Azure Documentation

Set up an Azure Application Gateway

This document provides a comprehensive guide to setting up and configuring an Azure Application Gateway, a scalable and highly available layer 7 load balancer that enables you to manage traffic to your web applications.

Prerequisites

  • An Azure subscription.
  • A virtual network (VNet) with at least one subnet dedicated to the Application Gateway. This subnet cannot contain any other resources.
  • Permissions to create resources in your Azure subscription.

Create an Application Gateway

You can create an Application Gateway using the Azure portal, Azure CLI, or Azure PowerShell.

Using the Azure Portal:

  1. Sign in to the Azure portal.
  2. Click Create a resource.
  3. Search for "Application Gateway" and select it.
  4. Click Create.
  5. Fill in the Basics tab:
    • Subscription: Select your Azure subscription.
    • Resource group: Create a new one or select an existing one.
    • Application gateway name: Provide a unique name.
    • Region: Choose the region for your gateway.
    • Tier: Select the desired SKU (e.g., Standard_v2, WAF_v2).
    • Enable autoscaling: Choose if you want to enable autoscaling.
  6. Configure the Front IP configuration:
    • IP address type: Select Public or Private.
    • Public IP address: Create a new one or select an existing one if applicable.
  7. Configure the Virtual network on the Configuration tab:
    • Virtual network: Select your VNet.
    • Subnet: Select the dedicated Application Gateway subnet. If it doesn't exist, you'll need to create it first.
  8. Review and click Create.
Placeholder for Application Gateway creation screenshot.

Configure Listeners

Listeners are logical entities that allow the Application Gateway to accept incoming traffic. You can configure listeners for HTTP and HTTPS traffic.

  1. Navigate to your created Application Gateway.
  2. Under Settings, click Listeners.
  3. Click Add listener.
  4. Configure the listener details:
    • Listener name: Provide a descriptive name.
    • Frontend IP: Select the frontend IP address.
    • Protocol: Choose HTTP or HTTPS.
    • Port: Specify the port (e.g., 80 for HTTP, 443 for HTTPS).
    • Cookie-based affinity: Enable if your application requires session persistence.
    • HTTPS settings: If using HTTPS, select or upload a certificate.
  5. Click Add.

Configure Backend Pools and Health Probes

Backend pools contain the IP addresses or FQDNs of your backend servers. Health probes determine the health of these servers.

Backend Pools:

  1. Under Settings, click Backend pools.
  2. Click Add.
  3. Provide a Name for the backend pool.
  4. Under Target type, select IP address or FQDN or Virtual machine scale set.
  5. Add the IP addresses or FQDNs of your backend servers or select your VMSS.
  6. Click Add.

Health Probes:

  1. Under Settings, click Health probes.
  2. Click Add.
  3. Configure the probe details:
    • Name: A descriptive name for the probe.
    • Protocol: HTTP, HTTPS, or TCP.
    • Host: The host name to probe (often the FQDN of your backend application).
    • Path: The path to probe (e.g., "/health").
    • Interval (seconds) and Timeout (seconds): Define probe frequency and timeout.
    • Unhealthy threshold: Number of consecutive failures before marking a backend unhealthy.
  4. Click Add.

Configure Routing Rules

Routing rules connect listeners to backend pools, defining how traffic is directed.

  1. Under Settings, click Rules.
  2. Click Add routing rule.
  3. Configure the rule:
    • Rule name: A descriptive name.
    • Listener: Select the listener created earlier.
    • Backend targets: Choose Backend pool and select your pool.
    • HTTP settings: Select or create HTTP settings.
    • Path-based rules: You can add multiple backend targets for different URL paths.
  4. Click Add.

Configure HTTP Settings

HTTP settings define parameters for requests sent to the backend pool, such as port, cookie-based affinity, and probe association.

  1. Under Settings, click HTTP settings.
  2. Click Add.
  3. Configure the settings:
    • Name: A descriptive name.
    • Backend port: The port your backend application listens on.
    • Cookie-based affinity: Enable if needed.
    • Use well-known CA certificate or Use custom probe.
    • Connection draining: Configure if needed.
    • Override with new host name: Enable if your backend expects a different host header.
    • Health probe: Select the health probe configured earlier.
  4. Click Add.

Deploy Your Application

Ensure your web application is deployed on the backend servers specified in your backend pools and is accessible.

Testing and Verification

After configuration, test your Application Gateway to ensure it routes traffic correctly.

  1. Access your application using the public IP address or custom domain name associated with your Application Gateway's frontend.
  2. Verify that you can reach your backend application.
  3. Check the Metrics and Diagnostic logs of the Application Gateway in the Azure portal for performance and error details.

Troubleshooting

If you encounter issues:

  • Check Network Security Groups (NSGs): Ensure NSGs on your VNet subnets allow traffic to and from the Application Gateway.
  • Verify Backend Health: Ensure your backend servers are healthy as reported by the health probes.
  • Review Firewall Rules: Check any firewalls between your Application Gateway and backend servers.
  • Examine Application Gateway Logs: Use diagnostic logs for detailed error information.
  • Confirm Configuration: Double-check all settings for listeners, rules, backend pools, and HTTP settings.

For more advanced troubleshooting, refer to the Azure Application Gateway troubleshooting documentation.