I'm using IIS in Windows 2003 Server for a SharePoint intranet. External incoming requests will be using the host header portal.mycompany.com and be forced to use SSL.
I was wondering if there's a way to set up an alternate host header such as http://internalportal/ which only accepts requests from the internal network, but doesn't force the users to use SSL.
Any recommendations for how to set this up?
Daniel, keep in mind that just because something is possbile in IIS, and via any number of off box solutions (like hardware load balancers and SSL) doesn't mean that it is supported by SharePoint, or that it is implemented in the same way.
You can do what you are asking for, however you should do it via SharePoint Central Administration, and "Create or Extend a Web Application" and then "Extend and Existing Application".
In this way you can create a new web site (in IIS) for accessing your existing SharePoint Web Application, one that can be accessed via a different hostheader, port, using SSL, Authentication mechanism, etc.
As a general rule, if you can do something in IIS AND in SharePoint, you should do it only in SharePoint.
Assuming that http://internalportal/ wasn't accessible from outside the company, you could set up two websites in IIS. The first site, configured to use a host header value of 'portal.mycompany.com', would require SSL. The second site, configured to use a host header value of 'internalportal', would not require SSL. The host header value is configured under 'Web Site' -> 'Advanced'.
Having a hardware load balancer makes things much easier. The site on the load balancer is set up to require SSL, and your websites in IIS are setup not to require SSL.
You could just add a second host header and internal IP address to the site for internal non-ssl access
172.16.3.1:443:portal.mycompany.com
172.16.3.2:80:internalportal
Related
We have 200 customer facing web sites all on one server. They are all ASP.NET running in IIS. Is it possible to move some of them to another server WITHOUT changing the customer's URL? Any links explaining how to do this would be helpful.
If your sits are already registered to specific sub domains, you can simply re-point the names to the new server using dns.
If they are simply different sites under the same domain on IIS you can use your current IIS server to reverse proxy the new ones. Some info is given here
Lastly, you could consider using a load balancer such as netscaler, f5 or application request routing. You would again, point the domain name to this using DNS and the load balancer would send the requests to the correct server.
I'm building an ASP.NET MVC website to be hosted as a shared Azure website with custom domain name.
For the backend portion of the site (for specific users only) I need a login form and from that point on all traffic should be SSL encrypted. However I don't have a custom certificate and would like to avoid that extra cost.
I noticed that free websites already serve over HTTPS with a wildcard certificate for *.azurewbesites.net. Is that "free" azurewebsites.net-address also available for shared websites with custom domain(s) so I can simply redirect all "pages" that require authentication via the https://xyz.azurewebsites.net address? I'm aware that would be a cross-domain redirect which is visible to the end-user but that is not an issue since it's only a select group of users...
Yes, using the *.azurewebsites.net domain is your only option to have HTTPS without extra cost. The domain is always available, even if you use a custom domain, because it's used for a few additional services (like your repo, remote console, ...).
I have a requirement, that the SharePoint portal of our company should be made accessible from internet, as in
once URL is entered in the browser, it should ask for credentials- once entered, should display the homepage of the portal.
Provided it should be accessible from the current intranet also.
It is in windows authentication mode currently.
Disclaimer: This question would be more appropriate in a forum like SuperUser or Sharepoint StackExchange. I am not a system administrator so my answer will lack detail and probably wont be optimal.
The only thing you need to provide is access from an external interface to your network. So something that routes requests from outside of your network to your sharepoint instance.
This is usually achieved through a reverse proxy and proper configuration of DNS. You can setup a reverse proxy by different means, if your organisation uses the Microsoft Stack then I suggest setting up IIS as a reverse proxy to your Sharepoint Instance. There are multiple tutorials on how to do this on the web.
http://sahelp.sharepointforall.com/FAQ/bconfigure_IIS.html
You then need to add an entry to your organisation DNS hosting something like sharepoint.organisation.com that points to your external interface (public IP) where the reverse proxy is sitting.
You will then need to add an Alternate Access Mapping to your Sharepoint WebApplication so Sharepoint can route the requests that the proxy sends to the appropriate Webapplication.
http://blog.blksthl.com/2012/12/03/a-guide-to-alternate-access-mappings-basics-in-sharepoint-2013/
If you are using basic authentication make sure you enable SSL. this can be done in several ways but a possible and easy (but not the most secure) is to enable SSL just externally and then use a normal unencrypted channel on the inside of your network, this is probably the easiest setup but again not very secure as people inside the newtork can snoop comms between the proxy and the sharepoint instance.
can i have multiple iis ftp sites using something similar to web site's unasigned host headers?
i have a dedicated server in a hosting facility and want to make a web site for each of my clients. to add/ remove files and content i want ftp access to each of the sites root folders.
lets say i have 10 sites set up using unasigned host headers... how can i set up 10 analogous ftp sites on the same server? AND NOT USE A DEFINED IP ADDRESS FOR EACH FTP SITE
thanks all
This is probably more suited for serverfault.
Also, I wouldn't use the built-in Windows FTP server. Check out Filezilla Server. It's free and can handle a bunch of users, sites, etc. on one IP.
Also, drop dead easy to configure.
I just installed TFS2010, and set it up with the single server wizard. It installed me Sharepoint Services an let everything working pretty well.
But, the sharepoint URLs it generates from the Server name "server". As my setup is without a domain, the URLs work okay only from the server computer, not from the others.
I have to give access to LAN clients, and Internet Clients, both connected thought my Public Ip.
How can I change those sharepoint IPs from TFS to be generated From the IP, not from the Server's name??
Thanks in advance
Sharepoint is simply an ASP.Net web application sitting on IIS so all the configuration for host headers etc can be added in IIS itself - if you have multiple instance of sharepoint running on the server, you'll have to add URL's using the sharepoint configuration site but most stuff can be tweaked through IIS (IP's its listening on etc)
If you not on an domainan and want people to have access to the site though you'll have to add your machines IP to the DNS server that you clients are using