Launch an ARM template
Overview
You can launch SFTP Gateway using an Azure Resource Manager (ARM) template. The ARM template automates away a lot of the post configuration steps, so you can jump straight into using the product.
These instructions are for provisioning SFTP Gateway 3.5.0
.
Navigating to the command line interface
In the Azure portal home screen you should see the command line interface at the top of your screen. Click on the command prompt icon to the right of the search bar.
You will be prompted to chose between a Bash shell or a PowerShell environment. If it is your first time opening the command line interface, you may be prompted to choose a Storage Account to store any files you create.
Create an ARM template
Create a file named sftpgw-arm.json
in the bash shell with the command:
touch sftpgw-arm.json
Then use your favorite command line text editor to edit the file for example:
vi sftpgw-arm.json
Here is a link going to a Nano text editor tutorial
Paste in the following contents:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"iprange": {
"type": "string",
"metadata": {
"description": "IP address range, followed by /32"
}
},
"linuxAdminUsername": {
"type": "string",
"defaultValue": "azureuser",
"metadata": {
"description": "Linux admin username"
}
},
"pubKey": {
"type": "string",
"metadata": {
"description": "SSH public key"
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_B1ms",
"allowedValues": [
"Standard_B1ms",
"Standard_B2s",
"Standard_A1_v2",
"Standard_D2_v3"
],
"metadata": {
"description": "Size of VM"
}
}
},
"variables": {
"location": "[resourceGroup().location]",
"pubKey": "[parameters('pubKey')]",
"nicName": "[concat(resourceGroup().name, '-Nic')]",
"nsgName": "[concat(resourceGroup().name, '-NSG')]",
"vmName": "[concat(resourceGroup().name, '-VM')]",
"virtualNetworkName": "[concat(resourceGroup().name, '-VNET')]",
"publicIPAddressName": "[concat(resourceGroup().name, '-PublicIP')]",
"subnetName": "[concat(resourceGroup().name, '-Subnet')]",
"addressPrefix": "10.0.0.0/16",
"subnetPrefix": "10.0.0.0/24",
"publicIPAddressType": "Static",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]"
},
"resources": [
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "[providers('Microsoft.Network','publicIPAddresses').apiVersions[0]]",
"name": "[variables('publicIPAddressName')]",
"location": "[variables('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "[providers('Microsoft.Network','virtualNetworks').apiVersions[0]]",
"name": "[variables('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "[variables('subnetPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "[providers('Microsoft.Network','networkInterfaces').apiVersions[0]]",
"name": "[variables('nicName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
}
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "[providers('Microsoft.Network','networkSecurityGroups').apiVersions[0]]",
"name": "[variables('nsgName')]",
"location": "[variables('location')]",
"properties": {
"securityRules": [
{
"name": "allow-ssh",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1001,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-80",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "80",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1002,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-443",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1003,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
},
{
"name": "allow-2222",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "2222",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1004,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [
"[parameters('iprange')]"
],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "[providers('Microsoft.Compute','virtualMachines').apiVersions[0]]",
"name": "[variables('vmName')]",
"location": "[variables('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"plan": {
"name": "sftpgateway-3-5",
"product": "sftpgateway",
"publisher": "thorntechnologiesllc"
},
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('linuxAdminUsername')]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('linuxAdminUsername'), '/.ssh/authorized_keys')]",
"keyData": "[variables('pubKey')]"
}
]
}
}
},
"storageProfile": {
"imageReference": {
"publisher": "thorntechnologiesllc",
"offer": "sftpgateway",
"sku": "sftpgateway-3-5",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
}
}
}
],
"outputs": {
"publicIP": {
"type": "string",
"value": "[reference(variables('publicIPAddressName')).ipAddress]"
}
}
}
Deploy the ARM template (using Bash)
Use the following Bash commands to deploy the ARM template, but enter in group name and public key manually as they need to be your own:
GROUP_NAME="<your resource group name>"
IP_RANGE="69.143.221.67/32"
REGION="West US 2"
PUBLIC_KEY="ssh-rsa AAAAB3Nza...nNKEbh"
LINUX_ADMIN_USER_NAME="azureuser"
TEMPLATE_FILE="sftpgw-arm.json"
az group create --name ${GROUP_NAME} --location "${REGION}"
az group deployment create \
--name "${GROUP_NAME}" \
--resource-group "${GROUP_NAME}" \
--template-file "${TEMPLATE_FILE}" \
--parameters \
iprange="${IP_RANGE}" \
linuxAdminUsername="${LINUX_ADMIN_USER_NAME}" \
pubKey="${PUBLIC_KEY}"
Make sure that you replace the following variables:
- GROUP_NAME: This is the name of a Resource Group you are about to create.
- IP_RANGE: Use your public IP address (see http://checkip.dyndns.org/)
- REGION: Specify a region in which to deploy your resources
- PUBLIC_KEY: This is your SSH public key (surrounded by double quotes)
- LINUX_ADMIN_USER_NAME: Username of the Linux admin user
Note: If you don't have an SSH key pair, you can create one with the following command:
ssh-keygen -t rsa -C private.key -f private.key -q -N ""
This will generate two files:
- private.key: This is the private key, so treat it as you would a password.
- private.key.pub: Use the contents of this file as your
PUBLIC_KEY
string.
Deploy the ARM template (using PowerShell)
Use the following PowerShell commands to deploy the ARM template, but enter in your groupname and publicKey manually as they need to be your own:
$groupName = "<your resource group name>"
$ipRange = "69.143.221.67/32"
$region = "West US 2"
$publicKey = "ssh-rsa AAAAB3Nza...nNKEbh"
$linuxAdminUsername = "azureuser"
$templateFile = "sftpgw-arm.json"
New-AzureRmResourceGroup -Name $groupName -Location $region
New-AzResourceGroupDeployment `
-ResourceGroupName $groupName `
-TemplateFile $templateFile `
-iprange $ipRange `
-linuxAdminUsername $linuxAdminUsername `
-pubKey $publicKey