Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

Topic # 137997 16-Dec-2013 15:20
Send private message

On Linux boxes I commonly install a combination of applications on different ports bound to localhost. I then put Apache mod_proxy (with SSL) on the network adapter. I'm now looking at doing the same in Windows (one application on ROOT, another on a named context). A local instance of ISA/TMG is not the solution I've considered, but maybe it's the only way (it's got a lot of features I don't need)?

Filter this topic showing only the reply marked as answer Create new topic
2091 posts

Uber Geek
+1 received by user: 849


  Reply # 953117 16-Dec-2013 15:32
Send private message

What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953146 16-Dec-2013 16:12
Send private message

I want to have multiple applications on a single host, presented as a single URL, keeping unencrypted traffic limited to localhost.

i.e. a legacy application with no SSL support runs on 8090 under /oldapp context, while new app runs in ROOT context on default port, so in Apache I would add a VirtualHost with these mod_proxy directives (example excludes SSL directives):

ProxyPass /oldapp http://127.0.0.1:8090/oldapp
ProxyPassReverse /oldapp http://127.0.0.1:8090/oldapp
ProxyPass / http://127.0.0.1/
ProxyPassReverse / http://127.0.0.1/

so when the users access our.intranet.com, then get the new app, but if they access our.intranet.com/oldapp then get the old app, but it all appears under the same URL. I've read quite a bit of the ARR documentation and I'm pretty sure it will do the same features, but I'm just not googling the right keywords.

 
 
 
 




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953147 16-Dec-2013 16:14
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


Note: this is the base documentation I've been trying to apply, but instead of three hosts, I have one, with ARR, and, given their example, webmail and payroll all bound to localhost (using different posts). Maybe it just can't be done that way and each application has to be bound to a network adapter with the same port that will be used by ARR?



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953480 17-Dec-2013 08:27
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


I suspect the root problem is at the proxy enabling phase, where "default setting" does not work (I suspect the documentation is for version 1 and not updated for version 2. If I try an enable the URL rewrite feature I have to enter a Reverse proxy. I've hibernated the machine and abandoned it, I'll rebuild it in Linux.




Maybe this only works with IIS sites?

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 953509 17-Dec-2013 09:24
Send private message

If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet.

 

Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953514 17-Dec-2013 09:28
Send private message

ps. I refreshed the install to ARR v3, with URL Rewrite module v2, which made the template referenced here available : http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template

After applying the rule, still no proxy action is performed. The documentation makes not reference to any settings in Proxy Type (see image above), which I am convinced is needed to make this do anything (which I believe is the IIS equivalent of Apaches "LoadModule proxy_module modules/mod_proxy.so").



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953517 17-Dec-2013 09:32
Send private message

Regs: If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet. Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.


No, the legacy application has a "base URL" configuration so it will work with a reverse proxy. ISA/TMG would incur another license which is why I'm steering away from it currently. It also does not require context rewrite because it has a context configuration also, so what I want to apply is a URL rewrite and SSL, i.e. https://blahblah.com/context to http://localhost:81/context




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953791 17-Dec-2013 15:39
Send private message

By installing ARR v3 and URL Rewrite v2 separately I was able to get the reverse proxy rule template. This would have worked but there were previous configurations stuck in the underlying web.config which did not display in the GUI. I cleaned out the file, created new rules based on the reverse proxy template and with some tweaking, I got this working with the following configuration:



Important aspects for the first (non ROOT) rule were using /context/{R:1} not /{R:0}, and setting stopProcessing



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 953794 17-Dec-2013 15:48
Send private message

A side effect of this is that IIS is providing a local SSO for the two sites (as both are basic auth, ARR is passing through the credentials captured for the first application accessed to both applications).

Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.