I have a virtual machine in azure running three self hosted applications (not hosted in IIS) on three different ports.
I can access them at the urls below:
my-server.cloudapp.azure.com:8080
my-server.cloudapp.azure.com:8081
my-server.cloudapp.azure.com:8082
I've purchased a domain name (my-server.company.com
) and want to create three subdomains pointing to each respective applications
application-1.my-server.company.com
application-2.my-server.company.com
application-3.my-server.company.com
My first thought is to install IIS on the virtual machine and setup a reverse proxy using URL Rewrite on the default website as mentioned in this article (http://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis).
So in this scenario, I would setup CNAME records for each of the sub-domains to point to my-server.cloudapp.azure.com:80
and then configure the reverse proxy to forward to the different ports (8080
, 8081
, 8082
) based on the host header.
Is this possible / the best way to go about this?
The second question is once I get this working, how can I add ssl?
Would each sub-domain need its own ssl certificate, in which case how can this work with the setup above (there are no iis websites to bind each certificate to). Or could I just use a certificate for my-server.company.com and then offload at the reverse proxy?
Final Solution
I created CNAME dns records as follows:
CNAME | application-1 | my-server.cloudapp.azure.com
CNAME | application-2 | my-server.cloudapp.azure.com
CNAME | application-2 | my-server.cloudapp.azure.com
Then on the azure vm I run Caddy (a HTTP/2 web server with automatic HTTPS) with the following Caddyfile:
application-1.my-server.company.com {
proxy / localhost:8080 {
proxy_header Host {host}
}
}
application-1.my-server.company.com {
proxy / localhost:8081 {
proxy_header Host {host}
}
}
application-1.my-server.company.com {
proxy / localhost:8082 {
proxy_header Host {host}
}
}
The beauty of this, is the first time Caddy runs, it automatically enables HTTPS for all your sites (using autogenerated certs from Let's Encrypt) and will also redirect all HTTP requests to their HTTPS equivalent.
This setup also meant I didn't have to install IIS on the VM.
NOTE: You need to add an inbound firewall rule for ports 80 and 443 for Caddy to work