The reverse proxy does not work to have my application in HTTPS

If you think that something doesn't work in Aware IM post your message here
Post Reply
Maxo42
Posts: 46
Joined: Sun Dec 04, 2022 11:13 pm

The reverse proxy does not work to have my application in HTTPS

Post by Maxo42 »

To be able to integrate my Aware IM application so that it works with the reverse proxy server, is it the eclipse file that I must choose as we can see on the screenshot.
Capture d’écran 2023-05-24 152851.png
Capture d’écran 2023-05-24 152851.png (89.99 KiB) Viewed 19729 times
Then I made a URL Rewrite to be able to enter the IP address of my Windows VPS which hosts the Aware IM application.
Capture d’écran 2023-05-24 153157.png
Capture d’écran 2023-05-24 153157.png (103.89 KiB) Viewed 19729 times
Finally I added a Farms server with all the necessary configurations to have my application in HTTPS.
Capture d’écran 2023-05-24 154136.png
Capture d’écran 2023-05-24 154136.png (81.23 KiB) Viewed 19729 times
Not to mention either that I also added an SSL certificate in the Server certificate section but unfortunately it still does not work.

Is there something I forgot to do or something I did wrong.

Thanks for your help.
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: The reverse proxy does not work to have my application in HTTPS

Post by hpl123 »

I use Winacme for all my https certificates and integrates with IIS so it does all of the work for you + the certificates are free (using Let´s Encrypt). Here you can download Winacme: https://www.win-acme.com/ and here are quick steps on how to configure IIS as a reverse proxy with Aware:
1. Make sure IIS is setup to work as a reverse proxy (https://docs.microfocus.com/OMi/10.62/C ... #Configure i.e the application request routing, url rewrite, enable proxy etc. and for this setup you don´t need to do the farm settings things).
2. Create a site for your app so say I want to have https://myapp.com/ I create a site for that URL with a local folder in the inetpub wwwroot folder (just create a new folder and add the path in the physical path field) and only create the site with port 80 so don´t do anything related to HTTPS (443 port etc.).
3. Point your domain DNS to your server IP and make sure the DNS works (after an hour or so) by visiting your domain and you should then see the IIS welcome page.
4. Start Winacme (after having installed it) and there select the "New certificate" option and follow the instructions. Winacme will create a certificate for your domain and also do all of the HTTPS related IIS settings.
5. Add reverse proxy rules in the web.config file located in your local folder from step 2. Here is an example I use and you should be able to just copy this entire block of text into the web.config file and if you don´t have a web.config file, create it:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
                </rule>
                <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
6. Test and make sure it works (go to https://myapp.com/AwareIM/loginAdmin.html and log in and test so everything works).

PS: The reverse proxy via IIS has a timeout of 30 seconds so you know that which means if you run longer Aware operations that take more than 30 seconds, IIS close the connection. You can change that in the IIS proxy settings.
Henrik (V8 Developer Ed. - Windows)
Maxo42
Posts: 46
Joined: Sun Dec 04, 2022 11:13 pm

Re: The reverse proxy does not work to have my application in HTTPS

Post by Maxo42 »

hpl123 wrote: Thu May 25, 2023 7:33 am I use Winacme for all my https certificates and integrates with IIS so it does all of the work for you + the certificates are free (using Let´s Encrypt). Here you can download Winacme: https://www.win-acme.com/ and here are quick steps on how to configure IIS as a reverse proxy with Aware:
1. Make sure IIS is setup to work as a reverse proxy (https://docs.microfocus.com/OMi/10.62/C ... #Configure i.e the application request routing, url rewrite, enable proxy etc. and for this setup you don´t need to do the farm settings things).
2. Create a site for your app so say I want to have https://myapp.com/ I create a site for that URL with a local folder in the inetpub wwwroot folder (just create a new folder and add the path in the physical path field) and only create the site with port 80 so don´t do anything related to HTTPS (443 port etc.).
3. Point your domain DNS to your server IP and make sure the DNS works (after an hour or so) by visiting your domain and you should then see the IIS welcome page.
4. Start Winacme (after having installed it) and there select the "New certificate" option and follow the instructions. Winacme will create a certificate for your domain and also do all of the HTTPS related IIS settings.
5. Add reverse proxy rules in the web.config file located in your local folder from step 2. Here is an example I use and you should be able to just copy this entire block of text into the web.config file and if you don´t have a web.config file, create it:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
                </rule>
                <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
6. Test and make sure it works (go to https://myapp.com/AwareIM/loginAdmin.html and log in and test so everything works).

PS: The reverse proxy via IIS has a timeout of 30 seconds so you know that which means if you run longer Aware operations that take more than 30 seconds, IIS close the connection. You can change that in the IIS proxy settings.
Hello hpl123, Thanks for your help.

On the other hand, when I try to configure an SSL certificate for IIS by Winacme, I get this response in their application.
However, as you can see I have a website in IIS so why is it writing that it can't find a website.
Capture d’écran 2023-05-28 222536.png
Capture d’écran 2023-05-28 222536.png (468.63 KiB) Viewed 19680 times
In more, I make sure IIS is setup to work as a reverse proxy as you can see.
Capture d’écran 2023-05-28 214903.png
Capture d’écran 2023-05-28 214903.png (75.28 KiB) Viewed 19680 times
I also created for the URL with a local folder in the path inetpub/wwwroot as you can see on the screenshot below.
Capture d’écran 2023-05-28 215400.png
Capture d’écran 2023-05-28 215400.png (18.02 KiB) Viewed 19680 times


So can you tell me if there's something I'm not doing right. Unfortunately, I can't show more than 3 screenshots per query. So if everything I've done so far is correct, let me know and I'll send you another answer with more screenshots showing how I got my domain's DNS to point. to the IP of my server and also I will show you that I have put the script that you sent me in the web.config file.

Because at the moment it doesn't work, because when I go to my domain name it only says that this site is inaccessible and that it took too long to respond.

In closing, do you think it would be easier to simply add an SSL certificate on the Tomcat server of the Aware IM software.

Thanks for your help.
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: The reverse proxy does not work to have my application in HTTPS

Post by hpl123 »

Maxo42 wrote: Mon May 29, 2023 2:35 am
hpl123 wrote: Thu May 25, 2023 7:33 am I use Winacme for all my https certificates and integrates with IIS so it does all of the work for you + the certificates are free (using Let´s Encrypt). Here you can download Winacme: https://www.win-acme.com/ and here are quick steps on how to configure IIS as a reverse proxy with Aware:
1. Make sure IIS is setup to work as a reverse proxy (https://docs.microfocus.com/OMi/10.62/C ... #Configure i.e the application request routing, url rewrite, enable proxy etc. and for this setup you don´t need to do the farm settings things).
2. Create a site for your app so say I want to have https://myapp.com/ I create a site for that URL with a local folder in the inetpub wwwroot folder (just create a new folder and add the path in the physical path field) and only create the site with port 80 so don´t do anything related to HTTPS (443 port etc.).
3. Point your domain DNS to your server IP and make sure the DNS works (after an hour or so) by visiting your domain and you should then see the IIS welcome page.
4. Start Winacme (after having installed it) and there select the "New certificate" option and follow the instructions. Winacme will create a certificate for your domain and also do all of the HTTPS related IIS settings.
5. Add reverse proxy rules in the web.config file located in your local folder from step 2. Here is an example I use and you should be able to just copy this entire block of text into the web.config file and if you don´t have a web.config file, create it:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
                </rule>
                <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
6. Test and make sure it works (go to https://myapp.com/AwareIM/loginAdmin.html and log in and test so everything works).

PS: The reverse proxy via IIS has a timeout of 30 seconds so you know that which means if you run longer Aware operations that take more than 30 seconds, IIS close the connection. You can change that in the IIS proxy settings.
Hello hpl123, Thanks for your help.

On the other hand, when I try to configure an SSL certificate for IIS by Winacme, I get this response in their application.
However, as you can see I have a website in IIS so why is it writing that it can't find a website.
Capture d’écran 2023-05-28 222536.png

In more, I make sure IIS is setup to work as a reverse proxy as you can see.
Capture d’écran 2023-05-28 214903.png

I also created for the URL with a local folder in the path inetpub/wwwroot as you can see on the screenshot below.
Capture d’écran 2023-05-28 215400.png



So can you tell me if there's something I'm not doing right. Unfortunately, I can't show more than 3 screenshots per query. So if everything I've done so far is correct, let me know and I'll send you another answer with more screenshots showing how I got my domain's DNS to point. to the IP of my server and also I will show you that I have put the script that you sent me in the web.config file.

Because at the moment it doesn't work, because when I go to my domain name it only says that this site is inaccessible and that it took too long to respond.

In closing, do you think it would be easier to simply add an SSL certificate on the Tomcat server of the Aware IM software.

Thanks for your help.
I am not sure why you are getting this, I have never experiences issues like these and I have used this exact setup on multiple Windows servers. The problems seems to be Winacme not recognizing IIS for some reason. You have added the IIS web roles etc. on the server right? https://enterprise.arcgis.com/en/web-ad ... server.htm (first 9 steps in the guide). You could possible try contacting Winacme if they have some type of support or try googling it (try googling the exact error message you get with the sites not being detected). The error message does indicate something about IIS plugin so can maybe be missing from your Winacme installation?

When it comes to Winacme etc. VS Tomcat, I would say Winacme is the better route (when/if it works). You get an free, easy to use solution that you can use for an unlimited number of servers/certificates + Winacme has scheduled tasks to renew certificates so you basically set it and forget it. Winacme also has advanced features for more complex scenarios making it a good overall solution. Tomcat, at least for me, was always a hassle (integrate certificates into Tomcat).
Henrik (V8 Developer Ed. - Windows)
Maxo42
Posts: 46
Joined: Sun Dec 04, 2022 11:13 pm

Re: The reverse proxy does not work to have my application in HTTPS

Post by Maxo42 »

hpl123 wrote: Mon May 29, 2023 6:32 am
Maxo42 wrote: Mon May 29, 2023 2:35 am
hpl123 wrote: Thu May 25, 2023 7:33 am I use Winacme for all my https certificates and integrates with IIS so it does all of the work for you + the certificates are free (using Let´s Encrypt). Here you can download Winacme: https://www.win-acme.com/ and here are quick steps on how to configure IIS as a reverse proxy with Aware:
1. Make sure IIS is setup to work as a reverse proxy (https://docs.microfocus.com/OMi/10.62/C ... #Configure i.e the application request routing, url rewrite, enable proxy etc. and for this setup you don´t need to do the farm settings things).
2. Create a site for your app so say I want to have https://myapp.com/ I create a site for that URL with a local folder in the inetpub wwwroot folder (just create a new folder and add the path in the physical path field) and only create the site with port 80 so don´t do anything related to HTTPS (443 port etc.).
3. Point your domain DNS to your server IP and make sure the DNS works (after an hour or so) by visiting your domain and you should then see the IIS welcome page.
4. Start Winacme (after having installed it) and there select the "New certificate" option and follow the instructions. Winacme will create a certificate for your domain and also do all of the HTTPS related IIS settings.
5. Add reverse proxy rules in the web.config file located in your local folder from step 2. Here is an example I use and you should be able to just copy this entire block of text into the web.config file and if you don´t have a web.config file, create it:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" />
                </rule>
                <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/{R:1}" appendQueryString="true" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
6. Test and make sure it works (go to https://myapp.com/AwareIM/loginAdmin.html and log in and test so everything works).

PS: The reverse proxy via IIS has a timeout of 30 seconds so you know that which means if you run longer Aware operations that take more than 30 seconds, IIS close the connection. You can change that in the IIS proxy settings.
Hello hpl123, Thanks for your help.

On the other hand, when I try to configure an SSL certificate for IIS by Winacme, I get this response in their application.
However, as you can see I have a website in IIS so why is it writing that it can't find a website.
Capture d’écran 2023-05-28 222536.png

In more, I make sure IIS is setup to work as a reverse proxy as you can see.
Capture d’écran 2023-05-28 214903.png

I also created for the URL with a local folder in the path inetpub/wwwroot as you can see on the screenshot below.
Capture d’écran 2023-05-28 215400.png



So can you tell me if there's something I'm not doing right. Unfortunately, I can't show more than 3 screenshots per query. So if everything I've done so far is correct, let me know and I'll send you another answer with more screenshots showing how I got my domain's DNS to point. to the IP of my server and also I will show you that I have put the script that you sent me in the web.config file.

Because at the moment it doesn't work, because when I go to my domain name it only says that this site is inaccessible and that it took too long to respond.

In closing, do you think it would be easier to simply add an SSL certificate on the Tomcat server of the Aware IM software.

Thanks for your help.
I am not sure why you are getting this, I have never experiences issues like these and I have used this exact setup on multiple Windows servers. The problems seems to be Winacme not recognizing IIS for some reason. You have added the IIS web roles etc. on the server right? https://enterprise.arcgis.com/en/web-ad ... server.htm (first 9 steps in the guide). You could possible try contacting Winacme if they have some type of support or try googling it (try googling the exact error message you get with the sites not being detected). The error message does indicate something about IIS plugin so can maybe be missing from your Winacme installation?

When it comes to Winacme etc. VS Tomcat, I would say Winacme is the better route (when/if it works). You get an free, easy to use solution that you can use for an unlimited number of servers/certificates + Winacme has scheduled tasks to renew certificates so you basically set it and forget it. Winacme also has advanced features for more complex scenarios making it a good overall solution. Tomcat, at least for me, was always a hassle (integrate certificates into Tomcat).
Thank you very much hlp123 for your help but I finally found a solution that works for me with Cloudflare.
https://www.awareim.com/forum/viewtopic.php?f=2&t=12706
hpl123
Posts: 2579
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: The reverse proxy does not work to have my application in HTTPS

Post by hpl123 »

Maxo42 wrote: Tue Jun 06, 2023 8:07 pm
hpl123 wrote: Mon May 29, 2023 6:32 am
Maxo42 wrote: Mon May 29, 2023 2:35 am

Hello hpl123, Thanks for your help.

On the other hand, when I try to configure an SSL certificate for IIS by Winacme, I get this response in their application.
However, as you can see I have a website in IIS so why is it writing that it can't find a website.
Capture d’écran 2023-05-28 222536.png

In more, I make sure IIS is setup to work as a reverse proxy as you can see.
Capture d’écran 2023-05-28 214903.png

I also created for the URL with a local folder in the path inetpub/wwwroot as you can see on the screenshot below.
Capture d’écran 2023-05-28 215400.png



So can you tell me if there's something I'm not doing right. Unfortunately, I can't show more than 3 screenshots per query. So if everything I've done so far is correct, let me know and I'll send you another answer with more screenshots showing how I got my domain's DNS to point. to the IP of my server and also I will show you that I have put the script that you sent me in the web.config file.

Because at the moment it doesn't work, because when I go to my domain name it only says that this site is inaccessible and that it took too long to respond.

In closing, do you think it would be easier to simply add an SSL certificate on the Tomcat server of the Aware IM software.

Thanks for your help.
I am not sure why you are getting this, I have never experiences issues like these and I have used this exact setup on multiple Windows servers. The problems seems to be Winacme not recognizing IIS for some reason. You have added the IIS web roles etc. on the server right? https://enterprise.arcgis.com/en/web-ad ... server.htm (first 9 steps in the guide). You could possible try contacting Winacme if they have some type of support or try googling it (try googling the exact error message you get with the sites not being detected). The error message does indicate something about IIS plugin so can maybe be missing from your Winacme installation?

When it comes to Winacme etc. VS Tomcat, I would say Winacme is the better route (when/if it works). You get an free, easy to use solution that you can use for an unlimited number of servers/certificates + Winacme has scheduled tasks to renew certificates so you basically set it and forget it. Winacme also has advanced features for more complex scenarios making it a good overall solution. Tomcat, at least for me, was always a hassle (integrate certificates into Tomcat).
Thank you very much hlp123 for your help but I finally found a solution that works for me with Cloudflare.
https://www.awareim.com/forum/viewtopic.php?f=2&t=12706
Sure, no problem and glad you got it working.
Henrik (V8 Developer Ed. - Windows)
Post Reply