How to Setup Microsoft IIS with Board 14 Web Server

Andrea Mo

Functionality

Board 14 Web Server includes its own HTTP Server, but for multiple reasons, you might want to publish Board under IIS. Publishing Board under IIS may be convenient in these cases:

• Need to use a certificate and publish the site through HTTPS.
• Need to publish the same Board Engine through multiple sites with different configurations.
• Allow your local IT to maintain and support the website on a platform they feel confident with.
• Schedule regular recycles, etc.

How to do it

Prerequisites

1. Install Microsoft IIS Server Role.
2. Install Microsoft .NET framework 4.8.
3. Check and enable "ASP.NET 4.8" and "WebSocket Protocol" Role services under Application Development category.
4. Enable windows features as image below.
   
   
   
   Please note that if you need to use Windows Authentication, you also need to enable it now. You can find it under the Security options
5. The following paragraph assumes that the Board's main engine is installed on the same server on which you are configuring IIS.

IIS Configuration

If you need to publish Board under IIS, please follow the steps:

1. Download and Unzip the file "BoardVersion_WebHTML5_IIS" from our Downloads area.
   NOTE: when downloading the zip file check that its content has not been blocked automatically by Windows OS in the file Properties, if so click "Unblock" and apply to the entire file
   
2. Create the installation folder under IIS (C:\inetpub\wwwroot\BWEB)
   
3. Place the content of .zip into IIS folder. Your folder structure should look like this:
   
   
4. Give full rights to IIS_IUSRS on the IIS site folder that you created (right-click C:\inetpub\wwwroot\BWEB\--> Edit permissions --> Security).
   
5. On the IIS Manager, create a new website, point it to the BWEB folder location and add a binding to external name/address of the server that you want to use.
   
   
   In the example above, your website will be accessible publicly on https://testsa-company.board.com. Following examples of configurations below will refer to this host name example.
   
6. Install and add certificate to binding as image below:
   
   
   
   The configuration above assumes that the certificate (in this example “b14.local”) is already available and installed . Please refer to “Install SSL certificate” paragraph below for further details.
   
7. In the Application Pool of the IIS Board Website, open the Advanced Settings, and set the Load User Profile to True
   
   
8. At this point, the file C:\inetpub\wwwroot\BWEB\App_Data\config\appSettings.config must be updated as follows:
   
   
   This is to make sure that the host and the public origin are the same as configured under IIS. With Board14 versions, the https must be used in the host field and the public origin must be declared.
   
9. Edit C:\inetpub\wwwroot\BWEB\bin\Board.mailer.Service.exe.Config so it looks as shown:
   
   Please note that a new C:\inetpub\wwwroot\BWEB\App_Data\broadcasting\log folder was created to store the broadcasting logs.
   
10. Finally, reconfigure the Mailer service. To do this, restart the server if necessary and then run the following commands from an elevated command line prompt (i.e. run "cmd" as administrator):
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" “C:\inetpub\wwwroot\BWEB\Bin\Board.Mailer.Service.exe"
    
    sc config BoardMailerService start=auto
    sc start BoardMailerService

Install SSL certificate

Depending in organization needs and policies, a system administrator has many options to create and install a Self-signed certificate, below is an example based on latest version of PowerShell.

Write-Host "Generating certificates"

$rootCA = New-SelfSignedCertificate -Subject "CN=b14CA" `

-CertStoreLocation "cert:\LocalMachine\My" `

-KeyExportPolicy Exportable `

-KeyUsage CertSign,CRLSign,DigitalSignature `

-KeyLength 4096 `

-KeyUsageProperty All `

-KeyAlgorithm 'RSA' `

-HashAlgorithm 'SHA256' `

-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `

-NotAfter (Get-Date).AddYears(30)

$siteCert = New-SelfSignedCertificate -Subject "CN=b14.local" `

-Signer $rootCA `

-KeyLength 2048 `

-CertStoreLocation "cert:\LocalMachine\My" `

-KeyExportPolicy Exportable `

-KeyUsage DigitalSignature,KeyEncipherment `

-DnsName b14.local `

-KeyAlgorithm 'RSA' `

-HashAlgorithm 'SHA256' `

-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `

-NotAfter (Get-Date).AddYears(30)

# Export Root Certificate to .pfx and .cer files

$CertPassword = ConvertTo-SecureString -String "YourPassword!" -Force -AsPlainText

Export-PfxCertificate -Cert $rootCA -FilePath ".\b14ca.pfx" -Password $CertPassword

Export-Certificate -Cert $rootCA -FilePath ".\b14ca.cer"

$siteCertPwd = ConvertTo-SecureString -String "YourPassword!" -Force -AsPlainText

Export-PfxCertificate -Cert $siteCert -FilePath ".\b14.pfx" -Password $siteCertPwd

Export-Certificate -Cert $siteCert -FilePath ".\b14.cer"

$Pass = ConvertTo-SecureString -String 'YourPassword!' -Force -AsPlainText

Import-PfxCertificate -FilePath ".\b14ca.pfx" -CertStoreLocation Cert:\LocalMachine\Root -Password $Pass

Import-PfxCertificate -FilePath ".\b14.pfx" -CertStoreLocation Cert:\LocalMachine\My -Password $Pass

Run the above script from PowerShell and it will create files and install certificates in your environment.

The previous script was used to create the “b14.local” example to be used in binding definition as indicated in the IIS configuration paragraph.

Notes

• If your Board version is earlier that Board 10.5, please proceed with the Snapshotter (ie Create a Report) configuration as described in this article: Create Report: Snapshotter
• If you want to enable the Windows Authentication (for on-premise customers only) you need to enable the windows authentication option in the Authentication section of the IIS site configurations
  
  
• In order to achieve optimal configuration under IIS, make sure to set the "compilation debug" parameter to false. The parameter is available in the web.config configuration file.
• Self-hosted installation: In case of self-hosted installations, using .exe setups for web client remains unchanged, only modification is the setup of SSL certificate on machine. The process of installing the certificate in the above paragraph (Install SSL certificate), but once certificate is ready, you will need to add this domain/machine name. Please refer to the command example below:
  • netsh http add sslcert ipport=0.0.0.0:443 certhash=XXXXXXXXXXXX appid='{d0a06abb-92fc-4335-88e8-5833519c79fd}'
  • Where certhash is equal to Thumbprint of the newly created certificate.

Product Management Team

For more information related to upgrading to Board 14, please refer to the Board 14 upgrade instructions from Board 12.x or the upgrade instructions from Board 11.x or older in the manual.