Port configuration with DSC?

This topic contains 4 replies, has 2 voices, and was last updated by  Val Melamed 8 months, 3 weeks ago.

  • Author
    Posts
  • #62095

    Val Melamed
    Participant

    Hello,

    Currently I am trying to configure two things on my VM-s:
    – Open specific ports in the firewall
    – Bind a certificate to a particular port

    For both of these at the moment I use script resources invoking netsh or xxx-NetFirewallRule but I was wondering if there are better ways or resources out there that you can point me to?

    Thank you.
    Val

  • #62502

    Val Melamed
    Participant

    Can anyone please comment?

  • #62650

    Jeremy Murrah
    Participant

    for firewall rules check out the xFirewall resource in the xNetworking module. For certificates binding, if you mean IIS website port bindings check out the xWebsite resource in the xWebAdministration module. If you're talking about the ssl certificate bindings on the machine i.e. 'netsh http show sslcert', I'm not sure if there's a dsc module for that.

  • #62659

    Val Melamed
    Participant

    Thank you. Yes, I meant netsh... Meanwhile I implemented it in a script like this:

    ...
        param (
            [string] $ApplicationId,
            [string] $VmCertificateHash,
            [int] $NetTcpPort     = 808
        )
    ...
            Script NetTcpCertificatePortBinding
            {
                GetScript = 
                {
                    $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                    @{ Result = $t }
                }
    
                TestScript = 
                {
                    $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                    
                    $t -match "(?im)^\s+IP:port\s*:\s*.*:$NetTcpPort" -and
                    $t -match "(?im)^\s+Certificate Hash\s*:\s*$VmCertificateHash$" -and
                    $t -match "(?im)^\s+Application ID\s*:\s*{$ApplicationId}\s*$"
                }
                
                SetScript = 
                {
                    netsh http add sslcert ipport=0.0.0.0:$NetTcpPort certhash=$VmCertificateHash appid="{$ApplicationId}"
                }
            }
    ...
    

    But it is not working. Can you see any problem in the code above?
    Thank you!

    • #62691

      Val Melamed
      Participant

      Figured it out: I was missing the "$using:" part. The snippet above should be:

      ...
          param (
              [string] $ApplicationId,
              [string] $VmCertificateHash,
              [int] $NetTcpPort     = 808
          )
      ...
              Script NetTcpCertificatePortBinding
              {
                  GetScript = 
                  {
                      @{ Result = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort }
                  }
      
                  TestScript = 
                  {
                      $t = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort
                      
                      $t -match "(?im)^\s+IP:port\s*:\s*.*:$using:NetTcpPort" -and
                      $t -match "(?im)^\s+Certificate Hash\s*:\s*$using:VmCertificateHash$" -and
                      $t -match "(?im)^\s+Application ID\s*:\s*{$using:ApplicationId}\s*$"
                  }
                  
                  SetScript = 
                  {
                      netsh http add sslcert ipport=0.0.0.0:$using:NetTcpPort certhash=$using:VmCertificateHash appid="{$using:ApplicationId}"
                  }
              }
      ...
      
      

You must be logged in to reply to this topic.