Launch an ARM template
Overview
You can launch SFTP Gateway using an Azure Resource Manager (ARM) template. The ARM template automates away a lot of the post configuration steps, so you can jump straight into using the product.
Create an ARM template
Create a file named sftpgw-arm.json
, and paste in the following contents:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"iprange": {
"type": "string",
"metadata": {
"description": "IP address range, followed by /32"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Web admin password"
}
},
"linuxAdminUsername": {
"type": "string",
"defaultValue": "ubuntu",
"metadata": {
"description": "Linux admin username"
}
},
"pubKey": {
"type": "string",
"metadata": {
"description": "SSH public key"
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_B1ms",
"allowedValues": [
"Standard_B1ms",
"Standard_B2s",
"Standard_A1_v2",
"Standard_D2_v3"
],
"metadata": {
"description": "Size of VM"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sftpgw')]",
"storageAccountResourceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"storageAccountAPIVersion": "[providers('Microsoft.Storage','storageAccounts').apiVersions[0]]",
"pubKey": "[parameters('pubKey')]",
"nicName": "[concat(resourceGroup().name, '-Nic')]",
"nsgName": "[concat(resourceGroup().name, '-NSG')]",
"vmName": "[concat(resourceGroup().name, '-VM')]",
"virtualNetworkName": "[concat(resourceGroup().name, '-VNET')]",
"publicIPAddressName": "[concat(resourceGroup().name, '-PublicIP')]",
"subnetName": "[concat(resourceGroup().name, '-Subnet')]",
"addressPrefix": "10.0.0.0/16",
"subnetPrefix": "10.0.0.0/24",
"storageAccountType": "Standard_LRS",
"publicIPAddressType": "Static",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "[providers('Microsoft.Storage','storageAccounts').apiVersions[0]]",
"name": "[variables('storageAccountName')]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "[providers('Microsoft.Network','publicIPAddresses').apiVersions[0]]",
"name": "[variables('publicIPAddressName')]",
"location": "[variables('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "[providers('Microsoft.Network','virtualNetworks').apiVersions[0]]",
"name": "[variables('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "[providers('Microsoft.Network','networkInterfaces').apiVersions[0]]",
"name": "[variables('nicName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "[providers('Microsoft.Network','networkSecurityGroups').apiVersions[0]]",
"name": "[variables('nsgName')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "allow-ssh",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-80",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1002,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-443",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1003,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines').apiVersions[0]]",
"name": "[variables('vmName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"plan": {
"name": "sftpgateway",
"product": "sftpgateway",
"publisher": "thorntechnologiesllc"
},
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('linuxAdminUsername')]",
"customData": "[base64(concat('#cloud-config\n\nruncmd:\n- /usr/local/bin/resetadminpassword -p ', parameters('adminPassword'), '\n- /usr/local/bin/storage-account-setup --account-name ', variables('storageAccountName'), ' --account-key ', listKeys(variables('storageAccountResourceId'), variables('storageAccountAPIVersion')).keys[0].value, '\n'))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('linuxAdminUsername'), '/.ssh/authorized_keys')]",
"keyData": "[variables('pubKey')]"
}
]
}
}
},
"storageProfile": {
"imageReference": {
"publisher": "thorntechnologiesllc",
"offer": "sftpgateway",
"sku": "sftpgateway",
"version": "2.000.02"
},
"osDisk": {
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('storageAccountAPIVersion')).primaryEndpoints.blob)]"
}
}
}
}
],
"outputs": {
"publicIP": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).ipAddress]"
}
}
}
Deploy the ARM template (using Bash)
Use the following Bash commands to deploy the ARM template:
IP_RANGE="71.244.135.67/32"
REGION="West US 2"
PUBLIC_KEY="ssh-rsa AAAAB3Nza...nNKEbh"
ADMIN_PASSWORD="<your admin password>"
GROUP_NAME="<your resource group name>"
TEMPLATE_FILE="sftpgw-arm.json"
az group create --name ${GROUP_NAME} --location "${REGION}"
az group deployment create \
--name "${GROUP_NAME}" \
--resource-group "${GROUP_NAME}" \
--template-file "${TEMPLATE_FILE}" \
--parameters \
iprange="${IP_RANGE}" \
adminPassword="${ADMIN_PASSWORD}" \
pubKey="${PUBLIC_KEY}"
Make sure that you replace the following variables:
- IP_RANGE: Use your public IP address (see http://checkip.dyndns.org/)
- REGION: Specify a region in which to deploy your resources
- PUBLIC_KEY: This is your SSH public key (surrounded by double quotes)
- ADMIN_PASSWORD: This is the password you will use to log into the web admin interface.
- GROUP_NAME: This is the name of a Resource Group you are about to create.
Note: If you don't have an SSH key pair, you can create one with the following command:
ssh-keygen -t rsa -C private.key -f private.key -q -N ""
This will generate two files:
- private.key: This is the private key, so treat it as you would a password.
- private.key.pub: Use the contents of this file as your
PUBLIC_KEY
string.
Deploy the ARM template (using PowerShell)
Use the following PowerShell commands to deploy the ARM template:
$ipRange = "71.244.135.67/32"
$region = "West US 2"
$publicKey = "ssh-rsa AAAAB3Nza...nNKEbh"
$adminPassword = convertto-securestring "<your admin password>" -asplaintext -force
$groupName = "<your resource group name>"
$templateFile = "sftpgw-arm.json"
New-AzureRmResourceGroup -Name $groupName -Location $region
New-AzResourceGroupDeployment `
-ResourceGroupName $groupName `
-TemplateFile $templateFile `
-iprange $ipRange `
-adminPassword $adminPassword `
-pubKey $publicKey