shanhix1 · Apr 19, 2018
diff --git a/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx-images.PNG
37.5 KB b/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx-images.PNG
37.5 KB
diff --git a/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx-video.PNG
13.8 KB b/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx-video.PNG
13.8 KB
diff --git a/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx.PNG
35 KB b/‎articles/application-gateway/media/tutorial-url-route-cli/application-gateway-nginx.PNG
35 KB
diff --git a/‎articles/application-gateway/media/tutorial-url-route-cli/scenario.png
47.8 KB b/‎articles/application-gateway/media/tutorial-url-route-cli/scenario.png
47.8 KB
diff --git a/‎articles/application-gateway/powershell-samples.md
Lines changed: 28 additions & 0 deletions b/‎articles/application-gateway/powershell-samples.md
Lines changed: 28 additions & 0 deletions
diff --git a/‎articles/application-gateway/redirect-external-site-cli.md
Lines changed: 140 additions & 0 deletions b/‎articles/application-gateway/redirect-external-site-cli.md
Lines changed: 140 additions & 0 deletions
diff --git a/‎articles/application-gateway/redirect-external-site-powershell.md
Lines changed: 163 additions & 0 deletions b/‎articles/application-gateway/redirect-external-site-powershell.md
Lines changed: 163 additions & 0 deletions
diff --git a/‎articles/application-gateway/redirect-http-to-https-cli.md
Lines changed: 234 additions & 0 deletions b/‎articles/application-gateway/redirect-http-to-https-cli.md
Lines changed: 234 additions & 0 deletions
diff --git a/‎articles/application-gateway/redirect-http-to-https-powershell.md
Lines changed: 341 additions & 0 deletions b/‎articles/application-gateway/redirect-http-to-https-powershell.md
Lines changed: 341 additions & 0 deletions
@@ -0,0 +1,28 @@
+---
+title: Azure Application Gateway PowerShell Samples | Microsoft Docs
+description: Azure Application Gateway PowerShell Samples
+services: application-gateway
+documentationcenter: networking
+author: davidmu1
+manager: timlt
+editor: tysonn
+tags: azure-resource-manager
+
+ms.service: application-gateway
+ms.topic: article
+ms.tgt_pltfrm: vm-windows
+ms.workload: infrastructure
+ms.date: 01/29/2018
+ms.author: davidmu
+ms.custom: mvc
+---
+# Azure Application Gateway PowerShell samples
+
+The following table includes links to Azure PowerShell script samples that create application gateways.
+
+| | |
+|---|---|
+| [Manage web traffic](./scripts/create-vmss-powershell.md) | Creates an application gateway and all related resources.|
+| [Restrict web traffic](./scripts/create-vmss-waf-powershell.md) | Creates an application gateway that restricts traffic using OWASP rules.|
+| | |
+
@@ -0,0 +1,140 @@
+---
+title: Create an application gateway with external traffic redirection - Azure CLI | Microsoft Docs
+description: Learn how to create an application gateway that redirects internal web traffic to the appropriate pool using the Azure CLI.
+services: application-gateway
+author: davidmu1
+manager: timlt
+editor: tysonn
+
+ms.service: application-gateway
+ms.devlang: na
+ms.topic: article
+ms.tgt_pltfrm: na
+ms.workload: infrastructure-services
+ms.date: 01/24/2018
+ms.author: davidmu
+
+---
+# Create an application gateway with external redirection using the Azure CLI
+
+You can use the Azure CLI to configure [web traffic redirection](multiple-site-overview.md) when you create an [application gateway](overview.md). In this tutorial, you configure a listener and rule that redirects web traffic that arrives at the application gateway to an external site.
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+> * Set up the network
+> * Create a listener and redirection rule
+> * Create an application gateway
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
+
+If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. To find the version, run `az --version`. If you need to install or upgrade, see [Install Azure CLI 2.0](/cli/azure/install-azure-cli).
+
+## Create a resource group
+
+A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using [az group create](/cli/azure/group#create).
+
+The following example creates a resource group named *myResourceGroupAG* in the *eastus* location.
+
+```azurecli-interactive 
+az group create --name myResourceGroupAG --location eastus
+```
+
+## Create network resources 
+
+Create the virtual network named *myVNet* and the subnet named *myAGSubnet* using [az network vnet create](/cli/azure/network/vnet#az_net). Create the public IP address named *myAGPublicIPAddress* using [az network public-ip create](/cli/azure/public-ip#az_network_public_ip_create). These resources are used to provide network connectivity to the application gateway and its associated resources.
+
+```azurecli-interactive
+az network vnet create \
+  --name myVNet \
+  --resource-group myResourceGroupAG \
+  --location eastus \
+  --address-prefix 10.0.0.0/16 \
+  --subnet-name myAGSubnet \
+  --subnet-prefix 10.0.1.0/24
+az network public-ip create \
+  --resource-group myResourceGroupAG \
+  --name myAGPublicIPAddress
+```
+
+## Create an application gateway
+
+You can use [az network application-gateway create](/cli/azure/application-gateway#create) to create the application gateway named *myAppGateway*. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. The application gateway is assigned to *myAGSubnet* and *myPublicIPSddress* that you previously created. 
+
+```azurecli-interactive
+az network application-gateway create \
+  --name myAppGateway \
+  --location eastus \
+  --resource-group myResourceGroupAG \
+  --vnet-name myVNet \
+  --subnet myAGsubnet \
+  --capacity 2 \
+  --sku Standard_Medium \
+  --http-settings-cookie-based-affinity Disabled \
+  --frontend-port 8080 \
+  --http-settings-port 80 \
+  --http-settings-protocol Http \
+  --public-ip-address myAGPublicIPAddress
+```
+
+It may take several minutes for the application gateway to be created. After the application gateway is created, you can see these new features of it:
+
+- *appGatewayBackendPool* - An application gateway must have at least one backend address pool.
+- *appGatewayBackendHttpSettings* - Specifies that port 80 and an HTTP protocol is used for communication.
+- *appGatewayHttpListener* - The default listener associated with *appGatewayBackendPool*.
+- *appGatewayFrontendIP* - Assigns *myAGPublicIPAddress* to *appGatewayHttpListener*.
+- *rule1* - The default routing rule that is associated with *appGatewayHttpListener*.
+
+### Add the redirection configuration
+
+Add the redirection configuration that sends traffic from *www.consoto.org* to the listener for *www.contoso.com* to the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az_network_application_gateway_redirect_config_create).
+
+```azurecli-interactive
+az network application-gateway redirect-config create \
+  --name myredirect \
+  --gateway-name myAppGateway \
+  --resource-group myResourceGroupAG \
+  --type Temporary \
+  --target-url "http://bing.com"
+```
+
+### Add a listener and routing rule
+
+A listener is required to enable the application gateway to appropriately route traffic. Create the listener using [az network application-gateway http-listener create](/cli/azure/application-gateway#az_network_application_gateway_http_listener_create) with the frontend port created with [az network application-gateway frontend-port create](/cli/azure/application-gateway#az_network_application_gateway_frontend_port_create). A rule is required for the listener to know where to send incoming traffic. Create a basic rule named *redirectRule* using [az network application-gateway rule create](/cli/azure/application-gateway#az_network_application_gateway_rule_create).
+
+```azurecli-interactive
+az network application-gateway frontend-port create \
+  --port 80 \
+  --gateway-name myAppGateway \
+  --resource-group myResourceGroupAG \
+  --name redirectPort
+az network application-gateway http-listener create \
+  --name redirectListener \
+  --frontend-ip appGatewayFrontendIP \
+  --frontend-port redirectPort \
+  --resource-group myResourceGroupAG \
+  --gateway-name myAppGateway
+az network application-gateway rule create \
+  --gateway-name myAppGateway \
+  --name redirectRule \
+  --resource-group myResourceGroupAG \
+  --http-listener redirectListener \
+  --rule-type Basic \
+  --redirect-config myredirect
+```
+
+## Test the application gateway
+
+To get the public IP address of the application gateway, you can use [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show). Copy the public IP address, and then paste it into the address bar of your browser.
+
+You should see *bing.com* appear in your browser.
+
+## Next steps
+
+In this tutorial, you learned how to:
+
+> * Set up the network
+> * Create a listener and redirection rule
+> * Create an application gateway
@@ -0,0 +1,163 @@
+---
+title: Create an application gateway with external redirection - Azure PowerShell | Microsoft Docs
+description: Learn how to create an application gateway that redirects web traffic to an external site using Azure Powershell.
+services: application-gateway
+author: davidmu1
+manager: timlt
+editor: tysonn
+
+ms.service: application-gateway
+ms.devlang: na
+ms.topic: article
+ms.tgt_pltfrm: na
+ms.workload: infrastructure-services
+ms.date: 01/24/2018
+ms.author: davidmu
+
+---
+# Create an application gateway with external redirection using Azure PowerShell
+
+You can use Azure Powershell to configure [web traffic redirection](multiple-site-overview.md) when you create an [application gateway](overview.md). In this tutorial, you configure a listener and rule that redirects web traffic that arrives at the application gateway to an external site.
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+> * Set up the network
+> * Create a listener and redirection rule
+> * Create an application gateway
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+[!INCLUDE [cloud-shell-powershell.md](../../includes/cloud-shell-powershell.md)]
+
+If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 3.6 or later. To find the version, run ` Get-Module -ListAvailable AzureRM` . If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azurerm-ps). If you are running PowerShell locally, you also need to run `Login-AzureRmAccount` to create a connection with Azure.
+
+## Create a resource group
+
+A resource group is a logical container into which Azure resources are deployed and managed. Create an Azure resource group using [New-AzureRmResourceGroup](/powershell/module/azurerm.resources/new-azurermresourcegroup).  
+
+```azurepowershell-interactive
+New-AzureRmResourceGroup -Name myResourceGroupAG -Location eastus
+```
+
+## Create network resources
+
+Create the subnet configuration *myAGSubnet* using [New-AzureRmVirtualNetworkSubnetConfig](/powershell/module/azurerm.network/new-azurermvirtualnetworksubnetconfig). Create the virtual network named *myVNet* using [New-AzureRmVirtualNetwork](/powershell/module/azurerm.network/new-azurermvirtualnetwork) with the subnet configuration. And finally, create the public IP address using [New-AzureRmPublicIpAddress](/powershell/module/azurerm.network/new-azurermpublicipaddress). These resources are used to provide network connectivity to the application gateway and its associated resources.
+
+```azurepowershell-interactive
+$agSubnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
+  -Name myAGSubnet `
+  -AddressPrefix 10.0.1.0/24
+$vnet = New-AzureRmVirtualNetwork `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -Name myVNet `
+  -AddressPrefix 10.0.0.0/16 `
+  -Subnet $agSubnetConfig
+$pip = New-AzureRmPublicIpAddress `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -Name myAGPublicIPAddress `
+  -AllocationMethod Dynamic
+```
+
+## Create an application gateway
+
+### Create the IP configurations and frontend port
+
+Associate *myAGSubnet* that you previously created to the application gateway using [New-AzureRmApplicationGatewayIPConfiguration](/powershell/module/azurerm.network/new-azurermapplicationgatewayipconfiguration). Assign the public IP address to the application gateway using [New-AzureRmApplicationGatewayFrontendIPConfig](/powershell/module/azurerm.network/new-azurermapplicationgatewayfrontendipconfig). And then you can create the HTTP port using [New-AzureRmApplicationGatewayFrontendPort](/powershell/module/azurerm.network/new-azurermapplicationgatewayfrontendport).
+
+```azurepowershell-interactive
+$vnet = Get-AzureRmVirtualNetwork `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myVNet
+$subnet=$vnet.Subnets[0]
+$gipconfig = New-AzureRmApplicationGatewayIPConfiguration `
+  -Name myAGIPConfig `
+  -Subnet $subnet
+$fipconfig = New-AzureRmApplicationGatewayFrontendIPConfig `
+  -Name myAGFrontendIPConfig `
+  -PublicIPAddress $pip
+$frontendport = New-AzureRmApplicationGatewayFrontendPort `
+  -Name myFrontendPort `
+  -Port 80
+```
+
+### Create the backend pool and settings
+
+Create the backend pool named *defaultPool* for the application gateway using [New-AzureRmApplicationGatewayBackendAddressPool](/powershell/module/azurerm.network/new-azurermapplicationgatewaybackendaddresspool). Configure the settings for the pool using [New-AzureRmApplicationGatewayBackendHttpSettings](/powershell/module/azurerm.network/new-azurermapplicationgatewaybackendhttpsettings).
+
+```azurepowershell-interactive
+$defaultPool = New-AzureRmApplicationGatewayBackendAddressPool `
+  -Name defaultPool 
+$poolSettings = New-AzureRmApplicationGatewayBackendHttpSettings `
+  -Name myPoolSettings `
+  -Port 80 `
+  -Protocol Http `
+  -CookieBasedAffinity Enabled `
+  -RequestTimeout 120
+```
+
+### Create the listener and rule
+
+A listener is required to enable the application gateway to appropriately route traffic. Create the listener using [New-AzureRmApplicationGatewayHttpListener](/powershell/module/azurerm.network/new-azurermapplicationgatewayhttplistener) with the frontend configuration and frontend port that you previously created. A rule is required for the listener to know where to send incoming traffic. Create a basic rule named *redirectRule* using [New-AzureRmApplicationGatewayRequestRoutingRule](/powershell/module/azurerm.network/new-azurermapplicationgatewayrequestroutingrule).
+
+```azurepowershell-interactive
+$defaultListener = New-AzureRmApplicationGatewayHttpListener `
+  -Name defaultListener `
+  -Protocol Http `
+  -FrontendIPConfiguration $fipconfig `
+  -FrontendPort $frontendport
+$redirectConfig = New-AzureRmApplicationGatewayRedirectConfiguration `
+  -Name myredirect `
+  -RedirectType Temporary `
+  -TargetUrl "http://bing.com"
+$redirectRule = New-AzureRmApplicationGatewayRequestRoutingRule `
+  -Name redirectRule `
+  -RuleType Basic `
+  -HttpListener $defaultListener `
+  -RedirectConfiguration $redirectConfig
+```
+
+### Create the application gateway
+
+Now that you created the necessary supporting resources, specify parameters for the application gateway named *myAppGateway* using [New-AzureRmApplicationGatewaySku](/powershell/module/azurerm.network/new-azurermapplicationgatewaysku), and then create it using [New-AzureRmApplicationGateway](/powershell/module/azurerm.network/new-azurermapplicationgateway).
+
+```azurepowershell-interactive
+$sku = New-AzureRmApplicationGatewaySku `
+  -Name Standard_Medium `
+  -Tier Standard `
+  -Capacity 2
+$appgw = New-AzureRmApplicationGateway `
+  -Name myAppGateway `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -BackendAddressPools $defaultPool `
+  -BackendHttpSettingsCollection $poolSettings `
+  -FrontendIpConfigurations $fipconfig `
+  -GatewayIpConfigurations $gipconfig `
+  -FrontendPorts $frontendport `
+  -HttpListeners $defaultListener `
+  -RequestRoutingRules $redirectRule `
+  -RedirectConfigurations $redirectConfig `
+  -Sku $sku
+```
+
+## Test the application gateway
+
+You can use [Get-AzureRmPublicIPAddress](/powershell/module/azurerm.network/get-azurermpublicipaddress) to get the public IP address of the application gateway. Copy the public IP address, and then paste it into the address bar of your browser.
+
+```azurepowershell-interactive
+Get-AzureRmPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress
+```
+
+You should see *bing.com* appear in your browser.
+
+## Next steps
+
+In this article, you learned how to:
+
+> [!div class="checklist"]
+> * Set up the network
+> * Create a listener and redirection rule
+> * Create an application gateway
@@ -0,0 +1,234 @@
+---
+title: Create an application gateway with a certificate - Azure CLI | Microsoft Docs
+description: Learn how to create an application gateway and add a certificate for SSL termination using the Azure CLI.
+services: application-gateway
+author: davidmu1
+manager: timlt
+editor: tysonn
+
+ms.service: application-gateway
+ms.topic: article
+ms.workload: infrastructure-services
+ms.date: 01/23/2018
+ms.author: davidmu
+
+---
+# Create an application gateway with HTTP to HTTPS redirection using the Azure CLI
+
+You can use the Azure CLI to create an [application gateway](overview.md) with a certificate for SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](../virtual-machine-scale-sets/virtual-machine-scale-sets-overview.md) for the backend pool of the application gateway that contains two virtual machine instances.
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+> * Create a self-signed certificate
+> * Set up a network
+> * Create an application gateway with the certificate
+> * Add a listener and redirection rule
+> * Create a virtual machine scale set with the default backend pool
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+[!INCLUDE [cloud-shell-try-it.md](../../includes/cloud-shell-try-it.md)]
+
+If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. To find the version, run `az --version`. If you need to install or upgrade, see [Install Azure CLI 2.0](/cli/azure/install-azure-cli).
+
+## Create a self-signed certificate
+
+For production use, you should import a valid certificate signed by a trusted provider. For this tutorial, you create a self-signed certificate and pfx file using the openssl command.
+
+```azurecli-interactive
+openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out appgwcert.crt
+```
+
+Enter values that make sense for your certificate. You can accept the default values.
+
+```azurecli-interactive
+openssl pkcs12 -export -out appgwcert.pfx -inkey privateKey.key -in appgwcert.crt
+```
+
+Enter the password for the certificate. In this example, *Azure123456!* is being used.
+
+## Create a resource group
+
+A resource group is a logical container into which Azure resources are deployed and managed. Create a resource group using [az group create](/cli/azure/group#create).
+
+The following example creates a resource group named *myResourceGroupAG* in the *eastus* location.
+
+```azurecli-interactive 
+az group create --name myResourceGroupAG --location eastus
+```
+
+## Create network resources
+
+Create the virtual network named *myVNet* and the subnet named *myAGSubnet* using [az network vnet create](/cli/azure/network/vnet#az_net). You can then add the subnet named *myBackendSubnet* that's needed by the backend servers using [az network vnet subnet create](/cli/azure/network/vnet/subnet#az_network_vnet_subnet_create). Create the public IP address named *myAGPublicIPAddress* using [az network public-ip create](/cli/azure/public-ip#az_network_public_ip_create).
+
+```azurecli-interactive
+az network vnet create \
+  --name myVNet \
+  --resource-group myResourceGroupAG \
+  --location eastus \
+  --address-prefix 10.0.0.0/16 \
+  --subnet-name myAGSubnet \
+  --subnet-prefix 10.0.1.0/24
+az network vnet subnet create \
+  --name myBackendSubnet \
+  --resource-group myResourceGroupAG \
+  --vnet-name myVNet \
+  --address-prefix 10.0.2.0/24
+az network public-ip create \
+  --resource-group myResourceGroupAG \
+  --name myAGPublicIPAddress
+```
+
+## Create the application gateway
+
+You can use [az network application-gateway create](/cli/azure/network/application-gateway#az_network_application_gateway_create) to create the application gateway named *myAppGateway*. When you create an application gateway using the Azure CLI, you specify configuration information, such as capacity, sku, and HTTP settings. 
+
+The application gateway is assigned to *myAGSubnet* and *myAGPublicIPAddress* that you previously created. In this example, you associate the certificate that you created and its password when you create the application gateway. 
+
+```azurecli-interactive
+az network application-gateway create \
+  --name myAppGateway \
+  --location eastus \
+  --resource-group myResourceGroupAG \
+  --vnet-name myVNet \
+  --subnet myAGsubnet \
+  --capacity 2 \
+  --sku Standard_Medium \
+  --http-settings-cookie-based-affinity Disabled \
+  --frontend-port 443 \
+  --http-settings-port 80 \
+  --http-settings-protocol Http \
+  --public-ip-address myAGPublicIPAddress \
+  --cert-file appgwcert.pfx \
+  --cert-password "Azure123456!"
+
+```
+
+ It may take several minutes for the application gateway to be created. After the application gateway is created, you can see these new features of it:
+
+- *appGatewayBackendPool* - An application gateway must have at least one backend address pool.
+- *appGatewayBackendHttpSettings* - Specifies that port 80 and an HTTP protocol is used for communication.
+- *appGatewayHttpListener* - The default listener associated with *appGatewayBackendPool*.
+- *appGatewayFrontendIP* - Assigns *myAGPublicIPAddress* to *appGatewayHttpListener*.
+- *rule1* - The default routing rule that is associated with *appGatewayHttpListener*.
+
+## Add a listener and redirection rule
+
+### Add the HTTP port
+
+You can use [az network application-gateway frontend-port create](/cli/azure/network/application-gateway/frontend-port#az_network_application_gateway_frontend_port_create) to add the HTTP port to the application gateway.
+
+```azurecli-interactive
+az network application-gateway frontend-port create \
+  --port 80 \
+  --gateway-name myAppGateway \
+  --resource-group myResourceGroupAG \
+  --name httpPort
+```
+
+### Add the HTTP listener
+
+You can use [az network application-gateway http-listener create](/cli/azure/network/application-gateway/http-listener#az_network_application_gateway_http_listener_create) to add the listener named *myListener* to the application gateway.
+
+```azurecli-interactive
+az network application-gateway http-listener create \
+  --name myListener \
+  --frontend-ip appGatewayFrontendIP \
+  --frontend-port httpPort \
+  --resource-group myResourceGroupAG \
+  --gateway-name myAppGateway
+```
+
+### Add the redirection configuration
+
+Add the HTTP to HTTPS redirection configuration to the application gateway using [az network application-gateway redirect-config create](/cli/azure/network/application-gateway/redirect-config#az_network_application_gateway_redirect_config_create).
+
+```azurecli-interactive
+az network application-gateway redirect-config create \
+  --name httpToHttps \
+  --gateway-name myAppGateway \
+  --resource-group myResourceGroupAG \
+  --type Permanent \
+  --target-listener appGatewayHttpListener \
+  --include-path true \
+  --include-query-string true
+```
+
+### Add the routing rule
+
+Add the routing rule named *rule2* with the redirection configuration to the application gateway using [az network application-gateway rule create](/cli/azure/network/application-gateway/rule#az_network_application_gateway_rule_create).
+
+```azurecli-interactive
+az network application-gateway rule create \
+  --gateway-name myAppGateway \
+  --name rule2 \
+  --resource-group myResourceGroupAG \
+  --http-listener myListener \
+  --rule-type Basic \
+  --redirect-config httpToHttps
+```
+
+## Create a virtual machine scale set
+
+In this example, you create a virtual machine scale set named *myvmss* that provides servers for the backend pool in the application gateway. The virtual machines in the scale set are associated with *myBackendSubnet* and *appGatewayBackendPool*. To create the scale set, you can use [az vmss create](/cli/azure/vmss#az_vmss_create).
+
+```azurecli-interactive
+az vmss create \
+  --name myvmss \
+  --resource-group myResourceGroupAG \
+  --image UbuntuLTS \
+  --admin-username azureuser \
+  --admin-password Azure123456! \
+  --instance-count 2 \
+  --vnet-name myVNet \
+  --subnet myBackendSubnet \
+  --vm-sku Standard_DS2 \
+  --upgrade-policy-mode Automatic \
+  --app-gateway myAppGateway \
+  --backend-pool-name appGatewayBackendPool
+```
+
+### Install NGINX
+
+```azurecli-interactive
+az vmss extension set \
+  --publisher Microsoft.Azure.Extensions \
+  --version 2.0 \
+  --name CustomScript \
+  --resource-group myResourceGroupAG \
+  --vmss-name myvmss \
+  --settings '{ "fileUris": ["https://raw.githubusercontent.com/davidmu1/samplescripts/master/install_nginx.sh"],
+  "commandToExecute": "./install_nginx.sh" }'
+```
+
+## Test the application gateway
+
+To get the public IP address of the application gateway, you can use [az network public-ip show](/cli/azure/network/public-ip#az_network_public_ip_show). Copy the public IP address, and then paste it into the address bar of your browser.
+
+```azurepowershell-interactive
+az network public-ip show \
+  --resource-group myResourceGroupAG \
+  --name myAGPublicIPAddress \
+  --query [ipAddress] \
+  --output tsv
+```
+
+![Secure warning](./media/redirect-http-to-https-cli/application-gateway-secure.png)
+
+To accept the security warning if you used a self-signed certificate, select **Details** and then **Go on to the webpage**. Your secured NGINX site is then displayed as in the following example:
+
+![Test base URL in application gateway](./media/redirect-http-to-https-cli/application-gateway-nginxtest.png)
+
+## Next steps
+
+In this tutorial, you learned how to:
+
+> [!div class="checklist"]
+> * Create a self-signed certificate
+> * Set up a network
+> * Create an application gateway with the certificate
+> * Add a listener and redirection rule
+> * Create a virtual machine scale set with the default backend pool
+
+
@@ -0,0 +1,341 @@
+---
+title: Create an application gateway with HTTP to HTTPS redirection - Azure PowerShell | Microsoft Docs
+description: Learn how to create an application gateway with redirected traffic from HTTP to HTTPS using Azure PowerShell.
+services: application-gateway
+author: davidmu1
+manager: timlt
+editor: tysonn
+tags: azure-resource-manager
+
+ms.service: application-gateway
+ms.topic: article
+ms.workload: infrastructure-services
+ms.date: 01/23/2018
+ms.author: davidmu
+
+---
+# Create an application gateway with HTTP to HTTPS redirection using Azure PowerShell
+
+You can use the Azure PowerShell to create an [application gateway](overview.md) with a certificate for SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](../virtual-machine-scale-sets/virtual-machine-scale-sets-overview.md) for the backend pool of the application gateway that contains two virtual machine instances. 
+
+In this article, you learn how to:
+
+> [!div class="checklist"]
+> * Create a self-signed certificate
+> * Set up a network
+> * Create an application gateway with the certificate
+> * Add a listener and redirection rule
+> * Create a virtual machine scale set with the default backend pool
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+This tutorial requires the Azure PowerShell module version 3.6 or later. Run `Get-Module -ListAvailable AzureRM` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azurerm-ps). To run the commands in this tutorial, you also need to run `Login-AzureRmAccount` to create a connection with Azure.
+
+## Create a self-signed certificate
+
+For production use, you should import a valid certificate signed by a trusted provider. For this tutorial, you create a self-signed certificate using [New-SelfSignedCertificate](https://docs.microsoft.com/powershell/module/pkiclient/new-selfsignedcertificate). You can use [Export-PfxCertificate](https://docs.microsoft.com/powershell/module/pkiclient/export-pfxcertificate) with the Thumbprint that was returned to export a pfx file from the certificate.
+
+```powershell
+New-SelfSignedCertificate `
+  -certstorelocation cert:\localmachine\my `
+  -dnsname www.contoso.com
+```
+
+You should see something like this result:
+
+```
+PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
+
+Thumbprint                                Subject
+----------                                -------
+E1E81C23B3AD33F9B4D1717B20AB65DBB91AC630  CN=www.contoso.com
+```
+
+Use the thumbprint to create the pfx file:
+
+```powershell
+$pwd = ConvertTo-SecureString -String "Azure123456!" -Force -AsPlainText
+Export-PfxCertificate `
+  -cert cert:\localMachine\my\E1E81C23B3AD33F9B4D1717B20AB65DBB91AC630 `
+  -FilePath c:\appgwcert.pfx `
+  -Password $pwd
+```
+
+## Create a resource group
+
+A resource group is a logical container into which Azure resources are deployed and managed. Create an Azure resource group named *myResourceGroupAG* using [New-AzureRmResourceGroup](/powershell/module/azurerm.resources/new-azurermresourcegroup). 
+
+```powershell
+New-AzureRmResourceGroup -Name myResourceGroupAG -Location eastus
+```
+
+## Create network resources
+
+Create the subnet configurations for *myBackendSubnet* and *myAGSubnet* using [New-AzureRmVirtualNetworkSubnetConfig](/powershell/module/azurerm.network/new-azurermvirtualnetworksubnetconfig). Create the virtual network named *myVNet* using [New-AzureRmVirtualNetwork](/powershell/module/azurerm.network/new-azurermvirtualnetwork) with the subnet configurations. And finally, create the public IP address named *myAGPublicIPAddress* using [New-AzureRmPublicIpAddress](/powershell/module/azurerm.network/new-azurermpublicipaddress). These resources are used to provide network connectivity to the application gateway and its associated resources.
+
+```powershell
+$backendSubnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
+  -Name myBackendSubnet `
+  -AddressPrefix 10.0.1.0/24
+$agSubnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
+  -Name myAGSubnet `
+  -AddressPrefix 10.0.2.0/24
+$vnet = New-AzureRmVirtualNetwork `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -Name myVNet `
+  -AddressPrefix 10.0.0.0/16 `
+  -Subnet $backendSubnetConfig, $agSubnetConfig
+$pip = New-AzureRmPublicIpAddress `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -Name myAGPublicIPAddress `
+  -AllocationMethod Dynamic
+```
+
+## Create an application gateway
+
+### Create the IP configurations and frontend port
+
+Associate *myAGSubnet* that you previously created to the application gateway using [New-AzureRmApplicationGatewayIPConfiguration](/powershell/module/azurerm.network/new-azurermapplicationgatewayipconfiguration). Assign *myAGPublicIPAddress* to the application gateway using [New-AzureRmApplicationGatewayFrontendIPConfig](/powershell/module/azurerm.network/new-azurermapplicationgatewayfrontendipconfig). And then you can create the HTTPS port using [New-AzureRmApplicationGatewayFrontendPort](/powershell/module/azurerm.network/new-azurermapplicationgatewayfrontendport).
+
+```powershell
+$vnet = Get-AzureRmVirtualNetwork `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myVNet
+$subnet=$vnet.Subnets[0]
+$gipconfig = New-AzureRmApplicationGatewayIPConfiguration `
+  -Name myAGIPConfig `
+  -Subnet $subnet
+$fipconfig = New-AzureRmApplicationGatewayFrontendIPConfig `
+  -Name myAGFrontendIPConfig `
+  -PublicIPAddress $pip
+$frontendPort = New-AzureRmApplicationGatewayFrontendPort `
+  -Name myFrontendPort `
+  -Port 443
+```
+
+### Create the backend pool and settings
+
+Create the backend pool named *appGatewayBackendPool* for the application gateway using [New-AzureRmApplicationGatewayBackendAddressPool](/powershell/module/azurerm.network/new-azurermapplicationgatewaybackendaddresspool). Configure the settings for the backend pool using [New-AzureRmApplicationGatewayBackendHttpSettings](/powershell/module/azurerm.network/new-azurermapplicationgatewaybackendhttpsettings).
+
+```powershell
+$defaultPool = New-AzureRmApplicationGatewayBackendAddressPool `
+  -Name appGatewayBackendPool 
+$poolSettings = New-AzureRmApplicationGatewayBackendHttpSettings `
+  -Name myPoolSettings `
+  -Port 80 `
+  -Protocol Http `
+  -CookieBasedAffinity Enabled `
+  -RequestTimeout 120
+```
+
+### Create the default listener and rule
+
+A listener is required to enable the application gateway to route traffic appropriately to the backend pool. In this example, you create a basic listener that listens for HTTPS traffic at the root URL. 
+
+Create a certificate object using [New-AzureRmApplicationGatewaySslCertificate](/powershell/module/azurerm.network/new-azurermapplicationgatewaysslcertificate) and then create a listener named *appGatewayHttpListener* using [New-AzureRmApplicationGatewayHttpListener](/powershell/module/azurerm.network/new-azurermapplicationgatewayhttplistener) with the frontend configuration, frontend port, and certificate that you previously created. A rule is required for the listener to know which backend pool to use for incoming traffic. Create a basic rule named *rule1* using [New-AzureRmApplicationGatewayRequestRoutingRule](/powershell/module/azurerm.network/new-azurermapplicationgatewayrequestroutingrule).
+
+```powershell
+$pwd = ConvertTo-SecureString `
+  -String "Azure123456!" `
+  -Force `
+  -AsPlainText
+$cert = New-AzureRmApplicationGatewaySslCertificate `
+  -Name "appgwcert" `
+  -CertificateFile "c:\appgwcert.pfx" `
+  -Password $pwd
+$defaultListener = New-AzureRmApplicationGatewayHttpListener `
+  -Name appGatewayHttpListener `
+  -Protocol Https `
+  -FrontendIPConfiguration $fipconfig `
+  -FrontendPort $frontendPort `
+  -SslCertificate $cert
+$frontendRule = New-AzureRmApplicationGatewayRequestRoutingRule `
+  -Name rule1 `
+  -RuleType Basic `
+  -HttpListener $defaultListener `
+  -BackendAddressPool $defaultPool `
+  -BackendHttpSettings $poolSettings
+```
+
+### Create the application gateway
+
+Now that you created the necessary supporting resources, specify parameters for the application gateway named *myAppGateway* using [New-AzureRmApplicationGatewaySku](/powershell/module/azurerm.network/new-azurermapplicationgatewaysku), and then create it using [New-AzureRmApplicationGateway](/powershell/module/azurerm.network/new-azurermapplicationgateway) with the certificate.
+
+```powershell
+$sku = New-AzureRmApplicationGatewaySku `
+  -Name Standard_Medium `
+  -Tier Standard `
+  -Capacity 2
+$appgw = New-AzureRmApplicationGateway `
+  -Name myAppGateway `
+  -ResourceGroupName myResourceGroupAG `
+  -Location eastus `
+  -BackendAddressPools $defaultPool `
+  -BackendHttpSettingsCollection $poolSettings `
+  -FrontendIpConfigurations $fipconfig `
+  -GatewayIpConfigurations $gipconfig `
+  -FrontendPorts $frontendPort `
+  -HttpListeners $defaultListener `
+  -RequestRoutingRules $frontendRule `
+  -Sku $sku `
+  -SslCertificates $cert
+```
+
+## Add a listener and redirection rule
+
+### Add the HTTP port
+
+Add the HTTP port to the application gateway using [Add-AzureRmApplicationGatewayFrontendPort](/powershell/module/azurerm.network/add-azurermapplicationgatewayfrontendport).
+
+```powershell
+$appgw = Get-AzureRmApplicationGateway `
+  -Name myAppGateway `
+  -ResourceGroupName myResourceGroupAG
+Add-AzureRmApplicationGatewayFrontendPort `
+  -Name httpPort  `
+  -Port 80 `
+  -ApplicationGateway $appgw
+```
+
+### Add the HTTP listener
+
+Add the HTTP listener named *myListener* to the application gateway using [Add-AzureRmApplicationGatewayHttpListener](/powershell/module/azurerm.network/add-azurermapplicationgatewayhttplistener).
+
+```powershell
+$fipconfig = Get-AzureRmApplicationGatewayFrontendIPConfig `
+  -Name myAGFrontendIPConfig `
+  -ApplicationGateway $appgw
+$fp = Get-AzureRmApplicationGatewayFrontendPort `
+  -Name httpPort `
+  -ApplicationGateway $appgw
+Add-AzureRmApplicationGatewayHttpListener `
+  -Name myListener `
+  -Protocol Http `
+  -FrontendPort $fp `
+  -FrontendIPConfiguration $fipconfig `
+  -ApplicationGateway $appgw
+```
+
+### Add the redirection configuration
+
+Add the HTTP to HTTPS redirection configuration to the application gateway using [Add-AzureRmApplicationGatewayRedirectConfiguration](/powershell/module/azurerm.network/add-azurermapplicationgatewayredirectconfiguration).
+
+```powershell
+$defaultListener = Get-AzureRmApplicationGatewayHttpListener `
+  -Name appGatewayHttpListener `
+  -ApplicationGateway $appgw
+Add-AzureRmApplicationGatewayRedirectConfiguration -Name httpToHttps `
+  -RedirectType Permanent `
+  -TargetListener $defaultListener `
+  -IncludePath $true `
+  -IncludeQueryString $true `
+  -ApplicationGateway $appgw
+```
+
+### Add the routing rule
+
+Add the routing rule with the redirection configuration to the application gateway using [Add-AzureRmApplicationGatewayRequestRoutingRule](/powershell/module/azurerm.network/add-azurermapplicationgatewayrequestroutingrule).
+
+```powershell
+$myListener = Get-AzureRmApplicationGatewayHttpListener `
+  -Name myListener `
+  -ApplicationGateway $appgw
+$redirectConfig = Get-AzureRmApplicationGatewayRedirectConfiguration `
+  -Name httpToHttps `
+  -ApplicationGateway $appgw
+Add-AzureRmApplicationGatewayRequestRoutingRule `
+  -Name rule2 `
+  -RuleType Basic `
+  -HttpListener $myListener `
+  -RedirectConfiguration $redirectConfig `
+  -ApplicationGateway $appgw
+Set-AzureRmApplicationGateway -ApplicationGateway $appgw
+```
+
+## Create a virtual machine scale set
+
+In this example, you create a virtual machine scale set to provide servers for the backend pool in the application gateway. You assign the scale set to the backend pool when you configure the IP settings.
+
+```powershell
+$vnet = Get-AzureRmVirtualNetwork `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myVNet
+$appgw = Get-AzureRmApplicationGateway `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myAppGateway
+$backendPool = Get-AzureRmApplicationGatewayBackendAddressPool `
+  -Name appGatewayBackendPool `
+  -ApplicationGateway $appgw
+$ipConfig = New-AzureRmVmssIpConfig `
+  -Name myVmssIPConfig `
+  -SubnetId $vnet.Subnets[1].Id `
+  -ApplicationGatewayBackendAddressPoolsId $backendPool.Id
+$vmssConfig = New-AzureRmVmssConfig `
+  -Location eastus `
+  -SkuCapacity 2 `
+  -SkuName Standard_DS2 `
+  -UpgradePolicyMode Automatic
+Set-AzureRmVmssStorageProfile $vmssConfig `
+  -ImageReferencePublisher MicrosoftWindowsServer `
+  -ImageReferenceOffer WindowsServer `
+  -ImageReferenceSku 2016-Datacenter `
+  -ImageReferenceVersion latest
+Set-AzureRmVmssOsProfile $vmssConfig `
+  -AdminUsername azureuser `
+  -AdminPassword "Azure123456!" `
+  -ComputerNamePrefix myvmss
+Add-AzureRmVmssNetworkInterfaceConfiguration `
+  -VirtualMachineScaleSet $vmssConfig `
+  -Name myVmssNetConfig `
+  -Primary $true `
+  -IPConfiguration $ipConfig
+New-AzureRmVmss `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myvmss `
+  -VirtualMachineScaleSet $vmssConfig
+```
+
+### Install IIS
+
+```powershell
+$publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/davidmu1/samplescripts/master/appgatewayurl.ps1"); 
+  "commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File appgatewayurl.ps1" }
+$vmss = Get-AzureRmVmss -ResourceGroupName myResourceGroupAG -VMScaleSetName myvmss
+Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss `
+  -Name "customScript" `
+  -Publisher "Microsoft.Compute" `
+  -Type "CustomScriptExtension" `
+  -TypeHandlerVersion 1.8 `
+  -Setting $publicSettings
+Update-AzureRmVmss `
+  -ResourceGroupName myResourceGroupAG `
+  -Name myvmss `
+  -VirtualMachineScaleSet $vmss
+```
+
+## Test the application gateway
+
+You can use [Get-AzureRmPublicIPAddress](/powershell/module/azurerm.network/get-azurermpublicipaddress) to get the public IP address of the application gateway. Copy the public IP address, and then paste it into the address bar of your browser. For example, http://52.170.203.149
+
+```powershell
+Get-AzureRmPublicIPAddress -ResourceGroupName myResourceGroupAG -Name myAGPublicIPAddress
+```
+
+![Secure warning](./media/redirect-http-to-https-powershell/application-gateway-secure.png)
+
+To accept the security warning if you used a self-signed certificate, select **Details** and then **Go on to the webpage**. Your secured IIS website is then displayed as in the following example:
+
+![Test base URL in application gateway](./media/redirect-http-to-https-powershell/application-gateway-iistest.png)
+
+## Next steps
+
+In this tutorial, you learned how to:
+
+> [!div class="checklist"]
+> * Create a self-signed certificate
+> * Set up a network
+> * Create an application gateway with the certificate
+> * Add a listener and redirection rule
+> * Create a virtual machine scale set with the default backend pool