Created
May 22, 2021 22:00
-
-
Save anjijava16/fd5e50b5ea6ce1988a328898bae28057 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # az vm create command to create a Linux VM: | |
| az vm create \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --name myvmanji \ | |
| --image UbuntuLTS \ | |
| --admin-username azureuser \ | |
| --generate-ssh-keys | |
| #Run the following az vm extension set command to configure Nginx on your VM: | |
| az vm extension set \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --vm-name myvmanji \ | |
| --name customScript \ | |
| --publisher Microsoft.Azure.Extensions \ | |
| --version 2.1 \ | |
| --settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-welcome-to-azure/master/configure-nginx.sh"]}' \ | |
| --protected-settings '{"commandToExecute": "./configure-nginx.sh"}' | |
| Run the following az vm list-ip-addresses command to get your VM's IP address and store the result as a Bash variable: | |
| Azure CLI | |
| # Access your web server | |
| IPADDRESS="$(az vm list-ip-addresses \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --name myvmanji \ | |
| --query "[].virtualMachine.network.publicIpAddresses[*].ipAddress" \ | |
| --output tsv)" | |
| Run the following curl command to download the home page: | |
| curl --connect-timeout 5 http://$IPADDRESS | |
| # Run the following to print your VM's IP address to the console: | |
| echo $IPADDRESS | |
| #Run the following az network nsg list command to list the network security groups that are associated with your | |
| az network nsg list \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --query '[].name' \ | |
| --output tsv | |
| # Run the following az network nsg rule list command to list the rules associated with the NSG named my-vmNSG: | |
| az network nsg rule list \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --nsg-name myvmanjiNSG | |
| [ | |
| { | |
| "access": "Allow", | |
| "description": null, | |
| "destinationAddressPrefix": "*", | |
| "destinationAddressPrefixes": [], | |
| "destinationApplicationSecurityGroups": null, | |
| "destinationPortRange": "22", | |
| "destinationPortRanges": [], | |
| "direction": "Inbound", | |
| "etag": "W/\"5bbc321f-e805-4760-a084-45990b40efe7\"", | |
| "id": "/subscriptions/1e508372-582b-451d-a55d-90a61d194ab3/resourceGroups/learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630/providers/Microsoft.Network/networkSecurityGroups/myvmanjiNSG/securityRules/default-allow-ssh", | |
| "name": "default-allow-ssh", | |
| "priority": 1000, | |
| "protocol": "Tcp", | |
| "provisioningState": "Succeeded", | |
| "resourceGroup": "learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630", | |
| "sourceAddressPrefix": "*", | |
| "sourceAddressPrefixes": [], | |
| "sourceApplicationSecurityGroups": null, | |
| "sourcePortRange": "*", | |
| "sourcePortRanges": [], | |
| "type": "Microsoft.Network/networkSecurityGroups/securityRules" | |
| } | |
| ] | |
| #Run the az network nsg rule list command a second time. | |
| This time, use the --query argument to retrieve only the name, priority, affected ports, and access (Allow or Deny) for each rule. | |
| The --output argument formats the output as a table so that it's easy to read. | |
| az network nsg rule list \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --nsg-name myvmanjiNSG \ | |
| --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \ | |
| --output table | |
| # Create the network security rule | |
| Here, you create a network security rule that allows inbound access on port 80 (HTTP). | |
| Run the following az network nsg rule create command to create a rule called allow-http that allows inbound access on port 80: | |
| az network nsg rule create \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --nsg-name myvmanjiNSG \ | |
| --name allow-http \ | |
| --protocol tcp \ | |
| --priority 100 \ | |
| --destination-port-ranges 80 \ | |
| --access Allow | |
| For learning purposes, here you set the priority to 100. In this case, the priority doesn't matter. You would need to consider the priority if you had overlapping port ranges. | |
| # To verify the configuration, run az network nsg rule list to see the updated list of rules: | |
| az network nsg rule list \ | |
| --resource-group learn-85594f60-ef0f-4f1e-ad12-08bf2ea66630 \ | |
| --nsg-name myvmanjiNSG \ | |
| --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \ | |
| --output table | |
| You see this both the default-allow-ssh rule and your new rule, allow-http: | |
| Name Priority Port Access | |
| ----------------- ---------- ------ -------- | |
| default-allow-ssh 1000 22 Allow | |
| allow-http 100 80 Allow | |
| Access your web server again | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment