Good morning. I am trying to configure ARR & Rewrite on IIS so that I can reverse proxy requests to a new Apache Tomcat Adobe Connect Server. I'll try to be to the point with details.
Note: Host/Site names have been changed to WS1 and WS2 below for obvious reasons.
Installed Modules:
IIS 7 x64 in classic x64 mode only
ARR 2.5 x64
External Disk Cache x64
Web Farm x64
Rewrite x64
Web Servers (on different physical machines with different IPs, of course):
WS1: Srv 2008 SP2 x64 IIS 7 with local SSL site on port 443
WS2: Srv 2008 R2 x64 Apache Tomcat Adobe Connect Server 8.2.2.2 SSL site on port 443 (remote application server only)
Note: WS2 IP and hostname are configured in WS1 local HOSTS file only
Requirements:
1. Use WS1 as a reverse proxy to WS2 ONLY when URI is "https://ws1/proxy"
2. WS1 local site must continue to answer with when URI is "https://ws1" or anything other
than "https://ws1/proxy".
3. The ISAPI modules on WS1 must be processed BEFORE the proxy so the CAC authentication
module is activated.
4. Only port 443 is allowed on the internal network. No exceptions.
General Information:
1. When ARR is enabled, "Proxy Type" set to use URL Rewrite, SSL offloading off, and
entering "WS2" in "Reverse Proxy" field, browsing to "https://ws1" goes directly to WS2
without issues. This is the required behavior, but ONLY when URI is "https://ws1/proxy"
2. #1 behavior can be accomplished with Rules, BUT, only either-or. Can only
get WS1 to work correctly or WS2 to work correctly. Can NOT get both to work as required.
3. WS2 DNS entries are only configured in WS1 local HOSTS file.
4. All traffic MUST go through WS1 as WS1 hosts the CAC authentication system.
5. WS2 is NOT registered in enterprise DNS and is NOT available to the public network
without the WS1 IIS proxy.
5a. Adobe Connect will not work via IP address... It requires the user to use a FQDN.
6. Have tried both "virtual directory" and "application" under WS1 site with name 'proxy'
without resolution.
7. With rules I can get the URI to rewrite successfully, but it is like a redirect because
WS2 is not not a known DNS entry and is not accessible from the network in this manner. WS1 must
have full control of both sides of the connection as it appears to have in #1 above.
8. I have tried several 'web farm' configurations that have not worked either.
9. I have tried rewrite rules and conditions at both the server and WS1 levels singularly and
in multiple configurations.
I am looking for the correct configuration that will allow a private web application server WS2 to be accessed
only through a reverse proxy on WS1. I have googled hundreds of pages and tried hundreds of
configurations and am beginning to think there is an issue with ARR.
Any assistance is greatly appreciated.
V/r,
Scott