search

microsoft / iis-docker

Dockerfile for IIS
https://hub.docker.com/r/microsoft/iis/
MIT License
288 stars 128 forks source link

HTTP Error 403.16 - Forbidden for first 5 minutes container is up #177

Closed bestickley closed 3 years ago

bestickley commented 3 years ago

Hello, I'm having an issue where for the first 5 minutes of the container running, I get a HTTP Error 403.16 - Forbidden but then after 5 minutes it's fine. Any ideas?

Here is my Dockerfile and associated scripts. Any advice is welcome. Thank you!

Dockerfile

FROM stefanscherer/node-windows:12 AS install-node
FROM mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2016
COPY --from=install-node /nodejs /nodejs
WORKDIR c:/the-bridge
COPY web/setup.ps1 .
RUN powershell ./setup.ps1
COPY build/ web/ ./
RUN powershell ./install.ps1
ENTRYPOINT [ "powershell", "-File", "start.ps1" ]

setup.ps1

# Install and Configure US DoD InstallRoot, IIS ARR and HTTP Tracing
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install installroot -y
choco install iis-arr -y
Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/proxy' -Name 'enabled' -Value 'True'
Add-WindowsFeature Web-Http-Tracing
# https://github.com/microsoft/iis-docker/issues/67
C:\Windows\System32\inetsrv\appcmd.exe set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.enabled:true" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config /section:sites -siteDefaults.traceFailedRequestsLogging.directory:"%SystemDrive%\inetpub\logs\FailedReqLogFiles" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config /section:sites -siteDefaults.traceFailedRequestsLogging.maxLogFiles:"50" /commit:apphost

#Create and Configure IIS Site
Remove-Website -Name 'Default Web Site'
$iisTheBridgePath = 'C:\inetpub\the-bridge'
New-Item -ItemType Directory -Force -Path $iisTheBridgePath
New-Website -Name 'TheBridge' -PhysicalPath $iisTheBridgePath
New-WebBinding -Name 'TheBridge' -IPAddress * -Port 443 -Protocol https
$cert = New-SelfSignedCertificate -DnsName 'localhost' -CertStoreLocation cert:\LocalMachine\My
Get-Item "Cert:\LocalMachine\My\$($cert.Thumbprint)" | New-Item 'IIS:\SSLBindings\0.0.0.0!443' # Attach the certificate to the SSL binding
Import-Module IISAdministration
$configSection = Get-IISConfigSection -SectionPath 'system.webServer/security/access' -Location 'TheBridge'
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue 'Ssl, SslNegotiateCert, SslRequireCert' -ConfigElement $configSection

# Setup Node.JS
setx /M PATH $($env:PATH + ';C:\nodejs')
$env:Path = [System.Environment]::GetEnvironmentVariable('Path','Machine') # reload path so npm is a recognized Cmdlet
npm i pm2 -g

#Update hosts file so I can use db service name
Add-Content -Path C:\Windows\System32\drivers\etc\hosts -Value "172.16.238.11`tdb" -Force

start.ps1

pm2 start ecosystem.config.js --env test
C:\ServiceMonitor.exe w3svc
bestickley commented 3 years ago

Does anyone else have this issue? I tried upgrading the image to mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019 but no luck

John-Hart commented 3 years ago

@bestickley I recommend looking at this document: HTTP Error 403.16 when you access a website - Internet Information Services. Without the specific certificate this isn't something we're going to be able to help you diagnose this.