2

I have a virtual machine in azure running three self hosted applications (not hosted in IIS) on three different ports.

I can access them at the urls below:

  • my-server.cloudapp.azure.com:8080
  • my-server.cloudapp.azure.com:8081
  • my-server.cloudapp.azure.com:8082

I've purchased a domain name (my-server.company.com) and want to create three subdomains pointing to each respective applications

  • application-1.my-server.company.com
  • application-2.my-server.company.com
  • application-3.my-server.company.com

My first thought is to install IIS on the virtual machine and setup a reverse proxy using URL Rewrite on the default website as mentioned in this article (http://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis).

So in this scenario, I would setup CNAME records for each of the sub-domains to point to my-server.cloudapp.azure.com:80 and then configure the reverse proxy to forward to the different ports (8080, 8081, 8082) based on the host header.

Is this possible / the best way to go about this?

The second question is once I get this working, how can I add ssl?

Would each sub-domain need its own ssl certificate, in which case how can this work with the setup above (there are no iis websites to bind each certificate to). Or could I just use a certificate for my-server.company.com and then offload at the reverse proxy?

Final Solution

I created CNAME dns records as follows:

CNAME | application-1 | my-server.cloudapp.azure.com
CNAME | application-2 | my-server.cloudapp.azure.com
CNAME | application-2 | my-server.cloudapp.azure.com

Then on the azure vm I run Caddy (a HTTP/2 web server with automatic HTTPS) with the following Caddyfile:

application-1.my-server.company.com {
    proxy / localhost:8080 {
        proxy_header Host {host}
    }
}

application-1.my-server.company.com {
    proxy / localhost:8081 {
        proxy_header Host {host}
    }
}

application-1.my-server.company.com {
    proxy / localhost:8082 {
        proxy_header Host {host}
    }
}

The beauty of this, is the first time Caddy runs, it automatically enables HTTPS for all your sites (using autogenerated certs from Let's Encrypt) and will also redirect all HTTP requests to their HTTPS equivalent.

This setup also meant I didn't have to install IIS on the VM.

NOTE: You need to add an inbound firewall rule for ports 80 and 443 for Caddy to work

kimsagro
  • 23
  • 1
  • 8

2 Answers2

5

If I understand your question correctly, you want to do the following:

application-1.my-server.company.com point to my-server.cloudapp.azure.com:8080 
application-2.my-server.company.com point to my-server.cloudapp.azure.com:8081 
application-3.my-server.company.com point to my-server.cloudapp.azure.com:8082 

One solution is the use a reverse proxy. See this question for details: How do I redirect subdomains to a different port on the same server?. You can use self signed certificate between the reverse proxy and the web servers.

You also could offload the SSL certificate: https://kb.paessler.com/en/topic/44613-using-windows-iis-as-ssl-proxy-for-prtg. But then you need to manage multiple certificates. You could put a nginx reverse proxy before every application to add SSL support.

In you DNS add one A record for my-server.company.com. The best thing for the sub domains is to create CNAME records when they are on the same server. That way, you only have to update the A record when your IP changes. Otherwise create A records for every sub-domain.

For the SSL certificate. You have to have a certificate on every server. The traffic between your reverse proxy and web service has to be secure when you use multiple server. This because there could also be a man in the middle attack between your servers.

Orophin
  • 391
  • 1
  • 3
1

You can create three virtualhosts and set the binding names for each application (DNS Record type A, I think that you cant use CNAME becouse the A record is same in the hosted application), you can see https://technet.microsoft.com/en-us/library/cc731692(v=ws.10).aspx

Finally, for each virtualhost create an url rewrite rule.

emedinag
  • 11
  • 3