Redirect HTTP to HTTPS in Azure Application Gateway

冷暖自知 提交于 2019-11-30 07:27:24

问题


I have configured an Application Gateway (AG) to do SSL termination/offload. The AG is configured to only listen on port 443 for HTTPS connections. Is it possible to redirect HTTP to HTTPS without having to:

  • Create a new VM that contains a webserver that redirects the traffic and configure AG to listen on port 80 with the new VM in its backend pool, or
  • Also allow HTTP connections to my application VM's and handle redirect in my application code

I'm hoping I overlooked a flag/feature in AG.


回答1:


To expand on @jonathan-mas answer,

This can be done using command line only (as of Dec 2017). I don't prefer the Powershell approach (limited portability), I prefer AZ CLI as it is more direct in answering this question.

  1. Create a listener for your HTTP traffic (e.g. FE-HTTP-80-Site). This can be done using Azure portal or CLI.

  2. Create a listener for your HTTPS traffic (e.g. FE-HTTPS-443-Site). This can be done in Azure portal or CLI.

  3. Create a redirect configuration:

az network application-gateway redirect-config create \ --gateway-name AppGateway \ -g RSgroupAppGateway \ -n Redirect-Site-toHTTPS \ --type Permanent \ --include-path true \ --include-query-string true \ --target-listener FE-HTTPS-443-Site

  1. Create a rule for the HTTP traffic:

az network application-gateway rule create \ --gateway-name AppGateway \ -g RSgroupAppGateway \ -n Rule-HTTP-80-Site \ --rule-type Basic \ --http-listener FE-HTTP-80-Site \ --redirect-config Redirect-Site-toHTTPS

Reference on Concept: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-redirect-powershell

AZ CLI Reference: https://docs.microsoft.com/en-us/cli/azure/




回答2:


This is now supported by the Azure Application Gateway product without any additional tools or services. It is configured using PowerShell as described in this link.

Relevant PoSH code copy and pasted from the reference for redirecting port 80 to 443:

# Get the application gateway
$gw = Get-AzureRmApplicationGateway -Name AdatumAppGateway -ResourceGroupName AdatumAppGatewayRG

# Get the existing HTTPS listener
$httpslistener = Get-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener -ApplicationGateway $gw

# Get the existing front end IP configuration
$fipconfig = Get-AzureRmApplicationGatewayFrontendIPConfig -Name appgatewayfrontendip -ApplicationGateway $gw

# Add a new front end port to support HTTP traffic
Add-AzureRmApplicationGatewayFrontendPort -Name appGatewayFrontendPort2  -Port 80 -ApplicationGateway $gw

# Get the recently created port
$fp = Get-AzureRmApplicationGatewayFrontendPort -Name appGatewayFrontendPort2 -ApplicationGateway $gw

# Create a new HTTP listener using the port created earlier
Add-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener2  -Protocol Http -FrontendPort $fp -FrontendIPConfiguration $fipconfig -ApplicationGateway $gw 

# Get the new listener
$listener = Get-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener2 -ApplicationGateway $gw

# Add a redirection configuration using a permanent redirect and targeting the existing listener
Add-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -RedirectType Permanent -TargetListener $httpslistener -IncludePath $true -IncludeQueryString $true -ApplicationGateway $gw

# Get the redirect configuration
$redirectconfig = Get-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -ApplicationGateway $gw


# Add a new rule to handle the redirect and use the new listener
Add-AzureRmApplicationGatewayRequestRoutingRule -Name rule02 -RuleType Basic -HttpListener $listener -RedirectConfiguration $redirectconfig -ApplicationGateway $gw

# Update the application gateway
Set-AzureRmApplicationGateway -ApplicationGateway $gw 



回答3:


If you handle the redirect on your backend, you can use the X-Forwarded-Proto header sent by the App Gateway to see the original request and redirect if it was HTTP using a redirect rule.

Apache

To do this on Apache, add the following to your .htaccess file

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

IIS

Using the IIS rewrite module add this to your web.config file

<rewrite xdt:Transform="Insert">
  <rules>
    <rule name="HTTPS rewrite behind App Gw rule" stopProcessing="true">
      <match url="^(.*)$" ignoreCase="false" />
      <conditions>
        <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" />
    </rule>
  </rules>
</rewrite>



回答4:


You certainly can, only with PowerShell to my knowledge though. The instructions for doing this in ARM are on the documentation.

I would usually post the instructions here but a number of steps are involved in this, it would be a monster post!




回答5:


Scott's answer for IIS did not work for me on Win2k16 \ IIS10 and module 2.0; the AG proxy returns an upstream server error; trying to load the rewrite module via IIS manager would result in a malformed XML error.

Removed the insert transform and the redirects started working.

   <rewrite>
        <rules>
            <rule name="HTTP To HTTPS Redirect Behind App Gtwy" stopProcessing="true">
                <match url="^(.*)$" ignoreCase="false" />
                <conditions logicalGrouping="MatchAny">
                    <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
                </conditions>
                <action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" />
            </rule>
        </rules>
    </rewrite>



回答6:


Please use the below command and it will work for you

**$appgw = Get-AzureRmApplicationGateway -Name GatewayName -ResourceGroupName ResourcegroupName

$myHTTPSListener = Get-AzureRmApplicationGatewayHttpListener -Name appGatewayHttpListener -ApplicationGateway $appgw

$myHTTPListener = Get-AzureRmApplicationGatewayHttpListener -Name appGatewayHttpListener -ApplicationGateway $appgw

Add-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -RedirectType Permanent -TargetListener $myHTTPSListener -IncludePath $true -IncludeQueryString $true -ApplicationGateway $appgw

$redirectconfig = Get-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -ApplicationGateway $appgw

Add-AzureRmApplicationGatewayRequestRoutingRule -Name redirectrule -RuleType Basic -HttpListener $myHTTPListener -RedirectConfiguration $redirectconfig -ApplicationGateway $appgw

Set-AzureRmApplicationGateway -ApplicationGateway $appgw**




回答7:


HTTP to HTTPS redirection can now also be configured through the portal. The concept is the same: create a listener for http, then add a rule that redirects to the https listener.

https://docs.microsoft.com/en-us/azure/application-gateway/redirect-http-to-https-portal



来源:https://stackoverflow.com/questions/36576113/redirect-http-to-https-in-azure-application-gateway

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!