Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

# 137997 16-Dec-2013 15:20
Send private message

On Linux boxes I commonly install a combination of applications on different ports bound to localhost. I then put Apache mod_proxy (with SSL) on the network adapter. I'm now looking at doing the same in Windows (one application on ROOT, another on a named context). A local instance of ISA/TMG is not the solution I've considered, but maybe it's the only way (it's got a lot of features I don't need)?

Filter this topic showing only the reply marked as answer Create new topic
2091 posts

Uber Geek
+1 received by user: 849


  # 953117 16-Dec-2013 15:32
Send private message

What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953146 16-Dec-2013 16:12
Send private message

I want to have multiple applications on a single host, presented as a single URL, keeping unencrypted traffic limited to localhost.

i.e. a legacy application with no SSL support runs on 8090 under /oldapp context, while new app runs in ROOT context on default port, so in Apache I would add a VirtualHost with these mod_proxy directives (example excludes SSL directives):

ProxyPass /oldapp http://127.0.0.1:8090/oldapp
ProxyPassReverse /oldapp http://127.0.0.1:8090/oldapp
ProxyPass / http://127.0.0.1/
ProxyPassReverse / http://127.0.0.1/

so when the users access our.intranet.com, then get the new app, but if they access our.intranet.com/oldapp then get the old app, but it all appears under the same URL. I've read quite a bit of the ARR documentation and I'm pretty sure it will do the same features, but I'm just not googling the right keywords.

 
 
 
 




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953147 16-Dec-2013 16:14
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


Note: this is the base documentation I've been trying to apply, but instead of three hosts, I have one, with ARR, and, given their example, webmail and payroll all bound to localhost (using different posts). Maybe it just can't be done that way and each application has to be bound to a network adapter with the same port that will be used by ARR?



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953480 17-Dec-2013 08:27
Send private message

wasabi2k: What exactly are you trying to achieve?

Multiple websites with SSL on a single IP? Why?

ISA/TMG is end of life and won't do what you want it to.

You can do it with URL Rewrite and ARR but it's pretty ugly.

http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

Why do you want to do this?


I suspect the root problem is at the proxy enabling phase, where "default setting" does not work (I suspect the documentation is for version 1 and not updated for version 2. If I try an enable the URL rewrite feature I have to enter a Reverse proxy. I've hibernated the machine and abandoned it, I'll rebuild it in Linux.




Maybe this only works with IIS sites?

Infrastructure Geek
4057 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  # 953509 17-Dec-2013 09:24
Send private message

If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet.

 

Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953514 17-Dec-2013 09:28
Send private message

ps. I refreshed the install to ARR v3, with URL Rewrite module v2, which made the template referenced here available : http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template

After applying the rule, still no proxy action is performed. The documentation makes not reference to any settings in Proxy Type (see image above), which I am convinced is needed to make this do anything (which I believe is the IIS equivalent of Apaches "LoadModule proxy_module modules/mod_proxy.so").



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953517 17-Dec-2013 09:32
Send private message

Regs: If I understand your issues correctly, I believe that ISA/TMG would work, and it will be supported for a while yet. Web Application Proxy, new to Windows Server 2012 R2, may also fit the bill: http://technet.microsoft.com/en-us/library/dn280944.aspx

when you say 'legacy app with no ssl support' - does it use a bunch of hard-coded URLs instead of relative paths?  If so then url-rewrite might be required.


No, the legacy application has a "base URL" configuration so it will work with a reverse proxy. ISA/TMG would incur another license which is why I'm steering away from it currently. It also does not require context rewrite because it has a context configuration also, so what I want to apply is a URL rewrite and SSL, i.e. https://blahblah.com/context to http://localhost:81/context




1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953791 17-Dec-2013 15:39
Send private message

By installing ARR v3 and URL Rewrite v2 separately I was able to get the reverse proxy rule template. This would have worked but there were previous configurations stuck in the underlying web.config which did not display in the GUI. I cleaned out the file, created new rules based on the reverse proxy template and with some tweaking, I got this working with the following configuration:



Important aspects for the first (non ROOT) rule were using /context/{R:1} not /{R:0}, and setting stopProcessing



1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  # 953794 17-Dec-2013 15:48
Send private message

A side effect of this is that IIS is providing a local SSO for the two sites (as both are basic auth, ARR is passing through the credentials captured for the first application accessed to both applications).

Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50


Micron launches high-performance NVMe SSDs for cloud and enterprise markets
Posted 30-Apr-2019 10:27



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.