Connect an IISNode express server to an existing front end - iis

I am hosting an express server with IIS Node. If I create a brand new site in IIS I can see the express server at the following url: email.local; however if I try to add that same exact server as an application inside of the site that hosts my front end I am not able to run the server or send postman requests to it. Postman responds with a 404 error when sending an api request over https and a 403 error when sending the request over http. and my browser just shows the following: "can not GET /api/"
To be clear I want to be able to interact with this server when I navigate to www.mysite.com/api
Here is my webpack config file:
<configuration>
<system.webServer>
<handlers>
<add name="iisnode" path="server.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="sendToNode">
<match url="/*" />
<action type="Rewrite" url="server.js" />
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>

Related

IIS ARR Reverse Proxy Works Until SSO Is Turned On

I am new to using IIS and the reverse proxy feature (ARR V3.0).
I have everything working correctly until a backend SSO authentication is enabled with the application.
The feature works from the IIS reverse proxy server if I go straight to the back end application but it fails when you try to authenticate thru the reverse proxy from the outside.
Flow is something like this when SSO is disabled:
Public User --> Public URL --> IIS/ARR --> Authentication --> Application Is Presented to user for login. Everything works. Again this is a single web server in the back end used for logon.
Flow is something like this when SSO is enabled:
Public User --> Public URL --> IIS/ARR --> Authentication --> Application Server --> SSO Application server --> IIS/ARR presents the back end (internal) SSO server name with DNS error. This is where the second server handling SSO is thrown into the mix.
The error displayed in a browser shows the internal server name in URL
(https://em004tcss066.xxxx.xxxx.xxx:8443/) with a DNS error (expected since the external DNS records do not contain the internal server names. I do see the redirectToSSO message above the address bar as it does that in the background but eventually times out with DNS error.
Current rules:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="ReverseProxyInboundRule1" stopProcessing="false">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<serverVariables>
<set name="HTTP_REFERER" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="https://em004tcweb062.xxx.xxxxxxxxx.xxx:3000/{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Base, Form, Img" pattern="^http(s)?://em004tcweb062.xxx.xxxxxxxxx.xxx:3000/(.*)" />
<action type="Rewrite" value="https{R:1}://xxxxxteamcentertraining.xxx.xxxxxxxxx.xxx/{R:2}" />
</rule>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{RESPONSE_CONTENT_TYPE}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<defaultDocument enabled="true" />
</system.webServer>
</configuration>
I know this is an issue with ARR, but I am not sure what rule needs added/modified to resolve it?

node project routing not working on plesk hosting

I have created simple node application with routing.
Startup File to app.js and after browsing the domain like this :https://api.lemontrade.in/ and see
only app.js file is working but when I want get customers with url https://api.lemontrade.in/customers I am getting 404 error.
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
You should add this in your web.config file if you are using IIS / Windows hosting.
<configuration>
<system.webServer>
<handlers>
<add name="iisnode" path="app.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="myapp">
<match url="/*" />
<action type="Rewrite" url="app.js" />
</rule>
<!-- Don't interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^app.js\/debug[\/]?" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Azure App Service Reverse Proxy works only on port 80 http

I'm trying to configure Azure App Service Reverse Proxy to expose webserver in Azure Virtual Network to the internet and I had limited success - it's working when I'm not using encrypted connection between reverse proxy and target server.
Here is my currently working configuration:
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
<rewrite>
<rules>
<rule name="ForceSSL" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Proxy" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://example.com/{R:1}" />
<serverVariables>
<set name="HTTP_X_UNPROXIED_URL" value="http://example.com/{R:1}" />
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="CheckContentType">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text/html|text/plain|text/xml|application/rss\+xml)" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
applicationHost.xdt
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false"/>
<rewrite xdt:Transform="InsertIfMissing">
<allowedServerVariables xdt:Transform="InsertIfMissing">
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
IP Address of the server has been replaced by example.com
When I change web.config rewrite rule and HTTP_X_UNPROXIED_URL to https I get following IIS Error
Detailed Error Information:
Module ApplicationRequestRouting
Notification ExecuteRequestHandler
Handler ApplicationRequestRoutingHandler
Error Code 0x80072f8f
Requested URL https://example.com:80/
Physical Path D:\home\site\wwwroot
Logon Method Anonymous
Logon User Anonymous
Request Tracing Directory D:\home\LogFiles
This suggests, that for some reason it's trying to request https on port 80.
I tried to follow guide from here: https://www.patrickob.com/2018/11/10/adding-ca-certs-to-the-trusted-root-store-for-web-apps-hosted-in-an-ase/
I have added my organizations root cert to SSL certificated and added WEBSITE_LOAD_ROOT_CERTIFICATES setting.
Any help will be appreciated.
WEBSITE_LOAD_ROOT_CERTIFICATES is only supported in an App Service Environment, its not supported in multi-tenant app services. If the endpoint on-premises is signed by a certificate not using a public CA at this time there's no direct workaround to make this work outside of updating the certificate or possibly writing a simple proxy app that can ignore SSL cert validation (I typically wouldn't recommend this option unless you do the cert validation yourself in code).

static url rewrite, using rewrite map is not working

I have a website on azure, and I am trying to make some user-friendly urls to my websites use.
I have downloaded IIS remote manager, and did as it was explained here.
Although the article is since 2008, the GUI of the remote IIS manager is still almost the same.
after defining the rewrite map, and the rule that looks inside the map, this is the web.config that was generated:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
<rewriteMaps>
<rewriteMap name="StaticRewrites">
<add key="/niceurlpart" value="/Menu/master/#/Menu?Token=7926983e-c64e-4547-85f5-d85e3c06c7a8" />
</rewriteMap>
</rewriteMaps>
<rules>
<rule name="Rewrite rule1 for StaticRewrites" patternSyntax="ExactMatch">
<match url=".*" />
<conditions>
<add input="{StaticRewrites:{REQUEST_URI}}" pattern="(.+)" />
</conditions>
<action type="Rewrite" url="{C:1}" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
when I enter inside the address bar: mydomain.com/niceurlpart I get:
"The resource you are looking for has been removed, had its name changed, or is temporarily unavailable."
Also, when I try to test the pattern inside the remote IIS manager, it fails..
am I missing something?
Not sure on the syntax of doing this in web.config, but the # part of a URL doesn't reach the server, so using that in your rule won't work.
If you are using angular type app and are using # for routing, then try using HTML5 mode which will get rid of the hash.
If your are after SEO, you can google '_escaped_fragment_' to get the hash value to your server. Also if SEO is your goal then we use _escaped_fragment_, along with this tool https://prerender.io

IIS reverse proxy to nodejs app via https problem

I am building a nodejs api that is hosted by iis. It works perfectly over (using port 5000) http. However, when trying to use the https connection if fails(ssl are installed). I either get a connection failed message or a refused message.
<handlers accessPolicy="Read, Execute, Script" />
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:5000/{R:1}" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
</rule>
<rule name="ReverseProxyInboundRule2" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://api.mysite.com:5000/{R:1}" />
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
Seems like IIS is refusing the connection. any help is appreciated.
According to your url rewrite rule, I found all your https request will match the ReverseProxyInboundRule2 and rewrite to "http://api.mysite.com:5000". I suggest you could firstly check you could access the "http://api.mysite.com:5000".
I guess there is something wrong with this url. It seems you doesn't bind the domain in the IIS binding configuration.
I suggest you could try to open the IIS web application binding to add the domain for the http://api.mysite.com.

Resources