How to give public access to the Net Core 6 site in IIS by a static IP address?

Question

How to give public access to the Net Core 6 site in IIS by a static IP address?

Volk Volk 551

Hi!

I have launched a Net Core 6 website on Windows Server 2022. It runs on the server in the local version on ports 82 and 443 (http and https). The domain name has not yet been redirected to this server from the provider, but in the local version I use it instead of localhost. Everything is fine, everything is working. But how do I open access for this site so that it is visible from the outside by static IP with the indication of the port - for testing, verification and filling? For example, I need to type in a browser on any computer a string like http:\<IP>\<domain>:<port> and work with the site as usual?

I could not find this information on the Internet, but I know that this can be done. How to implement it? Do you have links to step-by-step instructions?

Thanks!

5 answers

Your answer

Answer 1

AgaveJoe 30,126

This is NOT a MVC or ASP.NET Core support question! Plus it is not possible for anyone on this forum to answer this question as we have no idea how your network is setup.

Should we assume this is a home network and a router connects the web server to the internet? If so, the IP address and assigned by your ISP and can be found by logging into your router and looking. Port forwarding is a common way you direct traffic to a system on a home network. Read your router documentation.

Answer 2

Bruce (SqlWork.com) 78,236 Volunteer Moderator

you first step is to buy a static ipaddress from your ISP. this is your external ipaddress.
if required, convert your server from dynamic ipaddress to static ipaddress with you dhcp server (often a modem). this is your internal ipaddress.
then as suggested enable port forwarding on the ISP modem/switch from the external ipaddress/port to the internal ipaddress/port.

note: it may be cheaper to host in the cloud then to buy a static ipaddress

Answer 3

first test the server firewalls are open. on a machine on the local network, access IIS by the server internal ipaddress and ports. you can use telnet to test the ports are open.

then you need a client machine that is not on your local network, but has internet access.

be sure to configure port forwarding on your ISP connection device to your internal server's ipaddress and desired ports. it may also have a firewall that need configuration.

on the client machine update the hosts file to have domain name for the public static ip.

test http access via the domain name.

then generate a self signed cert for the domain name. install as the ssl cert for IIS. then hit the site with https: from your test client. you will need to trust the certificate. if you don't want to install a fake ssl, use telnet to test port access, or configure http for both ports in the IIS bindings (be sure to disable https redirect in the asp.net core app).

now update the internet DNS cname for your domain name to point to th public ipaddress. the seller of the domain name should have a tool for this. may take a couple hours to propagate.

delete the host file entry in the test machine and valid access by DNS name.

now buy a ssl certificate and install on IIS and configure IIS https binding. now test the https access from the test machine.

https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm

note: whoever you buy the ssl cert from will have instructions.

really, the only part the windows server (the server does not have any knowledge of its external ipaddress).

1) configure internal static ipaddress instead of dhcp
2) open the firewall ports
3) install ssl certificate and https binding (hostname binding is optional)

Volk Volk 551 Reputation points

2022-10-12T17:48:20.89+00:00

Thanks! I'll try. But, as far as I understand, you told me the option with a real domain and redirecting it's DNS to my static IP. But I need now an variant so that I temporarily use a static server IP + port instead of a domain name. But anyway, thanks, I'll try to take everything into account. :)
Bruce (SqlWork.com) 78,236 Reputation points Volunteer Moderator

2022-10-13T19:19:20.28+00:00

just update the hosts file on a test machine to the public ipaddress. if you want to use https, you will need a cert, but if you bind 443 to http, you can validate the port access from the internet.

Answer 4

Volk Volk 551

I have a static IP and a separate computer for this. That's why I'm asking how to do this temporarily without direct DNS redirection to my static IP and without premature purchase of a real certificate.

P.S. A separate server or cloud on the contrary is too expensive. ))
Why would I do this with a stable fast Internet and a powerful machine?

So do you have an example of how to do this for Net Core 6 as part of IIS on Windows Server 2022? In localhost on the server, the site works as it should on ports 82 and 434, but does not want to from the outside.

AgaveJoe 30,126 Reputation points

2022-10-11T21:21:00.18+00:00

I have a static IP and a separate computer for this.

Can you explain how you got the static IP address? Did you purchase the IP from your ISP? Also, can you describe the network setup?

That's why I'm asking how to do this temporarily without direct DNS redirection to my static IP and without premature purchase of a real certificate.

Huh? DNS translates a domain name to an IP address. As far as I can tell you do not have a domain name you have an IP address.

Keep in mind, a certificate uses the a domain name. If you created a certificate using localhost than you'll get a browser warning when accessing the web server by IP address.
Volk Volk 551 Reputation points

2022-10-12T17:36:20.147+00:00

Yes, the provider provides me with 3 static IP on one line.

The network setup is simple - via a switch, everything works as a separate server. I had Windows Server 2012 r2 running on IIS for a long time, I raised several PHP sites there.

I have a domain name and I can redirect it to my server (to my static IP), but I don't need it yet, so I want to make the Net Core 6 site on IIS temporarily external, but to access it via a static IP. That is, instead of a domain name or localhost, there should be a static IP + port. Of course, it is desirable that https works (since there is a temporary certificate issued by IIS itself on the server), but I can use http also.

Is it possible to create a temporary certificate in IIS for external access via a static IP so that https works? )) Is it even real?
AgaveJoe 30,126 Reputation points

2022-10-12T20:01:06.833+00:00

I'm not following your response.

A switch connects devices within a network. A router connects networks. For example a home network with the Internet (WAN).

DNS translates a domain name to an IP address. You have the IP just enter the IP into the browser's address bar.

Is it possible to create a temporary certificate in IIS for external access via a static IP so that https works? )) Is it even real?

For the second time, a certificate is validated by the domain name. I assume you used localhost. The browser will display a certificate warning when an IP is used since it expects locahost.
Volk Volk 551 Reputation points

2022-10-14T12:10:18.89+00:00
A switch connects devices within a network. A router connects networks. For example a home network with the Internet (WAN). <

1 wire comes from the provider in the switch. The switch outputs 3 wires with different static IP. One static IP is connected to a router for a local network with the Internet. 2 other static IP addresses are used for two separate servers.

DNS translates a domain name to an IP address. You have the IP just enter the IP into the browser's address bar. <

DNS does not yet translated the domain name to my static IP (I do not need it now). I need the site to work locally on the server... It works locally as it should over http and https (https works in private mode with a temporary ISS certificate (Self-Signed Certificate)).

But now I need the site to just work from the outside from any computer in the Internet by accessing through the static IP of the server. For example, if I type in the browser line https://StaticIP/domain:443 or http://StaticIP/domain:82 or StaticIP/domain:443. Now if I type in a browser on an external computer https://StaticIP/domain:443 or http://StaticIP/domain:82 then I get a 404 error.

Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/106.0.0.0+Safari/537.36 - 404 0 2 1

What do I need to do to make the site work at an address with a static IP, domain and port?
AgaveJoe 30,126 Reputation points

2022-10-14T13:31:37.093+00:00
IIS returned a file not found (404). That means the browser was able to get to the machine but the URL is incorrect.

The correct URL format is below when entering an IP address.

https://192.168.1.10:443

Keep in mind, 443 is assumed for HTTPS.

Secondly, you said there's no domain so it is unclear why a domain name is configured in IIS.

You can use a domain name if you like but the Internet has no idea the domain name exists. Therefore, you must update the client's HOSTS file so the client can resolve the domain name to the static IP. This was explained several times.

https://en.wikipedia.org/wiki/Hosts_(file)

For now, at least, I would not worry about the HOSTS file and just focus one entering the correct URL. Once you get that working then you can configure the HOSTS file.
Bruce (SqlWork.com) 78,236 Reputation points Volunteer Moderator

2022-10-14T15:54:27.917+00:00

you configured the site "domain" to use hostname. so if you use ipaddress, it goes to the "Default Web Site" instead.

first verify the the servers public ipaddress. on the server open a browser and enter:

https://whatismyipaddress.com

this will display your servers public ipaddress (assuming only 1 nic card). it may or may not match the internal ipaddress of the server depending on isp configuration,

I assume that "domain" is the server name and ssl works from the server. on the test client machine, update the hosts file to the "domain" and public ipaddress.
Volk Volk 551 Reputation points

2022-10-14T16:55:34.897+00:00

Why would I ever go into the hosts file on a client machine that has not connected at all my local network? Why are you asking me to enter the address of the local machine? I need access to a server site on Earth from a separate computer on the moon. This was explained several times. I agree not to enter a domain name in the URL address in browser, let the access be, for example, at the address StaticIp:port.
Volk Volk 551 Reputation points

2022-10-14T17:00:18.243+00:00

Thanks for the advice, everything is working correctly on the server. There in hosts I have a domain name: 127.0.0.1 domain. But what does the hosts of an absolutely independent computer have to do with it, which just needs to go to the site using staticIp:port?
AgaveJoe 30,126 Reputation points

2022-10-14T22:13:04.917+00:00

Why would I ever go into the hosts file on a client machine that has not connected at all my local network? Why are you asking me to enter the address of the local machine? I need access to a server site on Earth from a separate computer on the moon.

The HOSTS file overrides DNS and tells the client machine how to translate a domain name to an IP address.
Volk Volk 551 Reputation points

2022-10-15T07:27:32.417+00:00

It's important, yes. I understand. I have such a scheme on my server - the site works locally, there are entries in the hosts:
127. 0.0.1 test zone
127. 0.0.1 domain.zone

But I needed an option with external independent computers that are trying to access the site from other static IPs.
I posted the solution below.

As far as I understand, you offered the variant with local machines on the network, then yes, I understand that they would need to register hosts, but my local machines are also all located under the router and on another static IP, they are not in the same local network as the server.

But anyway, thank you for your information, I learned a lot from it. :)

Answer 5

Volk Volk 551

I have found a solution. :)

The local network does not play a role.
No need to change hosts on external independent computers.

!!! Need to open port 82 (because port 80 is occupied by the default site, and port 81 is occupied by another test site) !!!

Just need to do this in IIS and enter the site at a static address and port:

Now I calmly go to the site from the outside using such links:

http://StaticIP:82
https://StaticIP:443

And when the site is ready, tested and filed in, you can buy a full-fledged certificate and attach it to IIS.

Thank you all for your advices! The question is closed. :)

Bruce (SqlWork.com) 78,236 Reputation points Volunteer Moderator

2022-10-14T20:32:24.023+00:00

there was no need to specify the ipaddress in IIS, unless the server was listening on multiple ipaddresses.

note: I'd pick 8080 (a http standard) as the http port rather than 82
Volk Volk 551 Reputation points

2022-10-15T08:03:31.537+00:00

Thanks for the advice, I'll put 8080, although it's a temporary option. The site will then be closed on these ports and it will only be accessed via port 443 with https with a full certificate.

Only I didn't fully understand. Do I create a real certificate here? Or is it also temporary and incomplete certificate? Have you ever use such a certificate? What's the point of buying a certificate if I can order it in IIS and attach it to a site for https? Or do I not understand something? I've only used a Self-Signed Certificate right now in this situation. And what will the certificate that I will create by "Create Certificate Request" give me?
Bruce (SqlWork.com) 78,236 Reputation points Volunteer Moderator

2022-10-15T16:33:28.007+00:00

A self signed cert will give an error in the browser and require the user to Trust it. As it’s not a trusted cert, it can be faked or earlier hijacked by a man in the middle attack.
Volk Volk 551 Reputation points

2022-10-15T19:27:39.233+00:00

Ok. Thanks!

I will leave here, in my opinion, a useful link about certificates.

csr-creation-ssl-installation-iis-10.htm

Share via

How to give public access to the Net Core 6 site in IIS by a static IP address?

5 answers

Your answer