IIS as Reverse Proxy

From MgmtWiki
Revision as of 15:33, 11 November 2019 by Tom (talk | contribs) (Example)

Jump to: navigation, search

Full Title

Using Windows Server as a Reverse Proxy for IIS 8 and above (Server 2012 and above).

Context

  • It is often necessary to us a Reverse Proxy to terminate HTTPS requests and then forward those requests to specific server instances for load balancing or similar services.

Example

Goal: Redirect https: requests to a separate IIS instance (or site) which only supports http: scheme.

  1. Open the Server Manager - select the computer to run manager and "add Roles and Features Wizard
  2. Select "Role-based or feature-based Installation - click next
  3. Select Server - click next
  4. Select Web Server (IIS) - it is assumed that IIS has already been installed - if not do that
  5. Add security features - Request Filtering, Basic Authentication - Windows Authentication
  6. Click Install - this takes several minutes
  7. Install additional Microsoft IIS modules (If unsure go to cmd.exe and type %windir%\system32\inetsrv\config\applicationhost.config, and search for the string "<globalModules>".
    1. Install the Windows URL RewriteModule. It can be downloaded from https://www.iis.net/downloads/microsoft/url-rewrite (may be present already)
    2. Install Application Request Routing (ARR). It can be downloaded from https://www.iis.net/downloads/microsoft/application-request-routing
  8. Open Internet Information services (IIS) manager (for example from administrative tools)
  9. Click on the Server in the left pane (click a second time if you don't see sites)
  10. Click on sites
  11. Add an new site with some friendly name that will be used locally - point to some empty file directory, for example C:\inetpub\wwwroot\tomjones it will later contain the system.web file, leave rest empty
  12. You probably want to go to SSL Settings and for SSL connex
  13. Ensure there is an SSL certificate on the machine that can be used
  14. Remember to get firewall settings to match sites (should be nothing new if http and https are already open)
  15. Add binding - Click site name - in right pane click "Bindings" - in Site Bindings click "Add" - add type https on port 443 (or other if 443 is not available) - enter domain name - save

This is the way the web.config file worked after tweaking it to match existing configuration. In this case the sites were separated by port numbers. 

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://tomj-hyper:8765/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=IIS_as_Reverse_Proxy&oldid=6937"