Difference between revisions of "IIS as Reverse Proxy"
From MgmtWiki
(→Example) |
(→Example) |
||
| Line 22: | Line 22: | ||
#Remember to get firewall settings to match sites (should be nothing new if http and https are already open) | #Remember to get firewall settings to match sites (should be nothing new if http and https are already open) | ||
#Add binding - Click site name - in right pane click "Bindings" - in Site Bindings click "Add" - add type https on port 443 (or other if 443 is not available) - enter domain name - save | #Add binding - Click site name - in right pane click "Bindings" - in Site Bindings click "Add" - add type https on port 443 (or other if 443 is not available) - enter domain name - save | ||
| + | |||
| + | This is the way the web.config file worked after tweaking it to match existing configuration. | ||
| + | <PRE> | ||
| + | <?xml version="1.0" encoding="UTF-8"?> | ||
| + | <configuration> | ||
| + | <system.webServer> | ||
| + | <rewrite> | ||
| + | <rules> | ||
| + | <rule name="ReverseProxyInboundRule1" stopProcessing="true"> | ||
| + | <match url="(.*)" /> | ||
| + | <action type="Rewrite" url="http://tomj-hyper:8765/{R:1}" /> | ||
| + | </rule> | ||
| + | </rules> | ||
| + | </rewrite> | ||
| + | </system.webServer> | ||
| + | </configuration> | ||
| + | </PRE> | ||
==References== | ==References== | ||
Revision as of 20:27, 8 November 2019
Contents
Full Title
Using Windows Server as a Reverse Proxy for IIS 8 and above (Server 2012 and above).
Context
- It is often necessary to us a Reverse Proxy to terminate HTTPS requests and then forward those requests to specific server instances for load balancing or similar services.
Example
Goal: Redirect https: requests to a separate IIS instance (or site) which only supports http: scheme.
- Open the Server Manager - select the computer to run manager and "add Roles and Features Wizard
- Select "Role-based or feature-based Installation - click next
- Select Server - click next
- Select Web Server (IIS) - it is assumed that IIS has already been installed - if not do that
- Add security features - Request Filtering, Basic Authentication - Windows Authentication
- Click Install - this takes several minutes
- Install additional Microsoft IIS modules (If unsure go to cmd.exe and type %windir%\system32\inetsrv\config\applicationhost.config, and search for the string "<globalModules>".
- Install the Windows URL RewriteModule. It can be downloaded from https://www.iis.net/downloads/microsoft/url-rewrite (may be present already)
- Install Application Request Routing (ARR). It can be downloaded from https://www.iis.net/downloads/microsoft/application-request-routing
- Open Internet Information services (IIS) manager (for example from administrative tools)
- Click on the Server in the left pane (click a second time if you don't see sites)
- Click on sites
- Add an new site with some friendly name that will be used locally - point to some empty file directory, for example C:\inetpub\wwwroot\tomjones it will later contain the system.web file, leave rest empty
- Ensure there is an SSL certificate on the machine that can be used
- Remember to get firewall settings to match sites (should be nothing new if http and https are already open)
- Add binding - Click site name - in right pane click "Bindings" - in Site Bindings click "Add" - add type https on port 443 (or other if 443 is not available) - enter domain name - save
This is the way the web.config file worked after tweaking it to match existing configuration.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://tomj-hyper:8765/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
