ict.ken.be

 

IIS for developers - Notes

Related Posts

Categories: IIS Notes

by Steve Evans

1. IIS Setup

  • Windows 2000/IIS 5 (sample page allowed code red to attack the machine)
  • Windows 2003/IIS 6 (you had to activate on server)
  • Windows 2008/IIS 7 (choose with bits you want to install)
  • Windows 2008R2/IIS7.5

Server Manager - Roles - Add IIS

Web Platform Installer
Allows to install plugins like WordPress, Orchard CMS, MVC, IIS: FTP Publishing Service, IIS Smooth Streaming Client, ...

Remove default website

Keep binding IP address 'all unassigned' because webservers can have multiple ip addresses.

Remember to also bind www

SSL-Certificate
Root - Server Certificates
Create Certificate Request (for testing use self-signed certificate, issued to name of the box)
Add additional binding of type https
One ssl for one ip address, cause hostname is encrypted.
Browser will check that
Date is in range
Certificate created by authority it trusts
Does the hostname match what is in the certificate

Wildcard certificate (for testing make one with makecert.exe in windows SDK)
Root - Server Certificates - Import the pfx file (eg. issues to *.site2.com)
Bindings - Select certificate - Fill in subdomain host name (eg. www.site2.com)

Extended validation certificate is not available in wild card.

2. IIS Configuration

If not default document is defined you will get a 403.14 - Forbidden if the web server is configured to not list the contents of the directory.

web.config (can have other copies in subfolders)
<configuration>
  <defaultDocument>
    <files>
      <clear /> -> will break inheritance of parent folder
      <remove value="Default.htm" />
      <add value="Home.htm" />
   </files>
  </defaultDocument>
</configuration>

Feature Delegation
If you put on read only the developer will see the setting but not be able to change it in the web.config
Will throw a 500.19 if you keep the settings in the web.config
Remember to set them in IIS or you will get 403.14 again.
When going from read only to write it is best to revert to parent to avoid inconsistencies.

Application Pools (worker processes)
In production environment put the 'Idle Time-out' to 0.
Define your web garden by adjusting the maximum worker processes.
Ping enable will check if your application pool is healthy and if not recycle.
By default application gets recycled

  • idle timeout of 20min
  • every 29hours (you can add specific times instead)
  • whenever an unhandled exception occurs
  • whenever a ping gives an unhealthy response
  • whenever configuration changes

You can set the application pool defaults.
It is best to have only one site per application pool, unless very limited resources.
You can put part of a site in a separated application pool. (right-click folder, convert to application)

3. Manage IIS

Root - Worker Processes - Select pool and you will see all request that run longer then 0 seconds.

Server Manager - Add Role - Health - Tracing
Failed request tracing rules - Add
eg. trace requests that take longer than 30 seconds
eg. all pages that return a 500
Edit Site Tracing - Location where to store - open xml for report

Microsoft Log Parserhttp://www.microsoft.com/en-us/download/details.aspx?id=24659

Log Parser Lizardhttp://www.lizard-labs.net/log_parser_lizard.aspx

SELECT TOP 100 * 
FROM D:\Backups\date_libertinus_eu_logfiles_20121101\W3SVC4\*.log

SELECT cs-uri-stem, count(*)
FROM D:\Backups\date_libertinus_eu_logfiles_20121101\W3SVC4\*.log
WHERE sc-status = 404 AND date > '2012-10-01'
GROUP BY cs-uri-stem


Windows PowerShell will treat iis as a drive.

cd iis:\\
dir
cd .\AppPools
cd ..
cd sites

New-Item iis:\Sites\site3.com
-bindings @{protocol="http";bindingInformation="*:80:site3.com"}
-physicalPath C:\inetpub\site3.com

New-ItemProperty iis:\sites\site3.com
-name bindings
-value @{protocol="http";bindingInformation="*:80:www.site3.com"}

Web Deployment Tool 2.1

msdeploy 
-verb:sync
-source:webServer
-dest:webServer,computerName=xyz,username=rst,password=abc

-whatif
-presync:runcommand="%windir%\system32\inetsrv\appcmd stop apppool site2.com"

msdeploy
-verb:sync
-source:iisApp=site2.com
-dest:archiveDir=c:\temp

visual studio under administrator
right-click - publish - web deploy

4. IIS Extensions

http://iis.net - download
Media Services
URL Rewrite
You can specify user-friendly-urls and map them to old url.
You can also redirect, return custom response, ...

5. IIS Express

MyDocuments - IISExpress - Logs
MMC - Add certificate snap in - Computer Account - Personal Certificates - Copy certificate to trusted root certificates

6. IIS8 for 2012

Choose on which set of servers you want to install this. (so you can install on all your servers in the same time)

Application Initialisation Mode (app warmup)
IIs will perform the first request for you.
Application Pool - Advanced Settings - Start Mode - AlwaysRunning
Site - Advanced Settings - Preload Enabled - True

<applicationInitialization remapManagedRequestsTo="startup.htm" skipManagedModules="true">
    <add initializationPage="/default.aspx"/>
</applicationInitialization>

SNI - Server Name Indication
Allows multiple ssl certificates on one IP
Not support in Internet Explorer on windows XP !

SSL Management: Centralized Certificates for web farms with lots of certificates.
CPU ThrottleUnderLoad, allows to specify a percentage when others are also using else max possible.
Web Sockets support by adding WebSocket Protocol