none
Multiple sites on same port RRS feed

  • Question

  • 
    How can we publish Password Registration & Password Reset Portals on same port?
    Thursday, February 14, 2013 5:37 AM

Answers

  • when u install, it asks for a host header and the port.

    make sure u understand how virtual host (vhost) works in IIS first


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Friday, February 15, 2013 6:43 AM
  • You can certainly do that. Our corporate FIM site has the portal, registration and reset sites all running SSL on a single IP address.

    For non-SSL it's a matter of configuring host headers correctly

    Adding SSL support (recommended) is a bit more involved. Toward the bottom of this thread, a few of us discussed the procedure

    http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/80ed7ec4-dd50-4d55-907b-246a646c74ed


    Frank C. Drewes III - Architect - Oxford Computer Group

    Friday, February 15, 2013 8:46 AM
  • You absolutely can. When you go into IIS and look at the bindings on the site. You're going to see the IP set to all unassigned and a hostname box. If you fill in that hostname box you're telling IIS to look at the HTTP request no matter what IP on the box it's coming in on and if the request is for that hostname direct the request to that site. 

    SSL complicates this. The link in the post above talks about ways to get around it using the command line. In the IIS GUI if you want to use SSL you're looking at 1 site per IP address. 

    Does your place of work have a load balancer or reverse proxy? One cool thing you can do is have the certs out on the load balancer. Have the load balancer decrypt the traffic and send it to your IIS box unencrypted. The host headers kick in and users get redirected to the appropriate site. Also, that helps administration a tiny bit since all the SSL certs are centralized to some extent. We do this all day with ADFS, Exchange, and SharePoint. It sets you up perfectly for scale out.

    Sunday, February 24, 2013 5:18 AM

All replies

  • when u install, it asks for a host header and the port.

    make sure u understand how virtual host (vhost) works in IIS first


    The FIM Password Reset Blog http://blogs.technet.com/aho/

    Friday, February 15, 2013 6:43 AM
  • You can certainly do that. Our corporate FIM site has the portal, registration and reset sites all running SSL on a single IP address.

    For non-SSL it's a matter of configuring host headers correctly

    Adding SSL support (recommended) is a bit more involved. Toward the bottom of this thread, a few of us discussed the procedure

    http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/80ed7ec4-dd50-4d55-907b-246a646c74ed


    Frank C. Drewes III - Architect - Oxford Computer Group

    Friday, February 15, 2013 8:46 AM
  • You absolutely can. When you go into IIS and look at the bindings on the site. You're going to see the IP set to all unassigned and a hostname box. If you fill in that hostname box you're telling IIS to look at the HTTP request no matter what IP on the box it's coming in on and if the request is for that hostname direct the request to that site. 

    SSL complicates this. The link in the post above talks about ways to get around it using the command line. In the IIS GUI if you want to use SSL you're looking at 1 site per IP address. 

    Does your place of work have a load balancer or reverse proxy? One cool thing you can do is have the certs out on the load balancer. Have the load balancer decrypt the traffic and send it to your IIS box unencrypted. The host headers kick in and users get redirected to the appropriate site. Also, that helps administration a tiny bit since all the SSL certs are centralized to some extent. We do this all day with ADFS, Exchange, and SharePoint. It sets you up perfectly for scale out.

    Sunday, February 24, 2013 5:18 AM