1

I have a windows server that is running two ASP.NET websites. I would like to setup an HTTPS connection for each site. I had initially run into problems because I was trying to use a single IP address for the secure connection for both sites. To fix this I attempted to assign a new IP address to the second site. The original internal IP address was 10.1.1.19 and the new one is 10.1.1.20.

If I run ipconfig /all I see the following two lines:

IPv4 Address. . . . . . . . . . . : 10.1.1.19(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.20(Preferred)

In my default site I have created bindings for https to both IP addresses. In the second site I have two bindings to 10.1.1.20 (one for http and one for https).

My problem is that now when I attempt to hit the second site using Chrome, it says ERR_CONNECTION_RESET. If I go back to having a single site using https and move my second site to the original IP (10.1.1.19) I can hit the site again.

Based on this can anyone see why I can't hit the second site using the new IP address? Suggestions on how to fix?

I apologize if the solution is obvious, I have very little experience configuring servers.

Abe Miessler
  • 925
  • 4
  • 11
  • 20

2 Answers2

3

You cannot bind a given port to both IP addresses for your Default Web Site, because the given port will no more be available for your second Web Site (on your secondary IP).

The best approach is to use a uniq IP for each Web Sites.

Let's say :

  • Default Web Site : 10.1.1.19
  • Second Site : 10.1.1.20

Then, your bindings should look like this :

Default Web Site (or First Site) : http://www.site1.com or https://www.site1.com

Type    Host Name       Port   IP Address
http    www.site1.com   80     10.1.1.19
https   www.site1.com   443    10.1.1.19

Second Site : http://www.site2.com or https://www.site2.com

Type    Host Name       Port   IP Address
http    www.site2.com   80     10.1.1.20
https   www.site2.com   443    10.1.1.20
krisFR
  • 13,280
  • 4
  • 36
  • 42
  • Hrrm ok, so currently the `Default Web Site` doesn't point to anything and I have created Sites for the two other sites. Is this a weird setup? Would this change your answer at all? – Abe Miessler Mar 11 '14 at 19:21
  • 3
    @Abe Miessler No it is not weird ! It is not a bad thing to not use the `Default Web Site`. In that case you could also stop it. Your new setup does not change my answer, the logic is still the same. From my answer, just replace "default web site" by "primary site" – krisFR Mar 11 '14 at 19:30
  • So with this setup I can only hit the website that is using the original (`.19`) ip address. If I assign it to site 1 then both host headers direct to site 1. If I assign it to site 2 then both host headers direct to site 2. Did I miss a step when setting up the second IP? – Abe Miessler Mar 11 '14 at 19:52
  • 1
    If you are using two IP addreses, you no longer would be using host headers. Update your DNS records accordingly. – Rex Mar 11 '14 at 20:10
  • @Abe Miessler Not sure to get what you mean. With this setup you can hit both websites. Now you introduce a new "feature" talking about "Host Headers". Your best bet is to assign a uniq Host Header per Web Site. I've updated my answer to cover this case. But if you have two IPs, Host Header are not necessary (as Rex points it out) – krisFR Mar 11 '14 at 20:14
2

In my default site I have created bindings for https to both IP addresses

If you bound port 443 for both IP addresses to your default site, it wouldn't be able to use that port for the 2nd IP address. Your default site should only be bound to the first IP address and the 2nd site should be bound only to the second IP address.

Rex
  • 7,895
  • 3
  • 29
  • 45