Last active
July 11, 2021 14:13
-
-
Save ducas/b16dfd1d9ba91da7fd53 to your computer and use it in GitHub Desktop.
Common configuration for IIS sites behind a load balancer to propagate HTTPS flag and avoid ports in generated URLs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $SiteName = "Default Web Site" | |
| Import-Module WebAdministration | |
| Write-Host "Getting allowed server variables..." | |
| $allowedServerVariables = Get-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables/add" -Name name | |
| Write-Host "Found $($allowedServerVariables.Length)..." | |
| if ( ($allowedServerVariables -eq $null) -or ( $allowedServerVariables | ?{ $_.Value -eq "HTTPS" } ).Length -eq 0 ) { | |
| #Configure IIS To Allow 'HTTPS' as a server variable - Must be done at a applicationhosts.config level | |
| Write-Host "Adding HTTPS to allowed server variables..." | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables" -name "." -value @{name='HTTPS'} | |
| } | |
| if ( ($allowedServerVariables -eq $null) -or ( $allowedServerVariables | ?{ $_.Value -eq "SERVER_PORT" } ).Length -eq 0 ) { | |
| #Configure IIS To Allow 'HTTPS' as a server variable - Must be done at a applicationhosts.config level | |
| Write-Host "Adding SERVER_PORT to allowed server variables..." | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST" -filter "system.webServer/rewrite/allowedServerVariables" -name "." -value @{name='SERVER_PORT'} | |
| } | |
| #Setup to rewrite HTTPS to on and port to 443 when X-Forwarded-Proto header is https | |
| $RuleName = 'SSL Offload'; | |
| Write-Host "Configuring URL Rewrite rule for $RuleName..." | |
| Clear-WebConfiguration -PSPath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']" | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules" -name "." -value @{name=$RuleName;patternSyntax='Wildcard'} | |
| Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/match" -name "url" -value "*" | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='HTTPS';value='on'} | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='SERVER_PORT';value='443'} | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{HTTP_X_FORWARDED_PROTO}';pattern='https'} | |
| Write-Host "Done." | |
| #Setup site to rewrite port to 80 when X-Forwarded-Proto header is http and accessed on non-default port | |
| $RuleName = 'Default Port'; | |
| Write-Host "Configuring URL Rewrite rule for $RuleName..." | |
| Clear-WebConfiguration -PSPath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']" | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules" -name "." -value @{name=$RuleName;patternSyntax='Wildcard'} | |
| Set-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/match" -name "url" -value "*" | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/serverVariables" -name "." -value @{name='SERVER_PORT';value='80'} | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{SERVER_PORT}';pattern='^80$';negate=$true} | |
| Add-WebConfigurationProperty -pspath "MACHINE/WEBROOT/APPHOST/${SiteName}" -filter "system.webServer/rewrite/rules/rule[@name='${RuleName}']/conditions" -name "." -value @{input='{HTTP_X_FORWARDED_PROTO}';pattern='https';negate=$true} | |
| Write-Host "Done." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just wanted to say thank you, as I used the top 18 (3-18) lines in conjunction with Ansible to improve idempotence in adding allowedServerVariables. When they existed already, using Add-WebConfigurationProperty would error out.