Category Archives: Programming

HTTP to HTTPS automatic redirection in IIS 8

Some syntax changes in the latest IIS 8 concerning the URL Rewrite plugin caused issues when transitioning from IIS 7.5.

application_request_routing

In The site Application Request Routing plugin pane, open up “Server Proxy Settings…” on the left, then enable the server proxy:

application_request_routing_2

 

Back in the site you are configuring, create a new URL rewrite rule:

application_request_routing_3

 

The filter should match anything coming into the site, check to see if it is HTTPS, and if not redirect it. The Conditions section is where the pattern syntax had to be altered from what I had read from other sources. Previously regular expressions were used to the effect of “^0$”, a string that would not work in IIS 8. The filter should simply be “off”.

application_request_routing_4

Further down on the rule set the new URL to be the previous one except with HTTPS on the front of it. The {HTTP_POST}{R:1} help recreate the URL originally being visited before the redirection. After the rule is created trying to get to http://mattlapaglia.com redirects to https://mattlapaglia.com !

Setting up Subsonic with IIS 8 in Windows Server 2012

Adding WordPress to my server presented some issues with my already installed Subsonic server. Wanting two different sites on the same IP address to share HTTPS capabilities isn’t very easy when you’re playing with both IIS and Jetty (Subsonic’s built in web server). In order to get around this I set up a shell site within IIS that forwards connections to Jetty.

IIS 7/7.5 has limitations around using multiple SSL certifications with multiple sites when they are not a wildcard certificate (being able to run multiple sub-domains under one certificate). IIS 8 has added this feature, and allows sites running completely different domains (http://mattlapaglia.com and http://thedatatra.in) to operate both with their own SSL certificates.

Instead of getting a wildcard certification (which is much more expensive than a regular certificate), I bought two regular certifications. One points to my main site, the other to the Subsonic server:IIS 8 SSL Certification View

Since Subsonic is not hosted within IIS, but within Jetty, I added some URL rewriting to the rules:

SSL_INBOUND_RULE

The rule simply takes anything that comes into the subsonic.mattlapaglia.com domain and forwards it to another server within the internal network. This allows the URL to stay consistent with the user, all they see is https://mattlapaglia.com. IIS decrypts the steam and sends it to another server which hosts Subsonic. Since the certificate is assigned per site instead of per IP now, both sites can have valid SSL verification within the browser even though there is no wildcard SSL certificate in place!