFirewallConfiguration": { "enabled": "[variables('wafEnabled')]", "firewallMode": "[variables('wafMode')]", @@ -734,4 +743,3 @@ ], "outputs": {} } - From 266660fa1b175f644ae3f36dd9be6c58481a8023 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Sat, 5 Oct 2024 22:30:23 +0800 Subject: [PATCH 2/6] Update azuredeploy.json --- .../application-gateway-2vms-iis-ssl/azuredeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index 5f771cff390c..ff40342ea5d7 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -19,7 +19,7 @@ "type": "string", "defaultValue": "2022-datacenter", "allowedValues": [ - "2022-datacenter" + "2022-datacenter", "2019-datacenter" ], "metadata": { From 5e3166f7356b2bf9f32e6537213551349958bba4 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Mon, 7 Oct 2024 10:04:31 +0800 Subject: [PATCH 3/6] Update azuredeploy.json --- .../azuredeploy.json | 37 +++++++++++++++---- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index ff40342ea5d7..36540f3204a0 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", + "contentVersion": "1.0.0.1", "parameters": { "adminUsername": { "type": "string", @@ -150,7 +150,7 @@ "wafEnabled": true, "wafMode": "[parameters('wafMode')]", "wafRuleSetType": "OWASP", - "wafRuleSetVersion": "3.0", + "wafRuleSetVersion": "3.2", "dscZipFullPath": "[uri(parameters('_artifactsLocation'), concat('DSC/iisInstall.ps1.zip', parameters('_artifactsLocationSasToken')))]", "webConfigFullPath": "[uri(parameters('_artifactsLocation'), concat('artifacts/web.config', parameters('_artifactsLocationSasToken')))]", "vm1DefaultHtmFullPath": "[uri(parameters('_artifactsLocation'), concat('artifacts/vm1.default.htm', parameters('_artifactsLocationSasToken')))]", @@ -563,12 +563,12 @@ }, { "apiVersion": "2024-03-01", - "name": "[variables('applicationGatewayName')]", - "type": "Microsoft.Network/applicationGateways", - "location": "[parameters('location')]", - "dependsOn": [ - "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", - "[resourceId('Microsoft.Network/publicIPAddresses/', variables('appGwPublicIpName'))]" + "name": "[variables('applicationGatewayName')]", + "type": "Microsoft.Network/applicationGateways", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/publicIPAddresses/', variables('appGwPublicIpName'))]" ], "properties": { "sku": { @@ -576,6 +576,24 @@ "tier": "WAF_v2", "capacity": "[parameters('capacity')]" }, + "sslPolicy": { + "policyType": "Custom", + "minProtocolVersion": "TLSv1_2", + "cipherSuites": [ + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] + }, + "frontendPorts": [ + { + "name": "https", + "properties": { + "Port": 443 + } + } + ], "sslCertificates": [ { "name": "appGatewayFrontEndSslCert", @@ -736,6 +754,9 @@ "enabled": "[variables('wafEnabled')]", "firewallMode": "[variables('wafMode')]", "ruleSetType": "[variables('wafRuleSetType')]", + "requestBodyCheck": true, + "maxRequestBodySizeInKb": 128, + "fileUploadLimitInMb": 100, "ruleSetVersion": "[variables('wafRuleSetVersion')]" } } From 44228412699fcc6566857ea6091d6a367e6d9a05 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Mon, 7 Oct 2024 10:30:00 +0800 Subject: [PATCH 4/6] Update azuredeploy.json --- .../application-gateway-2vms-iis-ssl/azuredeploy.json | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index 36540f3204a0..8d8d78d5697f 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -586,14 +586,6 @@ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ] }, - "frontendPorts": [ - { - "name": "https", - "properties": { - "Port": 443 - } - } - ], "sslCertificates": [ { "name": "appGatewayFrontEndSslCert", @@ -678,7 +670,6 @@ "hostName": "[parameters('backendCertDnsName')]", "pickHostNameFromBackendAddress": false, "requestTimeout": 30, - "CookieBasedAffinity": "Disabled", "TrustedRootCertificates": [ { "Id": "[resourceId('Microsoft.Network/applicationGateways/trustedRootCertificates', variables('applicationGatewayName'), 'appGatewayBackendCert')]" @@ -754,7 +745,7 @@ "enabled": "[variables('wafEnabled')]", "firewallMode": "[variables('wafMode')]", "ruleSetType": "[variables('wafRuleSetType')]", - "requestBodyCheck": true, + "requestBodyCheck": true, "maxRequestBodySizeInKb": 128, "fileUploadLimitInMb": 100, "ruleSetVersion": "[variables('wafRuleSetVersion')]" From 4e8256be78c84b41599a9db1cf95c3ee4340a8f7 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Mon, 7 Oct 2024 11:19:46 +0800 Subject: [PATCH 5/6] Update azuredeploy.json --- .../azuredeploy.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index 8d8d78d5697f..6a7e061eb3f4 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -160,11 +160,11 @@ { "comments": "Availability set for the web servers", "type": "Microsoft.Compute/availabilitySets", + "apiVersion": "2024-07-01", "sku": { "name": "Aligned" }, "name": "[variables('webAvailabilitySetName')]", - "apiVersion": "2024-07-01", "location": "[parameters('location')]", "properties": { "platformUpdateDomainCount": 5, @@ -185,7 +185,7 @@ } , { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('vm1PublicIPAddressName')]", "location": "[parameters('location')]", @@ -194,7 +194,7 @@ } }, { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('vm2PublicIPAddressName')]", "location": "[parameters('location')]", @@ -203,7 +203,7 @@ } }, { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/publicIPAddresses", "name": "[variables('appGwPublicIpName')]", "location": "[parameters('location')]", @@ -215,7 +215,7 @@ } }, { - "apiVersion": "2016-03-30", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('webNsgName')]", "location": "[parameters('location')]", @@ -267,7 +267,7 @@ } }, { - "apiVersion": "2016-03-30", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/networkSecurityGroups", "name": "[variables('appGwNsgName')]", "location": "[parameters('location')]", @@ -356,7 +356,7 @@ } }, { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('vm1NicName')]", "location": "[parameters('location')]", @@ -383,7 +383,7 @@ } }, { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "type": "Microsoft.Network/networkInterfaces", "name": "[variables('vm2NicName')]", "location": "[parameters('location')]", @@ -562,7 +562,7 @@ ] }, { - "apiVersion": "2024-03-01", + "apiVersion": "2023-11-01", "name": "[variables('applicationGatewayName')]", "type": "Microsoft.Network/applicationGateways", "location": "[parameters('location')]", From 4f465a14293f8340834766468ef7ee692ffb1f92 Mon Sep 17 00:00:00 2001 From: Eddy Ng <57738387+WplusAzureAuto@users.noreply.github.com> Date: Wed, 9 Oct 2024 00:39:55 +0800 Subject: [PATCH 6/6] Update azuredeploy.json --- .../application-gateway-2vms-iis-ssl/azuredeploy.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json index 6a7e061eb3f4..7b172a8f13e7 100644 --- a/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json +++ b/quickstarts/microsoft.network/application-gateway-2vms-iis-ssl/azuredeploy.json @@ -745,7 +745,8 @@ "enabled": "[variables('wafEnabled')]", "firewallMode": "[variables('wafMode')]", "ruleSetType": "[variables('wafRuleSetType')]", - "requestBodyCheck": true, + "disabledRuleGroups": [], + "requestBodyCheck": true, "maxRequestBodySizeInKb": 128, "fileUploadLimitInMb": 100, "ruleSetVersion": "[variables('wafRuleSetVersion')]"