Lightly related to How to add an SSL certificate to an azure website using powershell?
I am trying to add a certificate to an Azure RM website via Powershell.
I don't think there is a direct Azure Powershell command, and it will need to be done via New-AzureRmResource
In the latest release of Azure PowerShell v 1.1.0, there is a number of new commands to handle SSL certificates in Azure Web Apps
You can upload the certificate and bind it to hostname using
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
And then remove the binding but without removing the certificate, the app should be able to use it after you add a app setting referencing that cert (this should be done using the portal - the PowerShell command to do so will come soon - No ETA for now)
Remove-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -Name www.contoso.com -DeleteCertificate $false
Looking through the ARM Template the "Microsoft.Web/certificates" template takes a pfxblob and a password.
It seems the easiest way of obtaining a pfxblob is via New-AzureRmApplicationGatewaySslCertificate (thanks to #vigneshaj for the pointer) reading the source, it seems that this is simply a local conversation cmdlet. So it doesn't matter that it is for an application gateway, all we need is the data it passes back.
$pfx = New-AzureRmApplicationGatewaySslCertificate -Name example `
-CertificateFile E:\PS\example.pfx `
-Password "bananas"
Once we have that data, we can simply plug it into New-AzureRmResource and it will create our certificate on Azure.
The small problem with this, is that if you're a cheapskate (like me) and you've obtained a free cert from that Chinese CA that gives sha256 certs, this process will strip off the certificate that signs pages with sha256, and so it falls back to TLS 1.2, which gives errors (on Chrome at least)
$ResourceLocation = "West Europe"
$ResourceName = "Newcertificate"
$PropertiesObject = #{
pfxBlob = $pfx.Data
password = $pfx.Password
}
New-AzureRmResource -Name $ResourceName -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/certificates `
-ApiVersion 2015-08-01 -Force
The next job from there is configuring your Web App to use that cert. Because these properties are child objects of the hostNameSslStates array I created an inner hash table, and then attached that. I'm sure there's a more elegant way, but this worked!
$ResourceName = "ConfuseioWebapp"
$InnerPropertiesObject = #{
name = "www.example.com"
sslState = 1
thumbprint = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
}
$PropertiesObject = #{
"hostNameSslStates" = [Object[]]$InnerPropertiesObject
}
New-AzureRmResource -Name $ResourceName `
-Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/sites `
-ApiVersion 2015-08-01 -Force
And that is pretty much it.
I came across the below article, which configures SSL through powershell, by creating Azure Application Gateway
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-ssl/
Related
I am trying to import API using swagger.json file using Azure Pipeline. I have added a Azure CLI Task Version 2. Selected Script Type as Powershell Core.
In the inline script I have used below commands
$apiMgmtContext = New-AzApiManagementContext -ResourceGroupName $ResourceGroupName -ServiceName $ServiceName
$api = Get-AzApiManagementApi -Context $apiMgmtContext -Name $ApiName
The first one is working fine. But the second line of code is throwing error.
Below is the error I get:
I have searched this error Status Code : CloseError But no solid information on the same. I tried to Install few powershell modules for Azure Api , still it gives the same error.
I have tried with the below mentioned Azure APIM PowerShell Commands to get the API details from the Azure APIM Instance and got expected results:
$ApimResource = New-AzApiManagement -Name "pravusapim1205" -ResourceGroupName "pravutestrg" -Location "West US" -Organization "Contoso" -AdminEmail "admin#contoso.com"
$ApimResourceDetails = Get-AzApiManagement -Name "pravusapim1205" -ResourceGroupName "pravutestrg"
$ApimResourceDetails
$ApiMgmtContext = New-AzApiManagementContext -ResourceGroupName "pravutestrg" -ServiceName "pravusapim1205"
$ApiName = "Echo API"
$api = Get-AzApiManagementApi -Context $apiMgmtContext -Name $ApiName
$api
Output:
Reference: GitHub Doc on APIM PS Commands.
I am trying to configure Function App Private Key binding to a Key Vault connection using PowerShell
I can successfully do it with Portal as shown below
I have tried various iterations of the following command against the Function App and the App Service Plan but it seems this is not supported.
Import-AzWebAppKeyVaultCertificate -ResourceGroupName $ResourceGroupName -KeyVaultName $vaultName -CertName $CertName -WebAppName "Don't think this CMDLet Supports Azure Functions"
Can anyone suggest a workaround or the correct CMDLet for this?
When I configure it manually I can see it when I run
Get-AzWebAppCertificate
Managed to get it working with this:
$appServicePlan = Get-AzAppServicePlan -Name $AppServicePlanName -ResourceGroupName $ResourceGroupName;
$PropertiesObject = #{
keyVaultId = $keyVault.ResourceId
keyVaultSecretName = $ADServicePrincipalCertificateName
serverFarmId = $appServicePlan.Id
}
New-AzResource -Name $ADServicePrincipalCertificateName -Location $kv.Location -PropertyObject $PropertiesObject -ResourceGroupName $ResourceGroupName -ResourceType Microsoft.Web/certificates -ApiVersion 2015-08-01 -Force;
I know it can be done using Azure CLI like this:
az webapp vnet-integration add -g $resourceGroupName -n $applicationName --vnet $vnetName --subnet $subnetName
Is there an equivalent command using PowerShell Az?
If you reference the docs at https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet, at the bottom is a link to the Script Center gallery where this is a full PS1 script at https://gallery.technet.microsoft.com/scriptcenter/Connect-an-app-in-Azure-ab7527e3 which shows how to integrate web app with vnet.
The final lines of interest (it uses AzureRM, but should be easy to convert to Az):
$PropertiesObject = #{
"vnetName" = $VirtualNetworkName; "vpnPackageUri" = $packageUri
}
New-AzureRmResource -Location $location -Properties $PropertiesObject -ResourceName "$($webAppName)/$($vnetName)/primary" -ResourceType "Microsoft.Web/sites/virtualNetworkConnections/gateways" -ApiVersion 2015-08-01 -ResourceGroupName $webAppResourceGroup -Force
What is the equivalient of this code using New-AzAppServicePlan?
az appservice plan create --resource-group $ServerFarmResourceGroupName `
--name $AppServicePlanName `
--is-linux `
--location $ResourceGroupLocation `
--sku $AppServicePlanTier `
--number-of-workers $NumberOfWorkers
Is there really no way to create an App Service Plan using Az Powershell? Why can it only be done via Azure CLI or ARM?
I only found this answer, which basically uses ARM directly: How do I use Powershell to create an Azure Web App that runs on Linux?
There are some issues about this, suppose for now this is not supported for New-AzureRmAppServicePlan, however you could use New-AzureRmResource to create a linux plan. You could try the below command.
New-AzureRmResource -ResourceGroupName <>group name -Location "Central US" -ResourceType microsoft.web/serverfarms -ResourceName <plan name> -kind linux -Properties #{reserved="true"} -Sku #{name="S1";tier="Standard"; size="S1"; family="S"; capacity="1"} -Force
I originally used my script to create a ConsumptionPlan (Y1) through PowerShell and AzureCLI because I don't like when Azure put a generated name when creating a ConsumptionPlan.
Please find my solution to create a Linux App Service Plan (B1) using New-AzResource:
$fullObject = #{
location = "West Europe"
sku = #{
name = "B1"
tier = "Basic"
}
kind = "linux"
properties = #{
reserved = $true
}
}
$resourceGroupName = "rg-AppServicePlanLinux"
$serverFarmName = "aspl-test"
Write-Host "Step 1: CREATING APP SERVICE PLAN B1:Basic named [$serverFarmName]"
# Create a server farm which will host the function app in the resource group specified
New-AzResource -ResourceGroupName $resourceGroupName -ResourceType "Microsoft.Web/serverfarms" -Name $serverFarmName -IsFullObject -PropertyObject $fullObject -Force
So I used the ARM template to understand which information you need to provide on the -PropertyObject parameter
It also now seems possible to do an App Service Plan Linux with New-AzAppServicePlan command since Az PowerShell 4.3.0 (June 2020) with the parameter -Linux
Az.Websites
Added safeguard to delete created webapp if restore failed in 'Restore-AzDeletedWebApp'
Added 'SourceWebApp.Location' for 'New-AzWebApp' and 'New-AzWebAppSlot'
Fixed bug that prevented changing Container settings in 'Set-AzWebApp' and 'Set-AzWebAppSlot'
Fixed bug to get SiteConfig when -Name is not given for Get-AzWebApp
Added a support to create ASP for Linux Apps
Added exceptions for clone across resource groups
Release Note: https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-5.6.0&viewFallbackFrom=azps-4.3.0#azwebsites-7
New-AzAppServicePlan: https://learn.microsoft.com/en-us/powershell/module/az.websites/new-azappserviceplan?view=azps-5.6.0
If you get "The Service is unavailable" after deploying your new Function app (Consumption Plan) with Azure CLI, please make sure the following statement from Microsoft:
https://github.com/Azure/Azure-Functions/wiki/Creating-Function-Apps-in-an-existing-Resource-Group
I waste the whole day because I got another Function App (Premium Plan) in the same resource group I used to deploy the Consumption one.
This worked for me:
Adding -Linux as a parameter to my command
New-AzAppServicePlan -ResourceGroupName $RESOURCE_GROUP_NAME -Name $APP_SERVICE_PLAN_NAME -Location $RESOURCE_LOCATION -Linux -Tier $APP_SERVICE_PLAN_TIER -NumberofWorkers $APP_SERVICE_PLAN_WORKERS -WorkerSize $APP_SERVICE_PLAN_WORKER_SIZE
Example:
New-AzAppServicePlan -ResourceGroupName 'MyResourceGroup' -Name 'MyServicePlan' -Location 'northeurope' -Linux -Tier 'PremiumV2' -NumberofWorkers 2 -WorkerSize Medium
That's all.
I hope this helps
Anyone aware of cmdlet for creating API App in powershell? I tried searching for it, but couldn't find anything. I think New-AzureRmWebApp is way to go by passing some type, has anyone idea about it?
As mentioned by evilSnobu in this link it worked with slight modification. So I am posting the answer if someone needs it.
# CREATE "just-an-api" API App
$ResourceLocation = "West US"
$ResourceName = "just-an-api"
$ResourceGroupName = "demo"
# If we want to create under a specific app plan, we need to pass the server farmid in format
$serverFarmId = "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Web/serverfarms/<app_service_plan_name>;
#If nothing is passed inside $PropertiesObject, it create s default app service plan.
$PropertiesObject = #{"serverFarmId"=$serverFarmId}
New-AzureRmResource -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName $ResourceGroupName `
-ResourceType Microsoft.Web/sites `
-ResourceName "just-an-api" ` #removing $ResourceName, as either one is required.
-Kind 'api' `
-ApiVersion 2016-08-01 -Force