I have a HTTP Listener that listens for incoming traffic on port 11000 in my Azure VM. I want a client app sending data to that port but without having to type the port in the client app and also using https instead of http.
For instance, when typing the URL in the client app, it would be: https://myurl/data. But in the back end, IIS would re-route to http://myurl:11000/data.
I also have an app that is on 443, so I would want it to route from 443 to 11000.
I followed this article's example but still doesn't route the data stream to my HTTP listener to the port provide in the config file. Would I use redirect or rewrite for the web.config file?
If I understand correctly, what you want is that
https://myurl/data re-route to http://myurl:11000/data
HTTPS requests can be redirected to HTTP via rewrite rules. But redirecting HTTPS to HTTP is not recommended for many factors.
If you want to send data to port 11000 in the client application, but don't have to type the port in the client application, you need to create the URL rewrite rule on port 80, not on port 11000.
Refer to the following rules and modify it according to your actual requirements:
<rewrite>
<rules>
<rule name="Rule1" enabled="true" stopProcessing="true">
<match url="^data(.*)" />
<action type="Rewrite" url="http://myurl:11000/{R:0}" />
</rule>
</rules>
</rewrite>
Also, you need to double-click Application Request Routing Cache at the server level and select Server Proxy Settings on the right, then enable proxy and apply.
If you haven't installed the ARR module on IIS, you can refer to this link.
Related
I created a reverse/forward proxy rule in IIS so that it rewrites all requests from maps.mysite.com to localhost:8080.
This sort of works. But for some reason it doesn't seem to take the port it should rewrite to into account.
If I goto: maps.mysite.com:8080 then I get the correct page.
But if I goto: maps.mysite.com, then it doesn't work. This gives me a 500 Internal Server Error.
I configured the proxy like this.
Why isn't it working when I leave out the port number?
This question has been asked awhile ago but I am not sure it fits my needs so I want to explain my usage.
First warn, I am a noob.
We have an nginx reverse proxy with a cert. It directs to another nginx app server without a cert (internal communications don't need to be over https). Basically want to off load from https to http internally.
How do we configure it so we hit the app server on port 80? It still appears to be hitting the app server on 443. Getting an ERR_CERT_COMMON_NAME_INVALID error. I assume that it is being thrown by the app server.
In proxy.conf we have set:
proxy_pass http://<app server ip address>
You don't want to redirect, you want to proxy.
It sounds like the certificate on the nginx proxy server is not correct. Specifically that the certificate and the domain don't match
location /some/path/ {
proxy_pass http://www.example.com/link/;
}
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
I have Windows Server 2012 on a cloud on my company which sits behind the company firewall. This firewall only allows connections on port 80 from the public (world) side.
The machine has IIS-6.2 configured with some websites already working on port 80 with specific URLs after the '/'.
I recently installed Atlassian JIRA in there, this application has its own port listening service, at the moment configured to listen on port 8080 (URL as :8080/JIRA).
Since my company firewall is blocking everything appart from port 80, how can i make it in a way that typing on my laptop "http://[PUBLIC_WIN_SERVER_IP]/JIRA" would redirect/bind/etc to "localhost:8080/JIRA" (localhost being that Windows Server PC with JIRA, not my laptop)
I tried to use URL Rewrite module but all it does is rewrite the URL on my laptop to 127.0.0.1:8080/JIRA, which of course has nothing on it because it tries to open it on my laptop...
You may need to add AJP/1.2 Connector into JIRA's server.xml file:
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
You also need to configure a worker in IIS for forwarding requests to JIRA. Atlassian has a step by step configurations for JIRA and IIS here.
We have a Delphi SOAP service which needs to be SSL-enabled. I opted to use an IIS ARR reverse proxy to do SSL offloading for ease of configuration (compared to OpenSSL and manual certificate + passphrase management). ARR works, but it adds an insane amount of overhead... Response time went from under 2 seconds to 19 seconds for 18 service requests (about 60Kb compressed total).
I added timestamp logging to client & server for when messages are both sent and received. It shows about 1 second added to each request routing through ARR between sending from the client and receipt by the service. The response is routed back very quickly, only the request routing via ARR is slow (see image below).
How can I trace the source of overhead? Is ARR not suited to this use case? I tried tweaking and disabling most settings, including caching. I tried different hosts with clean IIS setups, including a production Windows Server 2012. SSL itself is not the overhead, just having an ARR HTTP reverse proxy causes the delay.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://localhost:8987/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Request & response samples from Fiddler:
Raw HTTP Request
Raw HTTP Response
We have the same problem. I found the root, it's in System.Net.Sockets.Socket.DoConnect
The problem is related to IPv6:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/203b6230-e4c0-477c-9a0a-0c21a7ad1615/strange-onesecond-delay-with-tcpconnections-to-localhost?forum=clr
http://msdn.microsoft.com/en-us/library/115ytk56.aspx
"If IPv6 is enabled and the TcpClient(String, Int32) method is called to connect to a host that resolves to both IPv6 and IPv4 addresses, the connection to the IPv6 address will be attempted first before the IPv4 address. This may have the effect of delaying the time to establish the connection if the host is not listening on the IPv6 address."
To resolve it for loopback requests you need to disable IPv6 on a machine, see p.4-5-6:
https://stackoverflow.com/a/12403731
My advice: use IIS for the apps, use Apache HTTP Daemon for the proxying.
In the past I've used various pieces of software and hardware for SSL offloading (starting somewhere in 2003 I think). Each with their own pricing level and features. The last years I've switched to solely using Apache HTTP Daemon for that purpose. Even in combination with IIS and on Windows. Apache is easy to configure once you have a running sample and more easily grows to more complex scenarios with forwarding and renaming.
Some instructions how to use Apache HTTP Daemon on Windows as SSL offloading engine can be found on http://www.invantive.com/about-invantive/news/entryid/897/ssl-offloading-for-apache-tomcat.
Turning off IPv6, as Dmitry suggested, solved this for me.
You could also use 127.0.0.1 in your rewrite, instead of localhost, to force IPv4.
I would say you have something screwy in your setup. We currently run ARR for SSL offloading and conducted throughput testing at significant volume and ARR showed little to no affect on throughput.
I would agree with Brock and say check your App Pool settings first. Basically an ARR App Pool should be set to never recycle.
I would recommend watching episodes 32-38 starting at:
http://dotnetslackers.com/articles/iis/Bindings-and-Rules-for-Application-Request-Routing-ARR-Week-32.aspx
I receive a "Port 80 not free" message when I try to serve my CherryPy app on port 80. Most examples I see show folks using other ports. If I use another port how do I specify the port serving my CherryPy app in the DNS entry?
We're using Easy DNS and from what I can tell there is no way to specify the port in the DNS entry. Is this standard or a restriction with our provider?
Want to achieve something like this:
XXX.XXX.XXX.XXX - www.domain.com:9595
Thanks in Advance!
Andrew
To publish the TCP port number for your web site in DNS, you can create an SRV record, but there is no point in doing that since there are probably exactly zero web browsers in existence that actually query SRV records to find out which port to connect to.
So since SRV doesn't work, the short answer is to your question is, you can't. If your web server runs on a different port than 80 (for HTTP) or 443 (for HTTPS) then it is only possible to access it by specifying the port number directly in the URL, like http://www.domain.com:9595/.
If you really prefer to have your web site appear to be on port 80 (for HTTP) or 443 (for HTTPS) and there is already another web server listening on that port, then you can see if you can configure the other web server to proxy requests to your web server. For example, if the other web server runs Apache, then:
<Location /foo>
ProxyPass http://localhost:9595/
ProxyPassReverse http://localhost:9595/
</Location>