This article provides a basic overview of the manual steps to deploy a front-end Web server running IIS 7.5 or above for the Shared Hosting scenario. It also includes key per-site configuration settings. These steps are described in more detail in the Web Server For Shared Hosting and File Server For Content Storage articles of this guide.
Web Server Pre-Setup
Before configuring permissions on the file server, you must join the Web server to an Active Directory domain controller.
It is possible to not use domain accounts, but the setup in this shared hosting architecture assumes a domain-joined machine. Certain things need to be changed for non-domain scenarios (if you are using content on a remote file server, the same user account with the same password must exist on both the Web server and the file server, for instance).
- Join the Web server to the Active Directory domain controller. This is not required if you are setting up a standalone server
- If you will be storing content or configuration on a remote file server, configure the MaxCmds registry key on the Web server — see SMB Commands Registry Keys.
- If you will be using a Windows-based file server, add the MaxMptCt and MaxWorkItems registry keys on the file server — see SMB Command Registry Keys.
Web Server Setup
Install the Web Server Role – IIS.
Run AppCmd to create an initial Backup.
%windir%system32inetsrvappcmd add backup "FirstBackup"
Configure 32-bit mode worker processes globally on the server.
%windir%system32inetsrvappcmd set config -section:applicationPools -applicationPoolDefaults.enable32BitAppOnWin64:true
Configure the Application Pool Identity as Anonymous User (anonymous user is to be the worker process identity) globally on the server.
%windir%system32inetsrvappcmd set config -section:anonymousAuthentication /username:"" --password
- Configure Default Documents at the server level in IIS Manager.
- Select W3C Fields to Log at the server level in IIS Manager.
- Configure the dynamicIdleThreshold property.
- Configure Dynamic Compression.
Enable Remote Web Service Management in IIS Manager.
If you are using IIS Manager Users and the content is stored in a file share (UNC), set WMSVC to run as a custom identity that has read/write access to the share. For details on WMSVC’s read/write access actions see Remote Administration Behavior Matrix.
Enable the WMSVC port within the local firewall on your Web server by opening the Control Panel and double-clicking the Windows Firewall icon. Then select “Change firewall settings” and add the port for the service.
The firewall is enabled by default and you must add the default port (8172) or custom port if you chose one.
Create a custom trust level based on Medium trust.
- Set unrestricted true for WebPermission.
- Add custom trust to Web.config and lock it.
Enable Full trust to the remote file share. See Share and NTFS Permissions for more details.
caspol -m -ag 1. -url "file://\remotefileservercontent$*" FullTrust
%windir%Microsoft.NETFrameworkversionaspnet.configand set the gcServer enabled to false instead of true.
<configuration> <runtime> <gcServer enabled="false"/> </runtime> </configuration>
Disable ASP template cache.
%windir%system32inetsrvappcmd set config -section:asp -cache.maxDiskTemplateCacheFiles:0
Run AppCmd to create a Backup after all successful changes.
%windir%system32inetsrvappcmd add backup "AfterWalkthroughBackup"
- Enable Shared Configuration, if needed for your environment.
- Create a backup schedule.