12

We have an IIS 7 webserver configured and would like to create a reverse proxy for a TeamCity installation using Tomcat on the same machine.

The IIS server site is https://somesite and I would like the TeamCity to appear as https://somesite/teamcity redirecting to http://localhost:portnumber.

I have installed the IIS URL Rewrite extension and the Application Request Routing to try and setup a reverse proxy but can't get it working.

The closest answer I found is an old StackOverflow question: https://stackoverflow.com/questions/331755/how-do-i-setup-teamcity-for-public-access-over-https
which unfortunately doesn't have any working example.

I've searched a quite a bit but can't seem to find a relevant example.

Any help is appreciated!

Cynicszm
  • 121
  • 1
  • 1
  • 4
  • I also noticed that using this method some buttons in TeamCity lead to 'http' instead of 'https'... maybe there is not a good way of doing this. While it can get re-written, does that mean the first call with all the data gets sent in plain text? hmmm – tofutim Oct 21 '14 at 23:56

4 Answers4

12

Having just spend around 4 hours trying to configure SSL for TeamCity (and using the answers in this thread), I managed to get this working using the server farm option.

  • I configured a TeamCity server farm which included my TeamCity server on 127.0.0.1 using port 8080, and allowed the Application Routing Rules to create a corresponding server farm routing rule.

  • I then created a website called TeamCitySecureProxy which I configured with a self-signed certificate. On the bindings I only configured https/443 (no http/80).

  • The part I was missing:- I then clicked on the 'TeamCity' node under 'Server Farms' in IIS, choose 'Proxy' from the 'Server Farm' pane, and ticked the 'Reverse rewrite host in response headers'.

I now have a secure end-point for accessing my plain http TeamCity installation.

Warren Edwards
  • 121
  • 1
  • 3
  • 1
    I get "502 - Web server received an invalid response while acting as a gateway or proxy server." - did you encounter this on your journey, and if so, how did you fix it? – mcintyre321 Apr 13 '12 at 12:29
  • This solution worked for me. Reverse rewrite host is necessary otherwise some buttons lead to http instead of https. Thanks Warren – tofutim Oct 22 '14 at 00:00
  • There are some issues with the nuget server in this scenario.:( – tofutim Oct 22 '14 at 00:22
1

Make sure ARR proxying is enabled in IIS GUI. You probably want preserve host header (may need to edit applicationHost.config by hand, or use appcmd to set this one) and reverse rewrite host in response header options enabled as well, so the browser makes requests, and sees responses, that match the SSL cert host.

  1. IIS site on 443 (and 80 probably?) -- listening to all requests (do not specify hostname)
  2. look at all incoming paths: match URL (.*)
  3. look for the TeamCity path, preserve rest of path: condition {URL} matches ^teamcity(/.*)?
  4. rewrite with preserved path: action rewrite, http://localhost:port/{C:1}
  5. append querystring checked
  6. and stop processing further rules probably checked

I think that should do it.

<rule name="Demo Rule" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{URL}" pattern="^teamcity(/.*)?" />
    </conditions>
    <action type="Rewrite" url="http://localhost:8080/{C:1}" />
</rule>
Sk8erPeter
  • 199
  • 2
  • 15
andrewbadera
  • 226
  • 1
  • 4
1

You could also use a connector to do so.

There is the old ISAPI connector (redirector) available from Apache directly or there is also a new one available from RiaForge (this one seems easier to get running).

http://tomcatiis.riaforge.org/

  • 1
    what about `*.jar` files? I installed this on my IIS 7.5, but it just serves `*.jsp` contents... :( I have a `vaadin-6.6.2.jar` file in the root of my deployed webapp. I think BonCode AJP Connector handles just JSPs, I can see a `Boncode-Tomcat-JSP-Handler` in "Handler Mappings" option of IIS, but it's not set what should be done with `*.jar` files. – Sk8erPeter Nov 27 '11 at 00:44
0

I have just done this myself and have just posted a blog about it.

You appear to have installed all the requirements, now you just need to setup the server:

http://bronumski.blogspot.com/2010/10/host-teamcity-in-iis7.html

Bronumski
  • 119
  • 1
  • 1
  • 7
  • No joy using your post. I'd already tried the ServerFarm option. I need to get it working on SSL only, IIS isn't bound to 80 only 443. Also need to get the site working as described in the question root/teamcity and there is insufficient detail on the post to get it working that way. Thanks for the link though – Cynicszm Oct 29 '10 at 10:52