To begin the Azure VM creation, first use the **az vm create** command followed by these options: ``` --name EXAMPLE_NAME --resource-group EXAMPLE_GROUP --public-ip-sku EXAMPLE --image EXAMPLE_OS --admin-username EXAMPLE_ADMIN_USER --generate-ssh-keys ``` ![[azure_vm_creation_01.png]] Now that the VM has been created we can configure Nginx with the following commands: ``` az vm extension set --resource-group "RESOURCE_GROUP" --vm-name my-vm --name customScript --publisher Microsoft.Azure.Extensions --version 2.1 --settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-welcome-to-azure/master/configure-nginx.sh"]}' --protected-settings '{"commandToExecute": "./configure-nginx.sh"}' ``` When those commands are executed, the system will look for and use the Bash script of which we provided the URL for. The script itself contains the following: ``` #!/bin/bash # Update apt cache. sudo apt-get update #We need to add repo before installing nginx-core. Otherwise we get an error sudo add-apt-repository main sudo add-apt-repository universe sudo add-apt-repository restricted sudo add-apt-repository multiverse # Install Nginx. sudo apt-get install -y nginx # Set the home page. echo "<html><body><h2>Welcome to Azure! My name is $(hostname).</h2></body></html>" | sudo tee -a /var/www/html/index.html ``` The script will update the machines apt cache followed by adding four repositories needed to run Nginx. Next Nginx itself is installed and lastly the home page is set at the **/var/www/html/index.html** directory with a custom Azure welcome message. ![[azure_vm_creation_02.png]] ## Networking `az vm list-ip-addresses` command to get your VM's IP address and store the result as a Bash variable Use the following curl command to get the homepage: ``` curl --connect-timeout 5 http://$IPADDRESS ``` Run 'az network nsg list' command to list the **network security groups** that are associated with your VM. To specify the VM enter additional parameters: ``` az network nsg list --resource-group "EXAMPLE_GROUP" --query '[].name' --output tsv ``` Every VM on Azure is associated with at least one network security group. `az network nsg rule list` command to list the rules associated with the NSG named _my-vmNSG_ ``` az network nsg rule list --resource-group "EXAMPLE_GROUP" --nsg-name my-vmNSG ``` use the `--query` argument to retrieve only the name, priority, affected ports, and access (**Allow** or **Deny**) for each rule. The `--output` argument formats the output as a table so that it's easy to read. ``` az network nsg rule list --resource-group "EXAMPLE_GROUP" --nsg-name my-vmNSG --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' --output table ``` You see the default rule, _default-allow-ssh_ ### Creating Network Security Rule `az network nsg rule create` command to create a rule called _allow-http_ that allows inbound access on port 80. ``` az network nsg rule create --resource-group "EXAMPLE_GROUP" --nsg-name my-vmNSG --name allow-http --protocol tcp --priority 100 --destination-port-range 80 --access Allow ``` To verify the configuration, run `az network nsg rule list` to see the updated list of rules. ``` az network nsg rule list --resource-group "EXAMPLE_GROUP" --nsg-name my-vmNSG --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' --output table ```