Set up an IIS Node

Set up an IIS node and deploy a simple ASP.NET website using Vagrant and Ansible.

Projects:

 c2platform/phx/ansible , Ansible Win Role ( c2platform.wincore.win)


Overview

This how-to guide walks through creating an IIS node pxd-iis and deploying an example ASP.NET website from a Git repository  . The node is created in the PHX Ansible development environment using Vagrant and Ansible.

Prerequisites

Setup

To create the pxd-iis node and register it, run the following command. This takes around 6 minutes to complete:

vagrant up pxd-iis

Verify

Use Remmina to connect to the node and open the following URL: https://iis.c2platform.org

You should see a page titled “Hello World”. This confirms that the ASP.NET application is running correctly. It also shows that IIS is installed and working, with both HTTP and HTTPS bindings configured.

Certificates are trusted in this development environment because the C2 certificates were imported into the Windows trust store.

You can also use a desktop shortcut to open IIS Manager and inspect the example website, including its bindings. The screenshot below shows the HTTP and HTTPS bindings created by Ansible.

Review

This section explains how the IIS node was provisioned using Vagrant and Ansible.

Vagrant

The Vagrant definition for the node is shown below.

 Vagrantfile.yml

302  - name: iis
303    short_description: IIS
304    description: IIS
305    box: win2022
306    ip-address: 192.168.61.17
307    memory: 2000
308    plays:
309      - mw/iis
310    labels:
311      - iis

Ansible Play

The playbook applies the AD role and the Windows role (no dedicated IIS role exists yet). The Windows role is powerful enough to configure a complete IIS server.

 plays/mw/iis.yml

---
- name: Internet Information Services (IIS)
  hosts: iis

  roles:
    - { role: c2platform.wincore.ad, tags: ["v0"]}
    - { role: c2platform.wincore.win, tags: ["windows", "setup"]}

Configuration

The main configuration file defines the win_resources variable. This variable is used by the Windows role to install IIS features, clone the application to the web root, install a certificate in the local store, create an application pool and website with HTTPS support, and set the correct ACLs using the win_acl module.

 group_vars/iis/main.yml

---
win_resources:
  2_iis:
    - name: IIS Features
      type: win_feature
      resources:
        - name: Web-Server
        - name: Web-Mgmt-Tools
        - name: Web-Asp-Net45
        - name: Web-Net-Ext45
        - name: Web-ISAPI-Ext
        - name: Web-ISAPI-Filter
        - name: Web-Windows-Auth
        - name: Web-Basic-Auth
        - name: Web-Stat-Compression
    - name: Clone app  # TODO C2-1412
      module: win_command
      cmd: >-
        git clone
        https://github.com/AzureWorkshops/samples-simple-iis-website.git
        {{ px_apps_dir }}/example
      creates: "{{ px_apps_dir }}/example"
    - name: C:/ProgramData/c2-pxd-rproxy1.p12
      module: win_copy
      src: c2-pxd-rproxy1.p12
    - name: Import cert for iis.c2platform.org
      module: win_certificate_store
      path: C:/ProgramData/c2-pxd-rproxy1.p12
      key_storage: machine
      file_type: pkcs12
  3_example:
    - name: Example
      module: web_app_pool
      attributes:
        startMode: alwaysRunning
        processModel.identityType: SpecificUser
        processModel.userName: C2\svc-example
        processModel.password: "{{ px_ad_admin_password }}"
        processModel.loadUserProfile: true
        managedRuntimeVersion: v4.0
        managedPipelineMode: classic
    - name: Example
      module: website
      site_id: 2
      physical_path: "{{ px_apps_dir }}/example"
      application_pool: Example
      bindings:
        set:
          - hostname: iis.c2platform.org
            protocol: http
            port: 80
            ip: 192.168.61.17
          - hostname: iis.c2platform.org
            protocol: https
            port: 443
            ip: 192.168.61.17
            # use_sni: true
            # use_ccs: false
            certificate_hash: 21dcab6e744fe21836d2e62c992625d7574de2d3
            certificate_store_name: MY
    - name: Permissions app pool
      module: win_acl
      defaults:
        # user: IIS AppPool\Example
        user: C2\svc-example
        rights: modify
        type: allow
        state: present
        inherit: ContainerInherit, ObjectInherit
      resources:
        - path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
        - path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
    - name: Example
      module: iis_hsts
      max_age: 31536000
      include_sub_domains: true
      preload: true
      enabled: true
      redirect_http_to_https: false
    - name: Example
      module: iis_logfile
      log_target_w3c: File  # File ETW File,ETW

The following file creates convenient desktop shortcuts, including one to IIS Manager and one to the website running at iis.c2platform.org.

 group_vars/iis/dev.yml

---
win_resources:
  0_iis_dev:
    - name: Shortcuts
      type: win_shortcut
      resources:
        - name: IIS Manager
          dest: '%Public%\Desktop\Internet Information Services (IIS) Manager.lnk'
          src: '%windir%\system32\inetsrv\InetMgr.exe'
        - name: Default Website
          dest: '%Public%\Desktop\localhost.lnk'
          src: C:\Program Files\Mozilla Firefox\firefox.exe
          arguments: http://localhost -profile "C:\vagrant\tmp\firefox-profile"
        - name: IIS Example Application
          dest: '%Public%\Desktop\iis.c2platform.org.lnk'
          src: C:\Program Files\Mozilla Firefox\firefox.exe
          arguments: https://iis.c2platform.org -profile "C:\vagrant\tmp\firefox-profile"

Additional Information



Last modified July 6, 2026: hash update (f54ca12)