Configure IIS 7 Reverse Proxy to connect to TeamCity Tomcat
Having just spend around 4 hours trying to configure SSL for TeamCity (and using the answers in this thread), I managed to get this working using the server farm option.
I configured a TeamCity server farm which included my TeamCity server on 127.0.0.1 using port 8080, and allowed the Application Routing Rules to create a corresponding server farm routing rule.
I then created a website called TeamCitySecureProxy which I configured with a self-signed certificate. On the bindings I only configured https/443 (no http/80).
The part I was missing:- I then clicked on the 'TeamCity' node under 'Server Farms' in IIS, choose 'Proxy' from the 'Server Farm' pane, and ticked the 'Reverse rewrite host in response headers'.
I now have a secure end-point for accessing my plain http TeamCity installation.
You could also use a connector to do so.
There is the old ISAPI connector (redirector) available from Apache directly or there is also a new one available from RiaForge (this one seems easier to get running).
http://tomcatiis.riaforge.org/
Make sure ARR proxying is enabled in IIS GUI. You probably want preserve host header (may need to edit applicationHost.config by hand, or use appcmd to set this one) and reverse rewrite host in response header options enabled as well, so the browser makes requests, and sees responses, that match the SSL cert host.
- IIS site on 443 (and 80 probably?) -- listening to all requests (do not specify hostname)
- look at all incoming paths: match URL
(.*) - look for the TeamCity path, preserve rest of path: condition
{URL}matches^teamcity(/.*)? - rewrite with preserved path: action rewrite,
http://localhost:port/{C:1} - append querystring checked
- and stop processing further rules probably checked
I think that should do it.
<rule name="Demo Rule" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{URL}" pattern="^teamcity(/.*)?" />
</conditions>
<action type="Rewrite" url="http://localhost:8080/{C:1}" />
</rule>