I own a performance license for ImageResizing for the domain azure.content.bloc.net with A record to a Azure website
See example url to a image hosted in azure here:
http://azure.content.bloc.net/logo/200000195/1767/2015/12/15/ny%20ove2r.jpg?width=300
But the resizer.debug.ashx returns the following error:
resizer configuration(Error): No license found for domain bloccontent.azurewebsites.net - features installed: R4Performance or R4BlobProviders
http://azure.content.bloc.net/resizer.debug.ashx
How do we fix this problem?
Update:
We have changed our setup and we are using azure VM machine instead. only binding that exists in IIS is azure.content.bloc.net
resizer.debug page is showing 0 issues (http://azure.content.bloc.net/resizer.debug.ashx)
However, we are still getting the red dot on all photos: http://azure.content.bloc.net/profile/200000195/757/2015/12/10/
ImageResizer Performance licenses must be used only for public-facing domains where the HTTP host header recieved by the app matches the domain key.
As specified in the product description, we suggest an Elite license for load-balanced deployments where an internal domain is used instead.
I suggest looking at your HTTP logs to see what HOST headed is being sent to your application. If possible, configure your CDN or load balancers to address the server with a subdomain of the purchased domain. It is likely that you cannot actually do an A record on azure websites.
Related
We have configured a new webfarm using IIS10 with 3 hosts operating with the web traffic with a loadbalancing IIS ARR3.0 server sitting infront to balance incoming requests between all the nodes. During initial testing (Basic HTML pages) the round robin setup (33.33%) distribution between each node was working well but we had to enable server / client affinity so that our applications kept a consistent connection between our client session and the application. Since then, we are finding that all traffic going to these applications originating from different machines on different networks are all being forwarded to the same application server. If you take the server offline the application seamlessly starts running on the next server in the list (Client obviously must sign in again). Whilst one server is fine at this time to run the two applications we have running when we ramp up our migration and have all our 140 applications running, I don’t think one server will be too happy with the load.
ADDITIONAL INFORMATION
LoadBalancers/Arr Servers: LB-01 (LB-02 DUPLICATED Server for redundancy). Default ARR URL ReWrite with Route to Server Farm Action. Image of LB/ARR URL ReWrite Rule Server Affinity Enabled Client Affinity enabled use hostname selected no Advanced Settings, no routing rules. ARR Default Proxy Settings Image of Proxy Settings
Web/Application Servers WEB-01, WEB-02, WEB-03 FileSystem Shared using DFS All running on Shared Config's
The Applications would be as follows
https://www.domainname.com/application-name1
https://www.domainname.com/application-name2
...
Were the application launch page changes but the domain name stays the same
Image of IIS Monitoring and Management Window showing distribution
If there is a setting you wish to verify please ask for them. I know people arent physchic but huge paragraphs of information never really help.
My hunch is it is something to do with the URL rewrite I have tried the settings in the below post to no avail.
IIS ARR & load balancing
Uncheck 'Host Name Affinity' to dispatch to all your hosts
I acquired SSL certificate through some certificate authority and later installed on google cloud.
Still, my application is not accessible through https
www.eventic.in works but https://www.eventic.in don't work.
Can you please assist me in enabling https?
I want this site to be available only through https. Even if someone access without https, it should be redirected to https.
From the image I see you're configuring your certificates in Google App Engine Custom domains. Please note that Compute Engine (where is your VM) and App Engine are different products. Also it is possible that you're following this doc which is intended for App Engine and not for a VM.
Since you may want to set your certificates in a VM, those configuration remains on the Web server you're using (NGINX, Apache, etc). Also, checking your url https://www.eventic.in I'm sure the port 443 is not configured since this port is in general used for HTTPS.
You may want to look how to configure an SSL for the solution you have running in your VM
I've been trying all day to set up my instance of TFS2017 to work with HTTPS.
I've read the official setup guide, but it didn't help much.
My instance is attached to a domain and configuration has been made with an Administrators group user. The domain account is referenced as an administration console user properly.
The setup has been made with default 8080 port and domain account user can access the website as expected (hosted at http://machine-name:8080/tfs)
Now, when I change the IIS website settings binding to use HTTPS on port 443 with a valid wildchar certificate + set the hostname to be tfs.mydomain.com + ask for SSL require, I cannot have my user to authenticate anymore.
I make TFS Public Url point to https://tfs.mydomain.com/tfs.
I get prompted for the authentication box, but after many attempts, the site would just fail with 401.
The tests are made into the server environment to avoid Firewall confusions.
My instance has two network cards with 2 separate networks. First resolves to public IP, second resolves to private IP. I noticed the configuration works with the machine names, while it fails with the DNS resolution on the public IP. Could this be a reason ?
Thanks for your help
To perform the procedures in your requirements, you must first meet some prerequisites such as required Permissions and so on. Please double check this first. Also please make sure you have set up the corresponding ports such as below prompted.
Important:
The default port number for SSL connections is 443, but you
must assign a unique port number for each of the following
sites: Default Website, Team Foundation Server, Microsoft Team
Foundation Server Proxy (if your deployment uses it), and SharePoint
Central Administration (if your deployment uses SharePoint).
You should record the SSL port number for each website that you
configure. You will need to specify these numbers in the
administration console for Team Foundation.
There is a very detail tutorial about configuring HTTPS with SSL, please refer Setting up HTTPS with Secure Sockets Layer (SSL) for Team Foundation Server
To narrow down the issue with IP, you could disable one of your two network cards. Give a test with only using one network card each time.
Current Setup: Large CMS that has an "authoring" server and multiple "delivery" servers. Both the authoring and delivery servers are Windows servers running 64-bit Apache. The Apache Web root is setup on each server exactly the same--points to a directory on a SAN. The delivery servers are load balanced via another Windows server running Apache. I just finished setting up the ImageResizer server as a standalone image server and wanted to see what the best approach to getting the ImageResizer server to access and thus serve up the images.
authoring server - a.site.com
delivery server - d.site.com
image server - i.site.com
So I guess the question is, what is the best way to allow the ImageResizer server access to the images that are part of a large CMS site? RemoteReader plugin? Setup the IIS site with the Web root as the same as the authoring and delivery servers? Any security issues with this approach? Any suggestions/alternate approaches?
Thank you!
If the SAN is well-behaved, SMB2 or later, and low-latency, you could mount the directory as a virtual folder within the IIS root (which you might want to keep separate).
For performance, it would be best to disable FCNMode - http://imageresizing.net/docs/v3/docs/fcnmode - particularly if you have lots of directories in the SAN.
Alternatively, you could use RemoteReader and point it to your Apache web servers, although you'll sacrifice the ability to update existing files (RemoteReader perma-caches everything to make performance reasonable).
The context:
I currently have a multitenant site (sub1.maindomain.com) and I am working on adding several other sites. Some of the new sites (sub2.maindomain.com, secdomain.com, ...) will probably also be multitenant.
I have certificates for each site I add, but only one IP address.
I'm working on Windows Server 2012, IIS 8.5.
The problem:
In order to allow multiple certificates I have to enable SNI in the https binding. Once I enable the SNI for the multitenant site (therefore editing the hostname) subdomains are no longer recognized (therefore no multitenancy).
Changing/Renaming/Restructuring the sub1.maindomain.com domain is not a real option, since it's being used by active clients for hosted pages among other things.
So far:
I am considering a wildcard certificate on which I can have the domains for all sites, (*.sub1.maindomain.com, *.maindomain.com, *.secdomain.com, ...) but I read that some browsers might have an issue with it and it is not recommended.
EDIT: It's been confirmed to me that I cannot consider the wildcard certificate option, mainly because of the price.
I have also tried using the Application Request Routing to solve the issue as described here but so far I it hasn't panned out.
From what I've tried so far I am either getting certificate errors in some or all of my sites, or "turning off" the multitenancy for the multitenant sites.
Any ideas on how to proceed?
Since we have a single multitenant app we allocated a second IP, given also that the cost is acceptable. The multitenant app is on one IP, the single tenant apps are all hosted on the other IP using the SNI feature to enable the use of multiple certificates.