Enterprise Framework

Software Solutions in the Enterprise

Azure Application Gateway with SSL Offloading - IIS Url Rewrite from HTTP to HTTPS Redirect

<rewrite> 

<rules> 

<rule name="HTTP To HTTPS Redirect Behind App Gtwy" stopProcessing="true"> 

<match url="^(.*)$" ignoreCase="false" /> 

<conditions logicalGrouping="MatchAny"> 

<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" /> 

</conditions> 

<action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" /> 

</rule> 

</rules> 

</rewrite>


You can also do this HTTP to HTTPS redirect through the Application Gateway using PowerShell.

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-configure-redirect-powershell


Create PFX from Azure App Service Certificate Service

I recently created a Azure App Service Certificate that I wanted to use with Azure Application Gateway.  However, this requires you to upload an PFX file and there isn't an option to generate one from Azure App Service Certificate.  However, I found an article that can generate the PFX for you from the App Service Certificate;

https://blogs.msdn.microsoft.com/appserviceteam/2017/02/24/creating-a-local-pfx-copy-of-app-service-certificate/

The step by step I had to do:

1.  Verify new certificate was valid and not expired

2.  Install the Azure PowerShell commandlets. Install instructions from https://docs.microsoft.com/en-us/powershell/azure/install-azurerm-ps?view=azurermps-6.7.0&viewFallbackFrom=azurermps-6.2.0

Open Powershell ISE as Administrator

4.  Run:  Install-Module -Name AzureRM

Sign into Azure

# Import the module into the PowerShell session

5.  Run:  Import-Module AzureRM

# Connect to Azure with an interactive dialog for sign-in

6.  Run:  Connect-AzureRmAccount

Paste the below into the Powershell Window

Function Export-AppServiceCertificate
{
###########################################################

Param(
[Parameter(Mandatory=$true,Position=1,HelpMessage="ARM Login Url")]
[string]$loginId,

[Parameter(Mandatory=$true,HelpMessage="Subscription Id")]
[string]$subscriptionId,

[Parameter(Mandatory=$true,HelpMessage="Resource Group Name")]
[string]$resourceGroupName,

[Parameter(Mandatory=$true,HelpMessage="Name of the App Service Certificate Resource")]
[string]$name
)

###########################################################

Login-AzureRmAccount
Set-AzureRmContext -SubscriptionId $subscriptionId

## Get the KeyVault Resource Url and KeyVault Secret Name were the certificate is stored
$ascResource= Get-AzureRmResource -ResourceId "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.CertificateRegistration/certificateOrders/$name"
$certProps = Get-Member -InputObject $ascResource.Properties.certificates[0] -MemberType NoteProperty
$certificateName = $certProps[0].Name
$keyVaultId = $ascResource.Properties.certificates[0].$certificateName.KeyVaultId
$keyVaultSecretName = $ascResource.Properties.certificates[0].$certificateName.KeyVaultSecretName

## Split the resource URL of KeyVault and get KeyVaultName and KeyVaultResourceGroupName
$keyVaultIdParts = $keyVaultId.Split("/")
$keyVaultName = $keyVaultIdParts[$keyVaultIdParts.Length - 1]
$keyVaultResourceGroupName = $keyVaultIdParts[$keyVaultIdParts.Length - 5]

## --- !! NOTE !! ----
## Only users who can set the access policy and has the the right RBAC permissions can set the access policy on KeyVault, if the command fails contact the owner of the KeyVault
Set-AzureRmKeyVaultAccessPolicy -ResourceGroupName $keyVaultResourceGroupName -VaultName $keyVaultName -UserPrincipalName $loginId -PermissionsToSecrets get
Write-Host "Get Secret Access to account $loginId has been granted from the KeyVault, please check and remove the policy after exporting the certificate"

## Getting the secret from the KeyVault
$secret = Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name $keyVaultSecretName
$pfxCertObject= New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @([Convert]::FromBase64String($secret.SecretValueText),"",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfxPassword = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 50 | % {[char]$_})
$currentDirectory = (Get-Location -PSProvider FileSystem).ProviderPath
[Environment]::CurrentDirectory = (Get-Location -PSProvider FileSystem).ProviderPath
[io.file]::WriteAllBytes(".\appservicecertificate.pfx",$pfxCertObject.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12,$pfxPassword))

## --- !! NOTE !! ----
## Remove the Access Policy required for exporting the certificate once you have exported the certificate to prevent giving the account prolonged access to the KeyVault
## The account will be completely removed from KeyVault access policy and will prevent to account from accessing any keys/secrets/certificates on the KeyVault, 
## Run the following command if you are sure that the account is not used for any other access on the KeyVault or login to the portal and change the access policy accordingly.
# Remove-AzureRmKeyVaultAccessPolicy -ResourceGroupName $keyVaultResourceGroupName -VaultName $keyVaultName -UserPrincipalName $loginId
# Write-Host "Access to account $loginId has been removed from the KeyVault"

# Print the password for the exported certificate
Write-Host "Created an App Service Certificate copy at: $currentDirectory\appservicecertificate.pfx"
Write-Warning "For security reasons, do not store the PFX password. Use it directly from the console as required."
Write-Host "PFX password: $pfxPassword"
}

Then execute the following:

Export-AppServiceCertificate -loginId youremail@domain.com -subscriptionId ########-####-####-####-############ -resourceGroupName YourCertResourceGroupName -name NameOfCertificate
 


Mac Sierra : Git Completion and Bash Prompt With Branch Update

The following will help get GIT completion setup locally on Mac Sierra.  Not correctly loading the git-completion.bash or git-prompt.sh can result in getting the following error: 


ERROR:   __git_ps1: command not found


Check that you did not mistype the file name as that could result in the script not being found and ran.


STEPS:

$ cd ~/Downloads       

$ curl -OL https://github.com/git/git/raw/master/contrib/completion/git-completion.bash

$ mv git-completion.bash ~/.git-completion.bash

$ sudo nano ~/.bashrc

ADD .bashrc CONTENTS
===============================
 
if [ -f ~/.git-completion.bash ]; then
    source ~/.git-completion.bash
fi
 


$ cd ~/Downloads/

$ curl -OL https://raw.githubusercontent.com/git/git/master/contrib/completion/git-prompt.sh
 
$ mv ~/Downloads/git-prompt.sh ~/.git-prompt.sh

 
UPDATE .bash_profile CONTENTS
===============================
 
if [ -f ~/.git-prompt.sh ]; then
    source ~/.git-prompt.sh
fi
 
export PS1='\h:\u \W$(__git_ps1 "(%s)") $ '