By far, the most convenient way to configure Azure Application Gateway is to use ARM template. The reasons are:
– Application gateway configuration could be really complex, it may have multiple backend server pools, listeners and complicated routing rules
– Application gateway is generally slow to configure. It’s not uncommon to wait 10-15 minutes for an action to complete
However, Microsoft still didn’t publish the schema for Application Gateway ARM template (at least not at the moment this article is being written). There are some examples of ARM templates for application gateway which are available at https://docs.microsoft.com/en-us/azure/application-gateway/, and there are some templates could be found there: https://github.com/Azure/azure-quickstart-templates. However, these examples don’t cover all possible application gateway configuration scenarios. One of the scenarios which I found missing is custom probes.
Custom probes could be useful when backend server exposes non-standard health monitoring endpoint (which could be the case, for example, when the backend server is hosting web service).
Using awesome tool at https://resources.azure.com/ I was able to reverse-engineer custom probes and implement them in ARM template. Here is a syntax:
"probes": [ { "name": "<probe name>", "properties": { "protocol": "<protocol>", "host": "<host>", "path": "<path>", "interval": <interval>, "timeout": <timeout>, "unhealthyThreshold": <threshold> } } ]
Where:
- <probe name> – well, a probe name. Any valid name.
- <protocol> – either “http” or “https”. Backend server should be able to handle it.
- <host> – host name for the backend server. It mostly makes sense with multi-site configuration or when backend server is App Service. Otherwise use 127.0.0.1.
- <path> – HTTP GET path to the health monitoring endpoint. Should always start with “/”.
- <interval> – how often (in seconds) app gateway should check health monitor.
- <timeout> – time, in seconds, in which backend server should answer to health monitor request
- <threshold> – number of failed attempts after which the backend server is considered to be unhealthy.
Custom probe should be referenced from backend HTTP settings element. Example:
{ "name": "appGatewayBackendHttpSettings", "properties": { "Port": 81, "Protocol": "Http", "CookieBasedAffinity": false, "requestTimeout": 120, "probe": { "id": "[concat(variables('applicationGatewayID'), '/probes/<probe name>')]" } } }
” – either “http” or “https”. Backend server should be able to handle it.”
As far as I know, health probes don’t support https. You can only choose between http and tcp: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview#http-custom-probe