(https://www.microsoft.

com) Learn(/en-us/) Documentation(/en-us/docs/) Training(/en-us/training/) Certifications(/en-us/certifications/) Q&A(/en

Questions(/en-us/answers/index.html) Tags(/en-us/answers/topics.html) Users(/en-us/answers/users/index.html) Feedback(/en-us/answers/content/idea/list.html) FAQ & Help(/

 Find posts, tags, and users

 Question

Ｑ
0
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/1300
2212/v
olkvolk
-
1263.ht
ml)
VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) asked • Oct 11 2022 at 6:18 PM | VolkVolk-1263
(https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) commented • Oct 16 2022 at 2:27 AM

How to give public access to the Net Core 6 site in IIS by a static IP address?
Hi!

I have launched a Net Core 6 website on Windows Server 2022. It runs on the server in the local version on ports 82 and 443 (http and https). The domain name has not yet been
redirected to this server from the provider, but in the local version I use it instead of localhost. Everything is fine, everything is working. But how do I open access for this site so that
it is visible from the outside by static IP with the indication of the port - for testing, verification and filling? For example, I need to type in a browser on any computer a string like
http:\\<IP>\<domain>:<port> and work with the site as usual?

I could not find this information on the Internet, but I know that this can be done. How to implement it? Do you have links to step-by-step instructions?

Thanks!

windows-server-iis (https://learn.microsoft.com/answers/topics/608348/windows-server-iis.html)

dotnet-aspnet-core-general (https://learn.microsoft.com/answers/topics/364822/dotnet-aspnet-core-general.html)

dotnet-aspnet-core-mvc (https://learn.microsoft.com/answers/topics/364823/dotnet-aspnet-core-mvc.html)

Ｅ Comment  Save

Ｂ (/answers/questions/1043456/how-to-give-public-access-to-the-net-core-6-site-i.html?sort=newest)
5
 (/answers/questions/1043456/how-to-give-public-access-to-the-net-core-6-site-i.html?sort=oldest)
Answers  (/answers/questions/1043456/how-to-give-public-access-to-the-net-core-6-site-i.html?sort=votes)

Ｑ
1
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/4963
073/ag
avejoe.
html)
AgaveJoe (https://learn.microsoft.com/answers/users/4963073/agavejoe.html) answered • Oct 11 2022 at 9:08 PM COMMUNITY EXPERT

This is NOT a MVC or ASP.NET (http://ASP.NET) Core support question! Plus it is not possible for anyone on this forum to answer this question as we have no idea how your
network is setup.

Should we assume this is a home network and a router connects the web server to the internet? If so, the IP address and assigned by your ISP and can be found by logging into
your router and looking. Port forwarding is a common way you direct traffic to a system on a home network. Read your router documentation.

Ｅ Comment
 Ｑ
1
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/2126
638/br
uce-
sqlwork
.html)
Bruce-SqlWork (https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html) answered • Oct 11 2022 at 10:42 PM | Bruce-SqlWork
(https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html) edited • Oct 11 2022 at 10:44 PM COMMUNITY EXPERT
you first step is to buy a static ipaddress from your ISP. this is your external ipaddress.
if required, convert your server from dynamic ipaddress to static ipaddress with you dhcp server (often a modem). this is your internal ipaddress.
then as suggested enable port forwarding on the ISP modem/switch from the external ipaddress/port to the internal ipaddress/port.

note: it may be cheaper to host in the cloud then to buy a static ipaddress

Ｅ Comment

Ｑ
0
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/1300
2212/v
olkvolk
-
1263.ht
ml)
VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) answered • Oct 12 2022 at 3:23 AM | VolkVolk-1263
(https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) commented • Oct 15 2022 at 2:27 PM
I have a static IP and a separate computer for this. That's why I'm asking how to do this temporarily without direct DNS redirection to my static IP and without premature
purchase of a real certificate.

P.S. A separate server or cloud on the contrary is too expensive. ))

Why would I do this with a stable fast Internet and a powerful machine?

So do you have an example of how to do this for Net Core 6 as part of IIS on Windows Server 2022? In localhost on the server, the site works as it should on ports 82 and 434, but
does not want to from the outside.

Ｅ Comment ·  Hide 10

AgaveJoe (https://learn.microsoft.com/answers/users/4963073/agavejoe.html) · Oct 12 2022 at 4:21 AM (/answers/comments/1044149/view.html)

I have a static IP and a separate computer for this.

Can you explain how you got the static IP address? Did you purchase the IP from your ISP? Also, can you describe the network setup?

That's why I'm asking how to do this temporarily without direct DNS redirection to my static IP and without premature purchase of a real
certificate.

Huh? DNS translates a domain name to an IP address. As far as I can tell you do not have a domain name you have an IP address.

Keep in mind, a certificate uses the a domain name. If you created a certificate using localhost than you'll get a browser warning when accessing the web server by IP
address.

 0 ·
 VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html)  AgaveJoe · Oct 13 2022 at 12:36 AM
(/answers/comments/1045490/view.html)
Yes, the provider provides me with 3 static IP on one line.

The network setup is simple - via a switch, everything works as a separate server. I had Windows Server 2012 r2 running on IIS for a long time, I raised several PHP sites
there.

I have a domain name and I can redirect it to my server (to my static IP), but I don't need it yet, so I want to make the Net Core 6 site on IIS temporarily external, but to
access it via a static IP. That is, instead of a domain name or localhost, there should be a static IP + port. Of course, it is desirable that https works (since there is a
temporary certificate issued by IIS itself on the server), but I can use http also.

Is it possible to create a temporary certificate in IIS for external access via a static IP so that https works? )) Is it even real?

 0 ·

AgaveJoe (https://learn.microsoft.com/answers/users/4963073/agavejoe.html)  VolkVolk-1263 · Oct 13 2022 at 3:01 AM

(/answers/comments/1045663/view.html)
I'm not following your response.

A switch connects devices within a network. A router connects networks. For example a home network with the Internet (WAN).

DNS translates a domain name to an IP address. You have the IP just enter the IP into the browser's address bar.

Is it possible to create a temporary certificate in IIS for external access via a static IP so that https works? )) Is it even real?

For the second time, a certificate is validated by the domain name. I assume you used localhost. The browser will display a certificate warning when an IP is used
since it expects locahost.

 0 ·

Show more comments

Ｑ
1
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/2126
638/br
uce-
sqlwork
.html)
Bruce-SqlWork (https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html) answered • Oct 12 2022 at 3:58 AM | Bruce-SqlWork
(https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html) edited • Oct 14 2022 at 2:20 AM COMMUNITY EXPERT
first test the server firewalls are open. on a machine on the local network, access IIS by the server internal ipaddress and ports. you can use telnet to test the ports are open.

then you need a client machine that is not on your local network, but has internet access.

be sure to configure port forwarding on your ISP connection device to your internal server's ipaddress and desired ports. it may also have a firewall that need configuration.

on the client machine update the hosts file to have domain name for the public static ip.

test http access via the domain name.

then generate a self signed cert for the domain name. install as the ssl cert for IIS. then hit the site with https: from your test client. you will need to trust the certificate. if you
don't want to install a fake ssl, use telnet to test port access, or configure http for both ports in the IIS bindings (be sure to disable https redirect in the asp.net (http://asp.net)
core app).

now update the internet DNS cname for your domain name to point to th public ipaddress. the seller of the domain name should have a tool for this. may take a couple hours to
propagate.

delete the host file entry in the test machine and valid access by DNS name.

now buy a ssl certificate and install on IIS and configure IIS https binding. now test the https access from the test machine.

https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm (https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm)

note: whoever you buy the ssl cert from will have instructions.

really, the only part the windows server (the server does not have any knowledge of its external ipaddress).

1) configure internal static ipaddress instead of dhcp

2) open the firewall ports
3) install ssl certificate and https binding (hostname binding is optional)

Ｅ Comment ·  Hide 2

VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) · Oct 13 2022 at 12:48 AM (/answers/comments/1045566/view.html)

Thanks! I'll try. But, as far as I understand, you told me the option with a real domain and redirecting it's DNS to my static IP. But I need now an variant so that I temporarily
use a static server IP + port instead of a domain name. But anyway, thanks, I'll try to take everything into account. :)

 0 ·

Bruce-SqlWork (https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html)  VolkVolk-1263 · Oct 14 2022 at 2:19 AM

(/answers/comments/1047325/view.html)
just update the hosts file on a test machine to the public ipaddress. if you want to use https, you will need a cert, but if you bind 443 to http, you can validate the port
access from the internet.

 1 ·

Ｑ
0
(https:/
/learn.
micros
oft.com
/answe
rs/user
s/1300
2212/v
olkvolk
-
1263.ht
ml)
VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) answered • Oct 15 2022 at 1:24 AM | VolkVolk-1263
(https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html) commented • Oct 16 2022 at 2:27 AM
I have found a solution. :)
The local network does not play a role.
No need to change hosts on external independent computers.

!!! Need to open port 82 (because port 80 is occupied by the default site, and port 81 is occupied by another test site) !!!

Just need to do this in IIS and enter the site at a static address and port:

Now I calmly go to the site from the outside using such links:

http://StaticIP:82
https://StaticIP:443

And when the site is ready, tested and filed in, you can buy a full-fledged certificate and attach it to IIS.

Thank you all for your advices! The question is closed. :)

 good-0.png (/answers/storage/attachments/250613-good-0.png) (10.3 KiB)

 good-1.png (/answers/storage/attachments/250567-good-1.png) (8.8 KiB)

 good-2.png (/answers/storage/attachments/250558-good-2.png) (13.7 KiB)

Ｅ Comment ·  Hide 4
 Bruce-SqlWork (https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html) · Oct 15 2022 at 3:32 AM (/answers/comments/1048983/view.html)
there was no need to specify the ipaddress in IIS, unless the server was listening on multiple ipaddresses.

note: I'd pick 8080 (a http standard) as the http port rather than 82

 1 ·

Bruce-SqlWork (https://learn.microsoft.com/answers/users/2126638/bruce-sqlwork.html)  Bruce-SqlWork · Oct 15 2022 at 11:33 PM

(/answers/comments/1049395/view.html)
A self signed cert will give an error in the browser and require the user to Trust it. As it’s not a trusted cert, it can be faked or earlier hijacked by a man in the middle
attack.

 1 ·

VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html)  Bruce-SqlWork · Oct 16 2022 at 2:27 AM

(/answers/comments/1049380/view.html)
Ok. Thanks!

I will leave here, in my opinion, a useful link about certificates.

csr-creation-ssl-installation-iis-10.htm (https://www.digicert.com/kb/csr-creation-ssl-installation-iis-10.htm)

 0 ·
 VolkVolk-1263 (https://learn.microsoft.com/answers/users/13002212/volkvolk-1263.html)  Bruce-SqlWork · Oct 15 2022 at 3:03 PM
(/answers/comments/1049149/view.html)
Thanks for the advice, I'll put 8080, although it's a temporary option. The site will then be closed on these ports and it will only be accessed via port 443 with https with
a full certificate.

Only I didn't fully understand. Do I create a real certificate here? Or is it also temporary and incomplete certificate? Have you ever use such a certificate? What's the
point of buying a certificate if I can order it in IIS and attach it to a site for https? Or do I not understand something? I've only used a Self-Signed Certificate right now
in this situation. And what will the certificate that I will create by "Create Certificate Request" give me?

 0 ·
 certificate.png (/answers/storage/attachments/250687-certificate.png) (158.6 KiB)

QUESTION DETAILS

3 people are following this question.

 (htt
ps:/
/le
arn. (htt (htt
mic ps:/ ps:/
ros /le /le
oft. arn. arn.
co mic mic
m/ ros ros
ans oft. oft.
wer co co
s/u m/ m/
ser ans ans
s/1 wer wer
300 s/u s/u
221 ser ser
2/v s/5 s/7
olk 056 664
vol 236 266
k- /bo /35
126 llull 366
3.h era. 280
tml ht .ht
) ml) ml)

 Answers (/Answers/Feed/1043456/Answers.Rss)  Answers And Comments (/Answers/Feed/1043456/Comments-And-Answers.Rss)

RELATED QUESTIONS

Https issue (/answers/questions/723710/https-issue.html)

IIS 10 "Enable Logging Only Mode" in Dynamic IP Restrictions Settings page (/answers/questions/878784/iis-10-34enable-logging-only-mode34-in-dynamic-ip.html)
IIS - error (/answers/questions/877760/iis-error.html)
IIS is not working browser saying refused to connect. (/answers/questions/1002064/iis-is-not-working-browser-saying-refused-to-conne.html)
GZIP not happening consistenly (/answers/questions/891634/gzip-not-happening-consistenly.html)

FAQ (https://aka.ms/msftqafaq) Feedback (https://learn.microsoft.com/en-us/answers/content/idea/post.html) Code of Conduct (https://aka.ms/msftqacodeconduct)

Terms of Use (/en-us/legal/termsofuse) Blog (https://techcommunity.microsoft.com/t5/microsoft-learn-blog/bg-p/MicrosoftLearnBlog)
Trademarks (https://www.microsoft.com/en-us/legal/intellectualproperty/Trademarks/) Privacy (https://go.microsoft.com/fwlink/?LinkId=521839) © Microsoft 2022