IIS WEB SERVER FARM CONFIGURATION

Najeebulla Khan 1 Reputation point
2021-06-19T14:46:27.083+00:00

Setting up a IIS WEB SERVER FARM

Hardware setup: I have 6 Servers,
i) Server A, is File Server for Shares - hosting WEBCONTENT, WEBCONFIG, CERTSTORE & ARRCONFIG shares.
ii) Server B, C & D - are IIS Web Servers in shared configuration and using the directories, WEBCONFIG & WEBCONTENT.
iii) Server E & F - are 2 Web Servers running Application Routing Request and URL Rewrite. These two servers are running NLB and and having a shared configuration using the directory, ARRCONFIG.
Also, on these servers Centralized Certificate Store is configured.

Scenario:
I installed WEB SERVER Role on all WEB SERVERS (B, C & D) and accessed http://localhost & it opened IIS Default page. I added a Demo Site to Server B and it was working fine (http://demosite.com:90) . I copied the contents of Demo Site to WEBCONTENT folder and enabled Shared configuration. I later added other two servers to shared configuration.

I installed WEB SERVER Role on Servers E & F. After that installed URL Re-write & ARR Module. On Server E, I created a Web Server FARM and added the servers B, C & D to the Farm. I enabled Server Proxy and added the URL to the "Health" Check option of Web Server Farm. I verified the URL and the Test was passed as 'OK'.

My Question, how do I configure URL Rewrite or Reverse Proxy so that clients connecting to ARR servers using the URL should open the page. I have a added a DNS entry to AD, pointing the web url to NLB IP of ARR.

Let me know which part I'm missing or needs to be configured.

For URL Rewrite I read some links,
https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

I was not able to see Web.config file since it is a Shared Configuration. I edited the Administration.config file in ARRCONFIG Share. I added the URL Re-write code within <System.webserver> </System.webserver> as per step 2 of that post above. AM I doing it correctly?

I have configured Centralized Certificate Store and still not yet used because my demo sites are still not using https. So If I plan to use HTTPS, do I just store my certificates in CERTSTORE or do i need to do additional bindings?

Please guide me as to what I'm missing.

Internet Information Services
{count} votes

6 answers

Sort by: Most helpful
  1. Najeebulla Khan 1 Reputation point
    2021-06-27T08:16:05.243+00:00

    Thank you SamWu - for your reply.109624-iis-design.jpg

    I have attached the design diagram.

    My Question:

    1. Do I need Forward Proxy or Reverse Proxy? My understanding is Reverse Proxy. If I'm wrong, guide me.
    2. How do I configure Reverse Proxy so that clients connecting to ARR servers using the URL should open the page. I have a added a DNS entry to AD, pointing the web url to NLB IP of ARR. ex: demosite.com - 192.168.10.90

    When You open IIS, When the Server Name is selected - URL rewrite - Add Rule - I don't see Reverse Proxy Option; Where as, when I select the Default Web Site, - URL rewrite - Add Rule - I see Reverse Proxy Option; Where should I exactly create a rule.

    In My domain DNS, should I create an "A" record for the website pointing to the NLB VIP of the ARR Servers and also create another "A" record for the NLB VIP pointing to the Server Farm (zoneops.webfarm.spring.com).

    For URL Rewrite I read some links,
    https://learn.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

    When I was editing the Web.config file in ARR Servers for URL Rewrite, it kept giving me syntax error. Do I need to add the Reverse Proxy rule under Inbound Rule or Outbound Rule.

    0 comments No comments

  2. Najeebulla Khan 1 Reputation point
    2021-06-28T12:52:52.293+00:00

    The question is same but i was trying to post with design diagram..

    I'm a little confused so I was trying to post the question in at least 2 places to get an answer.
    I will list all the steps as I have undertood, please let me know if I'm correct or wrong.

    Step 1: Create a Web Server Farm (say, zoneops.webfarm.spring.com) and add backend Web Servers (WEBSVR01, WEBSVR02 & WEBSVR03) to it. When creating the Farm, go under advanced and add the port HTTP: 8080 and HTTP: 443 etc

    Step 2: Enable Server Proxy and give Reverse Proxy Server name as "zoneops.webfarm.spring.com:8080". Here Do I need to specify anything under "Proxy Server" section.

    Step 3: Edit the web.config file to add the URL Rewrite section to Outbound Rules. I need help here in configuring correctly.

    Step 4: Add DNS entry to the Active Directory pointing website name to nlb ip of ARR Server so that when any request comes to ARR it should be forwarded to Server Farm and subsequently to WEB SERVERs in the backend,

    Step 5: on ARR Servers, expand IIS, under Default Web Site - url rewrite and add Reverse Proxy Rule - I need help here .in configuring correctly.

    Step 6: on ARR Servers, what bindings should I specify?


  3. Najeebulla Khan 1 Reputation point
    2021-07-11T09:24:32.267+00:00

    I made a small change. On all IIS Servers, I edited the default photo of IIS Page and added the local server name, so that when I open http://localhost I see the default IIS image with Server Name on it.

    After this I re-created the Server Farm and from my client side when I open the URL like http://demosite.spring.com it loads the IIS Page of either websvr01, or websvr02 or websvr03.

    now I tried re-creating the URL Rewrite rule under IIS- Default WebSite-AddRule- (here I tried user friendly url, Inbound rule, outbound rule etc) but still same page opens.

    client inputs http://demosite.spring.com.local
    redirect to website url: demosite.spring.com:90

    I need a little guidance here.


  4. Najeebulla Khan 1 Reputation point
    2021-07-12T16:37:56.407+00:00

    hello SamWu,
    Before I start troubleshooting with "Failed Request Tracing" i want to understand the logic in this URL Rewrite. This is because I can only troubleshoot something which I have understood logically correct.

    so far what i have achieved is, when the webfarm is listening on port 80, without creating any rules manually (one rule gets created automatically) the request is forwarded to the 3 web servers and default IIS page opens up because on all respective servers, the default web site is running on port 80.

    what further rule should I create so that when I accessed the page "http://demosite.spring.com" it should be redirect or rewritten to "http://demosite.spring.com:90"
    Where should I create this Rule? on ARR Server, under Servername -Rules (global section) - Inbound or Outbound
    OR under Default Web Site on ARR Servers?

    I was even thinking should I install url rewrite on Web Servers itself and redirect incoming URL's to appropriate URLs. Is there any documentation, video (paid/unpaid), or blog/forum where they have explained URL Rewrite with examples.

    Since there are few sites only to begin with I want to understand in detail so that I don't face any issues..

    0 comments No comments

  5. Sam Wu-MSFT 7,526 Reputation points Microsoft Vendor
    2021-07-13T09:38:29.623+00:00

    @Najeebulla Khan

    what further rule should I create so that when I accessed the page "http://demosite.spring.com" it should be redirect or rewritten to "http://demosite.spring.com:90"

    The rule action should look like this: <action type="Redirect" url="http://demosite.spring.com:90" />

    Where should I create this Rule? on ARR Server, under Servername -Rules (global section) - Inbound or Outbound OR under Default Web Site on ARR Servers?

    You should create this rule in arr service.

    I was even thinking should I install url rewrite on Web Servers itself and redirect incoming URL's to appropriate URLs. Is there any documentation, video (paid/unpaid), or blog/forum where they have explained URL Rewrite with examples.

    These links should help you:

    1. Creating Rewrite Rules for the URL Rewrite Module
    2. 10 URL Rewriting Tips and Tricks

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.