Set up an IIS Node
Categories:
Projects:
c2platform/phx/ansible , Ansible Win Role ( c2platform.wincore.win)
Overview
This how-to guide walks through creating an IIS node pxd-iis and deploying an
example ASP.NET website from a Git repository
.
The node is created in the PHX
Ansible development environment using
Vagrant and
Ansible.
Prerequisites
- Setting Up the PHX Development Environment on Ubuntu 24.04
- Ensure the nodes
pxd-rproxy1andpxd-adare up and running.
Setup
To create the pxd-iis node and register it, run the following command. This
takes around 6 minutes to complete:
vagrant up pxd-iis
Verify
Use
Remmina to connect to the node and open the following URL:
https://iis.c2platform.org
You should see a page titled “Hello World”. This confirms that the ASP.NET application is running correctly. It also shows that IIS is installed and working, with both HTTP and HTTPS bindings configured.
Certificates are trusted in this development environment because the C2 certificates were imported into the Windows trust store.

You can also use a desktop shortcut to open IIS Manager and inspect the
example website, including its bindings. The screenshot below shows the HTTP
and HTTPS bindings created by Ansible.

Review
This section explains how the IIS node was provisioned using Vagrant and Ansible.
Vagrant
The Vagrant definition for the node is shown below.
302 - name: iis
303 short_description: IIS
304 description: IIS
305 box: win2022
306 ip-address: 192.168.61.17
307 memory: 2000
308 plays:
309 - mw/iis
310 labels:
311 - iis
Ansible Play
The playbook applies the AD role and the Windows role (no dedicated IIS role exists yet). The Windows role is powerful enough to configure a complete IIS server.
---
- name: Internet Information Services (IIS)
hosts: iis
roles:
- { role: c2platform.wincore.ad, tags: ["v0"]}
- { role: c2platform.wincore.win, tags: ["windows", "setup"]}
Configuration
The main configuration file defines the win_resources variable. This variable
is used by the Windows role to install IIS features, clone the application to
the web root, install a certificate in the local store, create an application
pool and website with HTTPS support, and set the correct ACLs using the
win_acl module.
---
win_resources:
2_iis:
- name: IIS Features
type: win_feature
resources:
- name: Web-Server
- name: Web-Mgmt-Tools
- name: Web-Asp-Net45
- name: Web-Net-Ext45
- name: Web-ISAPI-Ext
- name: Web-ISAPI-Filter
- name: Web-Windows-Auth
- name: Web-Basic-Auth
- name: Web-Stat-Compression
- name: Clone app # TODO C2-1412
module: win_command
cmd: >-
git clone
https://github.com/AzureWorkshops/samples-simple-iis-website.git
{{ px_apps_dir }}/example
creates: "{{ px_apps_dir }}/example"
- name: C:/ProgramData/c2-pxd-rproxy1.p12
module: win_copy
src: c2-pxd-rproxy1.p12
- name: Import cert for iis.c2platform.org
module: win_certificate_store
path: C:/ProgramData/c2-pxd-rproxy1.p12
key_storage: machine
file_type: pkcs12
3_example:
- name: Example
module: web_app_pool
attributes:
startMode: alwaysRunning
processModel.identityType: SpecificUser
processModel.userName: C2\svc-example
processModel.password: "{{ px_ad_admin_password }}"
processModel.loadUserProfile: true
managedRuntimeVersion: v4.0
managedPipelineMode: classic
- name: Example
module: website
site_id: 2
physical_path: "{{ px_apps_dir }}/example"
application_pool: Example
bindings:
set:
- hostname: iis.c2platform.org
protocol: http
port: 80
ip: 192.168.61.17
- hostname: iis.c2platform.org
protocol: https
port: 443
ip: 192.168.61.17
# use_sni: true
# use_ccs: false
certificate_hash: 21dcab6e744fe21836d2e62c992625d7574de2d3
certificate_store_name: MY
- name: Permissions app pool
module: win_acl
defaults:
# user: IIS AppPool\Example
user: C2\svc-example
rights: modify
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
resources:
- path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
- path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
- name: Example
module: iis_hsts
max_age: 31536000
include_sub_domains: true
preload: true
enabled: true
redirect_http_to_https: false
- name: Example
module: iis_logfile
log_target_w3c: File # File ETW File,ETW
The following file creates convenient desktop shortcuts, including one to IIS
Manager and one to the website running at iis.c2platform.org.
---
win_resources:
0_iis_dev:
- name: Shortcuts
type: win_shortcut
resources:
- name: IIS Manager
dest: '%Public%\Desktop\Internet Information Services (IIS) Manager.lnk'
src: '%windir%\system32\inetsrv\InetMgr.exe'
- name: Default Website
dest: '%Public%\Desktop\localhost.lnk'
src: C:\Program Files\Mozilla Firefox\firefox.exe
arguments: http://localhost -profile "C:\vagrant\tmp\firefox-profile"
- name: IIS Example Application
dest: '%Public%\Desktop\iis.c2platform.org.lnk'
src: C:\Program Files\Mozilla Firefox\firefox.exe
arguments: https://iis.c2platform.org -profile "C:\vagrant\tmp\firefox-profile"
Additional Information
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.