Configuring IIS as a reverse proxy for TeamCity 2017.2.x

Hi James,

we don't currently have documented specific suggestions for IIS, but we do have some generic ones: https://confluence.jetbrains.com/pages/viewpage.action?pageId=74845225#HowTo...-SetUpTeamCitybehindaProxyServer

In some other topics in this forum there are some suggestions you might want to try, such as this: https://teamcity-support.jetbrains.com/hc/en-us/community/posts/360000005244-404-when-downloading-an-artefact-over-https-when-path-has-a-in-it

Yeah, that's the problem I'm running into. As a .NET dev, TeamCity was the best in it's class so it's unfortunate it doesn't fully support/document IIS. :D

Maybe there's something obvious that I'm doing wrong? My current documentation (in markdown) is as follows:

Stop the TeamCity server and modify **C:\TeamCity\conf\server.xml** so that the `Connector` has `port="8090" proxyName="my.custom.domain.edu" proxyPort="80"`.

Also uncomment and update this section near the end:

```
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
portHeader="x-forwarded-port"
internalProxies="144\.yy\.zzz\.1"
/>
```

The service can then be started again.

Update the build agent configuration, at C:\TeamCity\buildAgent\conf\buildAgent.properties to point to port 8090.

Within IIS a new Server Farm server should be added for TeamCity. It should point to 127.0.0.1 on port 8090, and a new URL Rewrite rule can be automatically created for it.

That rule should then be modified with the following:

```
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="my.custom.domain.edu"/>
<set name="HTTP_X_FORWARDED_SERVER" value="my.custom.domain.edu"/>
<set name="HTTP_HOST" value="my.custom.domain.edu"/>
<set name="SERVER_NAME" value="my.custom.domain.edu"/>
</serverVariables>
```

Additionally, in TeamCity the following should be set in Administration > Server Administration > Diagnostics > Internal Properties:

```
# For HTTP protocol
## The domain name or the IP address of the proxy host and the port:
teamcity.http.proxyHost=my.custom.domain.edu
teamcity.http.proxyPort=8090
## The hosts that should be accessed without going through the proxy, usually internal hosts. Provide a list of hosts, separated by the '|' character. The wildcard '*' can be used:
teamcity.http.nonProxyHosts=localhost

# For HTTPS protocol
## The domain name or the IP address of the proxy host and the port:
teamcity.https.proxyHost=my.custom.domain.edu
teamcity.https.proxyPort=8090

## The hosts that should be accessed without going through the proxy, usually internal hosts. Provide a list of hosts, separated by the '|' character. The wildcard '*' can be used:
teamcity.https.nonProxyHosts=localhost
```

Hi,

I do not think anything under "Additionally, in TeamCity the following should be set" should be configured.

Those internal properties are not related to exposing TeamCity server URL via proxy, but rather to using the proxy for outgoing connections created by the TeamCity server itself. This is a different story.

From your original post: "but I'm running into issues with actually being able to pull from Git (either general 400 errors or 'not authorized')."

This is also not related to the TeamCity server behind a reverse proxy and actually might be related to those internal properties you have added.

That does seem to have resolved the issue; thank you!

I believe what happened is that I just continued with the documentation into https://confluence.jetbrains.com/pages/viewpage.action?pageId=74845225#HowTo...-ConfigureTeamCitytoUseProxyServerforOutgoingConnections where this is noted.

Reverting that allows IIS to sit in front of it, as well as allow TeamCity to connect out to our GitLab instance.

Woohoo!