We're using Octopus Deploy and its "IIS web site and application pool" process feature to deploy our ASP.NET MVC app to IIS. It's working great.
Now, we would like to enable SNI for the HTTPS binding. Octopus Deploy doesn't seem to provide a built-in checkbox for this. How could we customize the Octopus Deploy's IIS deployment so that the SNI is enabled automatically?
If it makes things easier, it's OK for us if Octopus Deploy automatically enables SNI for all the HTTPS bindings, we don't need a setting for it.
For anyone still looking for a solution on this, at this time of writing, octopus now offers this exact feature on the "deploy an IIS Website step template, right on the bingings section, you can create https 443 bindings where you can specify a cert and check the "require sni" option, to automatically deploy certs per each virtual host.
This isn't currently possible to do with the built-in IIS configuration feature; instead, you could use a custom PowerShell script (PostDeploy.ps1 in your package, for example) to make the appropriate changes. I've logged a work item here to add it when we next revisit IIS configuration:
https://github.com/OctopusDeploy/Issues/issues/430
Related
I'm using the preview tooling for ASP.NET Core and VS 2015 that was released in Dec timeframe.
I've followed numerous online examples with how to enable SSL in Kestrel. None of them worked.
So I tried an option in project called "Enable SSL" and it seems to set a port for me, and works from local host, but doesn't seem to work from elsewhere.
I've also tried .UseKestrel() I have option.UseHttps("ssl.pfx", "password")
Below that I have UseUrls, but it doesn't seem to bind correctly to the ports because my SSL requests. When I try to issue SSL requests it times out. I used netstat and it seems like there is no port opened for my specified SSL port.
1) How do I use UseUrls? I need both localhost and remote machine access
2) How do I configure IIS express to allow the https calls?
If anyone has a good reliable way to set this up for VS 2015 in an ASP.NET Core project I would really appreciate it!
Thanks,
James
You're not saying what you have tried so far, so maybe you've tried that already, but you need to:
have a valid certificate that your server will be able to provide to the client
install the nuget package: Microsoft.AspNetCore.Server.Kestrel.Https
change your configure sequence so that it uses Kestrel Https
app.UseKestrelHttps(certificate);
change the url Kestrel is listening to one starting by https://
I used this article a few months back on VS2015: https://www.thesslstore.com/blog/implement-ssl-kestrel-asp-net-core/
I worked fine for me, but maybe there are a few things to adapt with the latest version.
Recently I'm using TFS behind proxy authentication, everything works well till I try to install packages through the Package Manager Console, if I try to install a package, even if I set up proxy credentials to access TFS, the system asks for credentials to connect to nuget.org, when I input credentials, the authentication through nuget breaks the previous TFS proxy authentication, so I get the error HTTP code 407: Proxy Athentication Required (Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )
After that I can't use nuget and can't use TFS so I have to restart VS2013, but in this way I can't install packages.
Any Idea??
Thanks
I worked around this issue with NuGet 2.8.50926.663 and a very restrictive company proxy by installing Fiddler2 from www.fiddlertool.com. It seems having some kind of proxy go-between helps NuGet play nicely with proxies.
Of course there are other tools which will achieve the same effect, e.g. WireShark or Privoxy. I know Fiddler is very useful on a development workstation, so I choose that.
Searching for other solutions kept coming back to issues and regressions of issues in older versions of NuGet, like version 1.5 for example. Seems like either the proxy authentication or HTTPS certificate handling of NuGet is not so streamlined.
I have WCf service hosted in windows service.
I would want to know how would i make service accessible only through SSL and use certificate provided by certificate issuer(Godaddy,verisign etc).
If you created a WCF-Service you'll be forced to use an Windows IIS Server to host your application. When using an IIS, you can specify the Port and an SSL-Certificate.
To do this, just
add a new Website to your IIS. Make sure, you are using an application pool that supports .NET Framework 4.0.
copy your compiled WCF-Service and all references/files that your services needs to the associated IIS-Site-Folder
Configure the Bindings of this IIS Page. You need an imported SSL-Certificate at this point. If you already imported it, you can choose it from a ListBox within the Bindings-Dialog.
Within that dialog, you can specify the port
Make sure you've opened that port on your firewall
If you delete other bindings (meaning all HTTP Bindings), you can make sure that your service is only reachable through SSL and your specific port.
If you need cheap, good and multidomain/wildcard certificates, please check out StartSSL. In my opinion, they serve you the best.
You can find more information about IIS Configuration here.
I have a Class library with WCF service added. When I click on command View in Browser it opens with http prefix. Is there a way how to open it with https prefix without hosting it on iis ? Thanks
If you are using 'Cassini' or the web server built into VS, then SSL is not supported. But if you change your web settings (by choosing Properties from your project), you can host in IIS. IISExpress might support it, but again requires a change to the project settings.
I've got a WCF service using the netTcpBinding, and no other binding. It works great when I manually deploy the files to IIS, and my client application can consume the service when I enter the net.tcp://localhost(etc) url. Now I'm trying to get the project to run in Visual Studio, so I can have the service and client in the same solution, and reference the service directly instead of going through IIS, and having to redeploy files manually.
Neither IIS Express nor the Visual Studio Development Server can use net.tcp, so they're out. In the Web tab of my service project, the "Use Local IIS Web Server" or "Use Custom Web Server" looked like good options, but neither of them will accept a URL that doesn't begin with http.
Is there some way of making my WCF service use IIS, and having my client reference the service directly (so that I don't have to deploy files to IIS, and then update service reference, every time I compile)?
Start the service in WcfSvcHost, then try to add a reference to the hosted URL.
Unfortunately, the VS IDE has no technique to start services automatically, except for when you're debugging.
Also, you always need to update service references explicitly. You need to decide which of your changes are ready to be applied to which clients of your service. It would be bad to assume that all clients should be updated as soon as you make a change then compile your service.
You could add a project, which you don't deploy, but only use during development, that self-hosts the service.