Write a profile for your IIS website

Write a webserver profile that includes rules for your iis_site and firewall.

Before you begin:

Make sure you have:

  • Installed the puppetlabs/iis module, the puppet/windows_firewall module, and their dependencies from the Forge.
  • Created the role and profile modules, as explained in Set up your prerequisites.
We recommend writing your code in a code editor, such as VSCode, and then pushing to your Git server. There is a Puppet VSCode extension that supports syntax highlighting of the Puppet language.
  1. In the profile module, create the following directories and .pp file:
    • manifests/
      • webserver/
        • example.pp
  2. Paste this Puppet code into the example.pp file:
    class profile::webserver::example (
  String $content  = 'Hello from iis',
  String $port = '80',
)
{

  windows_firewall::exception { 'http':
    ensure       => present,
    direction    => 'in',
    action       => 'allow',
    enabled      => true,
    protocol     => 'TCP',
    local_port   => Integer($port),
    remote_port  => 'any',
    display_name => 'IIS incoming traffic HTTP-In',
    description  => "Inbound rule for IIS web traffic. [TCP ${port}]",
  }

  $iis_features = ['Web-WebServer','Web-Scripting-Tools', 'Web-Mgmt-Console']
  iis_feature { $iis_features:
    ensure => 'present',
  }

  # Delete the default website to prevent a port binding conflict.
  iis_site {'Default Web Site':
    ensure  => absent,
    require => Iis_feature['Web-WebServer'],
  }

  iis_site { 'minimal':
    ensure          => 'started',
    physicalpath    => 'c:\\inetpub\\minimal',
    applicationpool => 'DefaultAppPool',
    bindings        => [
      {
        'bindinginformation' => "${facts['ipaddress']}:${port}:",
        'protocol'           => 'http',
      }
    ],
    require         => [
      File['minimal-index'],
      Iis_site['Default Web Site']
    ],
  }

  file { 'minimal':
    ensure => 'directory',
    path   => 'c:\\inetpub\\minimal',
  }

  file { 'minimal-index':
    ensure  => 'file',
    path    => 'c:\\inetpub\\minimal\\index.html',
    content => $content,
    require => File['minimal']
  }
}

    This profile applies custom rules for the iis_site class that include settings for $port and $content. The code uses file to ensure the site's main page has content. Finally, there is a firewall rule that only allows traffic from the ports set in the $port setting.

    You can add your own code to the profile as needed. For more information, go to these Forge pages: