To run our web applications we need IIS (Internet Information Services). This software comes standard with Windows, but you need to install it manually.
Log into the remote desktop of your Windows instance and open Server Manager. Now click 2 Add roles and features.
Select Role-based or feature-based installation and click next.
Choose Select a server from the server pool, select the jodibooks-W01
server and click Next.
Scroll down to Web Server (IIS) and expand the option. Select the following options:
Web Server
Management Tools
In the Features screen expand .NET Framework 4.7 Features and make sure that .NET Framework 4.7 and ASP.NET 4.7 are selected or installed. Click Next again.
Press Install to start adding the selected features.
To add additional tools to IIS, Microsoft uses a stand-alone installer. It integrates into IIS, but needs to be installed separately.
Download the installer from: https://www.microsoft.com/web/downloads/platform.aspx
Run the installer. All defaults are fine.
Restart IIS (close and re-open).
When you click on the server, the icon for WebPI is the last one in the list.
Open it, select the Applications tab and search for URL Rewrite
. The search results should find URL Rewrite 2.1. Install it by clicking Install in the application row and then Install at the bottom.
On the D-drive we're going to create some folders for our applications. This is our folder structure just as an example:
apps
api
sub api 1
sub api 2
sub api 3
beauty
management
payments
www
databases
download
jobs
logs
scripts
Not surprisingly apps
are our published ASP.NET applications. databases
is used as a temp folder for database exports and backups. download
to upload new files to, like a new application release or installer. Exports from the Task Scheduler (Part 15) are put in jobs
and scripts
contains the scripts (also Part 15) to backup the database and log files. The script logs are stored in logs
.
I assume you have published your application(s) and are ready to go, so let's do this.
Zip your application files and upload it to the download folder. Uploading a single file goes much faster than numerous small files.
Unzip the applications to their folders. Preferably you have one folder per application.
Go to the apps
folder and Right-click it. Click Properties and in the new windows select the tab Security. Now click Edit and add the user IIS_IUSR
. Make sure this user has Read & execute
, List folder contents
and Read
permissions.
Open the IIS Manager. Delete the default website under Sites. Click Application Pools and Add Application Pool...
Give the application pool a name: jodibooks-main
or jodibooks-apps
or just jodibooks
.
You can create one app pool per application or run multiple applications in the same pool. In the former case you have more granular control over the timeouts of each application (always on, suspend, terminate and time). The latter can be more memory efficient. We ended up putting all the applications in a single pool, but it's up to you to test and experiment with your own applications.
In red (top) our 5 always on applications in 5 separate app pools (image from production server). In blue (bottom) our 8 applications split in two app pools: ao (always on) and terminate. In purple (also bottom) all 8 applications in a single app pool (image from test server).
Click the server name and open Authentication.
Select Anonymous Authentication and click Edit in the top right corner. Now make sure Application pool identity is selected.
Right-click the Sites icon on the left and click Add Website. Give the site a name, I'd suggest using the folder name: www
. Choose the app pool you want this application to run in, browse to the folder and set the Binding as type: http
, IP address:All Unassigned
, port: 80
and Host name: jodibooks.com
(we're flattered, but obviously you change this to your domain).
Repeat for all applications that you want to give their own domain. Subapplications that you want to reach as a folder, for example a separate payments API (api.jodibooks.com/payments
), have to be added as applications. Right-click the website api
and click Add Application.
Give the application an Alias: payments
and change the Application pool if you want. Browse to the folder for the application and click OK.
This step is a bonus. If you want to shield your application from public access, but you want to reach it through your domain, for example a management dashboard or invoicing service, you can change the port from the standard port 80
to something else like 8080
. Now you have to open this port in the Windows firewall (only allowing your IP) and add a management
security group with a Custom TCP Rule
port to My IP
.
There are a lot of settings in IIS that affect the speed of your website. I went through this excellent guide to optimize the settings. It tells you how to configure caching, time-outs, application initialization, compression among others.
https://port135.com/2019/05/17/recommendations-improve-iis-performance-fine-tuning/
One of our applications puts files in an S3 bucket. To be able to do that, it needs access credentials and a policy that allows using S3. The credentials are generated by creating a user in IAM. Remember that a user can be a person or a computer.
So we go to the IAM console and create a user jodiBooks.Fileserver
with Access type Programmatic access.
Select Attach existing policies directly and click Create policy.
In the next screen choose S3
as Service. Now select the actions you need. We need to create (PutObject
), retrieve (GetObject
) and delete (DeleteObject
) files, so we needed the actions listed below. We also need to know which files there are, so we also add the ListBucket
action.
Note: we needed to add
PutObjectTagging
,GetObjectTagging
andDeleteObjectTagging
to get our application working. Unfortunately the reason why got lost.
Specify resources. We want to limit the access to a specific bucket. We can do that by adding the bucket ARN by copying it from S3 or by entering the bucket name.
And we specify that all objects (select Object name: Any) can be modified in that specific bucket (enter the bucket name again).
Now click Review policy and give it a name jodiBooks.Fileserver.PROD.S3.Objects
and description Allow our fileserver to put, get and delete objects from jodibooks-eu-central-1 bucket
.
Go back to the Add user screen, click the Refresh button and add the newly created policy. You can search for jodiBooks.Fileserver.PROD.S3.Objects
or Filter policies on Customer managed and select the policy.
Tags are optional, so we skip them. Now Create the user and store the credentials. You can now use these credentials in your application.
That's it for the applications. With the configuration of Route 53 in part 7, they should be reachable over an unencrypted HTTP connection. Before we add the SSL certificate, we need to configure our database first.