Showing posts with label Search. Show all posts
Showing posts with label Search. Show all posts

Wednesday, January 13, 2016

Tips for installing Episerver standard search with SSL

I wrote a blog post on how to setup Episerver Standard Search more than three years ago. After getting some questions about how use of SSL together with Episerver standard search, I thought I should share some useful tips here. I noticed that several people have written about this topic earlier, so this is more like an add on to this.


First of all, you should get the solution up and running without SSL. You will find a guide how to do that from this blog:

http://sveinaandahl.blogspot.no/2013/06/how-to-install-episerver-search-for.html

There are a two elements you will need to add to the web.config, when you want to add ssl support to your solution. Changes are marked with yellow background.

 Web.config

 <system.serviceModel>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <bindings>
      <webHttpBinding>
        <binding name="IndexingServiceCustomBinding" maxBufferPoolSize="1073741824" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
           <security mode="Transport">
              <transport clientCredentialType="None"></transport>
           </security>
          <readerQuotas maxStringContentLength="10000000" />
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>



  <episerver.search active="true">
    <namedIndexingServices defaultService="serviceName">
      <services>
        <add name="serviceName" baseUri="https://DNS-name/IndexingService/IndexingService.svc" accessKey="local" />
      </services>
    </namedIndexingServices>
    <searchResultFilter defaultInclude="true">
      <providers />
    </searchResultFilter>
  </episerver.search>


IIS
In IIS you will need to add a https binding and perhaps remove the http. :-)


If everything is working fine you should get up a web service in your browser from this url (including the https): https://YourDnsName/IndexingService/IndexingService.svc

If not, you should read on. :-)

TIPS! «HTTP Activation» is a feature that is often forgot. So it's always smart to check if that's activated for the asp.net version you use in the project.

My experience is that it’s usually two things with the setup that’s not correct, when using SSL together with standard search. One is the lack of knowledge about certificates and how to install them, and second is how to setup the IIS correct.

Different certificates
The most used certificate types are «Domain validated certificates» and «Extended validation certificates». The use of EV certificate can be easily spotted by that the url field in the browser get an «green bar» in the beginning. More and more sites has started to use these EV certificates.They usually cost little more and takes longer to order because of the validation process.

Extended Validation Certificate
EV certificates use the same encryption as domain validated certificates: The increase in security is due to the identity validation process, which is indicated inside the certificated by the policy identifier.

Ref: https://en.wikipedia.org/wiki/Extended_Validation_Certificate


Production environment 
Before IIS8, there was an problem to have more than one certificate per server, since most server have only one IP address. Often this could be solve by using a SAN certificate that contain several domains.

With Windows 2012 (IIS8) came a new feature called Server Name Identification (SNI), which made it possible to use several certificate on same IP.

You can find more information on how to install this things here:

Single Certificate and Multiple Certificates Using SNI (IIS8)
https://www.digicert.com/ssl-certificate-installation-microsoft-iis-8.htm




Development environment
In development we usually just create a self-signed certificate. When you create this in IIS they are usually «Issued To» your computer name. What you write in as Friendly name doesn’t really mater.
So, if you want to avoid to getting a certificate error when you run your site in the browser you should use your machine name as localhost name.

TIPS! If you only are using one certificate you put the certificate into «Personal». If you are going to use SNI, you must add it to «Web Hosting».



How to access the certificate 
If you get access denied in the log file, here is a way to fix that. After you have create the certificate to the Personal folder, then type "MMC" in Windows search and open it up.(got an icon of a red tool box)

Then goto FILE -> Add/Remove Snap-in. -> Select Certificates -> click Add-> Select Computer account -> Local Computer -> Finished -> Ok.

Then open up Certificates -> Personal. Here you will find the certificate you have created or installed earlier.



Add Permissions to the certificate
Right click on the certificate(marked blue on picture above) -> All tasks -> Manage Private Keys -> Add "Network Service" user -> Remove «Full control» (only read is necessary) -> OK


IIS
Now add «Network Service» to the Application Pool to the site you use in IIS for the site with SSL. This will give the App pool identity access to both certificate and the site.



Happy configuring! :-)


Posted by at No comments:
Labels: , ,

Thursday, June 27, 2013

How to install EPiServer Search for EPiServer CMS 7

Linda Mohacsi wrote a very good blog post about EPiServer Search functionality a week ago ( Ref. http://world.episerver.com/Blogs/Linda-Mohacsi/Dates/2013/6/The-built-in-EPiServer-search-functionality-described-in-a-non-technical-way ) and Paul Smith have also written a blog post about FTS for EPiServer CMS 6 a few years back. I have lately been working on upgrading a large enterprise solution to EPiServer CMS 7, where I also had to upgrade the search to use EPiServer Search (lucene).

After running into a few problems, I thought it would be a good idea to blogg about this, since the information about EPiServer Search is very limited and fragmented on the web.

Installing EPIServer Seach



After you have installed EPiServer Search from Deployment Center, some elements have been added to your web.config, .dll files into bin folder and a new folder called IndexingService containing a file called IndexingService.svc. The .svc file should be include to your project before you recompiling.

Web.config

Elements that will be added during the install to your web.config :

<configuration>
  <configSections>
    <section name="episerver.search" type="EPiServer.Search.Configuration.SearchSection, EPiServer.ApplicationModules" />
    <section name="episerver.packaging" type="EPiServer.Packaging.Configuration.EPiServerPackagingSection, EPiServer.Packaging" />
    <section name="episerver.search.indexingservice" type="EPiServer.Search.IndexingService.Configuration.IndexingServiceSection, EPiServer.Search.IndexingService" />

If you need to setup with more then one binding per site, ex. mycompany.com and mycompany.no, you’ll need to add <serviceHostingEnviroment multipleSiteBindingEnable= ”true”>, as shown below.  This is not included in the default installation, so you would need to add this one yourself.

  <system.serviceModel>
   <bindings>    
     <webHttpBinding>
        <binding name="IndexingServiceCustomBinding" maxBufferPoolSize="1073741824" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
          <readerQuotas maxStringContentLength="10000000" />
        </binding>
      </webHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
 

Default from installation, the baseUri would be setup with localhost. You would have to replace this with a correct dns name.

  <episerver.search active="true">
    <namedIndexingServices defaultService="serviceName">
      <services>
        <!--<add name="{serviceName}" baseUri="{indexingServiceBaseUri}" accessKey="{accessKey}"/>-->
        <add name="serviceName" baseUri="http://www.xxxx.com/IndexingService/IndexingService.svc" accessKey="local" />
      </services>
    </namedIndexingServices>
    <searchResultFilter defaultInclude="true">
      <providers />
    </searchResultFilter>
  </episerver.search>
 

The [appDataPath] is defined in EpiServerFrameWork.config. I would recomind to have the index as a subfolder in vpp. During installation of search you would have choose a place to put it.

  <episerver.packaging protectedVirtualPath="~/CMS/" />
  <episerver.search.indexingservice>
    <clients>
      <!--add name="example" description="example" ipAddress="127.0.0.1/8,192.168.0.0/24" ip6Address="" allowLocal="true|false" readonly="true|false" /-->
      <add name="local" description="local" allowLocal="true" readonly="false" />
      <!--add name="example" description="example" ipAddress="127.0.0.1/8,192.168.0.0/24" ip6Address="" allowLocal="true|false" readonly="true|false" /-->
    </clients>
    <namedIndexes defaultIndex="default">
      <indexes>
        <add name="default" directoryPath="[appDataPath]\Index" readonly="false" />
      </indexes>
    </namedIndexes>
  </episerver.search.indexingservice>
  <location path="IndexingService/IndexingService.svc">
    <system.web>
      <httpRuntime maxQueryStringLength="65536" />
    </system.web>
    <system.webServer>
      <security>
        <requestFiltering>
          <requestLimits maxQueryString="65536" />
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
 

Testing of the service

After you have installed the search and verified the web.config you can test if the service is running by type this url into a browser : http://www.xxxx.com/IndexingService/IndexingService.svc. Don’t worry about that the endpoint isn’t found, if it work it should look like this. If you don’t get this up read last chapter about other problems you could run into or your web.config isn’t correct modifed.












Indexing the site(s)

To my big surprise EPiServer got a hidden feature! You can index the site, by typing this url into a browser: http://www.xxxx.no/EPiServer/CMS/Admin/IndexContent.aspx.










(Tips from Fredrik Haglund )

If you open a file browser and navigate [appDataPath]\Index\main you will see that the files is started to be generated. So now you know its running. Depending of the size of the site, it could take some time to index it. For me it took about 20 min to index 6000 pages.





















Other problems you could run into

If you got problems with that IIS isn’t recognize the svc file. You should check if WCF for .net framework 3.5 is installed.

If you have upgraded an old EPiServer site which runs under .net framework 2.0, would be to check that you have added “svc-Integrated-4.0" under and removed the old one.


<add name="svc-Integrated-4.0" path="*.svc" verb="*" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="integratedMode,runtimeVersionv4.0" />


A special feature you must check, if you are going to run on window 2012 server is to check if «HTTP Activation» under the feature .net framework 3.5 is enabled. Last tips are that you could also download the tool LUKE (http://luke.codeplex.com/) to be able to analyze and maintain the lucene index.
Posted by at 6 comments:
Labels: ,
Subscribe to: Comments (Atom)