如何使用powershell安裝和配置IIS、SSL證書、urlrewrite、git和克隆倉庫

Question

我目前正在設置自動縮放 IIS 網絡服務器，需要通過 powershell 腳本自動安裝和配置以下內容：

• 信息系統
• 網址重寫
• 導入 SSL 證書
• 配置新網站
• 添加新的 SSL 綁定
• 從 GIT 存儲庫下載我的源代碼

問候

利亞姆

Answer 1

當我遇到 AWS ELB 需要安裝 IIS、URL 重寫、git 和克隆存儲庫的情況時，我只是想分享一個我與大家放在一起的 powershell 腳本。

echo "Installing web-webserver"
powershell.exe add-windowsfeature web-webserver -includeallsubfeature -logpath $env:temp\webserver_addrole.log 
echo "Installing web-mgmt-tools"
powershell.exe add-windowsfeature web-mgmt-tools -includeallsubfeature -logpath $env:temp\mgmttools_addrole.log

echo "Creating C:\inetpub\wwwroot\example.com\"
$TestApplicationroot = Test-Path C:\inetpub\wwwroot\example.com
if (! $TestApplicationroot) {
    mkdir C:\inetpub\wwwroot\example.com
}

echo "GIT: Installing Chocolatey"
(new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1') | iex
echo "GIT: Installing Git"
cinst git
echo "GIT: Setting enviroment path"
$env:path += ";" + (Get-Item "Env:ProgramFiles(x86)").Value + "\Git\bin"
echo "GIT: Installing poshgit"
cinst poshgit
echo "GIT: Installing UrlRewrite"
cinst UrlRewrite
echo "GIT: Installing git-credential-winstore"
cinst git-credential-winstore

.\CredMan.ps1 -AddCred -Target 'git:https://gitrespos.org' -User 'TestApplication' -Pass 'TestApplicationPassword'

echo "GIT: Cloning TestApplication1 code"
cd C:\inetpub\wwwroot\example.com\
git clone "https://gitrespos.org/Username/TestApplication1.git"

import-module webadministration

echo "Creating new website"
new-website -name "example.com" -port 80 -physicalpath c:\inetpub\wwwroot\example.com -ApplicationPool ".NET v4.5" -force 

Echo "Importing SSL certificate"
$mypwd = ConvertTo-SecureString -String "SSLCertificate password" -Force –AsPlainText
Import-PfxCertificate –FilePath .\certificate.pfx cert:\localMachine\my -Password $mypwd
New-WebBinding -Name "example.com" -IP "*" -Port 443 -Protocol https

echo "Assigning SSL certificate"
cd IIS:\SslBindings
$cert = Get-Item cert:\LocalMachine\My\THUMB-OF-SSL-CERTIFICATE
$cert |New-Item 0.0.0.0!443

echo "Adding application pools TestApplication1"
New-Item 'IIS:\Sites\example.com\TestApplication1' -physicalPath "C:\inetpub\wwwroot\example.com\TestApplication1" -type Application

echo "Removing Default Web Site"
remove-website -name "Default Web Site"
Start-Sleep -s 10
echo "Starting example.com website"
start-website -name "example.com"

您可以從以下鏈接下載 CredMan.ps1 http://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde

您需要首先通過在 powershell 中運行以下命令在服務器上找到您的證書的 Thumb 並記下 Thumbprint，因為它在您將證書導入到的每台服務器上都是相同的。：

get-ChildItem cert:\LocalMachine\My

我希望這對你們中的一些人有所幫助，因為我花了幾天時間才想出一路上遇到的不同問題。

問候

利亞姆

Answer 2

下面是完整代碼，導入pfx，添加iis網站，添加ssl綁定：

$certPath = 'c:\cert.pfx'
$CertificatePassword = '1234'
$SiteName = "MySite"
$HostName = "localhost"
$SiteFolder = Join-Path -Path 'C:\inetpub\wwwroot' -ChildPath $SiteName


Write-Host 'Import pfx certificate' $certPath
$certRootStore = “LocalMachine”
$certStore = "My"
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($certPath,$CertificatePassword,"Exportable,PersistKeySet") 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore) 
$store.Open('ReadWrite')
$store.Add($pfx) 
$store.Close() 
$certThumbprint = $pfx.Thumbprint


Write-Host 'Add website' $SiteName
New-WebSite -Name $SiteName -PhysicalPath $SiteFolder -Force
$IISSite = "IIS:\Sites\$SiteName"
Set-ItemProperty $IISSite -name  Bindings -value @{protocol="https";bindingInformation="*:443:$HostName"}
if($applicationPool) { Set-ItemProperty $IISSite -name  ApplicationPool -value $applicationPool}


Write-Host 'Bind certificate with Thumbprint' $certThumbprint
$obj = get-webconfiguration "//sites/site[@name='$SiteName']"
$binding = $obj.bindings.Collection[0]
$method = $binding.Methods["AddSslCertificate"]
$methodInstance = $method.CreateInstance()
$methodInstance.Input.SetAttributeValue("certificateHash", $certThumbprint)
$methodInstance.Input.SetAttributeValue("certificateStoreName", $certStore)
$methodInstance.Execute()

Answer 3

查看Carbon模塊（免責聲明：我是 Carbon 的所有者/維護者）。 它具有進行 IIS 和 SSL 配置以及安裝 MSI 的功能。 遺憾的是，您必須自己弄清楚 Git。 （我建議改用 Mercurial。 :-) ）

祝你好運！