使用 HTTPS 的 IIS 7 站点无法从外部 Internet 访问(可以从 Intranet 访问)
我正在尝试在 IIS 7 上设置一个 HTTPS 站点。我已经添加了证书,设置了适当的绑定,并且可以从我公司的 Intranet 内访问该站点,但是外部 Internet 上的任何人都无法访问它。我为端口 443 设置了 1:1 NAT 转发,该转发应将请求路由到我的服务器的 IP 地址。我对端口 80 也有同样的情况,并且在访问 http 站点时没有任何问题。
对于我在这里可能缺少的内容有什么建议吗?
更新:
事实证明,管理我公司防火墙的公司添加了 https 和 443 的例外以及正确的路由,但没有为处理 https 的进程添加例外。
I am trying to set up an HTTPS site on IIS 7. I have added the certificate, set up the appropriate bindings and the site is accesible from within my company's intranet, however no one from the outside internet can access it. I have a 1:1 NAT forward set up for port 443 that should route requests to the IP address for my server. I have the same situation for port 80 and don't have any issues with http sites being accessible.
Any suggestions for what I might be missing here?
UPDATE:
As it turns out, the company that manages my company's firewall had added the exception for https and 443, and the correct routing, but hadn't added an exception for the process that handles https.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
对于初学者,从外部使用 telnet 来查看是否可以从外部访问端口:
注意端口前面的空格。
如果telnet屏幕全黑,光标在左上方,则可以连接,因此这是iis问题。
如果 telnet 就在那里,则它正在尝试连接但无法连接。它最终可能会抛出“连接被拒绝”或“无法连接”。这意味着问题出在物理防火墙(需要打开入站路径)或 iis 服务器本身(在其防火墙或 iis 配置中)
在这种情况下,下一步:
在 IIS 服务器本身上执行 telnet 操作,并从与 IIS 相同的网络(例如,不通过防火墙)进行操作。
-- 如果这有效:问题出在网络防火墙配置上
-- 如果这不起作用,您需要检查 IIS 服务器本身的防火墙(Windows 防火墙)以及 IIS 配置本身
注意,在 Windows 7 和 Vista 上、telnet 可能不存在开箱即用。谷歌一下如何启用它。
For starters, from outside, use telnet to see if you can even get to the port from outside:
Note the space before the port.
If the telnet screen goes fully black, w cursor in top left, you can connect, so it is an iis issue.
If telnet just sits there, it is trying to connect but can't. It may finally throw "connection refused" or "could not connect." This means the problem is on the physical firewall (which needs the inbound path opened) or on the iis server itself (in its firewall or iis config)
In this case, next step:
Do the telnet operation on the IIS server itself, and from the same network as IIS (e.g. not through the firewall).
-- If this works: The problem is the network firewall config
-- If this does not work, you need to check the firewall on the IIS server itself (the windows firewall), and the IIS config itself
Note, on windows 7 and vista, telnet may not be present out of the box. Google how to enable it.