IT Nota

How to Setup HTTP Strict Transport Security (HSTS) on IIS

HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe.

Enabling HTTP Strict Transport Security on IIS

See the steps below to enable HSTS on IIS:

  1. Launch IIS Manager.
  2. On the left pane of the window, click on the website you want to add the HTTP header and double-click on HTTP Response Headers.IIS HTTP Response Headers Setting
  3. In HTTP Response Headers window, click on Add… on the right pane and type in Strict-Transport-Security for Name and max-age=63072000; includeSubDomains; preload for Value and click OK.The max-age value 63072000 is the number of seconds for the duration of two years. You need to enter a value of at least one year.IIS HTTP Response Headers Strict Transport Security Setting

Now you can verify if the header is delivered correctly by running a curl command.

curl -I https://www.itnota.com

You should see that very header listed among other entries:

Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

That’s all there is to utilize HSTS on IIS.

Buy me a coffee?

Buy me a coffee If you find this post helpful and would like to buy me a coffee to support the work here, you’ll have our big thanks!
Support IT Nota: Buy me a Coffee

Further Reading

Strict-Transport-Security
How to Use cURL HTTP/2 on macOS
How to Enable Secure HttpOnly Cookies in IIS

How to Deploy Hugo Static Website to IIS Using Git

Continuing the posts on Hugo website tutorial, after all the setup is done, the question now is about static site hosting. The reality is hosting a static website is very easy so you have a lot of flexibility in choosing your hosting and platform. In fact, you can use Github, Bitbucket or Gitlab to host your static website.

This post will show you how you can host your static website on IIS server using a git-push.

Prerequisites

  1. Make sure IIS is setup. If you haven’t done so, make sure you check out the post to install IIS on Windows 10 which could be applied for Windows Server as well.
  2. You need to have Hugo installed on your system. Check out this post if you still need to install Hugo.
  3. Install Git. This process is also very straightforward, just head to Git website and follow its instructions to install it. You might also want to customize Git to work with your favorite text editor.If you decided to use Visual Studio Code, check out this post as the setup might be useful for editing and also publishing your Hugo website.
  4. You have already created a Hugo new site in a folder and you have already committed all the files with Git with a .gitignore file which has at the minimum the following entry:
    # Exclude folder
public/

# OS
[Tt]humbs.db
.DS_Store

For this exercise, I have my laptop as the source where I install all the tools and to write and generate the static website. For the IIS host, it will be a Windows 10 VM that can be mapped from the laptop. You can substitute the mapping with SSH for a different hosting but the principle is the same.

Now that we get all the prerequisites and objective out of the way, here are the steps to setup our environment:

Hugo/Git Public Folder Setup

    1. Important: Hugo publish the website to a sub-folder public, so we also need to Git initialize and commit all the files in sub-folder public separately from its parents folder. Remember, we exclude the public folder in .gitignore file (see the prerequisites). So we’re tracking the published website separately. It is from within this public folder that we do all the setup described below.
    2. On your target server, setup a folder that you can use as a temporary repository. In this example, a folder C:\inetpub\Git\hugo-repo was created for this purpose.
    3. We will publish the static content to default folder C:\inetpub\wwwroot.
    4. From within Git Bash and within your Hugo public folder, add the temporary repository as a remote repository by typing the following command:
      $ git remote add prod //MACHINENAME/c$/inetpub/Git/hugo-repo
    5. From within Git Bash, go to the remote repository to initialize it:
      $ cd //MACHINENAME/c$/inetpub/Git/hugo-repo

$ git init --bare
    6. Go to the repo folder and open the hooks folder and create a new text file called post-receive (do not put any file extension) and edit it with the following code:
      #!/bin/bash

git --work-tree=//MACHINENAME/c$/inetpub/wwwroot --git-dir=//MACHINENAME/c$/inetpub/Git/hugo-repo checkout -f

      Git post-receive hook file

If this sounds complicated, don’t worry about it as you only need to set this up once and forget about it.

Now every time you are ready to publish your Hugo website (i.e., by running the command “hugo”), go to your public folder, commit all the changes in Git, just do a Git push to prod:

$ git push prod master

The website will be automagically pushed to your IIS PROD and ready for public consumption.

We use this same exact method to publish an intranet site within our company. If there’s any step in this explanation is not clear, leave a comment below and I will try to improve the step-by-step guide in this post.

Further Reading

How to Install Hugo on Windows 10
How to Setup Visual Studio Code for Hugo Static Site Generator
How to Setup Naked Domain to Resolve in Cloudflare Pages

Downloads

Visual Studio Code
Git
Hugo

How to Troubleshoot IIS 500 Error for ASP Websites

You try to load your classic ASP (Active Server Pages) website and all you can see in your browser is the all too familiar display of 500 Internal Server Error.

This page isn't working

WEBSITE is currently unable to handle this request

HTTP ERROR 500

IIS HTTP Error 500 Display on Chrome browser

What is 500 Internal Server Error

First of all, the 500 Internal Server Error is a very general HTTP status code that indicates something has gone wrong on the web server without any specifics on the exact problem.

This instruction is limited to solving a 500 error on IIS server for classic ASP websites, however some other instructions that’s related to IIS in general will help for troubleshooting IIS server for .NET applications as well.

As 500 Server Error message is very often vague, the task now is to find a more specific error message that will help us further analyze and troubleshoot the issue.

Enable Debugging and Send Errors to Browser

If the website is not in a production environment, the easiest way to do it is to enable the ASP Debugging Properties and send the errors to the browser by following these steps:

  1. Launch Internet Information Services (IIS) Manager and on the left pane, select your ASP website and click on the ASP icon (Configure properties for ASP applications).

    IIS settings to configure properties for ASP applications

  2. Under the ASP window, expand the Debugging Properties and set Enable Client-side Debugging, Enable Server-side Debugging, and Send Errors To Browser to True and click Apply.

    IIS ASP Debugging Properties settings to browser

Now, when you refresh your ASP website, you will see a more descriptive error message on your browser such as the following example:

System.Xml error '80131509'

There is an error in the XML document.

/itnota/failed-page.asp, line 289

ASP 500 Error detailed failed page

With this information, you can right away open the file (e.g., itnota/failed-page.asp) and check line number 289. Again, this option is not recommended for a production website that’s still actively used and available for public since it exposes too much information publicly. The ideal way to do it is to replicate your production environment on a staging and try to reproduce the error on a lower environment.

Check IIS Log

Another way to check 500 Internal Server Error for your ASP website is by viewing IIS error logs. This is especially true if your ASP website is a public website.

Where to find the IIS Logs?

By default, the log for your website is stored on %SystemDrive%\inetpub\logs\LogFile, but you should not use this settings for a production environment. Always set a custom path for your logs so your websites are easier to maintain in the long run. If you have a different physical hard drive for logs, even better. Make sure it’s set to Enabled.

IIS Log properties

For the sake of example, the log files are located in folder D:\Logs\ITNota.com:

From the IIS log example below, the easiest way is to look for a pipe character (“|”) on the date and time when the error happens.

IIS Log 500 Error

The error message can be broken down into two parts:

  1. /itnota/failed-page.asp id=2087216&catId=749272

  2. |289|80131509|There_is_an_error_in_the_XML_document.

The first part indicates the problematic file with its parameters which can be reconstructed by replacing the white space with a question mark (“?”) like so:

  /itnota/failed-page.asp?id=2087216&catId=749272

The second part which starts with a pipe character (“|”) is the line number that caused the error, the error code, and the error description:

  |289|80131509|There_is_an_error_in_the_XML_document.

From the above information, we are looking at the following information:

ItemDescription
Filename /itnota/failed-page.asp
Line number289
Error code80131509
Error descriptionThere_is_an_error_in_the_XML_document.

Check the affected file by opening it in Visual Studio Code or any IDE.

If you use Visual Studio Code to read and write ASP or VBScript, click here for a way how to colorize your ASP code.

How to Fix SMTP 550 5.7.1 Unable to Relay Error on Windows Server 2012 R2

Here is one way of fixing an SMTP error on Windows Server 2012 when you see an error message similar to the one below:

Error Message

System.Exception: SMTP error sending: Client Service Setup Error on SERVERNAME ---> System.Web.HttpException: The server rejected one or more recipient addresses. The server response was: 550 5.7.1 Unable to relay for [email protected]    ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException: The server rejected one or more recipient addresses. The server response was: 550 5.7.1 Unable to  relay for [email protected]       --- End of inner exception stack trace ---     at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters)      at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams)     at System.Web.Mail.SmtpMail.LateBoundAccessHelper.CallMethod(Object  obj, String methodName, Object[] args)     --- End of inner exception stack trace ---     at System.Web.Mail.SmtpMail.LateBoundAccessHelper.CallMethod(Object obj, String methodName, Object[] args)     at System.Web.Mail.SmtpMail.CdoSysHelper.Send(MailMessage  message)     at System.Web.Mail.SmtpMail.Send(MailMessage message)     at ClientServiceSetup.CommonFunctions.SendMail(MailMessage objMail)     --- End of inner exception stack trace ---

Steps to Add Localhost to the SMTP Relay

  1. Launch IIS 6.0 Manager.

    IIS 6 Manager on Windows Server 2012 R2

  2. Right-click on the STMP Server (on this example it’s named default, but it could be named something else) and select Properties.

    IIS 6 Manager SMTP Properties on Windows Server 2012 R2

  3. Click on the Access tab and at the very bottom under Relay restrictions, click on Relay button.

    IIS 6 Manager SMTP Properties Access Relay Windows Server 2012 R2

  4. Select Only the list below, click on Add… button and under Single computer and IP Address, type in 127.0.0.1 and click OK.

  5. Check Allow all computers which successfully authenticate to relay, regardless of the list above. and click OK, and OK one more time to get out the Properties window.

    IIS 6 Manager SMTP Grant Access Relay on Windows Server 2012 R2

  6. Re-test and that should be it.

Further Reading

IIS SMTP – The server response was: 5.7.1 Unable to relay for outgoing address, Still not working
How to Install SMTP Server on Windows Server 2012 R2

How to Install IIS on Windows 10

Although IIS is included in every installation of Windows 10, it’s not turned on by default. Here’s a way to install IIS on Windows 10.

  1. Right-click on the Windows button on the bottom-left corner and select Run

    Windows Run

  2. In the Run dialog box, type appwiz.cpl and press ENTER.

    Windows run appwiz.cpl

  3. As soon as a new window called Programs and Features is opened, click on the link Turn Windows features on or off.

    Windows Programs and Features

  4. Click on the Internet Information Services checkbox. By default it will install all you need to host a website. However you might want to check some other components that you might need as well. Once done, click OK and Close when it says “Windows completed the requested changes.”

    IIS Windows Features

  5. Now open your browser and type in localhost and press ENTER. You should see a default web page is rendered in your browser.

    IIS Default Page

That’s all there is to it and the default website directory will be in C:\Inetpub\wwwroot folder.

Further Reading

How to Manage IIS Remotely
How to Manage IIS Servers Remotely with WMSVC
How to Backup IIS Manager Connections List on Windows
How to Install IIS Management Console on Windows
How to Migrate IIS Websites to a Different Server
New Features Introduced in IIS 10.0
How to Setup HTTP Strict Transport Security (HSTS) on IIS
How to Activate Built-in Web Server

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server