Skip to main content

GGCE with IIS

Internet Information Services (IIS) can be used on Windows to handle SSL encryption and relay HTTP requests to GGCE docker containers by utilizing URL Rewrite and Application Request Routing (ARR) features:

  1. Install URL Rewrite.
  2. Install Application Request Routing. ARR depends on URL Rewrite. Ensure URL Rewrite is installed prior to installing ARR.

This will add Application Request Routing configuration option to IIS:

IIS Options

Another important category in this section is Server Certificates where you can register or generate SSL certificates for GGCE.

Application Request Routing

Enable and configure AAR as shown in the screenshot below.

info

Do not enable the option to Reverse rewrite host in response headers.

AAR Configuration

Register SSL certificates

Register or generate SSL certificates for GGCE under Server Certificates in IIS configuration. You will select one of the registered certificates when configuring site bindings for GGCE.

Add GGCE site

Create new site for GGCE in IIS:

Add a GGCE site in IIS

Update the bindings to associate this site with the two DNS names for ggce-api and ggce and their corresponding SSL certificates.

tip

Replace ggce-api and ggce with the corresponding complete DNS names (FQDN) for the two websites.

TypeIP addressPortHost name
httpsAll unassigned443ggce-api
httpsAll unassigned443ggce

Updating Site bindings

Enable SNI

We recommend that you enable Require Server Name Indication setting

The final bindings should list two entries:

GGCE site bindings

This will configure IIS to listen for HTTPS requests that match the configured DNS names on the selected IP and port.

Configure URL Rewrite

GGCE services run as docker containers and are exposed by default as http://localhost:8080 and http://localhost:3000.

You will configure URL Rewrite rules on the IIS GGCE site to redirect incoming traffic to the two upstream web services.

Open URL Rewrite and add a new rule for ggce-api starting with a New blank inbound rule:

  • Name: ggce-api
  • In section Match URL:
    • Requested URL: Matches the Pattern
    • Using: Regular Expressions
    • Pattern: (.*)
    • Yes, Ignore case
  • In section Conditions:
    • Add... condition
      • Condition input: {HTTP_HOST}
      • Check if input string: Matches the Pattern
      • Pattern: ggce-api\.fqdn\.org
        • Note: You must replace all . in the DNS name with \.
      • Yes, Ignore case
  • In section Action:
    • Action type: Rewrite
    • Rewrite URL: http://localhost:8080/{R:1}
    • Yes, Append query string
    • Yes, Stop processing of subsequent rules

Add a new rule for ggce starting with a New blank inbound rule:

  • Name: ggce
  • In section Match URL:
    • Requested URL: Matches the Pattern
    • Using: Regular Expressions
    • Pattern: (.*)
    • Yes, Ignore case
  • In section Conditions:
    • Add... condition
      • Condition input: {HTTP_HOST}
      • Check if input string: Matches the Pattern
      • Pattern: ggce\.fqdn\.org
        • Note: You must replace all . in the DNS name with \.
      • Yes, Ignore case
  • In section Action:
    • Action type: Rewrite
    • Rewrite URL: http://localhost:3000/{R:1}
    • Yes, Append query string
    • Yes, Stop processing of subsequent rules

The final rule configuration for ggce will look like this:

Adding URL Rewrite rule

... and the ggce site in IIS should have two rules:

URL Rewrite configuration