IIS — Internet Information Services
IIS là web server của Microsoft, tích hợp sẵn trong Windows Server. Nó phục vụ ASP.NET, PHP, static files và hoạt động như reverse proxy.
Kiến trúc IIS
Các thành phần chính
| Thành phần | Ý nghĩa |
|---|---|
| Site | Website với hostname, port, IP binding |
| Application | Ứng dụng trong site (virtual directory + code) |
| Application Pool | Process riêng biệt chạy ứng dụng |
| Virtual Directory | Ánh xạ URL path → physical path |
| w3wp.exe | Worker process thực sự chạy code |
Cài đặt và Cấu hình
# Cài IIS với các feature phổ biến
Install-WindowsFeature -Name Web-Server `
-IncludeManagementTools
# Cài thêm modules
Install-WindowsFeature -Name @(
"Web-Asp-Net45", # ASP.NET 4.5
"Web-Net-Ext45", # .NET Extensibility
"Web-ISAPI-Ext", # ISAPI Extensions
"Web-ISAPI-Filter", # ISAPI Filters
"Web-Mgmt-Console", # IIS Manager GUI
"Web-Scripting-Tools", # IIS PowerShell module
"Web-Log-Libraries", # Logging
"Web-Request-Monitor", # Request Tracing
"Web-Basic-Auth", # Basic Authentication
"Web-Windows-Auth", # Windows Authentication
"Web-Url-Auth" # URL Authorization
)
Quản lý qua PowerShell (IISAdministration)
# Import module
Import-Module IISAdministration
# === Sites ===
Get-IISSite # liệt kê tất cả site
Get-IISSite -Name "Default Web Site" # site cụ thể
New-IISSite -Name "MyApp" `
-PhysicalPath "C:\inetpub\myapp" `
-BindingInformation "*:80:myapp.company.com"
# Start/Stop site
Start-IISSite -Name "MyApp"
Stop-IISSite -Name "MyApp"
Restart-WebItem -PSPath "IIS:\Sites\MyApp" # dùng WebAdministration module
# === Application Pools ===
Get-IISAppPool # liệt kê app pools
New-WebAppPool -Name "MyAppPool"
# Cấu hình App Pool
$pool = Get-IISConfigCollection -ConfigElement (Get-IISAppPool "MyAppPool")
Set-WebConfigurationProperty -Filter "system.applicationHost/applicationPools/add[@name='MyAppPool']" `
-Name "processModel.idleTimeout" -Value "00:00:00" # không tắt khi idle
Set-WebConfigurationProperty -Filter "system.applicationHost/applicationPools/add[@name='MyAppPool']" `
-Name "recycling.periodicRestart.time" -Value "00:00:00" # không restart theo giờ
# Recycle App Pool (restart worker process)
Restart-WebAppPool -Name "MyAppPool"
# === Bindings ===
New-WebBinding -Name "MyApp" -IPAddress "*" -Port 443 -Protocol "https"
Get-WebBinding -Name "MyApp"
# Gán SSL certificate vào binding
$cert = Get-ChildItem "Cert:\LocalMachine\My" | Where-Object {$_.Subject -like "*myapp*"}
(Get-WebBinding -Name "MyApp" -Protocol "https").AddSslCertificate($cert.Thumbprint, "MY")
Cấu hình SSL/HTTPS
# Tạo self-signed certificate (dev/test)
$cert = New-SelfSignedCertificate `
-DnsName "myapp.company.com" `
-CertStoreLocation "cert:\LocalMachine\My" `
-NotAfter (Get-Date).AddYears(2)
# Import certificate từ file
Import-PfxCertificate -FilePath "C:\certs\myapp.pfx" `
-CertStoreLocation "Cert:\LocalMachine\My" `
-Password (ConvertTo-SecureString "pfx_password" -AsPlainText -Force)
# Thêm HTTPS binding
New-WebBinding -Name "MyApp" `
-Protocol "https" `
-Port 443 `
-HostHeader "myapp.company.com"
# Bind certificate vào HTTPS
netsh http add sslcert hostnameport="myapp.company.com:443" `
certhash=$cert.Thumbprint appid="{00000000-0000-0000-0000-000000000000}"
Reverse Proxy với IIS (ARR)
IIS có thể làm reverse proxy bằng Application Request Routing (ARR) module:
# Cài ARR và URL Rewrite
# Download từ IIS site hoặc dùng Web Platform Installer
<!-- web.config — cấu hình reverse proxy -->
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxy" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite"
url="http://backend-server:8080/{R:1}" />
</rule>
</rules>
</rewrite>
<!-- Forward real IP -->
<httpProtocol>
<customHeaders>
<add name="X-Forwarded-For" value="{REMOTE_ADDR}" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Log và Troubleshoot
# Vị trí log mặc định
# C:\inetpub\logs\LogFiles\W3SVC1\ (Site 1)
# C:\inetpub\logs\LogFiles\W3SVC2\ (Site 2)
# Xem log IIS
Get-Content "C:\inetpub\logs\LogFiles\W3SVC1\u_ex240115.log" | Select-Object -Last 100
# Failed Request Tracing — debug request bị lỗi
# Bật qua IIS Manager → Site → Failed Request Tracing Rules
# Xem Application Pool crashes
Get-EventLog -LogName Application -Source "WAS" -EntryType Error -Newest 20
Get-EventLog -LogName Application -Source "ASP.NET*" -EntryType Error -Newest 20
# Kiểm tra worker process
Get-Process w3wp | Select-Object Id, CPU, WorkingSet, StartTime
W3C Log Format
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip sc-status sc-bytes cs(User-Agent)
2024-01-15 10:30:45 192.168.1.1 GET /api/users - 443 - 203.0.113.5 200 1234 Mozilla/5.0...
So sánh IIS vs nginx vs Apache
| IIS | nginx | Apache | |
|---|---|---|---|
| Platform | Windows only | Cross-platform | Cross-platform |
| License | Windows Server license | Free, open source | Free, open source |
| Config | GUI + XML | Text (nginx.conf) | Text (.htaccess) |
| ASP.NET | Native | Cần reverse proxy | Cần mod_mono |
| Performance | Tốt | Xuất sắc (static) | Tốt |
| Modules | Cài qua IIS Manager | Compile-time | LoadModule |
| Dùng cho | .NET apps, Windows infra | High-traffic, microservices | PHP, .htaccess flexibility |