Skip to content

Instantly share code, notes, and snippets.

@ducas
Last active July 11, 2021 14:13
Show Gist options
  • Save ducas/b16dfd1d9ba91da7fd53 to your computer and use it in GitHub Desktop.
Save ducas/b16dfd1d9ba91da7fd53 to your computer and use it in GitHub Desktop.
Common configuration for IIS sites behind a load balancer to propagate HTTPS flag and avoid ports in generated URLs
$SiteName = "Default Web Site"
Import-Module WebAdministration
Write-Host "Getting allowed server variables..."
$allowedServerVariables = Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables/add" -Name name
Write-Host "Found $($allowedServerVariables.Length)..."
if ( ($allowedServerVariables -eq $null) -or ( $allowedServerVariables | ?{ $_.Value -eq "HTTPS" } ).Length -eq 0 ) {
#Configure IIS To Allow 'HTTPS' as a server variable - Must be done at a applicationhosts.config level
Write-Host "Adding HTTPS to allowed server variables..."
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables" -name "." -value @{name='HTTPS'}
}
if ( ($allowedServerVariables -eq $null) -or ( $allowedServerVariables | ?{ $_.Value -eq "SERVER_PORT" } ).Length -eq 0 ) {
#Configure IIS To Allow 'HTTPS' as a server variable - Must be done at a applicationhosts.config level
Write-Host "Adding SERVER_PORT to allowed server variables..."
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables" -name "." -value @{name='SERVER_PORT'}
}
#Setup to rewrite HTTPS to on and port to 443 when X-Forwarded-Proto header is https
$RuleName = 'SSL Offload';
Write-Host "Configuring URL Rewrite rule for $RuleName..."
Clear-WebConfiguration -PSPath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']"
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules" -name "." -value @{name=$RuleName;patternSyntax='Wildcard'}
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/match" -name "url" -value "*"
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='HTTPS';value='on'}
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='SERVER_PORT';value='443'}
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{HTTP_X_FORWARDED_PROTO}';pattern='https'}
Write-Host "Done."
#Setup site to rewrite port to 80 when X-Forwarded-Proto header is http and accessed on non-default port
$RuleName = 'Default Port';
Write-Host "Configuring URL Rewrite rule for $RuleName..."
Clear-WebConfiguration -PSPath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']"
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules" -name "." -value @{name=$RuleName;patternSyntax='Wildcard'}
Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/match" -name "url" -value "*"
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='SERVER_PORT';value='80'}
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{SERVER_PORT}';pattern='^80$';negate=$true}
Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{HTTP_X_FORWARDED_PROTO}';pattern='https';negate=$true}
Write-Host "Done."
@michaelsmoody
Copy link

michaelsmoody commented Apr 9, 2019

Just wanted to say thank you, as I used the top 18 (3-18) lines in conjunction with Ansible to improve idempotence in adding allowedServerVariables. When they existed already, using Add-WebConfigurationProperty would error out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment