Configuring IIS for Proxy SSL

Posted on
by thevisad
Course Content
Installing The Plugins
0/6
Setting up the Unity plugin
Setting up the Store Front on Windows
Setting up the Store Front on Linux
Setting up the Store Front on Mac
Introduction to the Unity Store
Licensing for Our In-Game Store
Configuring the Store Front
0/10
Managing Items in the Store
Building a Cart System
Integrating Secure Payments
Managing Users and Roles
Sending Email Notifications
Analyzing Sales Data
Connecting Google Auth
Configuring IIS for Proxy SSL
Configuring Apache for Proxy SSL
Configuring NGINX for Proxy SSL
Modifying the Unity UI
0/2
Modifying the Store Items
Modifying the Store
IAP Storefront for Atavism MMO Engine

Objective

By the end of this lesson, you will learn how to configure IIS (Internet Information Services) to listen on a new HTTPS port (5051) and forward all traffic to an HTTP service running on port 5000.

Prerequisites

  1. Basic understanding of IIS configuration.
  2. Access to IIS Manager with administrative privileges.
  3. An active HTTP service running on port 5000 on the same server.
  4. An SSL certificate installed on the IIS server.

Lesson Content

Introduction to Port Forwarding and IIS Configuration

  • Understanding Port Forwarding

    Port forwarding allows external clients to connect to a specific service within a server by mapping an external port to an internal service port. It’s useful when multiple services are running on a server or when you want to expose a service on a different port.

  • Overview of IIS as a Web Server

    IIS is a flexible, secure, and manageable Web server for hosting anything on the Web. It can serve static and dynamic content, manage multiple websites, and act as a reverse proxy to forward requests to backend services.

Step 1: Add a New Website in IIS for Port 5051

  1. Open IIS Manager
    • Press Windows Key + R, type inetmgr, and press Enter.
    • Alternatively, search for “IIS Manager” in the Start menu.
  2. Add a New Website
    • In the Connections pane on the left, right-click on Sites and select Add Website.
  3. Configure the New Website

    In the Add Website dialog:

    • Site Name: Enter a descriptive name (e.g., MyHTTPSProxy).
    • Physical Path: Choose a directory (e.g., C:\inetpub\wwwroot). Since we are setting up a reverse proxy, the content here won’t be served.
    • Binding:
      • Type: Select https.
      • IP Address: Set to All Unassigned or select the specific IP if necessary.
      • Port: Enter 5051.
      • Host Name: Enter your domain name (e.g., www.yourdomain.com).
    • SSL Certificate:
      • Click on the Select button.
      • Choose your SSL certificate from the dropdown. If you don’t have a certificate installed, you need to install one first.
    • Click OK to create the site.
  4. Verify Site Creation
    • The new site should now appear under Sites in the Connections pane.

Step 2: Configure URL Rewrite to Act as a Reverse Proxy

  1. Install URL Rewrite and Application Request Routing (ARR) Modules (If Not Already Installed)
  2. Enable Proxy in ARR
    • In IIS Manager, click on the server name at the top of the Connections pane.
    • Double-click on Application Request Routing Cache in the middle pane.
    • In the Actions pane on the right, click on Server Proxy Settings.
    • Check the box Enable proxy.
    • Click Apply in the Actions pane.
  3. Configure URL Rewrite Rule
    • Navigate back to your newly created site (MyHTTPSProxy) in the Connections pane.
    • Double-click on URL Rewrite in the middle pane.
    • In the Actions pane on the right, click Add Rule(s)….
    • Select Reverse Proxy and click OK.
  4. Set Up the Reverse Proxy Rule
    • In the Add Reverse Proxy Rules dialog:
      • Inbound Rules:
        • Enter the URL of the HTTP service running on port 5000:
          http://localhost:5000/
      • Click OK to create the rule.
  5. Configure SSL Settings (Optional for Enhanced Security)
    • With the site selected, double-click on SSL Settings.
    • Ensure Require SSL is checked if you want to enforce SSL connections.
    • Click Apply in the Actions pane.

Step 3: Test the Configuration

  1. Restart IIS (Optional)
    • While not always necessary, restarting IIS can ensure all settings are applied.
    • Open Command Prompt as an administrator and run:
      iisreset
  2. Access the Site
    • Open a web browser and navigate to:
      https://www.yourdomain.com:5051
    • Note: If you receive a certificate warning, ensure your SSL certificate is valid and trusted by your browser.
  3. Verify Content
    • The content displayed should be that of the HTTP service running on port 5000.
    • Test the functionality to ensure everything is working as expected.

Step 4: Firewall and Network Adjustments (If Necessary)

  1. Open Port 5051 in Windows Firewall
    • Open Windows Defender Firewall with Advanced Security:
      • Press Windows Key + R, type wf.msc, and press Enter.
    • Create a New Inbound Rule:
      • In the left pane, click on Inbound Rules.
      • In the right pane, click New Rule….
      • Rule Type: Select Port and click Next.
      • Protocol and Ports:
        • Select TCP.
        • Specific local ports: Enter 5051.
        • Click Next.
      • Action: Ensure Allow the connection is selected. Click Next.
      • Profile: Choose the network profiles where the rule applies (Domain, Private, Public). Click Next.
      • Name: Enter a name like IIS HTTPS Port 5051.
      • Click Finish.
  2. Ensure Network Accessibility
    • Verify that your network allows inbound traffic on port 5051.
    • If behind a router or NAT device, configure port forwarding to the server’s IP address.

Conclusion and Troubleshooting Tips

Recap of Steps

  • Configured IIS to listen on HTTPS port 5051.
  • Set up URL Rewrite and ARR to reverse proxy requests to an HTTP service on port 5000.
  • Tested the configuration to ensure the setup works.
  • Adjusted firewall settings to allow traffic on port 5051.

Common Troubleshooting Tips

  • Site Not Accessible on Port 5051
    • Ensure the site is started in IIS Manager.
    • Verify that port 5051 is not used by another application.
    • Check firewall settings to ensure port 5051 is open.
  • SSL Certificate Errors
    • Confirm that the SSL certificate is correctly bound to the site.
    • Ensure the certificate is valid and matches the domain name.
    • Import the certificate into the Trusted Root Certification Authorities store if self-signed (for testing purposes).
  • Reverse Proxy Not Working
    • Ensure that ARR and URL Rewrite modules are installed and enabled.
    • Verify the reverse proxy rule configuration.
    • Check that the backend service on port 5000 is running and accessible.
  • Error Messages in Browser
    • HTTP 502 Bad Gateway: Indicates issues connecting to the backend service.
    • HTTP 500 Internal Server Error: Check IIS logs for detailed error messages.
  • Logging
    • Review IIS logs located at C:\inetpub\logs\LogFiles for detailed error information.

Assignment

  1. Implement the Described Port Forwarding Setup on Your IIS Server
    • Follow the steps to configure IIS, install necessary modules, and set up the reverse proxy.
  2. Test the Setup by Accessing https://www.yourdomain.com:5051
    • Confirm that the site loads and proxies to the service on port 5000.
  3. Document Any Challenges and How You Overcame Them
    • Keep a record of any issues encountered and the solutions applied.
    • Reflect on the learning experience and note any best practices.

Additional Resources

Feedback and Support

  • Microsoft IIS Forums:

    IIS Forums

  • Seek Assistance from a Network Administrator

    If you encounter persistent issues, consult with a network administrator or an experienced colleague.

Through this lesson, you have enhanced your understanding of IIS’s capabilities in managing web traffic and gained practical experience in configuring port forwarding and reverse proxy setups. This knowledge is crucial for managing advanced web server configurations and ensuring secure and efficient web service delivery.

Happy Configuring!

Previous
Next