powershell the let's encrypt extension for Azure web app - azure

I have scripts to install the extension, add the app settings but actually requesting and installing a cert is still a manual process through the kudu website. I'm not even sure exactly what to search for, or if it's possible. But what I'd like to do is create a script that requests and installs the certificate for each hostname on an app, just as if I were clicking through the screens in kudu.

I believe I wrote just the tool for you:
https://github.com/ohadschn/letsencrypt-webapp-renewer.
EDIT - Specifically for PowerShell, I found this (never tested it though): https://www.powershellgallery.com/packages/Register-LetsEncryptCertificate/1.0/DisplayScript.

Related

How to use self hosted ExtensionBundle

When working locally, how can one direct azure-core-tools to download "Microsoft.Azure.Functions.ExtensionBundle" from a self hosted endpoint instead of "https://functionscdn.azureedge.net/public/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/index.json"?
In a enterprise environment, internet proxy often bock access to the internet and artefact have to instead of hosted on the intranet.
Thanks to #DeepDave-MT comment I was able to figure it out.
Upload the extension bundles and index.json somewhere following strict paths:
/Microsoft.Azure.Functions.ExtensionBundle/<version>/Microsoft.Azure.Functions.ExtensionBundle.<version>.zip (can be downloaded from https://functionscdn.azureedge.net/public/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/2.13.0/Microsoft.Azure.Functions.ExtensionBundle.2.13.0.zip)
/Microsoft.Azure.Functions.ExtensionBundle/index.json (you use that file https://functionscdn.azureedge.net/public/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/index.json)
Set the an environment variable before starting az function core tools FUNCTIONS_EXTENSIONBUNDLE_SOURCE_URI=https://example.net/some/path/
Az core tools will first fetch the index.json, checking the versions listed there and then downloading the zip.

Visual Studio ClickOnce Web Deployment

I would be most grateful if anyone could help me solve this problem with ClickOnce Web deployment.
I have read all the threads on this subject and I have also read through all the Microsoft documentation on the subject. They seem to say a lot without actually being direct or providing helpful examples. However, perhaps I am wrong and I have not looked in the right places.
I have already used ClickOnce successfully to deploy an application on the local area network.
It works well and really isn't that complicated. However, my goal is to deploy this application to customers, who are not connected to my local network.
I have set up a web site (www.mydomain.co.za), which I can access directly or via the ftp protocol.
I have created a sub directory off the root where I intend to publish the files created by the publish function. The publish function of the application requires a Publishing Folder Location and a Installation Folder URL I don't really understand the functional difference between these two locations. If I set the Publishing Location to ftp://www.mydomain.co.za/MyProductName and the Installation Folder URL to http://www.mydomain.co.za/MyProductName, then the publish process succeeds and when I check on the web server, the files have been published successfully it would seem. A further Application Files/MyProductName subdiectory with the version number information appended was created where all the output was placed.
My next step is to then grab the URL of the setup.exe file and to run it from a browser. This downloads the setup.exe file to my downloads folder which I then try to run but I get an error
Deployment and application do not have matching security zones.>
I have seen this come up in other threads but These threads don't seem to relate directly to what I am trying to do. These threads make mention of using Internet Explorer to achieve some degree of success, but all the browser did was to download the file.
I have also noted with interest that a web page is created in the root with a button that prompts the user to install the application. This does not work either.
Does anyone know of an article that I can read on this subject which is more helpful or if anyone can offer more insights into this I would be very grateful.

Can I modify an app manifest and re-sign the SharePoint .app file?

I am building a SharePoint 2013 provider-hosted app using the high-trust model. This allows a customer to deploy the .app to their App Catalog and make it available to all SharePoint Sites. The provider-hosted portion of the app runs in an IIS box (cluster) which the customer also deploys (on-premise) with setup instructions and automated tools.
The .app file structure includes the application manifest - which specifies the precise endpoint where the provider-hosted portion resides, and also specifies whitelisted endpoints which the add-in can call. These are all specified by entering in URLs, hostnames, and port numbers into edit fields in Visual Studio in the 'Deploy App' form just before the .app file is built and digitally signed.
This seems to work just fine for a single app built by IT folks internally, if the org is small enough... but I really want to be able to distribute this solution to more than one customer. In order to do so, I would have to ask the customer for their respective endpoints, enter them into my build tools, and rebuild the .app for them. This just doesn't seem right... no customer wants to talk to the developer first and have a custom-built app. And why should they? No code is changing...
Upon investigation into the .app file format, it turns out it is really just a simple .zip file - and inside (voila!) there is the app manifest! Unfortunately, if you edit the app manifest and re-zip the file, the digital signature is broken, and the .app no longer works. (grrrr...)
What I want to do is simply reconfigure the app manifest to match the environment where it is deployed. This can happen programmatically during setup/installation time, or perhaps even just prior to download, but cannot be a process that involves developers typing into visual studio and pressing Rebuild. That simply won't scale.
Is there a tool that exists that can help with this problem? If not, does anyone have experience with the signing of .app files programmatically? I'm open to skinning this cat in any way possible.
This is a wild idea and not maybe even possible.
Create web ui, where clients enter their endpoints.
Have internal process that invokes MSBUILD/TFS to package app with endpoint
change app manifest with pre-build powershell
Then provide app via email or download?
http://www.sharepointconfig.com/2013/10/building-sharepoint-2013-apps-with-tfs-2013/
This is more of a workaround than a true answer - but would work:
For on-premise deployments of high-trust SharePoint 2013 apps - build the application with "known endpoints" - essentially hard-coded endpoints that can be deployed locally. Then instruct the customer to redirect those endpoints using DNS records or hosts file entries. In addition, the client would need to generate a local wildcard certificate signed by their own trusted root in order to satisfy the SharePoint 2013 app model requirements for appdomain and server-to-server communication.
This is by no means ideal, but for certain environments it might be the most practical approach. This also allows scaling for the IIS WebApp to occur at the customer-site, where it realistically belongs for a high-trust app.
This approach avoids the need to automate build tools and also avoids building a separate instance for every customer - both of which are somewhat undesirable. It might, for those reasons, be slightly less costly - but it also pushes some responsibility to the customer. Namely - hard-coding a DNS entry locally for machines in the topology.

Using MsDeploy to create web site or virtual directory

We're trying to figure out how to automate our website deployment. We've picked an existing project, and started playing around.
First, I used the Publish wizard from with VS2012 to create a Web Deploy Package. We then tried deploying the package as a website, through the IIS Manager, and that succeeded without a problem. We thought we were nearly there.
What was next was to learn how to run this from the command-line, so we could script it. And that's caused us no end of headaches.
We've been playing around with msdeploy.exe, and with the .cmd file that the publish wizard created, and while both methods seem to install the package as a virtual directory just fine, neither will install the package as a root website.
Browsing around on the web, I've run across this:
Web Deploy iisApp Provider
In a sync operation, the iisApp provider copies content to a folder under the destination site that you designate and marks the destination folder as an application. The iisApp provider cannot create a site. The iisApp provider will not create applications under sites that do not exist.
And
If you want to synchronize a Web site and its related configuration, use the appHostConfig provider.
At this point, we don't know beans about iisApp, or appHostConfig, or whatever. We didn't create a package that used one or the other, VS2012 did. We haven't a clue, at this point, how to convince VS2012's web publish to create an appHostConfig package, and for that matter, I don't know if we want to.
Here's the thing - whether a given website is installed as a root application or as a virtual directory is not something the developers control - it's a decision made by the implementation team. Or testing team usually installs any given website both ways, to ensure that both work.
And since IIS seems to be able to manage to install this package as a root site, there must be a way to get msdeploy to do it.
But how?

Is there a current walkthrough on Web Deploy Installation and Configuration?

I've tried on a couple of different servers to install Web Deploy and it works to the extent that I need it to, but I haven't identified what the missing steps are.
Where it falls down is after installing what appears to be the requisites here:
http://www.iis.net/learn/install/installing-publishing-technologies/installing-and-configuring-web-deploy
There is only occasionally the option for "Configure for Web Deploy Publishing" in the context menu on the site. Does anyone have a guide for this for proper deployment? How to enable the option?
Deployment in these cases is not through WebPI. I have to download packages separately and install manually. Can't find something that details this with current links, screen shots or advice.
Base Windows Server 2008 server with nothing special installed. Happy to clarify anything if anyone has any ideas.
The fix (provided by Kristina Olson of Microsoft) was to uninstall Web Deploy and then make sure all the pre-requisites are in place. There is mention of this in this article:
http://www.iis.net/learn/install/installing-publishing-technologies/installing-and-configuring-web-deploy
Key points:
Make sure Web Management Service handler component in IIS is installed and enabled
Make sure PowerShell v2 is installed
Database dependencies need to be installed
Make sure to select the complete install

Resources