Launch an ARM template
Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
Overview
You can launch SFTP Gateway using an Azure Resource Manager (ARM) template. The ARM template automates away a lot of the post configuration steps, so you can jump straight into using the product.
These instructions are for provisioning SFTP Gateway 2.001.04.
Create an ARM template
Create a file named sftpgw-arm.json, and paste in the following contents:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"iprange": {
"type": "string",
"metadata": {
"description": "IP address range, followed by /32"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Web admin password"
}
},
"linuxAdminUsername": {
"type": "string",
"defaultValue": "azureuser",
"metadata": {
"description": "Linux admin username"
}
},
"pubKey": {
"type": "string",
"metadata": {
"description": "SSH public key"
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_B1ms",
"allowedValues": [
"Standard_B1ms",
"Standard_B2s",
"Standard_A1_v2",
"Standard_D2_v3"
],
"metadata": {
"description": "Size of VM"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sftpgw')]",
"storageAccountResourceId": "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"storageAccountAPIVersion": "[providers('Microsoft.Storage','storageAccounts').apiVersions[0]]",
"pubKey": "[parameters('pubKey')]",
"nicName": "[concat(resourceGroup().name, '-Nic')]",
"nsgName": "[concat(resourceGroup().name, '-NSG')]",
"vmName": "[concat(resourceGroup().name, '-VM')]",
"virtualNetworkName": "[concat(resourceGroup().name, '-VNET')]",
"publicIPAddressName": "[concat(resourceGroup().name, '-PublicIP')]",
"subnetName": "[concat(resourceGroup().name, '-Subnet')]",
"addressPrefix": "10.0.0.0/16",
"subnetPrefix": "10.0.0.0/24",
"storageAccountType": "Standard_LRS",
"publicIPAddressType": "Static",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "[providers('Microsoft.Storage','storageAccounts').apiVersions[0]]",
"name": "[variables('storageAccountName')]",
"location": "[variables('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "[providers('Microsoft.Network','publicIPAddresses').apiVersions[0]]",
"name": "[variables('publicIPAddressName')]",
"location": "[variables('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "[providers('Microsoft.Network','virtualNetworks').apiVersions[0]]",
"name": "[variables('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "[providers('Microsoft.Network','networkInterfaces').apiVersions[0]]",
"name": "[variables('nicName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "[providers('Microsoft.Network','networkSecurityGroups').apiVersions[0]]",
"name": "[variables('nsgName')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "allow-ssh",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-80",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1002,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-443",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1003,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines').apiVersions[0]]",
"name": "[variables('vmName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"plan": {
"name": "sftpgateway",
"product": "sftpgateway",
"publisher": "thorntechnologiesllc"
},
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('linuxAdminUsername')]",
"customData": "[base64(concat('#cloud-config\n\nruncmd:\n- /usr/local/bin/resetadminpassword -p ', parameters('adminPassword'), '\n- /usr/local/bin/sftpgw.sh update-system-config --azure-storage-name ', variables('storageAccountName'), ' --azure-storage-key ', listKeys(variables('storageAccountResourceId'), variables('storageAccountAPIVersion')).keys[0].value, '\n'))]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('linuxAdminUsername'), '/.ssh/authorized_keys')]",
"keyData": "[variables('pubKey')]"
}
]
}
}
},
"storageProfile": {
"imageReference": {
"publisher": "thorntechnologiesllc",
"offer": "sftpgateway",
"sku": "sftpgateway",
"version": "2.001.04"
},
"osDisk": {
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('storageAccountAPIVersion')).primaryEndpoints.blob)]"
}
}
}
}
],
"outputs": {
"publicIP": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).ipAddress]"
}
}
}
Deploy the ARM template (using Bash)
Use the following Bash commands to deploy the ARM template:
IP_RANGE="71.244.135.67/32"
REGION="West US 2"
PUBLIC_KEY="ssh-rsa AAAAB3Nza...nNKEbh"
ADMIN_PASSWORD="<your admin password>"
GROUP_NAME="<your resource group name>"
TEMPLATE_FILE="sftpgw-arm.json"
az group create --name ${GROUP_NAME} --location "${REGION}"
az group deployment create \
--name "${GROUP_NAME}" \
--resource-group "${GROUP_NAME}" \
--template-file "${TEMPLATE_FILE}" \
--parameters \
iprange="${IP_RANGE}" \
adminPassword="${ADMIN_PASSWORD}" \
pubKey="${PUBLIC_KEY}"
Make sure that you replace the following variables:
- IP_RANGE: Use your public IP address (see http://checkip.dyndns.org/)
- REGION: Specify a region in which to deploy your resources
- PUBLIC_KEY: This is your SSH public key (surrounded by double quotes)
- ADMIN_PASSWORD: This is the password you will use to log into the web admin interface.
- GROUP_NAME: This is the name of a Resource Group you are about to create.
Note: If you don't have an SSH key pair, you can create one with the following command:
ssh-keygen -t rsa -C private.key -f private.key -q -N ""
This will generate two files:
- private.key: This is the private key, so treat it as you would a password.
- private.key.pub: Use the contents of this file as your
PUBLIC_KEYstring.
Deploy the ARM template (using PowerShell)
Use the following PowerShell commands to deploy the ARM template:
$ipRange = "71.244.135.67/32"
$region = "West US 2"
$publicKey = "ssh-rsa AAAAB3Nza...nNKEbh"
$adminPassword = convertto-securestring "<your admin password>" -asplaintext -force
$groupName = "<your resource group name>"
$templateFile = "sftpgw-arm.json"
New-AzureRmResourceGroup -Name $groupName -Location $region
New-AzResourceGroupDeployment `
-ResourceGroupName $groupName `
-TemplateFile $templateFile `
-iprange $ipRange `
-adminPassword $adminPassword `
-pubKey $publicKey