-
-
Notifications
You must be signed in to change notification settings - Fork 42
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3ed3e4e
commit 9670af0
Showing
43 changed files
with
2,410 additions
and
113 deletions.
There are no files selected for viewing
Binary file not shown.
This file was deleted.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
output "vm_linux_hub_private_ip" { | ||
value = azurerm_linux_virtual_machine.vm.private_ip_address | ||
} | ||
|
||
output "vm_windows_hub_private_ip" { | ||
value = azurerm_windows_virtual_machine.vm.private_ip_address | ||
} | ||
|
||
output "storage_account_url" { | ||
value = azurerm_storage_account.sa.primary_blob_endpoint | ||
} | ||
|
||
output "storage_account_blob_url" { | ||
value = azurerm_storage_blob.blob.url | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
resource "azurerm_resource_group" "rg" { | ||
name = "rg-vnet-gateway-basic-${var.prefix}" | ||
name = "rg-vpn-gateway-p2s-${var.prefix}" | ||
location = "westeurope" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "azurerm_storage_account" "sa" { | ||
name = "storageaccgw${var.prefix}" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
location = azurerm_resource_group.rg.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
} | ||
|
||
resource "azurerm_storage_container" "container" { | ||
name = "content" | ||
storage_account_name = azurerm_storage_account.sa.name | ||
container_access_type = "private" | ||
} | ||
|
||
resource "azurerm_storage_blob" "blob" { | ||
name = "my-awesome-content.zip" | ||
storage_account_name = azurerm_storage_account.sa.name | ||
storage_container_name = azurerm_storage_container.container.name | ||
type = "Block" | ||
source = "Readme.md" | ||
} |
434 changes: 347 additions & 87 deletions
434
800_onprem_vpn/terraform.tfstate → 800_onprem_vpn_gateway_p2s/terraform.tfstate
Large diffs are not rendered by default.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Azure VNET Gateway | ||
|
||
![](images/architecture.png) | ||
|
||
```sh | ||
terraform init | ||
terraform apply -auto-approve | ||
``` |
Binary file not shown.
18 changes: 18 additions & 0 deletions
18
810_onprem_vpn_gateway_p2s_hub_spokes/certs/P2SRootCert810.cer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIC7TCCAdWgAwIBAgIQVm8qtZVhm4RPvkrpQFQThzANBgkqhkiG9w0BAQsFADAZ | ||
MRcwFQYDVQQDDA5QMlNSb290Q2VydDgxMDAeFw0yNDAxMjkwNzAxMzRaFw0yNjAx | ||
MjkwNzExMzRaMBkxFzAVBgNVBAMMDlAyU1Jvb3RDZXJ0ODEwMIIBIjANBgkqhkiG | ||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3DVYXMtGqhHckZEhKR4Cg56nLiQ/G1smbp | ||
aAd64XyB4lDkOAMB8RMiCX0r4RC+UcOIjunIeC4B9pRKxoZoa2zTjKpUmqV/p1l+ | ||
CEEkiWEMB/P/ydu2nzaiF4lfRxvlrJvxVY1dF7VAwdvYgQR8Gpe60lVlLNBCQD6v | ||
LexWHTlIAVo5qTu/iosYgjkVT8ZYGLDKHAkS5BEO6exU50Awn5m2FzO4/jiChPy9 | ||
W4uLvCaY1hYTnP3DamRiMLf2ONhMprlCZxE4/Cbb4+ot6fnN05WCSPBmZMdk8VaV | ||
pFyfunbN0JX2wkSbDv2amMr/+LTUBzq2O/mocDibCffQgC12sQIDAQABozEwLzAO | ||
BgNVHQ8BAf8EBAMCAgQwHQYDVR0OBBYEFDnxacYgutdyRhxGOyJg92t3E5M1MA0G | ||
CSqGSIb3DQEBCwUAA4IBAQAqCHLsT8iyp2kl9Y0n7wtgakhacj0YoVxMBqpS8hy/ | ||
Evc0CBquJXbVDKRAtTeEoYyV5sIIBgxpflfZaSFj4T3Qx10pJqDdG2UCX9sz3ozW | ||
uSIq1c8Rk0XZjG9zX6iLLFrrsftR1WS8vfFv+6uy99Pgpw0CPUbRkxwcXczB368S | ||
QEI03Jx1+fQ13t2Kxtk+zHtfP7kdp/l4zVHTbPpNGnPkHj92pXOwvFHezfN3kwuJ | ||
soqt5nMpk/fn70EtNkMz2zGKO5NhkId+xvpBTrIF12z8UBl6fz9lmnJp/3CYioSu | ||
XaMyoPG2cqdO6H3cwa6S9DHrbeEY3PqsShXKxWYuI1Vr | ||
-----END CERTIFICATE----- |
Binary file added
BIN
+753 Bytes
810_onprem_vpn_gateway_p2s_hub_spokes/certs/P2SRootCert810Encoded.cer
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site | ||
# https://learn.microsoft.com/en-us/azure/storage/files/storage-files-configure-p2s-vpn-windows?tabs=azure-portal | ||
|
||
# Generate and export certificates for point-to-site using PowerShell | ||
|
||
# Create a self-signed root certificate | ||
|
||
$RootCertName = "CN=P2SRootCert810" | ||
|
||
$params = @{ | ||
Type = 'Custom' | ||
Subject = $RootCertName | ||
KeySpec = 'Signature' | ||
KeyExportPolicy = 'Exportable' | ||
KeyUsage = 'CertSign' | ||
KeyUsageProperty = 'Sign' | ||
KeyLength = 2048 | ||
HashAlgorithm = 'sha256' | ||
NotAfter = (Get-Date).AddMonths(24) | ||
CertStoreLocation = 'Cert:\CurrentUser\My' | ||
} | ||
|
||
$RootCert = New-SelfSignedCertificate @params | ||
|
||
Export-Certificate -Cert $RootCert -FilePath ".\P2SRootCert810Encoded.cer" -NoClobber | Out-Null | ||
|
||
certutil -encode ".\P2SRootCert810Encoded.cer" ".\P2SRootCert810.cer" | Out-Null | ||
|
||
# Generate a client certificate | ||
# Optional if you want to use the certificate in another machine | ||
|
||
Get-ChildItem -Path "Cert:\CurrentUser\My" | ||
|
||
$params = @{ | ||
Type = 'Custom' | ||
Subject = 'CN=P2SClientCert810' | ||
DnsName = 'P2SClientCert810' | ||
KeySpec = 'Signature' | ||
KeyExportPolicy = 'Exportable' | ||
KeyLength = 2048 | ||
HashAlgorithm = 'sha256' | ||
NotAfter = (Get-Date).AddMonths(18) | ||
CertStoreLocation = 'Cert:\CurrentUser\My' | ||
Signer = $RootCert | ||
TextExtension = @( | ||
'2.5.29.37={text}1.3.6.1.5.5.7.3.2') | ||
} | ||
|
||
$ClientCert = New-SelfSignedCertificate @params | ||
|
||
# Export the root certificate public key (.cer) | ||
|
||
$CertPwd = ConvertTo-SecureString -String "@Aa123456789" -Force -AsPlainText | ||
|
||
Export-PfxCertificate -FilePath ".\P2SClientCert810.pfx" -Password $CertPwd -Cert $ClientCert | Out-Null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
sudo apt install nginx -y | ||
|
||
IP=$(hostname -i) | ||
|
||
echo "Hello from virtual machine: $HOSTNAME, with IP address: $IP" > /var/www/html/index.html |
7 changes: 7 additions & 0 deletions
7
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/install-webapp.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
sudo apt install nginx -y | ||
|
||
IP=$(hostname -i) | ||
|
||
echo "Hello from virtual machine: $HOSTNAME, with IP address: $IP" > /var/www/html/index.html |
3 changes: 3 additions & 0 deletions
3
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/output.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "vm_linux_private_ip" { | ||
value = azurerm_linux_virtual_machine.vm.private_ip_address | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
resource "azurerm_resource_group" "rg" { | ||
name = "rg-${var.spoke_name}" | ||
location = var.spoke_rg_location | ||
} |
8 changes: 8 additions & 0 deletions
8
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/variables.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
variable "spoke_name" { type = string } | ||
variable "spoke_rg_location" { type = string } | ||
variable "spoke_vnet_cidr" { type = string } | ||
variable "allow_gateway_transit" { type = bool } | ||
variable "hub_vnet" { type = object({ | ||
name = string, | ||
rg = string, | ||
id = string }) } |
49 changes: 49 additions & 0 deletions
49
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/vm-linux.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
resource "azurerm_public_ip" "pip-vm" { | ||
name = "pip-vm" | ||
location = azurerm_resource_group.rg.location | ||
resource_group_name = azurerm_resource_group.rg.name | ||
allocation_method = "Dynamic" | ||
} | ||
|
||
resource "azurerm_network_interface" "nic-vm" { | ||
name = "nic-vm" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
location = azurerm_resource_group.rg.location | ||
enable_ip_forwarding = false | ||
|
||
ip_configuration { | ||
name = "internal" | ||
subnet_id = azurerm_subnet.subnet-vm.id | ||
private_ip_address_allocation = "Dynamic" | ||
public_ip_address_id = azurerm_public_ip.pip-vm.id | ||
} | ||
} | ||
|
||
resource "azurerm_linux_virtual_machine" "vm" { | ||
name = "vm-linux-${var.spoke_name}" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
location = azurerm_resource_group.rg.location | ||
size = "Standard_B2als_v2" | ||
disable_password_authentication = false | ||
admin_username = "azureuser" | ||
admin_password = "@Aa123456789" | ||
network_interface_ids = [azurerm_network_interface.nic-vm.id] | ||
|
||
custom_data = filebase64("./install-webapp.sh") | ||
|
||
os_disk { | ||
caching = "ReadWrite" | ||
storage_account_type = "Standard_LRS" | ||
} | ||
|
||
source_image_reference { | ||
publisher = "canonical" | ||
offer = "0001-com-ubuntu-server-jammy" | ||
sku = "22_04-lts-gen2" | ||
version = "latest" | ||
} | ||
|
||
boot_diagnostics { | ||
storage_account_uri = null | ||
} | ||
} |
21 changes: 21 additions & 0 deletions
21
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/vnet-peering.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "azurerm_virtual_network_peering" "peering-hub-to-spoke" { | ||
name = "peering-hub-to-${var.spoke_name}" | ||
virtual_network_name = var.hub_vnet.name | ||
resource_group_name = var.hub_vnet.rg | ||
remote_virtual_network_id = azurerm_virtual_network.vnet-spoke.id | ||
allow_virtual_network_access = true | ||
allow_forwarded_traffic = true | ||
allow_gateway_transit = var.allow_gateway_transit | ||
use_remote_gateways = false | ||
} | ||
|
||
resource "azurerm_virtual_network_peering" "peering-spoke-to-hub" { | ||
name = "peering-${var.spoke_name}-to-hub" | ||
virtual_network_name = azurerm_virtual_network.vnet-spoke.name | ||
resource_group_name = azurerm_virtual_network.vnet-spoke.resource_group_name | ||
remote_virtual_network_id = var.hub_vnet.id | ||
allow_virtual_network_access = true | ||
allow_forwarded_traffic = true | ||
allow_gateway_transit = false | ||
use_remote_gateways = true | ||
} |
14 changes: 14 additions & 0 deletions
14
810_onprem_vpn_gateway_p2s_hub_spokes/modules/spoke/vnet-spoke.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
resource "azurerm_virtual_network" "vnet-spoke" { | ||
name = "vnet-${var.spoke_name}" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
location = azurerm_resource_group.rg.location | ||
address_space = [var.spoke_vnet_cidr] | ||
dns_servers = null | ||
} | ||
|
||
resource "azurerm_subnet" "subnet-vm" { | ||
name = "subnet-vm" | ||
resource_group_name = azurerm_virtual_network.vnet-spoke.resource_group_name | ||
virtual_network_name = azurerm_virtual_network.vnet-spoke.name | ||
address_prefixes = [cidrsubnet(var.spoke_vnet_cidr, 8, 0)] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
output "vm_linux_hub_private_ip" { | ||
value = azurerm_linux_virtual_machine.vm.private_ip_address | ||
} | ||
|
||
output "storage_account_url" { | ||
value = azurerm_storage_account.sa.primary_blob_endpoint | ||
} | ||
|
||
output "storage_account_blob_url" { | ||
value = azurerm_storage_blob.blob.url | ||
} | ||
|
||
output "vm_linux_spoke1_private_ip" { | ||
value = module.spoke1.vm_linux_private_ip | ||
} | ||
|
||
output "vm_linux_spoke2_private_ip" { | ||
value = module.spoke2.vm_linux_private_ip | ||
} | ||
|
||
output "private_dns_zone_fqdn" { | ||
value = azurerm_private_dns_a_record.a-record.fqdn | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
resource "azurerm_private_dns_zone" "private-dns-zone" { | ||
name = "internal.corp" | ||
resource_group_name = azurerm_resource_group.rg.name | ||
} | ||
|
||
resource "azurerm_private_dns_a_record" "a-record" { | ||
name = "vm" | ||
zone_name = azurerm_private_dns_zone.private-dns-zone.name | ||
resource_group_name = azurerm_private_dns_zone.private-dns-zone.resource_group_name | ||
ttl = 300 | ||
records = [azurerm_linux_virtual_machine.vm.private_ip_address] # just example IP address | ||
} | ||
|
||
resource "azurerm_private_dns_zone_virtual_network_link" "link-dns-vnet" { | ||
name = "link-dns-vnet" | ||
resource_group_name = azurerm_private_dns_zone.private-dns-zone.resource_group_name | ||
private_dns_zone_name = azurerm_private_dns_zone.private-dns-zone.name | ||
virtual_network_id = azurerm_virtual_network.vnet-hub.id | ||
} |
Oops, something went wrong.