Skip to content

Instantly share code, notes, and snippets.

@JaimeStill

JaimeStill/iis.md

Created May 8, 2024 18:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save JaimeStill/b59537c1eb4108085a99dc47fc281b6e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save JaimeStill/b59537c1eb4108085a99dc47fc281b6e to your computer and use it in GitHub Desktop.
Download ZIP
IIS Site + App Pool configurations and applicationHost.config settings
Raw
iis.md

IIS Server Configuration

Where app is specified in all of the sections below below, replace with the name of the each app module in lowercase in place of app. For instance, staffing and reporting. What is shown below is just a template for how to configure each app module.

App Pools

In IIS Manager, click the Application Pools section in the Connections panel. For the API + each app module, create the following app pool:

Name .NET CLR Version Managed Pipeline Mode
api No Managed Code Integrated
app No Managed Code Integrated

Once created, right-click each app pool, click Advanced Settings... and in the Process Model section, set the Identity to the GMSA in the format Domain\account. For example, DOMAIN\gmsa-svcaccount$. You do not need to provide a password because it is a GMSA.

Sites

In File Explorer, navigate to C:\inetpub\wwwroot and the following folders:

  • api
  • app

For each of the above directories, right-click the Sites section in the Connections panel of IIS Manager and click Add Website.

Provide the following settings for each site:

Site Name Application Pool Physical Path Binding Type IP Address Port Host Name
api api C:\inetpub\wwwroot\api http IIS IP Address 80 api.[domain]
app app C:\inetpub\wwwroot\app http IIS IP Address 80 app.[domain]

applicationHost.config

The following configurations assume you have installed the IIS modules for URL Rewrite and CORS.

The final configuration steps involve modifying the C:\Windows\System32\inetsrv\config\applicationHost.config file with the proper URL Rewrite and CORS configurations. To open the config directory in VS Code, open Run (Win + R) on the IIS server and execute the following:

code C:\Windows\System32\inetsrv\config

The following sections are added to the bottom of the applicationHost.config file just above the closing </configuration> tag.

URL Rewrite

The following configuration is needed to allow Angular applications to manage their own internal routing. The <conditions> section defines the scenarios where the rule is ignored. For all other cases, URLs encountered by IIS are rewritten to root /.

<configuration>
    <!-- current IIS configuration -->
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="angular-dotnet-rules" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(docs)/([_0-9a-z-/]+)*\.([\w\d]+)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(files)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(logger)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(office)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(profile-pics)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(swagger)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(sync)" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(channel)" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="/" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Cross Origin Resource Sharing (CORS)

The following configures CORS on the API and allows access to each of the app modules. Use the demonstrated <add /> configuration as a template for each app module. It is added directly following the <\system.webServer> tag in the above configuration.

<configuration>
    <location path="api">
        <system.webServer>
            <httpProtocol>
                <customHeaders>
                    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS, HEAD" />
                    <add name="Access-Control-Allow-Headers" value="COntent-Type, Accept" />
                </customHeaders>
            </httpProtocol>
            <cors enabled="true" failUnlistedOrigins="true">
                <add origin="http://[app].[domain]" allowCredentials="true">
                    <allowHeaders allowAllRequestedHeaders="true" />
                    <allowMethods>
                        <add method="GET" />
                        <add method="HEAD" />
                        <add method="POST" />
                        <add method="PUT" />
                        <add method="DELETE" />
                    </allowMethods>
                    <exposeHeaders>
                        <add header="Content-Disposition" />
                        <add header="Access-Control-Allow-Origin" />
                    </exposeHeaders>
                </add>
            </cors>
        </system.webServer>
    </location>
</configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment