I set up some days ago an ELK 7 stack to monitor some logs in one place. For now it perfectly operational and works well from inside the network. I now want to access Kibana from outside the network without the need of a VPN.
I already have a website running in IIS which is served through a global reverse proxy. The website itself is doing nothing but there are 2 WebApplications under it (there's just a little app at the webiste root doing a redirect to the right app depending of the source of the request).
So at the moment, i have the following URLs available (servername could be either my machine name when i'm on the intranet or the external domain when i'm remoting) :
http(s)://servername/app1
http(s)://servername/app2
Now i would like to be able to get the following URL working to access Kibana
http(s)://servername/elk
For now i didn't manage to make it work - even internally - (so without involving the first global reverse proxy).
I set up a application under a website dedicated for testing purpose (so it won't mess with the real website). This is an extract of my web.config file for this application :
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="KibanaProxy">
<match url="(.*)" />
<action type="Rewrite" url="http://kibanahost:5601/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="KibanaRedirect" preCondition="Redirect">
<match serverVariable="RESPONSE_Location" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
<rule name="KibanaContent" preCondition="ResponseIsHtml1">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Input, Link, Script" pattern="^/(.*)" />
<action type="Rewrite" value="/elk/{R:1}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
I wrote a rule to handle the first redirect done when accessing the Kibana root and i tried to add a rewrite rule so external resources can be accessed also. It seems like i have still some other rewrites to do mainly because of URL inside bootstrap.js and such things like CSS... It seems like it's a pain to achieve and i wonder if anyone managed to accomplish such a proxying. If i can proxy Kibana correctly internally, i would be able to add an authentication layer thanks to IIS before trying to expose it over the internet through the global reverse proxy.
Related
I've got two websites.
XX.XX.XX.XXX:5917 which is a webforms website
And
XX.XX.XX.XXX:5916 which is an mvc website.
Both websites on the same IIS 7 server. I can navigate each website, login, etc.
However, when a user goes to XX.XX.XX.XXX:5917/Report I want the content from XX.XX.XX.XXX:5916/Report to be served up, but the url to remain XX.XX.XX.XXX:5917/Report.
To do this, I'm trying to set up a reverse proxy on the 5917 site to serve up content from 5916.
When I have a redirect rule in place, I can click a link in 5917 to Reports and it will take me to 5916/Reports. This works, but changes the address bar. When I use the Rewrite rule option, absolutely nothing discernible happens. If I screw up the end url in the action bracket then the page will break, so I know it's at least evaluating the rule.
Here is the 'working' redirect rule:
<rule name="Reverse Proxy to Reports" stopProcessing="true">
<match url="\bReport\b" />
<action type="Redirect" url="http://XX.XX.XX.XXX:5916/{R:0}" />
</rule>
Am I missing anything? Where do I go from here?
Try adding this on your XX.XX.XX.XXX:5917 WebForms web.config:
<system.webServer>
...
<rewrite>
...
<rules>
<rule name="ReverseProxyInboundRuleForReports" stopProcessing="true">
<match url="(Report/.*)" />
<action type="Rewrite" url="http://localhost:5916/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
You might need 'Application Request Routing' extension on IIS for it to work though. If so then you can get it from this link:
http://www.iis.net/downloads/microsoft/application-request-routing
You can also read more about the technique on this link:
http://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis
Good luck!
I am trying to forward a specific URL on my website to another website and I can't figure out how to set the proper values in the web.config file for my IIS server.
For example I would like to forward
www.example.com/ballot
to
ballot.example.com
So far I've tried the following but it doesn't have any affect to the url
<rewrite>
<rules>
<rule name="Imported Rule 1" stopProcessing="true">
<match url="^/ballot$" ignoreCase="false" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="http://ballot.example.com/" />
</rule>
</rules>
</rewrite>
I'm hosting the website on a Rackspace Cloud site.
Okay, I figured this one out and I'm posting the solution here for anyone else that may come across a similar situation.
If you want to redirect a certain URL like http://www.example.com/ballot to http://ballot.example.com/
Then follow these steps
If one doesn't already exist create a directory called ballot directly under the web root of www.example.com.
Create a Web.config file and place it in the ballot directory with the following content.
Make sure you change the destination to your actual destination.
If you are hosting on a Rackspace cloudsite you must rebuild the application (not sure about other host). You can rebuild the application by deleting the Web.Config file (if one was present) and uploading a new one, or by clicking the rebuild application link within the General Settings tab of the cloudsite you are trying to redirect. More information about rebuild applications in Rackspace here: http://www.rackspace.com/knowledge_center/article/how-to-rebuild-an-aspnet-application-in-cloud-sites.
Also here is a link to the page where I ultimately found the solution to what I was trying to accomplish: https://www.stokia.com/support/misc/web-config-response-redirect.aspx
I have a number of websites that make use of the REMOTE_ADDR server variable to record client IPs for metrics. In moving the hosting of these sites into a load balanced environment we're now only ever getting the load balancer IP in REMOTE_ADDR. I'm fully aware of the use of HTTP_X_FORWARDED_FOR and how it works and we do have access to it and my preferred solution is to simply update the applications to use it.
However, the powers that be here want to avoid having to update all of the websites :( I'm looking into alternatives in the mean time.
Ultimately this means finding some way of replacing REMOTE_ADDR with HTTP_X_FORWARDED_FOR before the request hits the applications.
I'm trying to get the URL Rewrite 2.0 module working using advice from another acole76's question here:
IIS 7 Rewrite web.config serverVariables directive not working in sub folder
My web.config is practically the same as his:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="RemoteHostRewrite">
<match url="(.*)" ignoreCase="true" />
<serverVariables>
<set name="REMOTE_ADDR" value="4.3.2.1" />
</serverVariables>
<action type="Rewrite" url="{R:0}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I'm using a hard-coded value 4.3.2.1 here for testing. I'll eventually replace that with the real value {HTTP_X_FORWARDED_FOR}.
Now, this works absolutely fine if a url contains a file name. It does not work if the url does not end with a file name.
For example:
mysite.local/default.aspx - works
mysite.local/ - does not work
mysite.local/folder/default.aspx - works
mysite.local/folder/ - does not work
I'm stumped! Can anyone offer any help?
you have to set another rule:
<match url="^$" />
<action type="Rewrite" url="/default.aspx" />
or whatever your default-page is
otherwise "url" will be empty --> no rule used
I am setting up different web applications on a Win 2008 R2 server. I am trying to accomplish the following:
http://myserver/ should point to a local folder with static html pages
http://myserver/crm should "rewrite" to http://myserver:1234/ where I have installed a web based CRM application.
We have a change process to open firewall ports so instead of getting them to open the 1234 port, I would rather have people just go via http://myserver/crm and IIS should hide the port business behind scenes.
Do I need a reverse proxy in this case? Or a simple inbound rule?
At which website should I configure this rule?
Do I need to create a "CRM" virtual directory under default website?
Also, any rule example would help.
I hope this will accomplish the objective of not needing to open ports in firewall...?
Thanks
(Sorry if this is similar to another question, but I wasn't sure if I need a reverse proxy or a simple inbound rule.)
You need inbound and outbound rule. The method to achieve this goal is called reverse proxy.
On the level of Website handling http://myserver/ domain or Global level.
No.
Use the rules below as a starting point.
I would say it's possible to achieve your goal using reverse proxy.
IIS Rewrite Rules:
<rules>
<rule name="CrmInbound">
<match url="^crm(.*)" />
<action type="Rewrite" url="http://myserver:1234/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="CrmOutbound" preCondition="OnlyHtml">
<match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="http://myserver:1234(.*)" />
<action type="Rewrite" value="http://myserver/crm(.*)" />
</rule>
<preConditions>
<preCondition name="OnlyHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
I have a phpBB server running on one box. I want to expose it via our main server that is running IIS7. The inbound rewrites appear to be working perfectly. But I cannot seem to get the outbound to do anything all.
Here is my config:
<rewrite>
<rules>
<rule name="forums - inbound reverse proxy">
<match url="^gamer/forums/(.*)" />
<action type="Rewrite" url="http://phpbbsrv/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="forums - outbound HTTP rewrites">
<match pattern="(.*)://phpbbsrv/(.*)" />
<action type="Rewrite" value="{R:1}://{HTTP_HOST}/gamer/forums/{R:2}" />
</rule>
</outboundRules>
</rewrite>
When logging into phpBB3, the "You have been successfully logged in" page has a META refresh tag and a normal A HREF link that both contain http://phpbbsrv/. They aren't being rewritten. I've turned on Failed Request Tracing, but it apparently doesn't log much with outbound rules.
Thoughts on how to proceed?
I might need to get some sleep. Apparently I meant to use SERVER_NAME, not HTTP_HOST, in the outbound rule. It is doing exactly what I told it to do...as computers tend to do.
Sorry for the noise.