kentico and apache reverse proxy

If you do not even get to a Kentico screen, then nothing to do with Kentico.

How normal setup works with IIS is that a Domain points to an IP address, which points to the IIS server.

IIS receives the requested domain, and using it's Bindings maps one of it's site to it. That's how you can host multiple sites on one IIS server, say "Test1.com" and "Test2.com" they both may resolve to the same IP address, but when the IIS server gets "Test1.com is asking for a site" it knows which ones to provide.

If your Proxy is redirecting IP addresses to the IIS server, you need to look at what "domain" so to say it's receiving. Note that an IP address can be the domain, but then IIS needs to know that that single IP address needs to be bound to the one kentico site, and you'll have a hard time hosting others unless you add some Port to the IP address (such as say 192.168.1.1 is your IIS server internally, 192.168.1.1:89 => Test1 site, 192.168.1.1:90 => Test2 site)

If you can remote onto the server, you can use WireShark to test incoming requests, to see what your proxy is sending to the server.

Thank you Trevor. We had to schedule testing.

We added the server IP address to IIS Site Bindings 2 ways ... : 1) ... on their own line for ports 80 and 443. When accessing by IP address Kentico responded with Invalid License key Requested URL: http://192.188.254.215 License status: Missing License Which is understandable since there wasn't a domain in the Site Bindings 2)... on the line with the domain. When accessing by IP address IIS (Kentico) did not respond. It still responds to the domain.

In both cases we did an iisreset.

What do you think ? Without having a reverse proxy we're looking at having to increase capabilities on firewall as well as adding "URL rewrite" module on IIS.

Thanks

Can you try to get a license key for the IP from Kentico? You should be able to request an alias key and explain the reasoning.

It is a dev license from Kentico and applied to the K10 instance. We are testing before we adjust IIS in production.

The line in IIS Site Bindings looks like

Type    http
Host    dev.domain.org
Port    80
IP Address  192.188.254.1

did an iisreset . 192.188.254.1 is the server address

It does not respond to the ipaddress but does respond to dev.domain.org

You'll want to add a non-host binding, just put for the host 192.188.254.1 and that should signify to IIS that if it receives JUST the IP address, to render this. However if this is the IP address of the server, you'll want to add your ports that should direct to the right spot.

Again IIS looks at the incoming information's HOST name and Port to figure out what site to render, so if it's set to look for "dev.domain.org" and it only gets 192.188.251.1:89 or 192.168.1.1:89, it can't figure out which to render. You need to tell it "hey, also look for just 192.188.251.1:80" and "192.168.1.1:89"

We tried that and it says Invalid license key and says to add a licence. Does the server's IP address need to be a license also ?

Yup, whatever the address is that is being passed to your server, kentico needs a license key. So if it says "There's no licence key for 192.188.251.1" then you need to get an alias license key from Kentico for that IP address. It's similar to how that's needed for web farms.

They should be able to help you out.

Also make sure the Kentico > Site has a domain alias of that IP address too so kentico knows which site to render.

So, do you know, for production, if we have domain.org and 192.188.254.1 does that count as 2 production licenses ? Do we check with our rep ?

Kentico has been great with understanding what are really "additional sites" and what are domain aliases for special cases like this. while there are automatic licenses included with the main (dev., staging., etc) you can request an alias for your 192.188.254.1 and i can't imagine they would say no. You aren't hosting another site, you are just needing another license for your proxy work around. Ask, shouldn't have a problem getting it!

The developer is concerned that the apache proxy will "break" kentico functionality based on these posts:

https://devnet.kentico.com/forums?forumid=65&threadid=32330

http://ideas.kentico.com/forums/239189-kentico-product-ideas/suggestions/3464794-enable-reverse-proxy-scenarios-for-targeting-and-a

However, the posts are older and may not apply to K10.

Can you verify that K10's GEO and analytics will still work ? This would mean add'l work by the developer, work order, contract, etc.

Thanks

We found that there were no apparent problems with K10 behind the apache rev proxy. Apache adjusted the headers accordingly. Thank you very much for your help.