How to create Azure Virtual Machine and install the Nginx web server using Azure CLI

💥To create an Azure Virtual Machine and install the Nginx web server using Azure CLI, follow the below steps:

1. Install Azure CLI: You can use the cloud shell that is available in the Azure portal, or Download and run the Azure CLI msi file.
2. Log in to Azure: Open a command prompt and run as Administrator. Log in to your Azure account using the command “az login” and authenticate by providing the credentials.
3. Create a resource group: Use the command “az group create” to create a resource group.

az group create --name cnlrg

4. Create a virtual machine: Use the command “az vm create” to create the virtual machine. Specify the resource group created in the previous step, provide the name of the VM, choose a VM image (e.g., Ubuntu, Windows), and provide a username and password for remote access. Generating the ssh keys is optional.

🔥SSH keys offer a stronger and more secure way to authenticate compared to the traditional method of using passwords.

🔥When using SSH keys, you are not required to enter a password every time you connect to the virtual machine (VM).

🔥Instead, a pair of cryptographic keys are utilized. This pair consists of a private key, which is stored securely on your local machine, and a public key, which is uploaded to the VM.

🔥The private key remains on your machine, ensuring its safety, while the public key is used to verify your identity when establishing a connection with the VM.

az vm create \
  --resource-group cnlrg \
  --name cnl-vm \
  --image UbuntuLTS \
  --admin-username azureuser \
  --generate-ssh-keys

5. Install Nginx: The “az vm extension set” command can be used to set up Nginx on your virtual machine.

az vm extension set \
  --resource-group cnlrg \
  --vm-name cnl-vm \
  --name customScript \
  --publisher Microsoft.Azure.Extensions \
  --version 2.1 \
  --settings '{"fileUris":["https://raw.githubusercontent.com/MicrosoftDocs/mslearn-welcome-to-azure/master/configure-nginx.sh"]}' \
  --protected-settings '{"commandToExecute": "./configure-nginx.sh"}'

Nginx Installation

🔥This command executes a Bash script on your virtual machine using the Custom Script Extension. The bash script is stored on GitHub.

#!/bin/bash
# Update apt cache.
sudo apt-get update
# Install Nginx.
sudo apt-get install -y nginx
# Set the home page.
echo "<html><body><h2>Welcome to Azure! My name is $(hostname).</h2></body></html>" | sudo tee -a /var/www/html/index.html

a. The command “apt-get update” is executed to download the most recent package information from the internet.

b. The Nginx package is installed using the command “apt-get install nginx”.

c. The home page located at “/var/www/html/index.html” is configured to display a welcome message that includes the hostname of the virtual machine (VM).

5. Access the Web server:

💥To retrieve the IP address of your VM use the Azure CLI command “az vm list-IP-addresses” and store the result as a variable.

IPADDRESS="$(az vm list-ip-addresses \
  --resource-group cnlrg\
  --name cnl-vm \
  --query "[].virtualMachine.network.publicIpAddresses[*].ipAddress" \
  --output tsv)"

💥To download the home page of the web server use the curl command

6. List the Network Security Groups

💥To list the network security groups associated with your VM, execute the following Azure CLI command:

az network nsg list \
  --resource-group cnlrg \
  --query '[].name' \
  --output tsv

💥As per the command output the network security group associated with the VM is “cnl-vmNSG.”

💥To list the rules associated with the network security group (NSG) named “cnl-vmNSG,” execute the following Azure CLI command:

az network nsg rule list \
  --resource-group cnlrg\
  --nsg-name cnl-vmNSG \
  --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \
  --output table

💥You will observe the default rule, “default-allow-ssh,” which permits inbound connections on port 22 for SSH access.

💥SSH is a protocol used for remote administration on Linux systems. This rule holds a priority of 1000.

💥By default, a Linux VM’s network security group (NSG) only allows network access on port 22, facilitating administrator access to the machine. To enable access over HTTP, you also need to allow inbound connections on port 80.

7. Open port 80:

💥To create a rule named “allow-http” that permits inbound access on port 80, run the following Azure CLI command:

az network nsg rule create \
  --resource-group cnlrg \
  --nsg-name cnl-vmNSG \
  --name allow-http \
  --protocol tcp \
  --priority 100 \
  --destination-port-range 80 \
  --access Allow

💥To view the updated list of rules, run the below command

💥You can attempt to access the web server using both the curl command and a web browser.

Thank you