I want run multiple ASP.NET websites on a single IIS server using the same IP address and port (80).
I cannot use host headers to accomplish this because my clients have not agreed to use a domain name.
My websites will be accessed using an IP like 227.23.32.44. All of them will use the same port (80). The reason for this is, I have around seven applications and my clients wants me to use standard, IANA approved, easy to remember port numbers.
If I want to go with standard, IANA approved TCP port numbers, I would be left with
227.23.32.44:80
227.23.32.44:116
227.23.32.44:84
This is not very user friendly.
Rather, if I use
227.23.32.44:80
227.23.32.44:81
227.23.32.44:82
Then it is much more user friendly but my clients will not let me use this.
Is there any other way to run multiple websites? Can I use another proxy server to inspect the url of all incoming requests and then route to the necessary application? I have heard about nginx. Can I use nginx to do this?
You need to uniquely identify a site using a composite key of IP+Host Header+Port.
Since host header is out, you are left with just IP and Port. You have 2 options.
1.Have multiple adapters so that you have multiple IPs and port will be 80.
2.Have same IP but different Ports
Host header is meant precisely for this reason. You can have same IP, same port but different Host header.
Nginx is not a silver bullet either. You won't be able to run ASP.NET on Nginx.
Why not to put applications in different folders on IIS?
227.23.32.44/WebApp1
227.23.32.44/WebApp2
227.23.32.44/WebApi
IIS support this out of the box:
Go to IIS Manager
Right-click Default Web Site
Choose "Add Application..." command. Alias means customer visible part of URL.
Related
Setup within the AWS ecosystem is multiple web sites across 2 domains using ELB, SSL, IIS & ASP.NET across 2 EC2 instances.
After a security audit, we discovered our cookies weren't set to secure, so I setup a URL rewrite to look for the appropriate header from ELB and set HTTPS to true. The problem is, users started getting emails stating https://www.test.com:80/ as the domain and unfortunately, we have too many references to Request.Url to make a change quickly.
Obviously IIS requires a different IP address (or port number) to host 2 SSL certificates. If we change the port number, we'll still have the same issue, so we were hoping to add a secondary IP address and point ELB to use it, but that doesn't appear to be supported. I'm fairly new to AWS, so I was hoping someone could give me some direction in terms of getting SSL to terminate within IIS on ELB.
So what I am asking is, is there a way to get ELB to use a specific IP Address instead of a generic EC2 instance which uses the primary IP Address?
Thank you in advance,
Andrew
If we change the port number, we'll still have the same issue,
No, you wouldn't.
Set up a second ELB using standard ports toward the Internet and custom ports toward the instance(s).
I have two websites running on IIS 7. Both require SSL. Ports for the websites are http:8080/https:443 and http:8087/https:443 respectively. I've created self signed certificate and put them into the Trusted Root. Contents of the both websites are the same. Here are my questions:
Do I have to make some changes to the hosts file as well? If so, what changes exactly, both on
server and clients
What do I have to type in the address bar in order to be able to open them? (Like 172.16.10.1/website1?) Do I have to specify the port numbers?
For http traffic, you can have many websites which can differ by IP or Port or Host Headers or a combination.
So in your case it is simple. For website1, you have site binding on port 8080, so the url becomes http://172.16.10.1:8080. Ditto for website2: http://172.16.10.1:8087 .
To make things simple, you can do a sitebinding on host header. So, bind the IP 172.16.10.1 with default port 80 to a host header say "www.website1.com" for the first website. Simlary for the other make the same combination bind to "www.website2.com". Now you don't need to specify port in the url. You can simply open both the websites by their respective names.
However, in case of https, it becomes a bit tricky. The certificates are installed on a per server basis. So, you have to specify different IP-Port combinations and host header binding won't work.
One option you have is to use a wildcard certificate which you can then secure-bind to each host-header.
The other option is to get a SAN Certificate (Subject Alternative Name Certificate). This will allow you to do a binding on different host headers with the same IP-port combination.
This excellent article on MSDN will help you understand it better: http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx
Regarding the first part of your question:
You don't need to do anything with the hosts file. If you have a proper third-party certificate, it only needs to be registered on the server. The Intermediate and Trusted roots are already available on the clients. So nothing to be done on the client-side. You can open up "options" in IE and then check "certificates" under the "content" tab to see that a list of publishers is already there.
However, if you are using a self-cert, then the client-part is tricky. Because, the clients will keep on getting the "certificate is invalid" warning every time. One way out of this is to manually install the certificate on each client. Another way is to deploy the certificates to all clients using group policy.
I'm running a web application on a glassfish 3 server. The application should not be accessible for anyone. Instead I want to limit access to a handful static IP addresses. To block all communication via a firewall is not an option, since the server hosts other web services too.
Given this background, my question would be:
How can I tell glassfish to only respond to requests from given number of IP addresses?
Your help is highly appreciated!
IP based security is not very robust and... secure (think network topology changes, IP spoofing) but it should be possible to:
create a virtual server
configure the application to be available on that virtual server only
define allowRemoteHost/denyRemoteHost properties at the virtual server level
A better alternative would be to move to certificates.
You can always write a filter that returns 404 or whatever for invalid IPs. Note that IPs can be spoofed.
I am using SharePoint Server 2007 Enterprise with Windows Server 2008 Enterprise. And I am using publishing portal template. I have a physical server with a single IP address, and I have set in DNS to map two domain names (server1.mycorp.com and server2.mycorp.com) to the same server/IP address.
My question is how to setup two SharePoint web sites on the same server with a single IP address to serve two domain names individually (with the same port number 80)? My current idea is to create two SharePoint web applications for the two web sites, with the same port number 80, but with different host header (setup Http host header to server1.mycorp.com and server2.mycorp.com individually for the two SharePoint web applications). Not sure whether my idea is feasible?
thanks in advance,
George
I believe this belongs in ServerFault.
And you also seem to describe a common host header concept, when you create your WebApplication in the SharePoint Central Admin, you will define a host header, being on the same IP or not, IIS will respond to them individually, so yes it works.
Application Management => Create Web Application => define host header, define same port 80, done.
I would like to know if it is possible using IIS and ASP.NET (and ideally something that might be employed on a shared hosting account, but this isn't required) to mimic WordPress.com's ability to allow end users to use their own domain names.
WordPress has users who own their own domains change the domain's DNS settings to point to WordPress's own DNS. My guess is this is not something that would be able to be done on a shared hosting account since it would involve adding an entry to the DNS server's table for each custom user domain.
However, for future reference, is this something that might be automated programmatically on perhaps a VPS?
My guess is this is not something that would be able to be done on a shared hosting account
You're nearly correct. The default site in IIS listens to all connections on port 80 for the default IP address.
You can add more sites in 3 ways:
Add new sites listening on different ports. This is not entirely practical if you want "ordinary" sites litening on port 80.
Add more IP addresses to the box (not too eaisly done) and set up new IIS sites to listen to the new IP addresses independently.
Add new sites to the server listening to different "host headers" (domain names to you and I) but on the same (default) IP address .
So called "Shared hosting" usually uses options 3, because a hosting company can get away with only using a single IP address for possibly hundreds of sites.
Therefore you would have to go through the tedious process of adding each host header to the box, and while I'm almost certian this could be done with Wscript, I'm no expert in that area.
If you really wanted to get into it, you could write an ISAPI module to intercept the calls and set up some clever (ish) database/hash table of domain names and target folders to server as the different sites.
Bottom line is, there are various ways to achieve this on Windows. Probably none quite as easy as on a *nix platform where everything is super-scriptable.
What we do is have a wildcard DNS entry set up for our domain. That way, whatever domain the user types will resolve to our website as long as it ends with ".mydomain.com". Then our .Net code just looks at the "HOST" header coming in and serves up the content that matches that domain name.