Download SQL Server 2016 SP1 Express Edition: download link
C:\SQLServer2016Media
directory.Login to the server via RDP, open command prompt and run the following commands:
dism /Online /Enable-Feature /FeatureName:IIS-WebServer /FeatureName:IIS-WebServerManagementTools /FeatureName:IIS-WebServerRole /FeatureName:IIS-ManagementConsole /FeatureName:IIS-ApplicationDevelopment /FeatureName:IIS-ASPNET /FeatureName:IIS-ASPNET45 /FeatureName:IIS-NetFxExtensibility /FeatureName:IIS-NetFxExtensibility45 /FeatureName:NetFx4Extended-ASPNET45 /FeatureName:IIS-CommonHttpFeatures /FeatureName:IIS-DefaultDocument /FeatureName:IIS-HealthAndDiagnostics /FeatureName:IIS-HttpLogging /FeatureName:IIS-LoggingLibraries /FeatureName:IIS-RequestMonitor /FeatureName:IIS-HttpCompressionStatic /FeatureName:IIS-HttpErrors /FeatureName:IIS-StaticContent /FeatureName:IIS-ISAPIExtensions /FeatureName:IIS-ISAPIFilter /FeatureName:IIS-WebSockets /FeatureName:IIS-RequestFiltering /FeatureName:IIS-Performance /FeatureName:IIS-Security /All
dism /Online /Enable-Feature /FeatureName:IIS-ASPNET45 /All
Get-WindowsFeature
and make sure ASP.NET 4.5 and WebSockets are enabled.localhost
is opening.https://ci.appveyor.com
and click Enterprise in top menu. On that page you can see AppVeyor Enterprise license that is required during installation.Installation URL
and run it in PowerShell console on AppVeyor server.http://<server-ip-address>
to complete AppVeyor installation.At the website of our domain name provider (e.g. go daddy etc):
ci.yourcompany.com
(in this example).It may take minutes or hours for DNS records to replicate around the globe before you will see the changes. When it does, you should be able to point your browser to: http://ci.yourcompany.com
, and you will see the familar start page of IIS Server on your CI Server!
If you already have an SSL certificate that will work for your custom domain (i.e. ci.mycompany.com) you can go to the “Installing existing SSL Certificate” section for certificate importing instructions.
If you don’t have a SSL cert yet, you will need to create one. There are a few options available:
Let’s Encrypt is a free, automated, and open Certificate Authority.
You can get a free certificate from “Let’s Encrypt” Certificate Authority (CA) - it’s an absolutely functional certificate and trusted by all major browser. The only “gotcha” is that it’s issued for 60 days only and after that it must be renewed. Fortunately, there is a tool that automates all the steps from requesting and installing a new certificate on an IIS website to its automatic renewal upon expiration.
letsencrypt-win-simple is an open-source tool written in .NET and working with Let’s Encrypt API (so called ACME client). The tool automates provisioning of SSL certificates to IIS web sites.
IMPORTANT NOTE: The tool requires that the website you are going to install certificate on should have a binding with host header set to your domain name configured in the previous step. By default, “Default Web Site” in IIS has “all IPs” on port 80 binding without a host header.
To add a binding with host header open IIS Manager and expand server node, then Sites.
Select Default Web Site and click Bindings… on the right action pane. Click Add… and enter:
http
All unassigned
80
ci.yourcompany.com
Now the site is ready for SSL certificate installation with the letsencrypt-win-simple tool.
Just follow the simple usage instructions for letsencrypt-win-simple tool and enjoy the results by opening https://ci.yourcompany.com
in your browser and seeing IIS start page!
To purchase certificate from a certificate authority (CA) you will first need to create a special ‘Certificate Signing Request’ (CSR), which is a process that creates a private key and generates a bit of text that describes your certificate.
There are many tools available on the internet that can do that for you, but your VM has an easy way to create one for you too which releives you from having to worry about the private key.
This process is outlined in detail below.
RDP into your VM again. In the VM, open the IIS Manager (hit the Windows Start button, and type IIS Manager)
In IIS Manager:
For example:
ci.mycompany.com
(or whatever your custom domain is)<Your Company Name>
<Your Unit>
<Your City>
<Your State>
<Your Country>
Click Next.
Cryptographic Service Provider: Microsoft RSA SChannel Cryptographic Provider
Bit length: 2048
Save to a file on your desktop (e.g. MyCSR.txt
).
Now you can open the CSR file in notepad, and copy the contents to the clipboard.
Next, you will need to exit the VM, and obtain an SSL certificate from your SSL certificate provider. There are many providers on the internet.
Many SSL certificate sites where you will obtain your SSL certificate will expect you to either provide the CSR file or paste the contents into their site. DO NOT generate a new CSR, use the one you just created.
Once your certificate provider has created an SSL certificate for you, you will need to download the certificate in the *.cer
or *.crt
format (IIS may support others too).
Once you have that file, then RDP back into your CI Server and complete the certificate completion process.
In IIS Manager:
For example:
<your *.cer or *.crt file>
<e.g. mycompany.com>
Personal
Then select the ‘Default Web Site’ site in the left pane of IIS Manager.
Click Add.
https
All Unassigned
443
<Your Newly installed Cert>
Close IIS Manager, and exit your RDP session.
Now you can point your browser to: https://ci.yourcompany.com
and see the familiar start page of IIS Server on your CI Server!
Your Azure VM and network are now all set to install AppVeyor Enterprise.
If you already have an SSL certificate for your custom domain, you are ready to install it into your CI Server.
You are going to need a certificate in the file format *.pfx, that includes the private key. If you don’t have that file, you can generate it using tools like OpenSSL, but you will need the private key in another format. There are plenty of articles on the internet to show you how to do that.
RDP into your CI Server.
Copy the *.pfx
file onto your server. There are several ways you can do this, including sharing your C drive with your host machine in the RDP settings. Or even using a service like Dropbox. As a general security practice, a *.pfx
file is not something you want to leave lying around for attackers to obtain.
Open Windows Explorer, and double click on the *.pfx
file.
Local Machine
<location of your \*.pfx file>
<the password that was used to create your \*.pfx file>
The certificate will now be installed on the machine.
Open the IIS Manager (hit the Windows Start button, and type IIS Manager).
In IIS Manager:
Select the ‘Default Web Site’ site in the left pane of IIS Manager.
Click Add button.
https
All Unassigned
443
<Your Newly installed Cert>
Close IIS Manager, and exit your RDP session.
Now you can point your browser to https://ci.yourcompany.com
and see the AppVeyor CI login page!
Login to AppVeyor and go to Account menu → Settings → General. Change Application public URL to https://ci.yourcompany.com
adn enable Enfoce secure HTTPS connections.