And Yet Another Thing I Didn't Know...
I'm accessing this web service through a sub-domain on one of my sites.
The domain and sub-domain use shared-ssl and force https access (which is nice - all done by isp).
My local web service does not use SSL (I wanted to get it working first).
I just uploaded the project to the site and tried it out:
Mixed Content: The page at 'https://check-in.xxxxx.xxx/?uid=s0001' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://abc.yyyyy.com:2021/abc/$model'. This request has been blocked; the content must be served over HTTPS.
I followed the instructions from:
And that failed. @wlandgraf
Or rather, "the exact version used " in the direct link in the blog post failed - the process gets partially through, then halts with a notice that "this version is outdated/deprecated".
Using the latest version works just fine.
(Just FYI: this win10 box I'm using does not have IIS installed - nor any other web server.
All I had to do to get the LetsEncrypt script to work was to create a port-forwarding rule sending port 80 traffic to the win10 box's ip address - this is temporary, I've disabled that rule after LetsEncrypt did its validation)
Go to https://github.com/win-acme/win-acme/releases and download the appropriate release.
I used win-acme.v2.xxxxx.trimmed.zip (I've no idea what "pluggable vs trimmed" means, but "trimmed" was the smaller download ).
Extract the files from the download into a folder (as from blog post above), then (from a command terminal with admin permissions) run
The instructions in the blog post/video are still valid (or at least any differences are easily understood) - except that there's no longer a need to change the "CertificateStore" value.
I confirmed a test certificate was installed, then ran
It turns out that WACS runs a powerscript that adds the renewals to the task scheduler - so some of the blog post and video instructions are now redundant. Be sure to go delete the test ("acme-staging") task...
I had to use TMSHTTPConfig to remove the http://+2021/abc/ reservation.
Then add the certificate (again, as per blog post above).
Don't forget to set the port when you do this:
That default of "443" clearly is NOT going to work for a reservation for port 2021!
I then changed my web service's BaseURL to https://+:2021/abc/ and then of course added the reservation for https://+:2021/abc/ with TMSHTTPConfig.
I then disabled the port port forwarding rule for port 80 in the firewall (not needed anymore).
The last bit was to open my web app project, change the XDataWebConnection URL to:
https://abc.xxxxx.com:2021/abc and upload the project to the public web server.
Summary of project:
- I have a static IP on my home internet connection
- I have a domain https://xxxxx.com hosted by an ISP
- I added a sub-domain https://abc.xxxxx.com
- I changed the A records for that sub domain to point to the static IP of my home internet
- I have a win10 workstation set to a static IP in the DMZ range of my firewall appliance (it's on a separate NIC too)
- There's a firewall appliance port-forwarding rule sending all traffic on port 2021 to the win10 workstation static IP
- there's a win10 firewall port rule allowing all traffic on port 2021
- I temporarily forwarded port 80 to the static IP so the LetsEncrypt scripts could validate the box (close 80 right after)
- I added the LetsEncrypt certificate to the 2021 port with TMSHTTPConfig
- I added the http://+2021/abc/ reservation with TMSHTTPConfig
- my VCL web service app has XDataServer.BaseURL of
- my web core web application has XDataWebConnection.URL of:
- the web app was uploaded to a publicly-visible server:
When a user goes to the "check in " site, a form pops up, they hit "submit" and the responses are gathered into a record to be posted (via XDataWebConnection/XDataWebDataset) to the database hosted in the DMZ at my home.
All over HTTPS.
Getting the website/internet details right was tedious and frustrating - but getting the web app and web services program working was way easier than I expected...
Anyway - HTH anyone else going down this rabbit hole...