This is a reference from Abhishek’s YouTube playlist. Here is the official link: Azure Networking Demo | Azure VNet, Firewall, NSG, and Bastion

Demo Description:- We will host NGINX inside a VM that is present in an Azure VNet by utilizing a Bastion host. During the process, we will get to know the firewall, subnet configs, etc

1. Create a resource group

2. Create a VNet using the same resource group

2.1 Enable Bastion (create new public address)2.2 Azure firewall (create new policy)

3. Select CIDR block (default) and then click on Review and create.

Steps to achieve this:-

1. Create a VNet with the above configuration

2. Create a VM in the same resource group

Make sure to create a new SSH key pair and allow SSH traffic

Unselect the public IP address

Select the default subnet and allow SSH

Custom data comes into play when auto-scaling is needed

UserData is when you want to pass some data/files that persist ( start/stop ). When you review and create, make sure to download the key

Azure provides Bastion as a service by selecting just a checkbox-

Once VM deployment is you will notice the public IP will not be present.

3.From Connect > Bastion connect by providing the key that was downloaded earlier

commands to run

sudo su -

sudo apt update

sudo apt upgrade

sudo apt install nginx

sudo systemctl start nginx

sudo vim /var/www/html/index.html

This is a demo on accessing a web app in Azure VNet

sudo systemctl restart nginx

Now you have installed NGINX inside a VM using Bastion, but how will you access it?

4.We need to configure firewall rules such that we can access it from a local laptop

From the Firewall that we created, go to firewall policy and click on rules, and create a new DNAT rule

The source address is our IP address, and the port can be anything

The destination IP address has to be the Firewall address, and it has to be translated to the private IP address of the VM on port 80

Firewall public IP address: 4000 should give usthe same result