-
Notifications
You must be signed in to change notification settings - Fork 7
/
03_03_Front_Door.azurecli
59 lines (51 loc) · 2.1 KB
/
03_03_Front_Door.azurecli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#Define Deployment Variables
appNamePrefix='tws'
locations=(
"westeurope"
"northeurope"
)
resourceGroupName="${appNamePrefix}-paas-westeurope"
resourceGroup=$(az group show --name ${resourceGroupName})
resourceGroupId=$(echo $resourceGroup | jq .id -r | shasum)
nameSuffix="${resourceGroupId:0:4}"
#Create Azure Front Door
frontDoorName=${appNamePrefix}-paas-frontend-${nameSuffix}
webApp1Uri=$(az webapp list --resource-group tws-paas-westeurope | jq '.[0].name' -r).azurewebsites.net
webApp2Uri=$(az webapp list --resource-group tws-paas-northeurope | jq '.[0].name' -r).azurewebsites.net
az network front-door create \
--resource-group $resourceGroupName \
--name ${frontDoorName} \
--accepted-protocols Https \
--backend-address $webApp1Uri \
--forwarding-protocol HttpsOnly
az network front-door backend-pool backend add \
--resource-group ${resourceGroupName} \
--front-door-name ${frontDoorName} \
--pool-name DefaultBackendPool \
--address $webApp2Uri \
--backend-host-header $webApp2Uri
#Create HTTP to HTTPS Redirect Rule
az network front-door routing-rule create \
--resource-group ${resourceGroupName} \
--front-door-name ${frontDoorName} \
--name HttpToHttpsRedirect \
--frontend-endpoints DefaultFrontendEndpoint \
--accepted-protocols Http \
--route-type Redirect \
--redirect-protocol HttpsOnly \
--redirect-type Found
#Restrict access to Web Apps
for i in "${locations[@]}"; do
# Define Deployment Variables
resourceGroupName="${appNamePrefix}-paas-${i}"
resourceGroup=$(az group show --name ${resourceGroupName} --output json)
resourceGroupLocation=$(echo $resourceGroup | jq .location -r)
resourceGroupId=$(echo $resourceGroup | jq .id -r | shasum)
nameSuffix="${resourceGroupId:0:4}"
webAppName="${appNamePrefix}-web-${resourceGroupLocation}-${nameSuffix}"
az webapp config access-restriction add \
--resource-group $resourceGroupName \
--name $webAppName \
--priority 100 \
--service-tag AzureFrontDoor.Backend
done