IIS Manage With AppCmd
2022-04-10
筆記如何使用 AppCmd 進行 IIS 的站台管理、部署與各項組態設定,藉由活用 AppCmd 精進 IIS 的管理之道。
說明
管理目標 | 說明 |
---|---|
Site | 虛擬站台 |
App | 應用程式 |
Vdir | 虛擬目錄 |
Apppool | 應用程式集區 |
Config | 組態設定 |
Backup | 伺服器組態備份 |
WP | Worker Process |
Requests | Active HTTP Request |
Module | Server Module |
Trace | Sever Trace Log |
AppCmd Folder
IIS Express
cd C:\Program Files\IIS Express
IIS
cd %systemroot%\system32\inetsrv\
Useful Command
Check Site, Application And Application Pool
appcmd list site
appcmd list app
appcmd list apppool
Check Application Pool And Worker Process Mapping
appcmd list wps
Check Reuqests
appcmd list requests
Disable Upload Folder Script ⭐
appcmd set config "Default Web Site/MyApp/Upload" /section:system.webServer/handlers /accessPolicy:Read /commit:url
commit | 位置 | 範例 |
---|---|---|
site | 寫在整個 Site 層級 | D:\Websites| |
app | 寫在 ApplicationHost 層級 | D:\Websites\App1 |
url | 寫在特定路徑 | D:\Websites\App1\Upload |
Add Site
appcmd add site /name:MySite /bindings:http://*:80 /physicalpath:"D:\Websites"
Add Application Pool (4.0, 2.0, No Managed Code)
appcmd add apppool /name:MyAppPool /managedRuntimeVersion:v4.0
appcmd add apppool /name:MyAppPool /managedRuntimeVersion:v2.0
REM No Managed Code
appcmd add apppool /name:MyAppPool /managedRuntimeVersion:""
Add Application
appcmd add app /site.name:"MySite" /path:/MyApp /physicalpath:"D:\Websites\MyApp"
Delete Site, Application & Application Pool
appcmd delete site "MySite"
appcmd delete app "MySite/MyApp"
appcmd delete apppool MyAppPool
Assign Application Pool To Application
appcmd set app "MySite/MyApp" /applicationpool:MyAppPool
Enable Anonymous Authentication (匿名驗證)
REM Anonymous Authentication
appcmd set config "MySite/MyApp" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True" /commit:apphost
REM Windows Authentication
appcmd.exe set config "MySite/MyApp" -section:system.webServer/security/authentication/windowsAuthentication /enabled:"True" /commit:apphost
Swithc Windows Authentication Providers (NTLM / Negotiate)
REM Clear Provider List First
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /~providers /commit:apphost
REM NTLM
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /-providers.[value='NTLM'] /commit:apphost
REM Negotiate
appcmd set config MySite/MyApp -section:system.webServer/security/authentication/windowsAuthentication /+providers.[value='Negotiate'] /commit:apphost
Custom Header
appcmd set config MySite -section:system.webServer/httpProtocol /+customHeaders.[name='X-Content-Type-Options',value='nosniff'] /commit:apphost
appcmd set config MySite -section:system.webServer/httpProtocol /+customHeaders.[name='X-UA-Compatible',value='IE=EmulateIE7'] /commit:apphost
Setting Default Document
appcmd set config "MySite/MyApp" /section:defaultDocument /+files.[value='hello.aspx']
Backup and Restore IIS Settings
appcmd add backup MyBackup
appcmd restore backup MyBackup
IIS Backup & Restore Sites & Application Pools 備份與還原 IIS 站台與應用程式集區
HTTPS Binding
appcmd set site /site.name:"MyApp" /+bindings.[protocol='https',bindingInformation='*:443:MySSLCertificate']
Application Pool Always Running
set apppool /apppool.name:AppPoolName /startMode:AlwaysRunning
set apppool /apppool.name:AppPoolName /autoStart:true
set config /section:applicationPools /[name='AppPoolName'].processModel.idleTimeoutAction:Suspend
aspnet_regiis
加密 web.config 連線字串密碼的方式,使用 pef
aspnet_regiis.exe -pef "connectionStrings" "D:\Sites\MyApplication"
解密 web.config 連線字串密碼的方式,,使用 pdf
aspnet_regiis.exe -pdf "connectionStrings" "D:\Sites\MyApplication"
IIS Encrypt Web.config (Single Server, AppSettings, Web Farm)
Web Server Hardening
REM 設定回收間隔時間為 0 (取消自動回收)
appcmd set apppool /apppool.name:"AppPoolName" /recycling.periodicRestart.time:00:00:00
REM 設定每天回收時間為 12:00
appcmd set apppool /apppool.name:"AppPoolName" /+recycling.periodicRestart.schedule.[value='12:00:00']
REM 設定失敗次數上限為 20
appcmd set apppool /apppool.name:"AppPoolName" /failure.rapidFailProtectionMaxCrashes:20
REM 設定閒置逾時為 5 分鐘
appcmd set apppool /apppool.name:"AppPoolName" /processModel.idleTimeout:00:05:00
參考資料
Getting Started with AppCmd.exe | learn.microsoft
Appcmd Most Common Commands | gist by Mike Mahon