Scenario
I have an application that I have been developing for two years. I use the framework .NET to develop it in a language called Oxygene that comes from Pascal.
When I have something new in my code, I publish my application in File System method. I have a couple servers working on Amazon EC2, so I transfer this files to a folder in my IIS Server. In this IIS Server I already have a website that corresponds to my application, so I just replace the old files for the newest files.
I have another server that works as an SQL server.
Last detail is that in my application the user is able to attach files, import pictures, export PDF and Excel files. Attachments and pictures are stored in the same folder the application is located.
Issue
Here is my problem. I have got a new client that is kind of a big client. It seems like this company has a strong IT security, so the application must be located in their servers.
The big problem is that they required my application to be set in the following architecture:
I am used to only use an app server (works for external access) and a SQL server. They want the third server in DMZ net so they can let external access happen. The reason the application can't be placed in the DMZ is because there are the files I mentioned bellow that the user stores in the application. The database stores all the data, but not those files mentioned.
Solutions I have offered, but won't be accepted:
Publishing the application in a IIS server located in the DMZ: That won't be accepted since my application stores user attachments in the same folder the application is located. There are also images stored there.
Publishing the application in the app server, but also publishing a empty application in the DMZ server redirecting to the IIS server inside the LAN: That's the best solution I have come up.
Using a reverse proxy to protect the LAN Net: This is off the table, since reverse proxy is not safe at all.
I am kind of confused because I can't see a way to separate my application in two to make it work in that suggested architecture.
Can anybody give me a hint or ideas of how this would work?
-
You can't "redirect" to inside the LAN, a redirect is a client-side operation, so if the internal server isn't already exposed, you can't redirect someone to it.
A reverse proxy is likely your best bet. Why do you believe it is not safe? This is a tried-and-true solution, it allows you to leave additional ports/services open to internal requests (like a file server, which it sounds like you are trying to expose).
How are these files getting uploaded? Are you using FTP? SMB? HTTP? This solution will not expose those other protocols to the outside world (please don't expose SMB to the outside, it will result in tragedy). Do the external users need to upload these files?
Related
I am required to preface this question with a disclaimer:
Im sorry if the question is silly and I am sure this information is on the Internet somewhere, but the reason why I ask here is because, I lack the knowledge to begin my research anywhere useful I don't need to read what an http server is, but rather what it's place in a backend environment is. Somehow, I was not able to find anything useful, which is why I believe that the idea I have of this issue at this moment is completely wrong.
I am fairly new to the ins and outs of how the web works. I believe I have good knowledge on how the http protocol works, frontend development and programming. But I don't seem to be able to connect the pieces.
What happens after the request reaches the http server?
Specifically, I can't seem to understand what exactly the back-end means. For example, if someone were to use Django as their backend framework -> what would be the role the application written in python(django) plays? Does it interpret the server request and if so, what are applications such as apache http server used for in a situation such as this?
I don't understand the link between the http server and the web application.
How would you get a web application to run on a server?
I understand that if you just need a web server to serve static html files than apache server would be enough. But how does it work when user data has to be inserted into the html file, or when the database has to be updated as a result of a http request.
I believe this would be the responsibility of the web application, but how do they interact?
tl;dr:
What is the role of an http-server vs role of a web application?
How do they interact?
To point is an http server software such as apache or nginx necessary?
What is the role of an http-server vs role of a web application?
An HTTP-Server is roughly an application that serves files to clients. Basically those files are of HTML type, thus contains hyperlinks that refers to other files.
A web application is just a set of related HTML files, that the user navigates through.
That is the base; as that model can be extended : files can be generated dynamically, of type different than HTML, etc.
How do they interact?
The server manages the files and send them to the client application (usually a web browser).
To point is an http server software such as apache or nginx necessary?
Sure it is, as it is the core infrastructure of a web application. Your web application is a set of HTML files that are accessed through a web-browser that ask the HTTP-server to obtain them.
We have developed a website that uses In-Proc sessions, stores images uploaded from it on a folder inside its own virtual directory, and uses a third party tool that uses server side caching. This setup works just fine in a single server instance.
But the client has a web farm environment. When we deployed this site on client's web farm. Things started failing. Till now -
we have enabled out-proc session, using SQL state management server
we specified a machine key in the web.config of the server
But the other two, specially the third party tool, is proving difficult to crack.
Will it be possible to remove this one website from the web farm? excuse me if the question sounds naive but I am not a server administrator and not aware of its nitty-gritties
Will it work if we just deactivate one of the websites?
Can we deploy this website on one of the servers in the farm, but keep it outside the web farm's load balancing?
Is there any alternative, other than deploying the website on a completely different server?
Not sure on what vendor the balanacers are but the network admin should be able to setup a VIP (Virtual IP) that translates only to the once server in question.
That is a simple answer but there are many other variables in the network architecture that would have to be answered to accomplish this. I suggest you contact the administrator of the load balancers and ask them if you can isolate traffic for the website to the specified server.
I finally finish my web services, I have test with local host and in my network now what I'd like to do is send my web service to be uploaded to the internet.
I wrote my web service in C#, asp.net using the nodepad (and not using visual studio), also I use IIS for the localhost, so the files i have in my virtual directory are:
Web-Based Service Consumer: WebApp.aspx
FirstService.asmx
FirstService.cs
FirstService.dll
Now in localhost works great, but I have no idea of how to publish on the internet. Can someone explain or send a guideline, let me remember that i am not using Visual Studio (and dont want to, don't ask why).
The only thing I know is that I have to have a server working with IIS. Is this true?
Yes now you need to pay for an IIS hosting account to serve your files remotely for the world to see.
For example:
http://uk.godaddy.com/hosting/web-hosting.aspx
They will probably give you an FTP account where you can upload your files and some sort of web interface for you to configure the server. If you talk to them, I'm sure they can walk you through it.
Good luck.
I'm not very experienced with ASP.NET, I've started to learn about all of this a month or so ago, I've made a very simple website that I would like to test online, there are no database connections or anything of the sorts.
My previous experience with the Web has taught me to just upload files via an FTP client and being done, this is obviously not the case with ASP.NET.
I'm running Visual Web Developer Express and having a really hard time understanding how to get my website online on my host. I've read a few things about the web.config file, I've changed my server to support version 4.0, but I still battle with error after error after uploading my files onto my server. I've also read that the Express edition is limited in the "Publish Website" department.
I'd just like a direct answer on how to publish my website onto my host.
Make sure that your hosting company supports ASP.NET websites. Get a FTP client like FileZilla. Copy all of your files to the remote directory. If you are using a database, change the connection string in your web.config file to match the connection string of your new database. You get the connection string from the hosting company.
There are different ways to deploy your Asp.net web site.
Web Setup Project: Create a web setup project and use the resulting files to deploy your application. Read More
Copy Web Site Tool: Update and deploy websites in environments with multiple developers and servers. Read More
Publish website tool: Pre compile your websites.
Read more
I have a dll i created that gets the excel object on users computer(if excel is installed) and has a handful of availalbe functions. I made a reverence to the dll in a Web Application. When I test this using the local host it works. If I deploy this on a Web Server will it still work or will it try to find the excel application on the server?
Without seeing your code I can only offer a guess, and my guess is that it will search the server and not the users computer.
You can probably use ActiveX to call Excel from the users computer, but that would only work in IE. I'm not sure who your audience is, but I needed similar functionality for the company I used to work for. For that I made a program that was installed to all users computers and then we used a custom http protocol that would open up programs on the client machine through a hyperlink. Doing it this way is cross browser compatible.