This article provides a basic overview of the manual steps to deploy a front-end Web server running IIS 7.5 or above for the Shared Hosting scenario. It also includes key per-site configuration settings. These steps are described in more detail in the Web Server For Shared Hosting and File Server For Content Storage articles of this guide.
Web Server Pre-Setup
Before configuring permissions on the file server, you must join the Web server to an Active Directory domain controller.
Note: It is possible to not use domain accounts, but the setup in this shared hosting architecture assumes a domain-joined machine. Certain things need to be changed for non-domain scenarios (if you are using content on a remote file server, the same user account with the same password must exist on both the Web server and the file server, for instance).
- Join the Web server to the Active Directory domain controller. This is not required if you are setting up a standalone server
- If you will be storing content or configuration on a remote file server, configure the MaxCmds registry key on the Web server -- see SMB Commands Registry Keys.
- If you will be using a Windows-based file server, add the MaxMptCt and MaxWorkItems registry keys on the file server -- see SMB Command Registry Keys.
Web Server Setup
- Install the Web Server Role - IIS.
- Note: Site provisioning is covered in Provisioning IIS Sites for Shared Hosting.
%windir%\system32\inetsrv\appcmd add backup "FirstBackup"
%windir%\system32\inetsrv\appcmd set config -section:applicationPools -applicationPoolDefaults.enable32BitAppOnWin64:true
%windir%\system32\inetsrv\appcmd set config -section:anonymousAuthentication /username:"" --password
- Note: If you are using IIS Manager Users and the content is stored in a file share (UNC), set WMSVC to run as a custom identity that has read/write access to the share. For details on WMSVC’s read/write access actions see Remote Administration Behavior Matrix.
- Note: The firewall is enabled by default and you must add the default port (8172) or custom port if you chose one.
- Set unrestricted true for WebPermission.
- Add custom trust to Web.config and lock it.
caspol -m -ag 1. -url "file://\\remotefileserver\content$\*" FullTrust
%windir%\system32\inetsrv\appcmd set config -section:asp -cache.maxDiskTemplateCacheFiles:0
%windir%\system32\inetsrv\appcmd add backup "AfterWalkthroughBackup"