├── creds.json ├── README.md ├── api-keys.json ├── docker-compose.yml ├── entrypoint.ps1 ├── Dockerfile ├── startup.ps1 ├── server_config.ps1 ├── appsettings.json └── artifacts ├── website_config.ps1 └── server_config.ps1 /creds.json: -------------------------------------------------------------------------------- 1 | { 2 | "adminname": "containeradmin", 3 | "password": "Whatever1!" 4 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IISadmin 2 | This repo contains base image which impements IISAdmin (https://blogs.iis.net/adminapi) in addition to ability adminster server via IIS Management tool 3 | 4 | -------------------------------------------------------------------------------- /api-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "id": "", 5 | "purpose": "User1", 6 | "created_on": "2017-04-26T22:12:35.4529834Z", 7 | "last_modified": "2017-04-26T22:13:43.7187953Z", 8 | "expires_on": "", 9 | "token_hash": "w_DmrAzR8nJ9Kwtg9mx28SWjXXdxOuZqTXN6TkZqmuo", 10 | "token_type": "SWT" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | iis-admin: 4 | build: . 5 | image: artisticcheese/iis-admin:latest 6 | environment: 7 | - "SecretLocation=c:\\startup\\creds.json" 8 | - "SHELL=powershell.exe" 9 | ports: 10 | - "80" 11 | - "55593" 12 | volumes: 13 | - d:\docker\logs\:c:\inetpub\logs\logfiles\host 14 | - d:\docker\freb\:c:\inetpub\logs\logfiles\freb -------------------------------------------------------------------------------- /entrypoint.ps1: -------------------------------------------------------------------------------- 1 | $VerbosePreference = "ignore" 2 | $sleep = 5 3 | while ($true) 4 | { 5 | $datediff = (New-TimeSpan -Seconds 5).TotalMilliseconds 6 | $filter = "*/System/TimeCreated[timediff(@SystemTime) <= $datediff] and *[EventData/Data[@Name='sc-status'] >'400']" 7 | Get-WinEvent -MaxEvents 10 -FilterXPath $filter -ProviderName "Microsoft-Windows-IIS-Logging" -ErrorAction SilentlyContinue | 8 | Select-Object @{Name = "time"; e = {$_.Properties[2].value}}, @{Name = "VERB"; e = {$_.Properties[8].value}}, @{Name = "ClientIP"; e = {$_.Properties[3].value}}, 9 | @{Name = "URI"; e = {$_.Properties[9].value}}, @{Name = "Query"; e = {$_.Properties[10].value}}, @{Name = "Status"; e = {$_.Properties[11].value}}, 10 | @{Name = "host"; e = {$_.Properties[21].value}} | Format-Table 11 | Start-Sleep $sleep 12 | } 13 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # escape=` 2 | FROM microsoft/windowsservercore:latest 3 | SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'Continue'; $verbosePreference='Continue';"] 4 | WORKDIR prep 5 | ADD "http://go.microsoft.com/fwlink/?LinkId=829373" ".\iisadmin.exe" 6 | COPY ["appsettings.json","C:\\Program Files\\IIS Administration\\2.0.0\\Microsoft.IIS.Administration\\config\\appsettings.json"] 7 | RUN start-process -Filepath .\iisadmin.exe -ArgumentList @('/install', '/q', '/norestart') -Wait 8 | ADD ["\\artifacts\\*", "./"] 9 | COPY ["*.ps1", "creds.json", "c:\\startup\\"] 10 | RUN .\server_config.ps1; .\website_config.ps1 11 | COPY ["appsettings.json","api-keys.json", "C:\\Program Files\\IIS Administration\\2.0.0\\Microsoft.IIS.Administration\\config\\"] 12 | EXPOSE 80 55539 13 | ENTRYPOINT powershell.exe c:\startup\startup.ps1; powershell.exe C:\startup\entrypoint.ps1 -------------------------------------------------------------------------------- /startup.ps1: -------------------------------------------------------------------------------- 1 | $VerbosePreference = "Continue" 2 | $ErrorActionPreference = "Continue" 3 | $ContainerAdmin = $env:ContainerAdmin 4 | $ContainerPassword = $env:ContainerPassword 5 | if ((Get-LocalUser -Name $ContainerAdmin ).Count -eq 1) { 6 | Write-Verbose "Admin container user already exists, updating password to $ContainerPassword" 7 | Set-localuser -Name $ContainerAdmin -Password (ConvertTo-SecureString $ContainerPassword -AsPlainText -Force) 8 | } 9 | else { 10 | Write-Verbose "Admin container does not exist, creating user" 11 | new-LocalUser -Name $ContainerAdmin -Password (ConvertTo-SecureString $ContainerPassword -AsPlainText -Force) 12 | } 13 | if (((Get-LocalGroupMember administrators) -notmatch $ContainerAdmin)) { 14 | Write-Verbose "$containeradmin is not part of local Administrator's group, adding it" 15 | Add-LocalGroupMember -Group Administrators -Member $ContainerAdmin 16 | } 17 | 18 | 19 | -------------------------------------------------------------------------------- /server_config.ps1: -------------------------------------------------------------------------------- 1 | Configuration BasicIIS 2 | { 3 | Import-DscResource -ModuleName 'PSDesiredStateConfiguration' 4 | node localhost { 5 | WindowsFeature Web-Server 6 | { 7 | Name ="Web-Server" 8 | Ensure="Present" 9 | } 10 | WindowsFeature IIS { 11 | Ensure = "Present" 12 | Name = "Web-Mgmt-Service" 13 | } 14 | WindowsFeature Web-Windows-Auth { 15 | Ensure = "Present" 16 | Name = 'Web-Windows-Auth' 17 | } 18 | Service WebManagementService { 19 | Name = "WMSVC" 20 | StartupType = "Automatic" 21 | State = "Running" 22 | DependsOn = "[WindowsFeature]IIS" 23 | } 24 | Registry RemoteManagement { 25 | Key = "HKLM:\SOFTWARE\Microsoft\WebManagement\Server" 26 | ValueName = "EnableRemoteManagement" 27 | ValueData = 1 28 | ValueType = "Dword" 29 | DependsOn = "[WindowsFeature]IIS" 30 | } 31 | } 32 | } 33 | 34 | BasicIIS -OutputPath .\BasicIIS 35 | Start-DscConfiguration -Wait -Verbose -Path .\BasicIIS -Force 36 | remove-item .\basicIIS -Force -Recurse 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "host_id": "d583b5d3-b1b5-48ea-815c-e068b9510ac2", 3 | "host_name": "IIS Administration API", 4 | "security": { 5 | "require_windows_authentication": false, 6 | "users": { 7 | "administrators": [], 8 | "owners": [] 9 | }, 10 | "access_policy": { 11 | "api": { 12 | "users": "Everyone", 13 | "access_key": true 14 | }, 15 | "api_keys": { 16 | "users": "administrators", 17 | "access_key": false 18 | }, 19 | "system": { 20 | "users": "owners", 21 | "access_key": true 22 | } 23 | } 24 | }, 25 | "logging": { 26 | "enabled": true, 27 | "min_level": "error", 28 | "file_name": "log-{Date}.txt" 29 | }, 30 | "auditing": { 31 | "enabled": true, 32 | "file_name": "audit-{Date}.txt" 33 | }, 34 | "cors": { 35 | "rules": [ 36 | { 37 | "origin": "https://manage.iis.net", 38 | "allow": true 39 | } 40 | ] 41 | }, 42 | "files": { 43 | "skip_resolving_symbolic_links": "true", 44 | "locations": [ 45 | { 46 | "alias": "inetpub", 47 | "path": "%systemdrive%\\inetpub", 48 | "claims": [ 49 | "read", 50 | "write" 51 | ] 52 | } 53 | ] 54 | } 55 | } -------------------------------------------------------------------------------- /artifacts/website_config.ps1: -------------------------------------------------------------------------------- 1 | Configuration SecondStep 2 | { 3 | Import-DSCResource -moduleName "xWebAdministration", "xPSDesiredStateConfiguration" 4 | xWebSiteDefaults DefaultConfig { 5 | ApplyTo = "Machine" 6 | LogDirectory = "c:\inetpub\logs\LogFiles\host" 7 | TraceLogDirectory = "c:\inetpub\logs\LogFiles\freb" 8 | } 9 | xIISLogging DefaultIISLOg { 10 | LogPath = "c:\inetpub\logs\LogFiles\host" 11 | LogFlags = "Date", "Time" , "ClientIP", "UserName", "SiteName", "ComputerName", "ServerIP", "Method", "UriStem", "UriQuery", "HttpStatus", "Win32Status", "BytesSent", "BytesRecv", "TimeTaken", "ServerPort", "UserAgent", "Cookie", "Referer", "ProtocolVersion", "Host", "HttpSubStatus" 12 | LogPeriod = 'Daily' 13 | } 14 | 15 | } 16 | Import-module WebAdministration 17 | $splat = @{ 18 | "pspath" = "MACHINE/WEBROOT/APPHOST" 19 | "filter" = "system.applicationHost/sites/siteDefaults/logFile" 20 | "Name" = "logTargetW3C" 21 | "Value" = "File,ETW" 22 | } 23 | Set-WebConfigurationProperty @splat 24 | $IISOpsLog = Get-WinEvent -ListLog Microsoft-IIS-Logging/logs 25 | $IISOpsLog.IsEnabled = "true" 26 | $IISOpsLog.SaveChanges() 27 | SecondStep -OutputPath .\BasicIIS 28 | Start-DscConfiguration -Wait -Verbose -Path .\BasicIIS -Force 29 | remove-item .\* -Force -Recurse 30 | remove-item $env:temp\* -Recurse -ErrorAction Ignore 31 | -------------------------------------------------------------------------------- /artifacts/server_config.ps1: -------------------------------------------------------------------------------- 1 | Configuration BasicIIS 2 | { 3 | Import-DscResource -ModuleName 'PSDesiredStateConfiguration' 4 | node localhost { 5 | WindowsFeature Web-Server 6 | { 7 | Name ="Web-Server" 8 | Ensure="Present" 9 | } 10 | WindowsFeature IIS 11 | { 12 | Ensure = "Present" 13 | Name = "Web-Mgmt-Service" 14 | } 15 | WindowsFeature Init 16 | { 17 | Name = "Web-AppInit" 18 | Ensure = "Present" 19 | IncludeAllSubFeature = $true 20 | } 21 | WindowsFeature Web-Http-Tracing 22 | { 23 | Ensure = "Present" 24 | Name = "Web-Http-Tracing" 25 | } 26 | WindowsFeature Web-Http-Logging 27 | { 28 | Ensure = "Present" 29 | Name = 'Web-Http-Logging' 30 | } 31 | WindowsFeature Web-Windows-Auth 32 | { 33 | Ensure = "Present" 34 | Name = 'Web-Windows-Auth' 35 | } 36 | WindowsFeature Web-Request-Monitor 37 | { 38 | Ensure = "Present" 39 | Name = "Web-Request-Monitor" 40 | } 41 | WindowsFeature StaticContent 42 | { 43 | Ensure = "Present" 44 | Name = 'Web-Static-Content' 45 | } 46 | Service WebManagementService 47 | { 48 | Name = "WMSVC" 49 | StartupType = "Automatic" 50 | State = "Running" 51 | DependsOn = "[WindowsFeature]IIS" 52 | } 53 | Registry RemoteManagement 54 | { 55 | Key = "HKLM:\SOFTWARE\Microsoft\WebManagement\Server" 56 | ValueName = "EnableRemoteManagement" 57 | ValueData = 1 58 | ValueType = "Dword" 59 | DependsOn = "[WindowsFeature]IIS" 60 | } 61 | Registry HTTPErrSize 62 | { 63 | Ensure = "Present" 64 | Key = "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" 65 | ValueName = "ErrorLogFileTruncateSize" 66 | ValueType = "DWORD" 67 | ValueData = "1000000" 68 | } 69 | Registry HTTPErrLocation 70 | { 71 | Ensure = "Present" 72 | Key = "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" 73 | ValueName = "ErrorLoggingDir" 74 | ValueType = "String" 75 | ValueData = "%systemroot%\inetpub\logs\host\httperr" 76 | } 77 | } 78 | } 79 | 80 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force 81 | Install-Module -Name xWebAdministration -Force -Verbose -Repository PSGallery -SkipPublisherCheck 82 | Install-Module -Name xPSDesiredStateConfiguration -Verbose -Repository PSGallery -Force 83 | BasicIIS -OutputPath .\BasicIIS 84 | Start-DscConfiguration -Wait -Verbose -Path .\BasicIIS -Force 85 | 86 | 87 | --------------------------------------------------------------------------------