Is there a way to run both a web server IIS10 and exchange server using only one IP? They are two separate server but due to only having one IP, I only have a single 443 port.
Asked
Active
Viewed 428 times
0
-
1Server Name Indication is the answer - but you need to be asking yourself, "do I really want to do this?" Generally a bad idea to mix Exchange with other services. Is there any reason why you can't use a different port for the other webserver? Is the other webserver also IIS? Are you publishing both to the internet? Does the Firewall/Reverse Proxy support Server Name Indication? – Semicolon Oct 16 '19 at 15:13
-
The webserver is hosting two sites being published to the internet. Is there a way to get exchange to work without 443? – Michael Downey Oct 16 '19 at 18:31
-
2I'm going to say that getting exchange to work on an alternate port is not your solution. – Semicolon Oct 16 '19 at 18:41
-
You need to use a reverse proxy that can direct the incoming traffic to the correct server. – joeqwerty Oct 16 '19 at 21:12
2 Answers
1
This is really not recommended.
That being said, you could easily handle this using Server Name Indication - its like host headers for encrypted websites. By editing the site bindings you should be able to route https requests for your two additional websites to the appropriate site in IIS based upon the URL; the remainder can be routed to the Exchange-related sites.
If you were not using IIS to host your other websites, your solution would not be quite as simple.
Though, you would be best served by 1) running this web server on a different server, or 2) running the other webserver on a different IP.
Semicolon
- 1,775
- 8
- 7
-
The Webserver is on Server 1, The Exchange Server is on Server 2. They are on separate servers. – Michael Downey Oct 16 '19 at 18:50
-
@Semicolon why it is not recommended? What could go wrong? From the HTTPS standpoint Exchange web service is not more than just another web application. I've even seen servers where a single IIS runs two different Exchange web services with different domain names, each with its own certificate, but both on same Exchange server. Also, note, SNI is not a "replacement" or "analog" of the HTTP Host header. It is just hint for the TLS layer of the server which certificate to select. After TLS session will be HTTP request which will contain Host header, and that header matters. – Nikita Kipriyanov Oct 16 '19 at 18:58
-
As host headers allow multiple websites to be served on the same socket; so does SNI allow multiple encrypted websites to be served on the same socket -- as without SNI it was unable to do. Seems analagous to me. – Semicolon Oct 16 '19 at 20:13
-
@MichaelDowney Ah...so you're not looking to host both Exchange and the other websites on the same _server_ - just on the same public IP? That would be determined by the capabilities of your reverse proxy solution. – Semicolon Oct 16 '19 at 20:15
-
If you need to set up 2 https services from a single IP address you will want to run a reverse proxy. This can "terminate" the inbound sessions and establish sessions to alternative ports. – davidgo Oct 16 '19 at 20:30
-
1@NikitaKipriyanov You neglect the facts that Exchange (or SharePoint or other products) installs its own modules to IIS, which can affect other sites (especially when those sites are not Exchange related) unnecessarily. A well established corporate environment should avoid such error-prone setup. – Lex Li Oct 16 '19 at 21:09
-
