Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1990 posts

Uber Geek

Trusted
Lifetime subscriber

# 137997 16-Dec-2013 15:20
Send private message

On Linux boxes I commonly install a combination of applications on different ports bound to localhost. I then put Apache mod_proxy (with SSL) on the network adapter. I'm now looking at doing the same in Windows (one application on ROOT, another on a named context). A local instance of ISA/TMG is not the solution I've considered, but maybe it's the only way (it's got a lot of features I don't need)?

Filter this topic showing only the reply marked as answer Create new topic
2091 posts

Uber Geek


  # 953117 16-Dec-2013 15:32
Send private message

What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953146 16-Dec-2013 16:12
Send private message

I want to have multiple applications on a single host, presented as a single URL, keeping unencrypted traffic limited to localhost.

i.e. a legacy application with no SSL support runs on 8090 under /oldapp context, while new app runs in ROOT context on default port, so in Apache I would add a VirtualHost with these mod_proxy directives (example excludes SSL directives):

ProxyPass /oldapp http://127.0.0.1:8090/oldapp
ProxyPassReverse /oldapp http://127.0.0.1:8090/oldapp
ProxyPass / http://127.0.0.1/
ProxyPassReverse / http://127.0.0.1/

so when the users access our.intranet.com, then get the new app, but if they access our.intranet.com/oldapp then get the old app, but it all appears under the same URL. I've read quite a bit of the ARR documentation and I'm pretty sure it will do the same features, but I'm just not googling the right keywords.

 
 
 
 




1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953147 16-Dec-2013 16:14
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


Note: this is the base documentation I've been trying to apply, but instead of three hosts, I have one, with ARR, and, given their example, webmail and payroll all bound to localhost (using different posts). Maybe it just can't be done that way and each application has to be bound to a network adapter with the same port that will be used by ARR?



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953480 17-Dec-2013 08:27
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


I suspect the root problem is at the proxy enabling phase, where "default setting" does not work (I suspect the documentation is for version 1 and not updated for version 2. If I try an enable the URL rewrite feature I have to enter a Reverse proxy. I've hibernated the machine and abandoned it, I'll rebuild it in Linux.




Maybe this only works with IIS sites?

Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 953509 17-Dec-2013 09:24
Send private message

If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet.

 

Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.






1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953514 17-Dec-2013 09:28
Send private message

ps. I refreshed the install to ARR v3, with URL Rewrite module v2, which made the template referenced here available : http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template

After applying the rule, still no proxy action is performed. The documentation makes not reference to any settings in Proxy Type (see image above), which I am convinced is needed to make this do anything (which I believe is the IIS equivalent of Apaches "LoadModule proxy_module modules/mod_proxy.so").



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953517 17-Dec-2013 09:32
Send private message

Regs: If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet. Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.


No, the legacy application has a "base URL" configuration so it will work with a reverse proxy. ISA/TMG would incur another license which is why I'm steering away from it currently. It also does not require context rewrite because it has a context configuration also, so what I want to apply is a URL rewrite and SSL, i.e. https://blahblah.com/context to http://localhost:81/context


 
 
 
 




1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953791 17-Dec-2013 15:39
Send private message

By installing ARR v3 and URL Rewrite v2 separately I was able to get the reverse proxy rule template. This would have worked but there were previous configurations stuck in the underlying web.config which did not display in the GUI. I cleaned out the file, created new rules based on the reverse proxy template and with some tweaking, I got this working with the following configuration:



Important aspects for the first (non ROOT) rule were using /context/{R:1} not /{R:0}, and setting stopProcessing



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 953794 17-Dec-2013 15:48
Send private message

A side effect of this is that IIS is providing a local SSO for the two sites (as both are basic auth, ARR is passing through the credentials captured for the first application accessed to both applications).

Filter this topic showing only the reply marked as answer Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.