Cheat Sheet For Setting Up a Publicly Accessible Website on IIS/Windows Server

Introduction

This is a cheat sheet for setting up a publicly accessible website on IIS/Windows Server.

Disclaimer

This is not a step-by-step installation guide, but merely a checklist of items to be completed.

Assumptions

• You have a Microsoft Windows server for the Web server with administrative access to it
• IIS roles are installed (see https://technet.microsoft.com/en-us/library/cc731179.aspx for more information)
• A firewall/router connecting your internet to the LAN that is accessible to the Web server
• Your internet public IP address is static (never changes)

Checklist

• On the windows/web server, create a folder on the disk of your choice to hold the website files and then copy your website files in
• Create an IIS website, pointing to this folder, and configure settings
• If your site is an ASP.NET application, set application pool, .NET level and other related settings appropriately
• Set host header (TCP port 80 binding) of site to be the desired, full public DNS name that people will use to get to your site (i.e., www.mywebsite.com)
• Create a public DNS entry of this name (www.mywebsite.com) pointing to the public IP address of your internet firewall/router
• If necessary, create an internal DNS entry of this name pointing to the web server on the LAN
• If secure SSL/https is desired, add an https (TCP port 443) binding to the site and select the appropriate security/SSL certificate. *NOTE* you must acquire and install a valid SSL certificate beforehand. SSLShopper has a decent article about this here
• Configure your firewall/router to forward publicly incoming TCP port 80 requests (also TCP port 443 if ssl/https is used) to the web server LAN IP address. Also, make sure the Windows Firewall on the web server is not blocking these TCP ports.
• That's it. Test.

Notes

If you want to make your site publicly available with a dynamic public IP address (i.e. cable modem or DSL where the IP address can change from time to time), sign up for a service such as Dyn. You can run a background service on the web server (also some firewall/routers support dynamic DNS built-in) to always keep the public DNS name (i.e. www.mywebsite.com) updated with your public IP address.

If desired to use ssl/https, do not attempt to setup your own certificate authority (CA) and create your own "self-signed" certificate. It *NEVER* works out well and you will always encounter problems & errors. Save yourself from many headaches and just purchase a valid SSL certificate from a reputable/valid CA.

Thanks

I hope this is helpful!

History

• v1.0 - 2015-06-26 - First revision of tip