Managing Portal Aliases, Bindings and SSL

Overview

This course will teach you the basic functionality, diagnostic procedures and common problems for the Portal Aliases, IIS Bindings, and SSL components.

 

Prerequisites

 

Introduction

What is a Portal Alias?

Portal aliases are primarily used to direct traffic to specific portals when there is a single Internet Information Services (IIS) site, which might have multiple IIS bindings. 

2.png

Each portal can have multiple aliases as well. One will be the “primary” alias, which is used when creating dynamic links, i.e. for the navigation menu. When you use an alias domain, it will point to the website files used in your primary alias. This ensures you have only one set of content to manage, while still maintaining multiple URLs.

 

Remember: There must be a different alias per language if the site is using multiple languages.

 

In the back end, Portal Aliases are handled by the Advanced URL Management functionality which allows authorized users to manage application-wide settings that control the format of URLs and Regular Expressions rules for URLs for all sites within this installation.

 

Site Alias Mapping Modes

The Site Alias Mapping Mode determines how a DNN Evoq Portal handles multiple site aliases. This is especially important to SEO rankings. The available mapping modes are:

  • Canonical: The canonical URL is the URL that search engines will return in their results. When the canonical mode is set, the primary alias URL is viewed as the canonical URL. Although no extra configuration is applied to the site page when navigating with the primary URL, additional portal aliases will have the following canonical tag added to the page header;

    <link href="http://AlternatePortalAlias" rel="canonical" />

  • Redirect: Redirects the browser to use the primary alias when browsing on a non-primary alias.
  • None: A site where the mapping mode is set to None will not tag the non-primary pages as canonical nor will there be any redirects to the primary alias. The site can be navigated using any functioning alias, but bots crawling the site will report duplicate content, which will harm the site's SEO rating.

 

Please refer to Configuring URL Mapping for Site Aliases to learn how to choose mapping modes.

 

All aliases are stored in the PortalAlias table in the database so in the event that the site is not accessible you can make changes or add aliases by directly updating the PortalAlias table.

Also, bulk upload of aliases is not possible from the site however this can be done by updating the PortalAlias table using a .csv file.

 

Back to top


 

What is an IIS Binding?

IIS bindings are how the webserver routes domain-based traffic to a specific application.

An IIS binding allows you to configure the information required for requests to communicate with a website. DNN enables a single IIS site to have all the bindings added to it, including HTTPS. You can configure binding information when you create a website, or you can edit the binding information after you create the site.

Binding information includes the protocol that clients use to communicate with the site, the site's IP address, the port number, and a host header. The DNN application itself is unaware of the IIS settings but relies on it being configured correctly.

IIS bindings are a Microsoft offering used by many types of applications and websites. You can explore their website for more details.

 

Applicationhost.config

All IIS settings, including the details of bindings, are stored in this file so whenever we have any issue related to IIS settings and bindings, this file is useful so that we can understand the settings in detail and troubleshoot the issue. 

This speeds up the troubleshooting process. The following sequence shows how to access the applicationhost.config file, (this file should be located %WINDIR%\system32\inetsrv\config) and how it looks.

 

1.gif

 

When configuring bindings on your DNN test site, you can use the dnndev.me domain.

This is a wildcard that will loop back to your own machine. You can create as many subdomain names as you want in *.dnndev.me and all of them will redirect you to your test environment.

 

Back to top


 

 

What is the Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser hence ensuring that all transmitted data remains encrypted. SSL certificates need to be set in the IIS bindings.

DNN has a few settings related to SSL:

  • SSL Enabled: Must be enabled for SSL to work, irrespective of whether the site supports HTTPS or not.
  • SSL Enforced: It is recommended to keep this setting disabled. Secure pages will only be transmitted by https, non-secure pages will only be transmitted by HTTP.

  • Page Settings > Is Secure:  Forces a page to redirect to HTTPS.

 

Back to top


 

Description

How do I set up a Portal Alias?

Setting up a Portal Alias is one of the main components to making the DNN website accessible. The process is quite simple.

  1. First, you will need to login as a superuser for the website.
  2. From the Persona Bar, go to Settings > Site Settings > Site Behaviour > Site Aliases
  3. Click Add Alias.

    2020-05-07_1528.png

    Site Alias: This section you would define the alias you would like to add.
    Theme: This dropdown is to define a specific theme that would like to display when users browse to the specific alias.
    Browser: Define this section if you would like to differentiate between a mobile URL or a desktop URL.
  4. After clicking save, your alias should be added to the list.

 

How do I set up an IIS binding?

Setting up an IIS binding should be the very first steps on building the DNN website, to do so you must:

  1. Go to Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
  2. In the Connections panel, expand your host tree, expand Sites, and click on your website and select Bindings on the right-hand side.
    2020-05-07_1538.png

     

  3. Click Add.

    2020-05-07_1539.png

  4. Enter the desired Hostname.

    If setting up a local development environment, you can use www.dnndev.me (or any subdomain). This is a registered domain that points to the 127.0.0.1 loopback address, so it will always resolve locally.

    If setting up a live website, use your website's domain.


    2020-05-07_1539_001.png

 

How do I set up SSL for the site?

Setting up SSL is essentially an easy process, you will, however, have to apply the SSL certificate in IIS but for training purposes, we will only look at the SSL settings you will need to configure in DNN.

To set up SSL:

  1. Go to Settings > Security > More > SSL Settings
    • From here, you can enable the SSL Enabled setting.

2020-05-07_1546.png

  1. Go to Content > Pages > Page Settings > Advanced > More > Enable Secure Connection: 
    • This will force a particular page to redirect to HTTPS.

2020-05-07_1547.png

You may have noticed that enabling the secure connection setting page by page is very tedious, there is a simpler way of accomplishing this by going into Settings > SQL Console > Run the query: UPDATE Tabs SET IsSecure = 1 WHERE PortalID = #

The PortalID will need to be found by going Manage > Sites > List View. It is important to filter this query by PortalID, this is because there may be environments with multiple sites where the SSL certificate has not properly set up.

Please refer to How to Enable SSL across all pages for further instructions on how to force these SSL settings to the entire site.

 

SSL Offloading Configuration

SSL Offloading takes all the processing of SSL encryption and decryption off the main web server and moves it to a separate device designed specifically for the task. This allows the performance of the main web server to increase while it handles the SSL certificate efficiently.

There is only one setting in DNN related to SSL offloading named "SSL Offloading Header Value". It is very important to know it exists. This setting is used in the case when the SSL certificate is offloaded outside of IIS. (For example a load balancer in a web farm).

 

Back to top


 

Common Usage

What are some issues related to the Portal Alias?

  • Missing primary aliasIf there is no primary alias set, the application can create links incorrectly. So it is required to have a primary alias set.

  • AutoAddSiteAlias: This was a setting from previous versions of DNN which can cause problems if it is still enabled. It basically registers a new portal alias anytime the website gets a request using a domain that does exist. Some sites would have millions of aliases due to bots, which results in huge performance problems.

    siteauto.png

  • Redirect loops: For example, if the site administrator wants to redirect "dnn1.com" to "dnn2.com", but there is another function which is handling a redirect from "dnn2.com" to "dnn1.com", then the browser may get stuck in an infinite loop between the two sites.
    This issue may be related to:
    • A 301 permanent redirect in the browser cache.
    • The IIS rewrite module.
    • The DNN Portal Alias Mapping Mode.
    • The DNN Page Setting URL.
    • A Javascript redirect.

  • Development environment alias was not added: If you forget to add the development/test/staging environment alias to the alias database, you won’t be able to access this environment.
    So when you copy the database for development and it keeps redirecting you to the production alias, you will need to modify the aliases directly in the database when moving the site to a development environment.

 

What are some issues related to IIS Bindings?

  • If an IIS binding points to a site, but there is no corresponding portal alias, it will give an error and the site will be unreachable. To resolve this, you need to add a portal alias. If there is an alias without a corresponding IIS binding. It is just not used.

  • The Windows hosts file allows you to define which domain names are linked to which IP addresses. This takes precedence over your DNS servers, so your DNS servers may say "dnnsoftware.com" is linked to a specific IP address, but you can have dnnsoftware.com go anywhere you want by editing your hosts file.

    The Windows hosts file can be used to block websites, redirect them, create shortcuts to websites, create your own local domains, and more. In the case of IIS bindings, you can set up a binding as the hostname, and then make an entry of the binding hostname along with an IP address in the Windows hosts file so you will be able to access it.

 

IIS bindings are a Microsoft offering used by many types of applications and websites. You can explore their website for more details.

 

What are some issues related to SSL?

  • Update OnDemand SSL Certificate: EVOQ On Demand customers who need to update their existing SSL certificates with newer ones will need to have them in PFX format. They can apply the certificate on their end from the On Demand menu or they can provide them to Support and we will do this on our end. If the certificate is in PEM format, the customer can find an automated converter as well as manual steps to make the change on the web.

  • SSL certification error: The SSL certification error is out of the DNN support scope. However, we still get issues related to it. In such cases, please raise a ticket with their web host or SSL service provider.

  • SSL offloading: SSL is located on the load balancer in web farm environments. This configuration requires additional resources so, for any related issues, please refer to the DNN web farm course in detail and consult the team working on web farms.

  • Mixed content warning: Mixed content warnings occur any time there is both HTTP and HTTPS content on the same page.

  • IIS redirects: Once the SSL certificate is installed, your site might remain accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers. In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule.

    This way, anyone who enters your site using a link like “http://dnn.com” will be redirected to “https://dnn.com” or “https://www.dnn.com” (depending on your choice) making the traffic encrypted between the server and the client-side.
    However, sometimes you can miss making this HTTP to HTTPS redirection rule in such cases they need to make changes using the ‘URL Rewrite’ module in the IIS manager.

 

Further reading

 

Related Articles

Comments

0 comments

Please sign in to leave a comment.