2

I'm reading up on WebDeploy, but I'm a bit confused about the differences between the service that runs on port 80 (Remote Agent Service) and port 8172 (IIS Deployment handler?).

As far as I can tell, the remote agent service allows servers to deploy changes to each other (for ex: sync command via msdeploy.exe)...however, it seems like running over port 80 (default http port) is a big risk to me.

Am I wrong in thinking that files/sensitive information would be travelling unencrypted over port 80?

Joe Zack
  • 123
  • 5

1 Answers1

4

You're neither right nor wrong, it depends on the situation/setup/infrastructure.

Anyways, you can set up the Remote Agent Service with SSL:

Uninstall Web Deploy, and install it from a command line with: 

msiexec /i <msi_filename> /passive ADDLOCAL=ALL LISTENURL=https://+:443/MsDeployAgentService/

where <msi_filename> is the filename of the Web Deploy installer

Then bind a certificate to the endpoint, using netsh:

netsh http add sslcert ipport=0.0.0.0:443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

where certhash is the thumbprint of the certificate and appid is any valid GUID

Mathias R. Jessen
  • 25,161
  • 4
  • 63
  • 95
  • Thanks! I was spooked when I saw it defaulted to 80 and there wasn't anywhere in the wizard to change it. – Joe Zack Jun 07 '13 at 21:16