Recently, I had the task to run several fitnesse instances in on the single AWS EC2 instance. The requirement was what each fitnesse instance should be accessible trough port 80 (HTTP). IIS as reverse proxy came to the rescue. But there were one more requirement – IIS Reverse Proxy configuration should be automated.
Here >> konstantinvlasenko/IIS Reverse Proxy << you can find a complete PowerShell script how to install IIS and configure it as reverse proxy.
Create-Item c:/msi -Type Directory
Invoke-WebRequest 'http://download.microsoft.com/download/C/F/F/CFF3A0B8-99D4-41A2-AE1A-496C08BEB904/WebPlatformInstaller_amd64_en-US.msi' -OutFile c:/msi/WebPlatformInstaller_amd64_en-US.msi
Start-Process 'c:/msi/WebPlatformInstaller_amd64_en-US.msi' '/qn' -PassThru | Wait-Process
cd 'C:/Program Files/Microsoft/Web Platform Installer'; .\WebpiCmd.exe /Install /Products:'UrlRewrite2,ARRv3_0' /AcceptEULA /Log:c:/msi/WebpiCmd.log
This post is more about the confusion that may arise around SPNs for setting up Kerberos authentication in IIS 7.0. IIS 7.0 has a new Kernel-mode authentication feature using which the ticket for the requested service is decrypted using Machine account (Local system) of the IIS server. It no longer depends upon the application pool Identity for this purpose by default and in turn improves the performance.
This step-by-step article describes how to configure Microsoft Internet Information Services (IIS) to support both the Kerberos protocol and the NTLM protocol for network authentication.