What is the IIS equivalent of this configuration in NGINX?
proxy_set_header X-Forwarded-Proto https;
I am running JetBrains YouTrack on Windows server, using IIS as a terminating SSL proxy, and get this error when trying to log in:
HTTP ERROR 405
Problem accessing /hub/auth/login. Reason:
HTTP method POST is not supported by this URL
Powered by Jetty://
My web.config looks like this:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)" />
<!-- Redirect all requests to non-HTTPS site. -->
<action type="Rewrite" url="http://my.youtrack.site/{R:1}" logRewrittenUrl="true" />
</rule>
</rules>
</rewrite>
<handlers>
<clear />
<!-- No other handlers required. Must clear them otherwise ASP.NET might try to intercept *.svc paths etc. -->
<add name="Rewrite" path="*" verb="*" modules="RewriteModule" resourceType="Unspecified" />
</handlers>
</system.webServer>
</configuration>
I am trying to follow the solution from this source: https://confluence.jetbrains.com/display/YTD65/Linux.+JAR+in+Nginx+Web+Server, but for IIS
Resolved after finding https://confluence.jetbrains.com/display/YTD65/Configuring+Proxy#ConfiguringProxy-IISreverseproxy
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)" />
<!-- Redirect all requests to non-HTTPS site. -->
<action type="Rewrite" url="http://my.youtrack.site/{R:1}" logRewrittenUrl="true" />
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>
</rule>
</rules>
<allowedServerVariables>
<add name="HTTP_X_FORWARDED_HOST" />
<add name="HTTP_X_FORWARDED_SCHEMA" />
<add name="HTTP_X_FORWARDED_PROTO" />
</allowedServerVariables>
</rewrite>
<handlers>
<clear />
<!-- No other handlers required. Must clear them otherwise ASP.NET might try to intercept *.svc paths etc. -->
<add name="Rewrite" path="*" verb="*" modules="RewriteModule" resourceType="Unspecified" />
</handlers>
</system.webServer>
</configuration>
I was able to add X-Forwarded-Proto header to all requests forwarded by Application Request Routing using the following script:
Set-WebConfiguration -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/allowedServerVariables" -Value (#{name="HTTP_X_FORWARDED_PROTO"})
Set-WebConfiguration -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules" -value #{name='ForwardedHttps'}
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[#name='ForwardedHttps']/serverVariables" -name "." -value #{name='HTTP_X_FORWARDED_PROTO';value='https'}
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/rewrite/globalRules/rule[#name='ForwardedHttps']/conditions" -name "." -value #{input='{HTTPS}';pattern='On'}
In order to make code handle HTTP/HTTPS redirects correctly the following configuration settings may need to be set as well:
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/proxy" -name "preserveHostHeader" -value "True"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.webServer/proxy" -name "reverseRewriteHostInResponseHeaders" -value "False"
Related
I have created simple node application with routing.
Startup File to app.js and after browsing the domain like this :https://api.lemontrade.in/ and see
only app.js file is working but when I want get customers with url https://api.lemontrade.in/customers I am getting 404 error.
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
You should add this in your web.config file if you are using IIS / Windows hosting.
<configuration>
<system.webServer>
<handlers>
<add name="iisnode" path="app.js" verb="*" modules="iisnode" />
</handlers>
<rewrite>
<rules>
<rule name="myapp">
<match url="/*" />
<action type="Rewrite" url="app.js" />
</rule>
<!-- Don't interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^app.js\/debug[\/]?" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
I created an IIS rewrite role for a server url.
When I send request to [https://mysite/back/api/....][1], it will get data from https://remotesite/back/api/....
So my IIS rewrite config is like following.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="api">
<match url="^api/(.*)" />
<action type="Rewrite" url="`https://remotesite/back/api/{R:1}`" />
</rule>
</rules>
<outboundRules>
<clear />
<rule name="api">
<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{HTTP_ORIGIN}" pattern="(.*)" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
But the [https://mydomain/back/api/][1] has a "Referrer Policy: strict-origin-when-cross-origin". So I can not send a javascript request to my domain.
How can I update the config?
You can use the IIS CORS module to solve this problem. For information about "IIS CORS module Configuration Reference", you can refer to this link.
I'm trying to configure Azure App Service Reverse Proxy to expose webserver in Azure Virtual Network to the internet and I had limited success - it's working when I'm not using encrypted connection between reverse proxy and target server.
Here is my currently working configuration:
web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
<rewrite>
<rules>
<rule name="ForceSSL" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<rule name="Proxy" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://example.com/{R:1}" />
<serverVariables>
<set name="HTTP_X_UNPROXIED_URL" value="http://example.com/{R:1}" />
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_X_ORIGINAL_HOST" value="{HTTP_HOST}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<preConditions>
<preCondition name="CheckContentType">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text/html|text/plain|text/xml|application/rss\+xml)" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
applicationHost.xdt
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<system.webServer>
<proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false"/>
<rewrite xdt:Transform="InsertIfMissing">
<allowedServerVariables xdt:Transform="InsertIfMissing">
<add name="HTTP_X_ORIGINAL_HOST" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_UNPROXIED_URL" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
<add name="HTTP_ACCEPT_ENCODING" xdt:Transform="InsertIfMissing" xdt:Locator="Match(name)"/>
</allowedServerVariables>
</rewrite>
</system.webServer>
</configuration>
IP Address of the server has been replaced by example.com
When I change web.config rewrite rule and HTTP_X_UNPROXIED_URL to https I get following IIS Error
Detailed Error Information:
Module ApplicationRequestRouting
Notification ExecuteRequestHandler
Handler ApplicationRequestRoutingHandler
Error Code 0x80072f8f
Requested URL https://example.com:80/
Physical Path D:\home\site\wwwroot
Logon Method Anonymous
Logon User Anonymous
Request Tracing Directory D:\home\LogFiles
This suggests, that for some reason it's trying to request https on port 80.
I tried to follow guide from here: https://www.patrickob.com/2018/11/10/adding-ca-certs-to-the-trusted-root-store-for-web-apps-hosted-in-an-ase/
I have added my organizations root cert to SSL certificated and added WEBSITE_LOAD_ROOT_CERTIFICATES setting.
Any help will be appreciated.
WEBSITE_LOAD_ROOT_CERTIFICATES is only supported in an App Service Environment, its not supported in multi-tenant app services. If the endpoint on-premises is signed by a certificate not using a public CA at this time there's no direct workaround to make this work outside of updating the certificate or possibly writing a simple proxy app that can ignore SSL cert validation (I typically wouldn't recommend this option unless you do the cert validation yourself in code).
Problems with activating Gzip on IIS 8 on a windows server 2012 (standard)
So i activated the compressions in the windows features
I checked both checkboxes in IIS - compression (dynamic and static)
But still no Gzip available.
However, on my localhost machine (just a windows 10) this works.
What i do see, is that the gzip temp directory (C:\inetpub\temp\IIS Temporary Compressed Files) is getting filled up when i browse my site via the server localhost. BUT strangely enough i'm not seeing anything Gzip-ped in chrome.
The only headers (in chrome) are:
HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
ETag: "0a354779de8d11:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Thu, 28 Jul 2016 13:41:04 GMT
(Even yslow is saying no gzip is activated)
When i remove the gzip temp folder, and browse to the site trough the 'official' website url, then nothing is even generated.
Does anyone has any idea what is going on here?
//edit:
Even added this in the web.config
<httpCompression>
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="image/jpeg" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
<dynamicTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/x-javascript" enabled="true" />
<add mimeType="image/jpeg" enabled="true" />
<add mimeType="*/*" enabled="false" />
</dynamicTypes>
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" dynamicCompressionLevel="4" />
</httpCompression>
Here's how I would troubleshoot this:
I'm using PowerShell here, but you could use the GUI or other tools as well:
Make sure you have the failed request tracing module installed:
Enable-WindowsOptionalFeature -Online -FeatureName IIS-HttpTracing
enable the tracing for your site (change the name):
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter "system.applicationHost/sites/site[#name='Default Web Site']/traceFailedRequestsLogging" -name "enabled" -value "True"
Setup tracing:
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.webServer/tracing/traceFailedRequests" -name "." -value #{path='*.html'}
Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.webServer/tracing/traceFailedRequests/add[#path='*.html']/traceAreas" -name "." -value #{provider='WWW Server';areas='Compression';verbosity='Verbose'}
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST/Default Web Site' -filter "system.webServer/tracing/traceFailedRequests/add[#path='*.html']/failureDefinitions" -name "statusCodes" -value "200,304"
you end up with something like this in your web.config:
<system.webServer>
<tracing>
<traceFailedRequests>
<add path="*.html">
<traceAreas>
<add provider="WWW Server" areas="Compression" verbosity="Verbose" />
</traceAreas>
<failureDefinitions statusCodes="200,304" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
I limited it to html files with a http status of 200 or 304 and we are only interested in Compression. You may want to change that.
Now you can hit your site a few times and then look in
C:\inetpub\logs\FailedReqLogFiles\W3SVCx
for some files, copy them to your workstation, because it's a pain to open them on the server.
Open the XML files and click on the Request Details tab, now search for Compression you should see details about the compression process or a reason why the request wasn't compress, like NOT_FREQUENTLY_HIT or TOO SMALL
ISSUE #1
When I use http://127.0.0.1/mysite/node/server.js URL it shows me my test page, which is OK. But I expect it to show me the node-inspector based debug page when I use http://127.0.0.1/mysite/node/server.js/debug/ URL. However, this does not work and instead continues to show me the same sample page content.
What should I be doing for the debugger to work?
ISSUE #2
Also, I've noticed that when I go to this URL, it automatically gets redirected to
http: //127.0.0.1/mysite/ public/mysite/ node/server.js/debug/
Why is this happening? Can I avoid this redirection? If yes, how?
Web.config content
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<!-- Web.Debug.config adds attributes to this to enable remote debugging when publishing in Debug configuration. -->
<!--<iisnode watchedFiles="web.config;*.js"/>-->
<!-- Remote debugging (Azure Website with git deploy): Comment out iisnode above, and uncomment iisnode below. -->
<iisnode watchedFiles="web.config;*.js"
loggingEnabled="true"
devErrorsEnabled="true"
nodeProcessCommandLine="node.exe --debug"/>
<!-- indicates that the server.js file is a Node.js application
to be handled by the iisnode module -->
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="iisnode" path="node/server.js" verb="*" modules="iisnode" />
<!-- Remote debugging (Azure Website with git deploy): Uncomment NtvsDebugProxy handler below.
Additionally copy Microsoft.NodejsTools.WebRole to 'bin' from the Remote Debug Proxy folder.-->
<add name="NtvsDebugProxy" path="ntvs-debug-proxy/95a6beca-6da8-493c-b380-2822603aa5dc" verb="*" resourceType="Unspecified"
type="Microsoft.NodejsTools.Debugger.WebSocketProxy, Microsoft.NodejsTools.WebRole"/>
</handlers>
<rewrite>
<rules>
<clear />
<rule name="LogFile" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^[a-zA-Z0-9_\-]+\.js\.logs\/\d+\.txt$"/>
</rule>
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^server.js\/debug[\/]?" />
</rule>
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="node/server.js"/>
</rule>
</rules>
</rewrite>
<!-- <rewrite>
<rules>
<clear />
<!- Remote debugging (Azure Website with git deploy): Uncomment the NtvsDebugProxy rule below. ->
<!-<rule name="NtvsDebugProxy" enabled="true" stopProcessing="true">
<match url="^ntvs-debug-proxy/.*"/>
</rule>->
<rule name="app" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="iisnode.+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="server.js" />
</rule>
</rules>
</rewrite> -->
</system.webServer>
ISSUE #1
According to your description, it seems that you debug and test your project on your local host or Azure VM. In this situation, we should make sure IIS have installed the IISNode module firstly. So I recommend you can refer to this document to make sure you have installed IISNode successfully.
Secondly,we should check whether project included the your node-inspector configuration. Also you can use Node.js Sample to check whether your node-inspector is installed successfully.
Thirdly, If you can not use this debugger, you can press "F12" to trace the debugger error in your Webkit enabled web browser. If you encountered the error, please share the error on forum and for further support.
ISSUE #2
For second issue, it seems that the URL rewrite Rule to lead to this wrong URL.
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
For example, if a request was made for this URL: "http://127.0.0.1/content/default.aspx?tabid=2&subtabid=3", so the REQUEST_URI server variable contains content/default.aspx?tabid=2&subtabid=3.
You can get the "http://127.0.0.1/public/content/default.aspx?tabid=2&subtabid=3" as the result.
I suggest you can refer to this URL rewrite module for more details.