Hi,
I am looking for some help pls.
Scenario:
IIS server is hosting a HOPEX static website on port 443 (https://HopexTest.hopex.com:443/Web360)
Port 444 is used for HAS (https://HopexTest.hopex.com:444) one the same server.
It seems that I cannot use ARR/URL rewrite because it will always redirect to HAS page and static website will not be reached, so I am not using ARR/URL rewrite.
If I don't use the ARR/URL rewrite, then client machine (user windows 10 machine) doesn't pick up the internal self-signed certificate and I get the below error
The static website has no issue (https://HopexTest.hopex.com:443/Web360) as the public certificate is working fine.
Do I need to replace the "Private internal SSL" certificate with the "Public certificate" issued by the Certificate Authority to make it work without certificate error on client's machine?
In your post your are mixing 2 problems :
- The configuration of IIS with proper URL Rewrite Rules
- Deployment of HAS in HTTPS
Now, I will answers to you case of installation. You are getting confused with all the ports you defined. Because you mix them it fail to start.
Here is an example to clarify.
- PORT 443 : is used by IIS and is a public port
- PORT 5000 and 30100 are used by HAS for internal communication.
Here a schema of architecture :
In you case your have :
- IIS on port 443
- You are trying to put the HAS instance on port 443 as well
It is not possible to have 2 different applications that are communicating on the same port.
So in your case you cannot use port 443 for the instance because the server already use IIS for port 443.
I suggest you leave the default value 5000. This port is for internal communication make sure you check use Enable SSL
This means that between IIS and HAS the communication will be in SSL on port 5000
Here is an example of complex IIS configuration.
In your post your are mixing 2 problems :
- The configuration of IIS with proper URL Rewrite Rules
- Deployment of HAS in HTTPS
I will focus on point 1 for the answers
I will take an that example we have :
- several server farms
- several website under the "Default Web Site" of ISS all on port 443
To make it work it is a matter of setting properly URL Rewrite rules https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-configuration-...
The binding in IIS :
Make sure you have the proper binding on the website. In my example I have 3 DNS pointing toward the same server on port 443.
In your case you should have one for port 443.
Make sure the SSL certificate is aligned with the binding your defined. In my case the SSL certificate is a *.demomega.com
Several website
In my example I have 2 different website :
- BoldBI that is a complete .net website not related to HOPEX in this deployment
- HOPEX360 that contains several static website
For the static pages :
Create an IIS Application "hopex360" to host the static website. Below the IIS Application I have created 4 sub application because I have 4 static website.
Simply click on "Convert to Application" to convert the folder of the static Website to an IIS Application
If you have only one static website it can be done directly under "Default Web Site"
If you want each website to be at the root level it is possible. Just repeat the operation at root level instead of Sub IIS Application
URL Rewrite configuration
Go at the root level of the IIS and click on "URL Rewrite"
In that example I have 4 rewrites rules to manage :
- The access to the website called BoldBI
- the access to the website HOPEX360
- The server farm called ONE
- The server farm called REFERENCE
What is important is to understand that the rules are executed in order and that we can decided not to execute the following rule if condition are met.
So in your case you need to create a rule for your static website to avoid to be redirect to "HAS" farm and stay on the static pages.
Here the action to do :
- create a new blank rule
- Name it "HOPEX Static website"
- Choose "Using Wildcards"
- In the pattern field pour *<<website name>>* where <<website name>> is the name of the IIS Application you created. In my case hopex360
- Choose Ignore case
- Optional: you may want to put condition on PORT or DNS for you rule
- In action choose Action Type "None"
- Ensure "Stop processing of subsequent rule is checked
- Click Apply
See the screenshot below
Make sure your rule are sorted properly.
Select the rule you just created and click "Move Up" to make sure your rules appears before the redirection to the farm
With that configuration you are able to have
https://HopexTest.hopex.com/Hopex => that will access the server farm
https://HopexTest.hopex.com/Web360 => that will access the static webpage.
If you use default 443 port you can remove it from configuration as this is default web behavior that HTTPS is in port 443
Pls see the below screenshots:
The 360 website is hosted on port 443, so port 444 is being used for HAS instance. If both are possible on 443 then it will be even better but the HAS instance doesn't start on port 443.
2021-11-24T15:26:09.8141208+00:00 [Error] - An error occurs when executing command : System.Net.Sockets.SocketException (10013): An attempt was made to access a socket in a way forbidden by its access permissions.
But the main issue is the error on the client machine where it doesn't pickup the certificate and shows the error:
