title | description | services | author | ms.service | ms.date | ms.author | ms.topic |
---|---|---|---|---|---|---|---|
Hosting multiple sites on Azure Application Gateway |
This article provides an overview of the Azure Application Gateway multi-site support. |
application-gateway |
greg-lindsay |
application-gateway |
08/31/2021 |
azhussai |
conceptual |
Multiple site hosting enables you to configure more than one web application on the same port of application gateways using public-facing listeners. It allows you to configure a more efficient topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to the IP address of the application gateway. You'd create three multi-site listeners and configure each listener for the respective port and protocol setting.
You can also define wildcard host names in a multi-site listener and up to 5 host names per listener. To learn more, see wildcard host names in listener.
:::image type="content" source="./media/multiple-site-overview/multisite.png" alt-text="Multi-site Application Gateway":::
Important
Rules are processed in the order they are listed in the portal for the v1 SKU. For v2 SKU use rule priority to specify the processing order. It is highly recommended to configure multi-site listeners first prior to configuring a basic listener. This will ensure that traffic gets routed to the right back end. If a basic listener is listed first and matches an incoming request, it gets processed by that listener.
Requests for http://contoso.com
are routed to ContosoServerPool, and http://fabrikam.com
are routed to FabrikamServerPool.
Similarly, you can host multiple subdomains of the same parent domain on the same application gateway deployment. For example, you can host http://blog.contoso.com
and http://app.contoso.com
on a single application gateway deployment.
While using multi-site listeners, to ensure that the client traffic is routed to the accurate backend, it's important to have the request routing rules be present in the correct order.
For example, if you have 2 listeners with associated Host name as *.contoso.com
and shop.contoso.com
respectively, the listener with the shop.contoso.com
Host name would have to be processed before the listener with *.contoso.com
. If the listener with *.contoso.com
is processed first, then no client traffic would be received by the more specific shop.contoso.com
listener.
This ordering can be established by providing a 'Priority' field value to the request routing rules associated with the listeners. You can specify an integer value from 1 to 20000 with 1 being the highest priority and 20000 being the lowest priority. In case the incoming client traffic matches with multiple listeners, the request routing rule with highest priority will be used for serving the request. Each request routing rule needs to have a unique priority value.
The priority field only impacts the order of evaluation of a request routing rule, this wont change the order of evaluation of path based rules within a PathBasedRouting
request routing rule.
Note
If you wish to use rule priority, you will have to specify rule priority field values for all the existing request routing rules. Once the rule priority field is in use, any new routing rule that is created would also need to have a rule priority field value as part of its config. Starting with API version 2021-08-01 rule priority field would be a mandatory field as part of the request routing rules. From this API version, rule priority field values would be auto-populated for existing request routing rules based on current ordering of evaluation as part of the first PUT call. Any future updates to request routing rules would need to have the rule priority field provided as part of the configuration.
Important
Rule priority field values for existing request routing rules based on current order would be automatically populated if any configuration updates are applied using API version 2021-08-01 and above, portal, Azure PowerShell and Azure CLI. Any future updates to request routing rules would need to have the rule priority field provided as part of the configuration.
Application Gateway allows host-based routing using multi-site HTTP(S) listener. Now, you can use wildcard characters like asterisk (*) and question mark (?) in the host name, and up to 5 host names per multi-site HTTP(S) listener. For example, *.contoso.com
.
Using a wildcard character in the host name, you can match multiple host names in a single listener. For example, *.contoso.com
can match with ecom.contoso.com
, b2b.contoso.com
and customer1.b2b.contoso.com
and so on. Using an array of host names, you can configure more than one host name for a listener, to route requests to a backend pool. For example, a listener can contain contoso.com, fabrikam.com
which will accept requests for both the host names.
:::image type="content" source="./media/multiple-site-overview/wildcard-listener-diag.png" alt-text="Wildcard Listener":::
Note
This feature is available only for Standard_v2 and WAF_v2 SKU of Application Gateway.
In Azure PowerShell, you must use -HostNames
instead of -HostName
. With HostNames, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, -HostNames "*.contoso.com","*.fabrikam.com"
In Azure CLI, you must use --host-names
instead of --host-name
. With host-names, you can mention up to 5 host names as comma-separated values and use wildcard characters. For example, --host-names "*.contoso.com,*.fabrikam.com"
In the Azure portal, under the multi-site listener, you must chose the Multiple/Wildcard host type to mention up to five host names with allowed wildcard characters.
:::image type="content" source="./media/multiple-site-overview/wildcard-listener-example.png" alt-text="Wildcard Listener UI":::
(A-Z,a-z,0-9)
- alphanumeric characters-
- hyphen or minus.
- period as a delimiter*
- can match with multiple characters in the allowed range?
- can match with a single character in the allowed range
- You can only mention up to 5 host names in a single listener
- Asterisk
*
can be mentioned only once in a component of a domain style name or host name. For example, component1*.component2*.component3.(*.contoso-*.com)
is valid. - There can only be up to two asterisks
*
in a host name. For example,*.contoso.*
is valid and*.contoso.*.*.com
is invalid. - There can only be a maximum of 4 wildcard characters in a host name. For example,
????.contoso.com
,w??.contoso*.edu.*
are valid, but????.contoso.*
is invalid. - Using asterisk
*
and question mark?
together in a component of a host name (*?
or?*
or**
) is invalid. For example,*?.contoso.com
and**.contoso.com
are invalid.
- SSL termination and End-to-End SSL requires you to configure the protocol as HTTPS and upload a certificate to be used in the listener configuration. If it's a multi-site listener, you can input the host name as well, usually this is the CN of the SSL certificate. When you are specifying multiple host names in the listener or use wildcard characters, you must consider the following:
- If it's a wildcard hostname like *.contoso.com, you must upload a wildcard certificate with CN like *.contoso.com
- If multiple host names are mentioned in the same listener, you must upload a SAN certificate (Subject Alternative Names) with the CNs matching the host names mentioned.
- You cannot use a regular expression to mention the host name. You can only use wildcard characters like asterisk (*) and question mark (?) to form the host name pattern.
- For backend health check, you cannot associate multiple custom probes per HTTP settings. Instead, you can probe one of the websites at the backend or use "127.0.0.1" to probe the localhost of the backend server. However, when you are using wildcard or multiple host names in a listener, the requests for all the specified domain patterns will be routed to the backend pool depending on the rule type (basic or path-based).
- The properties "hostname" takes one string as input, where you can mention only one non-wildcard domain name and "hostnames" takes an array of strings as input, where you can mention up to 5 wildcard domain names. But both the properties cannot be used at once.
See create multi-site using Azure PowerShell or using Azure CLI for the step-by-step guide on how to configure wildcard host names in a multi-site listener.
There are three common mechanisms for enabling multiple site hosting on the same infrastructure.
- Host multiple web applications each on a unique IP address.
- Use host name to host multiple web applications on the same IP address.
- Use different ports to host multiple web applications on the same IP address.
Currently Application Gateway supports a single public IP address where it listens for traffic. So multiple applications, each with its own IP address is currently not supported.
Application Gateway supports multiple applications each listening on different ports, but this scenario requires the applications to accept traffic on non-standard ports.
Application Gateway relies on HTTP 1.1 host headers to host more than one website on the same public IP address and port. The sites hosted on application gateway can also support TLS offload with Server Name Indication (SNI) TLS extension. This scenario means that the client browser and backend web farm must support HTTP/1.1 and TLS extension as defined in RFC 6066.
Learn how to configure multiple site hosting in Application Gateway
You can visit Resource Manager template using multiple site hosting for an end to end template-based deployment.