LetsEncrypt & VPN Connection on 443 (IIS URL rewrite dropped)

karldonteljames · October 19, 2018, 7:48am

Morning everyone.
I’m running a few of my own systems at home now:

Emby
Grafana
Home-Assistant
Wordpress
VPN

The VPN connection is handled by my firewall, (port 443) and the rest via IIS reverse proxy with ports then remapped in the URL rewrite module (via port 80)

e.g.
emby.example.com —> 192.168.12.101:8096
stats.example.com —> 192.168.12.201:3000
ha.example.com —> 192.168.12.201:8123
wordpress.example.com —> index.php

at the moment my url rewrite rules are configured as follows:

   <rule name="Stats" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="stats.example.com" />
                    </conditions>
                    <action type="Rewrite" url="http://192.168.12.201:3000/{R:1}" />
                </rule>

everything is working fine over port 80, but I want to move to 443, I have certifytheweb installed and have the certificates all set up on the reverse proxy server, but need help with the rules.

I assume that I’ll need to forward port 443 to the IIS server and have it pass back the VPN traffic to the firewall based on the name (e.g. vpn.example.com) and pass on the request to the downstream machines. I’m just unsure how to write the rules to accomplish this. Any help would be really appreciated.

Karl

nickrout · October 19, 2018, 7:58am

This is not the IIS forum, wouldn’t you be better to ask in a more appropriate place? Like, microsoft.com?

karldonteljames · October 19, 2018, 8:01am

Morning @nickrout

You may be right, but one of the reasons I want to move to SSL is so that I can get my echo’s working again. I know there are some VERY knowledgeable folk on here, and thought that someone might be able to help.

Thanks anyway.

nickrout · October 19, 2018, 8:04am

I don’t see many people using IIS on here, I hope you get some traction

karldonteljames · October 19, 2018, 8:13am

TBH, I’d be happy to move to a different reverse proxy solution as i’m using unraid at the moment server 2012 is probably using far more resources than I need it to be as a VM.

As long as I could also move my wordpress stuff to another platform within unraid… I notice that a number of people are using nginx, I assume i could use that along with the lets encrypt docker?

karldonteljames · October 19, 2018, 11:32am

I’ve setup lets encrypt in unraid, and i can now get to the landing page via SSL.

I’ve got reverse proxy working for HA, but want to add the subdomains, can anyone advise please? I’m not having much luck searching on t’interweb, the results i am coming up with, i can’t seem to get my head round the examples.

Thanks in Advance.

karldonteljames · October 19, 2018, 2:24pm

All Sorted! Now to setup Alexa again!