ISAPI Extension for IIS over https://

[pauln]

Hello All

Been battling along getting my understanding up to speed on Certificates following DOCS here:
https://www.lianja.com/doc/index.php...fault_Document
https://www.lianja.com/doc/index.php...ed_Certificate

I managed to create a SSCert, deployed and tested

The Item I am not clear on is references in both documents to "select the web site" and "Select the target site" where the DOC shows "Default Site" highlighted in all instances.
I am sure this should be a deployed Lianja site?


The reason for asking is when using the handler mappings with wildcard "*" it overrides another SSL on the same server.

If I should be replacing all references in the DOCS for "site" to "mySite" for a AWS instance of LCS - can I please ask for instructions on how to add to the App pool:
C:\lianja\cloudserver\tenants\public\wwwroot\apps\ mySite

I also notice there is no web.conf in mySite as well.

Thanks Paul.

[yvonne.milne]

Hi Paul,

Yes, you should add the handler to your target site. That IIS Manager screenshot is from my laptop, where I currently only have a single site set up. The Edit Site -> Basic Settings... allow you to select the Application Pool.

Regards,

Yvonne

[pauln]

Hello Yvonne

I think I need to ADD the Site first to the APP Pool? So I am asking where do I point it to?
Originally I thought here:
C:\lianja\cloudserver\tenants\public\wwwroot\apps\ mySite

But looking at the Physical Path I think it needs to go up 1 level as we need to encompass CloudAdmin shown below?


Can you please confirm.

[HankFay]

Hi Paul,

On IIS 8.5 this is all you need to do.

1) Register the certificate with IIS (Server / Server Certificates)

2) Bind the certificate to the site (Site / Bindings (upper right panel) You can have different SSL certs on a given site by using the hostname column. Or if there is only one, all will go through that one certificate.

That's all.

Unless you have high traffic, you don't need to allocate App Pools.

Hank

PS LetsEncrypt gets you a real certificate (with a trusted root) for nothing. Here's one install that is thought to work well: https://www.win-acme.com/

[pauln]

Hi Hank
Thanks for your help.

The reason why I think I need to be more specific is that the Handler Script uses a wildcard of "*".

When I did that it stopped all the traffic to a West-Wind site that was running.

I think the handler must be more specific if you have more than one Web Site running from IIS?

[barrymavin]

The Lianja IIS extension will pass back requests it can't handle. So it needs a wildcard request path. This proxies all traffic for an application server not simple requests.

You need to be more specific as to what's "not working" that conflicted with other handlers.

If you have conflicting handlers then create a unique site for Lianja to isolate it and add the lianja handler into that site.

You would then need to access the website with a special url.

[pauln]

Hi Barry
Here are the specifics with SSCert installed with IIS ext settings:

http://localhost/wconnect/TestPage.wwd => Works OK
https://localhost/wconnect/TestPage.wwd => Works OK
http://localhost:8001/login.rsp => Works OK
https://localhost/login.rsp => FAILS as physical resource cannot be found AT C:\inetpub\wwwroot\login.rsp | https://localhost:443/login.rsp

This is the site setup:


The wildcard script is currently under Lianja Node but think http:/ is only working above due to the fact of the specific port used 8001.

You said "The Lianja IIS extension will pass back requests it can't handle" and "If you have conflicting handlers..." - I don't think the requests are being passed on?

If I move the wildcard script up to "Default Web Site" then Lianja works for Http & Https but the original site "wconnect" stops on both bindings.

If the intention was Lianja wildcard to proxy and pass through unwanted requests then this is not occurring I am thinking.
Thanks Paul

[barrymavin]

It is proxying. I have looked at the code. It ignores .wwd files.

I do not have any wconnect or Lianja below "Default Web site" I only have system_web.

The Lianja ISAPI extension is configured and it reads the url and rejects file extension and paths it does not handle.

So yes my intention was and is proxying as designed.

You don't need any Lianja under the default website, Why was that done? I never suggested that.

FYI the Lianja ISAPI extension proxies http and https traffic to the LCS running on port 8001 locally. The Lianja Server Manager is used to configure wwwroot paths and tenancies (in your case public). You don't need to do anything in IIS (or apache on linux for that matter). Just setup the handler as documented.

[barrymavin]

FYI port 8001 bypasses IIS completely. Nothing to do with it.

[pauln]

HI Barry

As I tell my son, "never give up" - the problem was if you do have a site under "Default Web Site" (as I did wconnect) then when you add the script map it adds it to sites below
I just removed the "inherited" script map from that wconnect site and all 4 tests are working for both http:// and https://

I will now remove the Lianja site as that just me beating down every door to to find a solution.