IT support
Install the Internet Information Server web server, which is included by default Microsoft Windows server. When installing, be sure to select the components:
On the same server where the IIS web server is deployed, install 1C:Enterprise (32-bit components), be sure to select the components during installation:
If you plan to configure a 64-bit web server extension module, you must additionally run the 64-bit server installer from the corresponding 1C:Enterprise distribution and install the following component:
Now you need to install necessary rights to key folders used for web access to 1C:Enterprise databases. For the storage directory of website files published on the web server (default: C:\inetpub\wwwroot\), you need to give full rights to the group "Users"(Users). In principle, this step can be skipped, but then, in order to publish or modify the database publication, you will need to run 1C:Enterprise as an administrator. To configure the security of this directory, click on it right click mice and context menu choose "Properties"(Properties).
In the properties window that opens, go to the tab "Safety"(Security) and press the button "Change"(Edit…), to change the current permissions. The permissions window for this directory will appear. In the list of Groups or users (Groups or user names) select the group "Users" (Users) and in the list of permissions for the selected group set the flag "Full access"(full control). Then press "Apply"(Apply) to save the changes and close all windows with the button "OK".
Next, you need to give full rights to the directory with installed files 1C:Enterprise (default: C:\Program Files (x86)\1cv8\ for 32-bit expansion module and C:\Program Files\1cv8\ for 64-bit) group IIS_IUSRS. To do this, we perform the same actions as described above, with the only difference that in order for the required group to appear in the list "Groups or Users"(Groups or user names), you must click the button below the list "Add"(Add..), and in the window for selecting groups or users, click "Additionally"(Advanced...).
Then press the button on the right "Search"(Find Now), then select the desired group IIS_IUSRS in the search results table and click "OK".
And finally, if you are publishing to a filebase, you must also give the group IIS_IUSRS full rights to the directory containing the files of this infobase.
We proceed to the direct publication of the database on the web server. To do this, launch 1C:Enterprise in the mode Configurator for the base you want to publish. Then select from the menu "Administration" - "Publishing to a web server ..."
The window for setting the properties of the publication on the web server will open. The main fields required for publication are already filled in by default:
After selecting the required publishing settings, click "Publish".
If the publication went without errors, we will see a corresponding message.
You can also connect to this infobase from any computer on the network by accessing the web server via its internal (or if port 80- by external) IP address.
The presence of an SSL certificate for the site allows you to protect user data transmitted over the network from attacks man-in-the-middle and ensure the integrity of the transmitted data.
Let's Encrypt is a non-profit certificate authority that allows you to automatic mode issue free SSL/TLS certificates via API. Only domain validation certificates are issued with a 90-day validity period, which is not a problem due to the built-in ability to automatically reissue the certificate, which ensures continuity of protection.
The following is a way to get an SSL certificate from Let's Encrypt using a console utility. LetsEncrypt-Win-Simple. It is a simple wizard that allows you to select one of the sites running on IIS and automatically issue and bind an SSL certificate to it.
Download the latest release of the client from the project page on GitHub https://github.com/PKISharp/win-acme/releases
Let's unpack it into a directory on the server with IIS: c:\inetpub\letsencrypt
An interactive wizard will start, which will first ask you to specify your e-mail, to which notifications about problems with certificate renewal will be sent, and agree to the user agreement.
Then you will need to choose what you want to create new certificate (N: Create new certificate) and select the type of certificate (in our example, there is no need to use a certificate with multiple SANs), so just select the item 1. Single binding of an IIS site.
The next step is to perform domain validation. Several validation options are available: TLS, via DNS entry, or via HTTP). The easiest option is to select 4 Create temporary application in IIS (recommended). In this case, a small application will be created on the web server through which the Let's Encrypt servers can validate.
Note. When performing TLS/HTTP verification, your site must be accessible from the outside by its fully qualified DNS name using the HTTP (80/TCP) and HTTPS (443/TCP) protocols.
After validation, the utility letsencrypt-win-simple will automatically send a request to generate a certificate, download it (all the necessary files, as well as the private key are stored in the C:\Users\User\AppData\Roaming\letsencrypt-win-simple directory) and create a binding on the IIS site. In the event that an SSL certificate is already installed on the site, it will be replaced with a new one. In addition, a rule will be created in the scheduler Windows tasks, which runs every day and automatically issues and installs a new certificate every 60 days.
Create a separate pool in IIS for letsencrypt
Adding a site to a new pool. Specify the port 443 (or another to which we will later forward to port 443).
Specify the new certificate in "SSL Certificates":
Set up a link to our site:
We check.
Launch the VSPE program. Click on the "Create a new device" button.
After that, you need to create virtual ports (each checkout has its own port). It is better to take port numbers lower in order to avoid problems.
In the window that opens, select from the drop-down menu TcpServer. Push button "Further".
Set the local number of the tcp port to be listened on. Select the COM port to which the equipment is connected via an interface converter. Click on the button "Settings".
1. Pre-create a directory test site for site content on in directory c:\inetpub on server. This can also be done from the base OS: using Explorer, open the \\win_web_srv\c$ directory and create a folder or in command line on the server with the command mkdir.
2. In the catalog test site create a file index.html the following content
3. In file host in the base OS, we will write the correspondence between the IP address of our web server and the name of the new TestSite site.
4. Launch IIS Manager in the underlying OS.
5. Connect to our remote web server.
6. On the right panel "Connections" select node "sites", on the left panel "Actions" choose "Add Website"
7. In the window that opens, we define the main parameters of the site:
site name - test site(you can set arbitrary, it will be used only to identify the site within the web server)
content directory, physical path - c:\inetpub\testsite
Binding will be done by host header.
node name - test site(Visitors will access the site by this name)
8. Thus, we created a new site and made a binding according to the host header (host name).
9. Check if the site is working. In the browser in the URL line write http://testsite/ You should see the page index.html created site.
10. Let's configure "Default Document"
11. On the connection panel in the node sites choose our site test site and in the central part of the main window, select the item "Default Document"
12. There can be several documents by default, the administrator can order the list of these documents, thereby determining the order in which they are searched in the catalog. If the default document is not found, then it is taken into account by setting the parameter Directory Browsing
13. Please note that the settings for our site have been inherited from a higher level. Because we only have a page index.html and nothing else is foreseen, then we will edit these settings. Use the options available on the Actions panel on the right:
remove all filenames from the list except index.html
add a new name default.html
move the index.html file to the very top
14. The result should be something like this picture
15. After the changes, look in the main directory of our site c:\inetpub\TestSite file appeared web.config, which contains site-specific configuration changes only related to settings Default document
16. Let's create a virtual directory.
17. In the catalog c:\inetpub\testsite create a subdirectory on the server vd.
18. In the Internet Information Services (IIS) Manager, right-click on the name of our site and select Refresh
19. Please note that a folder has appeared in the site structure, but it is rather a real folder, and not a virtual one J. it resides in the physical directory structure of our site.
20. In the browser, type http://testsite/vd in the URL bar, you will get the following error message
21. This reaction of the web server is explained by the fact that in the directory vd there is no file specified in the settings Default document, and the setting Directory Browsing inherited from the site has a parameter value Enabled=False, i.e. directory browsing is disabled.
22. Allow directory browsing for the vd folder
23. In the site structure, select a folder VD, and on the page Opportunities in the IIS group, select the item Catalog View.Thus, we will be able not only to configure the display options for the contents of the directory, but first of all enable this feature for the VD folder.
24. Click on the left side of the panel Actions paragraph Turn on. In the central part of the window, the corresponding options for displaying the contents of the catalog will become available for editing.
25. Refresh the page in the browser
26. Note that a file was automatically created in the VD directory web.config, which defines just the permissions to browse the directory
27. Trying to create a "real" virtual directory outside the directory structure of our site. For example, in the root of the disk WITH create a directory VD_TestSite. Accordingly, unlike the VD folder, this folder was not automatically included in the structure of our site.
28. In the IIS Manager, right-click on the node of our site (TestSite) and select the item "Add virtual directory"
29. It remains only to define the parameters of the virtual directory and specify its physical location
30. In the window "Adding a Virtual Directory" define the parameters of the virtual directory: alias and physical location. Please note the alias (alias) does not match the folder name. In the browser line in the URL, you will need to use just the specified alias.
31. Pay attention to the difference between the icons of the two folders in the site structure
32. Add to catalog c:\VD_TestSite create a primitive html page named index.html
33. In the browser, in the URL bar, type http://testsite/vd1. Make sure the page you created is displayed. In general, a virtual directory can refer to a directory located even on another physical machine, in which case the path is a UNC path.
34. Let's try to experiment a lot with different ways to link the site.
35. Trying to bind the site to the port.
36. In IIS Manager, on the panel "Actions" choose "Bindings", then "Add" and specify the non-standard port 4545
37. In the browser, in the URL bar, write http://web_win_srv. Must see page Default Web Site, i.e. site by default.
38. Now let's try to write http://web_win_srv:4545 in the URL line. The page of our site should open - TestSite.
39. Thus, we got that our site is linked in two ways:
port 80 and host header TestSite
port 4545
40. Let's get acquainted with the restrictions settings for our site.
41. On the panel "Actions" select item "Extra options"
42. Weird big numbers values of the parameters "Maximum throughput” and “Maximum connections” indicate that no limits have been set.
43. Restrictions can be changed using the item "Restrictions…" on the panel "Actions"
44. Now let's experiment with error messages with which our server responds to incorrect actions of visitors or applications hosted on it.
45. In a browser, try to open a page on our site that doesn't exist, for example http://testsite/test.html. Because there is no such page, the server will return an error message with the code 404 . This message can be changed to be more "friendly" to the visitor.
46. Let's look at all the pages corresponding to errors for the TestSite site, which it inherited from the Web server level
47. Let's try to change the message when an error occurs 404 .
48. Let's create our own html page with the name 404.htm and place it in the directory c:\inetpub\TestSite\err.File content 404.htm
File not found
Unfortunately, the content you were looking for is not here.
Please try to select the information you need by going to the main page of the site:
49. On the panel Actions select item "Change…"
50. In a browser, try to open a page on our site that doesn't exist, for example http://testsite/test.html
51. We look at the page we created specifically for the 404 error.
52. Now let's experiment with connecting to our site and working with it through the secure HTTPS protocol based on SSL certificates.
53. Let's look at the certificates that are present on our local computer (base OS) and web server. To do this, we will use the appropriate snap-in of the MMC management console.
54. Launching the management console from the command line cmd.
55. Let's add the equipment we need.
File –> Add or Remove Snap-ins
56. From the list of available snap-ins, select "Certificates" and press the button "Add".
57. In the window that opens, select the option "computer account", press "Further" And "Ready"
58. After that, the snap will appear in the list "Selected Snaps...", click to finish "OK"
59. In the same way, add a snap-in to the same console "Certificates" for a remote web server. Only during configuration, specify the name of the remote web server.
60. Thus, we get access to the management of certificates located in the repositories on the local computer (base OS) and the remote web server.
62. To work over the HTTPS protocol, you must have a server certificate, and this certificate must be certified by a certification authority. As part of the laboratory work, we will not "bother" with the creation of a "full-fledged" certificate that would be correct to use. We will certify the certificate for our web server with a self-signed root certificate, which we ourselves will create and transfer to the trusted root certificate store on the local machine (base OS). It is clear that this is “not sporty”, and in real life it cannot be used, but for our experiments it will do. This is a consequence of the fact that there are too many conventions in our laboratory network and there is no main CA itself, or at least a working domain controller.
63. Another obstacle is due to the installation mode of the web server - Server Core, in which there is no "IIS Manager", so we perform all configuration actions mainly remotely or in command line mode. When managing IIS remotely using the "IIS Manager", there is no access to the certificate management function for IIS (for comparison, see the pictures below, screenshots from the web server in Full installation mode). But we are not looking for easy ways.
64. So, we create all the certificates using the command line. To do this, we will use the utility makecert.exe from Windows SDK for Windows Server 2008 and .Net Framework 3.5
65. Create a self-signed root certificate. On the web server in the command line (cmd) enter the command
makecert.exe –ss root –sr localMachine –n “CN=TestCompany” -eku 1.3.6.1.5.5.7.3.1 –r
–ss root specifies that the certificate will be generated in the trusted root certificate store
-r- create a self-signed certificate
--eku 1.3.6.1.5.5.7.3.1– certificate identifier for Server Authentication; for the client, you need to use Client Authentication (1.3.6.1.5.5.7.3.2)
66. We create a certificate for the website, signed by our root certificate. It is important that the value of the parameter CN matched exactly the URL site name. For example, the generated certificate will only be valid for the testsite site, but will not be valid for www.testsite.
makecert –pe –ss my –n “CN=testsite” –b 01/01/2013 –e 01/01/2036 –sky exchange –in “TestCompany” –is root –eku 1.3.6.1.5.5.7.3.1 – sr localMachine
67. As a result of the manipulations, we have the created root certificate in the "Trusted Certification Authorities" store and our own certificate for the website in the "Personal" store
68. Find these certificates yourself in the base OS management console.
69. Open the "IIS Manager" and bind the test website to enable it to be accessed via HTTPS. It should be noted that when binding, we select the HTTPS protocol and specify the certificate we created with the name "testsite" as the SSL Certificate
70. In the browser, we try to access the test site using the HTTPS protocol.
https:\\testsite
71. Pay attention, because. organization "TestCompany" is not known to our local machine, then the browser issued a warning
72. Despite the warning, we continue to work with the site.
73. To make everything look nice, we need to place the root certificate of our test organization (TestCompany) in the trusted root certificate store on the local computer (base OS). Let's export the root certificate to a file (for example, TestCompany.cert) using the management console.
74. Let's import a certificate from a file TestCompany.cert in the trusted root certificate store on the local machine (base OS).
75. In the browser, open again our test site, using the HTTPS protocol to access it. We see that the certificate identification was successful.
76. Try using the HTTP protocol to work with the test site.
http:\\testsite
77. We see that the site can handle both HTTP and HTTPS requests. To prohibit the use of the HTTP protocol, and process all requests only via the HTTPS protocol, it is necessary in the website settings "SSL Options" select an option "Require SSL". In addition, here you can also configure the behavior of the website regarding the client's SSL certificate.
78. Now we are trying to access the test site via the HTTP protocol. We see that access is denied.
79. If we try to use for another site (for example, for the default site) the SSL certificate issued for the TestSite site, we will receive an error message in the browser window.
80. Bind the default site yourself to use HTTPS and the SSL certificate generated for the TestSite site and check for an error.
81. Create an SSL certificate for the default site yourself and change the binding for the default site to work correctly over the HTTPS protocol.
82. And finally, the most interesting ...
83. We will provide the ability to host sites created using PHP on our web server.
84. First of all, we check if our CGI web server is supported. We make sure that when installing the IIS-CGI component, it was not installed
oclist | more
85. Install the IIS-CGI module
Good afternoon, dear readers and guests of the blog site, last time I told you how the server is configured on Windows Server 2016, today I want to move away from server platforms and talk about additional features of desktop systems, namely about iis services windows 7, we will consider the question of how to install them and how to administer them. I am sure you will benefit from knowing about this opportunity.
And so, not many users of the operating Windows systems 7, they know that their favorite operating system, in addition to standard functions, also has additional ones and may well become a server on which you can run your sites, for this it includes a component such as Internet Information Services or simply IIS. I have already introduced you to him, dear readers, in my posts:
So what if you have more new system, then the links described above will suit you, I also want to note that in order to run various sites on your computer, you can use a simple and free complex called Denwer, but this is such a lyrical digression.
There are two options to install iis manager windows 7:
We will do this through the control panel, for this open start and select "Control Panel"
For convenience, choose to display large icons.
Find "Programs and Features"
Now, in order to enable the iis windows 7 services, you need to run the component, this is done through the corresponding menu, it is marked with a red oval for me.
We check the checkbox against IIS, note that there will be added a lot of different components:
Click OK and this component will be installed, it may take some time, upon completion, you will not need to reboot.
You can find IIS Manager in the control panel at the path "Control Panel\All Control Panel Items\Administrative Tools"
Or you can press the Win and R keys at the same time and type inetMgr
The same site building manager will open. That's all, but I advise you to read how to create sites in Internet Information Services.
Learn how to install Internet Information Services (IIS) on servers running operating systems Windows Server 2012 R2 and Windows Server 2008 R2.
IIS (Internet Information Services) is a set of services from Microsoft for the operation of a web server and other Internet services. IIS is installed on the server and works with HTTP/HTTPS, POP3, SMTP, FTP, NNTP protocols. In 2015, version 10 of IIS was released, developed for Windows Server 2016.
Please note that services such as ASP.NET, ISAPI filters, etc. are not installed by default.
The features available to you in IIS are listed in IIS Manager. From here, manage IIS features, configure and restart.
The default page will load.
Add sites to be served by this web server.
The newly added site will appear in the list of IIS sites.
The same can be done through the panel " local server" (Local Server) - "Management" (Manage).
Note that the FTP service is not installed by default. If you need new roles later on, you can add them without reinstalling IIS.
If necessary, check "Restart the destination server automatically if required", if the item is not selected, then restart the server yourself after installation is complete.
The installed IIS service appears in the content list.
The features available to you in IIS are listed in the Features View panel. From here, manage IIS features, configure and restart. For example, set up SSL certificates.
Applications and sites developed in ASP.NET must be hosted on a web server (hereinafter referred to as IIS). This is a Windows snap-in responsible for hosting web applications, parallelizing http requests, storing user sessions, and much more.
Windows 2008 does not have IIS by default, and before you can set up a site, you must install IIS. Therefore, the article is divided into two parts:
IIS 7 Application Server is installed from distribution operating system. It is advisable to install IIS from the same OS distribution that is installed on this computer. From experience, I’ll say that there are precedents for incorrect work in the case of installing IIS from a “non-native” distribution. Insert the Windows 2008 disc into the drive and start installing IIS:
1. Click "Start" and right-click on "Computer", go to "Management":
2. In Server Manager, select "Features" and click "Add Features":
3. In the tree, select "Web Server Tools (IIS)" and click "Next":
This will start installing IIS 7 from the Windows 2008 operating system disk. Wait until it is finished and restart your computer. All! IIS installation completed!
So, we have a site, let's call it Security. It is a Security directory and a set of files in that directory. The site has a home page that should load by default. Let's call it index.aspx. The first step is to install and register. net framework. You need to install the same .Net Framework under which your site is written. The version can be viewed in the web.config file of your site. We will assume that our site is written in Net.Framework v.4.0.
Installing and configuring Net.Framework is covered in a separate article How to install Asp.Net and register it in IIS. Here I will describe briefly: to register the .Net Framework in IIS, you need to use the command line from the C:\WINDOWS\Microsoft.NET\Framework\ directory version of your Framework\ run the command aspnet_regiis.exe -i;
Place the Security directory in C:\Inetpub\wwwroot\. This is the working directory of the IIS Manager.
Now let's go directly to setting up IIS:
1. Launch the Internet Information Services (IIS) Manager. Click "Start", "Run". In the window that appears, enter inetmgr.exe and click "OK":
2. First of all, let's create an application group for our site. In general, an application group is created in order to separate applications running on different versions of the .Net Framework. In principle, if you have only one site on your machine, then you can skip this step. In IIS Manager, right-click Application Groups, New menu, Application Group... In the window that appears, enter the name of the application group and click OK. Because Since we decided that our site was written in .Net Framework v.4.0, we will call our application group "Net 4.0":
3. After we copied our site to C:\Inetpub\wwwroot, we have a Security directory in the IIS Manager under Web Sites. Right click and select "Convert to Application":
4. In the window that appears, select our application pool and click "OK":
5. On the "Documents" tab, we need to add our main page. Then, when accessing the site, you will not need to access http:// server_name/Security/ndex.aspx, it will be enough to write http:// server_name/Security and we will get to the main page of the site. On the "Documents" tab, delete all the pages that are there by default and add your own start page index.aspx:
6. This completes the IIS configuration, it remains to configure access rights to the Security directory. open general access on the "Access" tab and give full access to the IIS_IUSRS group and the IUSR user (they are created when IIS is installed). On the "Security" tab, also give full access to the specified group and user:
Now you can try to open our site. Open a browser and type in address bar http:// server_name/Security, yours will appear main page. All! If you have any questions, I will be happy to answer in the comments to the article.