Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

#137997 16-Dec-2013 15:20
Send private message

On Linux boxes I commonly install a combination of applications on different ports bound to localhost. I then put Apache mod_proxy (with SSL) on the network adapter. I'm now looking at doing the same in Windows (one application on ROOT, another on a named context). A local instance of ISA/TMG is not the solution I've considered, but maybe it's the only way (it's got a lot of features I don't need)?

Filter this topic showing only the reply marked as answer Create new topic
wasabi2k
2096 posts

Uber Geek


  #953117 16-Dec-2013 15:32
Send private message

What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?



lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953146 16-Dec-2013 16:12
Send private message

I want to have multiple applications on a single host, presented as a single URL, keeping unencrypted traffic limited to localhost.

i.e. a legacy application with no SSL support runs on 8090 under /oldapp context, while new app runs in ROOT context on default port, so in Apache I would add a VirtualHost with these mod_proxy directives (example excludes SSL directives):

ProxyPass /oldapp http://127.0.0.1:8090/oldapp
ProxyPassReverse /oldapp http://127.0.0.1:8090/oldapp
ProxyPass / http://127.0.0.1/
ProxyPassReverse / http://127.0.0.1/

so when the users access our.intranet.com, then get the new app, but if they access our.intranet.com/oldapp then get the old app, but it all appears under the same URL. I've read quite a bit of the ARR documentation and I'm pretty sure it will do the same features, but I'm just not googling the right keywords.

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953147 16-Dec-2013 16:14
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


Note: this is the base documentation I've been trying to apply, but instead of three hosts, I have one, with ARR, and, given their example, webmail and payroll all bound to localhost (using different posts). Maybe it just can't be done that way and each application has to be bound to a network adapter with the same port that will be used by ARR?



lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953480 17-Dec-2013 08:27
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


I suspect the root problem is at the proxy enabling phase, where "default setting" does not work (I suspect the documentation is for version 1 and not updated for version 2. If I try an enable the URL rewrite feature I have to enter a Reverse proxy. I've hibernated the machine and abandoned it, I'll rebuild it in Linux.




Maybe this only works with IIS sites?

Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #953509 17-Dec-2013 09:24
Send private message

If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet.

 

Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.




lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953514 17-Dec-2013 09:28
Send private message

ps. I refreshed the install to ARR v3, with URL Rewrite module v2, which made the template referenced here available : http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template

After applying the rule, still no proxy action is performed. The documentation makes not reference to any settings in Proxy Type (see image above), which I am convinced is needed to make this do anything (which I believe is the IIS equivalent of Apaches "LoadModule proxy_module modules/mod_proxy.so").

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953517 17-Dec-2013 09:32
Send private message

Regs: If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet. Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.


No, the legacy application has a "base URL" configuration so it will work with a reverse proxy. ISA/TMG would incur another license which is why I'm steering away from it currently. It also does not require context rewrite because it has a context configuration also, so what I want to apply is a URL rewrite and SSL, i.e. https://blahblah.com/context to http://localhost:81/context


 
 
 

Shop now on AliExpress (affiliate link).
lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953791 17-Dec-2013 15:39
Send private message

By installing ARR v3 and URL Rewrite v2 separately I was able to get the reverse proxy rule template. This would have worked but there were previous configurations stuck in the underlying web.config which did not display in the GUI. I cleaned out the file, created new rules based on the reverse proxy template and with some tweaking, I got this working with the following configuration:



Important aspects for the first (non ROOT) rule were using /context/{R:1} not /{R:0}, and setting stopProcessing

lyonrouge

1993 posts

Uber Geek

Trusted
Lifetime subscriber

  #953794 17-Dec-2013 15:48
Send private message

A side effect of this is that IIS is providing a local SSO for the two sites (as both are basic auth, ARR is passing through the credentials captured for the first application accessed to both applications).

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.