Reverse Proxy is a key part of the infrastructure topology which help users to access application from the internet. As Microsoft has no futuristic road-map for TMG/UAG and other products which provide same kind of functionality may expensive and costly. Therefore, Microsoft came up with inexpensive reverse proxy solution which works on IIS 7 onwards. It is very simple to configure and can be configured on Windows server operating system as well as on client operating system.
Let’s start step by step procedure to configure Internet Information Service Application Request Routing (IIS ARR) on window 8.1. The basic requirements to configure IIS ARR is 2 NIC’s and IIS 7 & above.
(Note: If you are using IIS ARR behind the internal firewall then don’t forget to add the route for inbound traffic and don’t specify any gateway in your internal NIC.)
The system should not be part of the domain. One network will connect to your internal network and another network will connect to the internet.
Install windows 8.1 Enterprise.
Add DNS Suffix.
Configure both NIC’s. In my setup “Edge” will talk to internal network and “External” will talk to Internet. Don’t configure gateway and dns in internal NIC.
Install IIS with default features.
There are two ways two install IIS ARR components.
- Automatic (If you have internet connection on your IIS ARR, you can use this option.)
- Manual (if you don’t have internet connectivity.)
For automatic installation just download “Windows Platform Installer” and run wpilauncher.exe.
Type ARR in search menu and enter, you will get Application Request Routing 3.0 and click on add and then click on install.
You will get the list of dependency including AAR 3.0. Click on I accept to install.
If you don’t have internet connection on your IIS ARR server, you can follow the same steps till now on any machine where you have internet connection and can download all dependencies by clicking on “Direct Download Link”.
Now, you can install everything manually including IIS features which are not installed by default by cross checking in the above window.
Once you have done with installation, please assign certificate to IIS which should have following SAN’s.
- LyncExternalWebSerivice.domain.com (FQDN of external Lync Web Services)
WACExt.domain.com (FQDN of external WAC services) – only if you are publishing WAC url.
Open IIS Manager and cross verify assigned certificate.
Right click on Server Farms and create new server farm.
Define server farm name and click on next.
Define IP address of you FE Pool or FQDN* of your FE Pool.
(Note: If you use FQDN then you should make entry in host file.)
Make server entry and change the port in advance settings as below.
Now, you can see your server farm.
Follow the same steps and add all your require server farms.
Now go to you websites and click on bindings.
Do the necessary bindings with port 443 for https.
Now, you have to go to in each farm and change configuration under Caching, Proxy and Routing rules.
Uncheck “Enable disk cache”
Click on apply.
Now, change time-out (seconds) to 180-200.
Click on apply.
Uncheck “Enable SSL offloading” in Routing Rules.
Click on apply.
Now, It is time to configure URL Rewrite settings.
You have to keep only _SSL URL path.
Click on each and add the condition (HTTP_HOST)
Follow the same steps for all server farms.
Now, we are done with the configuration.