2.11.4 Procedure for connecting to operation window using HTTPS
To connect operation window of management server by HTTPS, you must configure Microsoft Internet Information Services. See Microsoft Internet Information Services documentation for detailed instructions on how to configure Microsoft Internet Information Services.
- Tip
-
If you are using an Internet gateway server as Microsoft Internet Information Services for connecting to operation window of management server, perform the following steps for Microsoft Internet Information Services of the Internet gateway server.
To install additional Microsoft Internet Information Services modules:
Get and install additional modules for Microsoft Internet Information Services listed in the following tables:
|
Module name |
Source |
|---|---|
|
Microsoft Application Request Routing 3.0 (x64) |
https://www.microsoft.com/en-us/download/details.aspx?id=47333 |
|
URL rewrite module |
https://iis-umbraco.azurewebsites.net/downloads/microsoft/url-rewrite |
To set a server certificate:
By using Server Certificate, complete server certificate request.
- Server certificate certified by a certification authority that can complete server certificate request
-
Path to the file containing the server certificate certified by the certification authority#
#: Do not store the server certificate file in the folder in which the Internet gateway has been installed.
- Friendly name
-
Any
- Tip
-
If you use an Internet gateway server as Microsoft Internet Information Services for connecting to management server's operation window, use the server certificate that you have set up with the Internet gateway server.
Enable Reverse Proxy:
Set the following configuration in Microsoft Internet Information Services:
|
Item in Microsoft Internet Information Services |
Setting |
Description |
|---|---|---|
|
Enable proxy |
Select the check box. |
To add and set an application:
Add the following configuration in Microsoft Internet Information Services:
|
Item in Microsoft Internet Information Services |
Setting |
Description |
|---|---|---|
|
Sites |
Name |
Default Web Site |
|
Site Bindings |
Type: https IP address: All Unassigned Port: Any (For example: 443) Host name: FQDN of the server Require Server Name Indication: Select this check box. SSL certificate: Specify the friendly name you have set by following the steps described under To set a server certificate: in this section. |
|
|
Enabled Protocols |
https |
|
|
Authentication |
Basic Authentication: Enabled Anonymous Authentication: Enabled |
|
|
Applications |
Alias |
jp1itdm |
|
Application Pools |
AppPooljp1itdm |
|
|
Physical path |
Any folder However, grant the "Modify" permission to the user used for authentication (for anonymous authentication, (IUSR)). |
|
|
Enabled Protocols |
https |
|
|
Application Pools |
Name under General |
AppPooljp1itdm |
Setting of URL rewrite:
Set the following items on Microsoft Internet Information Services:
|
Item in Microsoft Internet Information Services |
Item |
Setting |
Description |
|---|---|---|---|
|
Reception rule |
Enter the server name or IP address to which HTTP request is forwarded |
Hostname or IP of management server |
|
Transmission rule |
Address |
Host name specified in the Site Bindings setting in To add and set an application: table |
|
|
Reception rule |
See Editing reception rules: in the next section. |
|
#: Only set this when using a Microsoft Internet Information Services built on the Internet gateway server to connect to operation window of management server.
Editing reception rules:
Set the Reception rule added as URL rewriting - Reverse proxy rule in URL Rewrite Setting: with the following settings.
|
Item |
Setting |
Description |
|---|---|---|
|
Matching URL |
Requested URL |
Match the pattern |
|
Use |
Regular expression |
|
|
Pattern |
(.*) |
|
|
Case insensitive |
Select the check box. |
|
|
Action |
Type of action |
Rewriting |
|
Rewriting URL |
http://hostname-or-IP-address-of-management-server:accepted-port-number-from-computer-of-the-administrator- (e.g.31080)/{R:1} |
|
|
Adding Query Strings |
Select the check box. |
|
|
-- |
Stop processing subsequent rules |
Select the check box. |
If you want to use a Microsoft Internet Information Services built on an Internet gateway server to connect to management server's operation window, set the Reception rule added as URL rewriting - Empty rule in URL Rewrite Setting: with the following settings.
|
Item |
Setting |
Description |
|---|---|---|
|
Name |
Name |
Any name to identify the receiving rule |
|
Matching URL |
Requested URL |
Match the pattern |
|
Use |
Regular expression |
|
|
Pattern |
^(jp1itdmigw) |
|
|
Case insensitive |
Select the check box. |
|
|
Action |
Type of action |
None |
|
-- |
Adding Query Strings |
Select the check box. |
Next, set the priority order of the reception rules as follows:
|
Item in Microsoft Internet Information Services |
Order |
Description |
Type of action |
|---|---|---|---|
|
URL Rewrite: Receive Rules Applied to Requested URL Addresses |
1 |
Reception rule added as URL rewriting - Empty rule in URL Rewrite Setting: |
None |
|
2 |
URL rewriting - Reverse proxy rule in URL Rewrite Setting: |
Rewriting |
- Tip
-
If you want to block access to the administration page via http connection on an intranet that has a PC with direct management server connectivity, configure the firewall so that other device cannot access the connection acceptance port number (default: 31080) from computer of the administrator.