GGCE with IIS
Internet Information Services (IIS) can be used on Windows to handle SSL encryption and relay HTTP requests to GGCE docker containers by utilizing URL Rewrite and Application Request Routing (ARR) features:
- Install URL Rewrite.
- Install Application Request Routing. ARR depends on URL Rewrite. Ensure URL Rewrite is installed prior to installing ARR.
This will add Application Request Routing configuration option to IIS:
Another important category in this section is Server Certificates where you can register or generate SSL certificates for GGCE.
Application Request Routing
Enable and configure AAR as shown in the screenshot below.
Do not enable the option to Reverse rewrite host in response headers.
Register SSL certificates
Register or generate SSL certificates for GGCE under Server Certificates in IIS configuration. You will select one of the registered certificates when configuring site bindings for GGCE.
Add GGCE site
Create new site for GGCE in IIS:
Update the bindings to associate this site with the two DNS names for ggce-api
and ggce
and their corresponding SSL certificates.
Replace ggce-api
and ggce
with the corresponding complete DNS names (FQDN) for the two websites.
Type | IP address | Port | Host name |
---|---|---|---|
https | All unassigned | 443 | ggce-api |
https | All unassigned | 443 | ggce |
We recommend that you enable Require Server Name Indication setting
The final bindings should list two entries:
This will configure IIS to listen for HTTPS requests that match the configured DNS names on the selected IP and port.
Configure URL Rewrite
GGCE services run as docker containers and are exposed by default as http://localhost:8080
and http://localhost:3000
.
You will configure URL Rewrite rules on the IIS GGCE site to redirect incoming traffic to the two upstream web services.
Open URL Rewrite and add a new rule for ggce-api
starting with a New blank inbound rule:
- Name:
ggce-api
- In section Match URL:
- Requested URL: Matches the Pattern
- Using: Regular Expressions
- Pattern:
(.*)
- Yes, Ignore case
- In section Conditions:
- Add... condition
- Condition input: {HTTP_HOST}
- Check if input string: Matches the Pattern
- Pattern:
ggce-api\.fqdn\.org
- Note: You must replace all
.
in the DNS name with\.
- Note: You must replace all
- Yes, Ignore case
- Add... condition
- In section Action:
- Action type: Rewrite
- Rewrite URL:
http://localhost:8080/{R:1}
- Yes, Append query string
- Yes, Stop processing of subsequent rules
Add a new rule for ggce
starting with a New blank inbound rule:
- Name:
ggce
- In section Match URL:
- Requested URL: Matches the Pattern
- Using: Regular Expressions
- Pattern:
(.*)
- Yes, Ignore case
- In section Conditions:
- Add... condition
- Condition input: {HTTP_HOST}
- Check if input string: Matches the Pattern
- Pattern:
ggce\.fqdn\.org
- Note: You must replace all
.
in the DNS name with\.
- Note: You must replace all
- Yes, Ignore case
- Add... condition
- In section Action:
- Action type: Rewrite
- Rewrite URL:
http://localhost:3000/{R:1}
- Yes, Append query string
- Yes, Stop processing of subsequent rules
The final rule configuration for ggce
will look like this:
... and the ggce site in IIS should have two rules: