Octopus Deploy - Deploy.ps1 script for setting up SSL bindings on IIS
To expand on Jared's answer, here is a complete script from a recent project that uses both HTTP and HTTPS:
## Settings#---------------$appPoolName = ("Kraken-Pool-" + $OctopusEnvironmentName)$siteName = ("Kraken - " + $OctopusEnvironmentName) $siteBindings = ":80:octopushq.com"$siteBindingsSecure = ":443:octopushq.com"$siteCertificate = "CERT:\LocalMachine\WebHosting\A347FC4B77A2C176E451D8CE4973C7D0FB3E19AA"$appPoolFrameworkVersion = "v4.0"$webRoot = (resolve-path .)# Installation#---------------Import-Module WebAdministrationcd IIS:\$appPoolPath = ("IIS:\AppPools\" + $appPoolName)$pool = Get-Item $appPoolPath -ErrorAction SilentlyContinueif (!$pool) { Write-Host "App pool does not exist, creating..." new-item $appPoolPath $pool = Get-Item $appPoolPath} else { Write-Host "App pool exists." }Write-Host "Set .NET framework version:" $appPoolFrameworkVersionSet-ItemProperty $appPoolPath managedRuntimeVersion $appPoolFrameworkVersionWrite-Host "Set identity..."Set-ItemProperty $appPoolPath -name processModel -value @{identitytype="NetworkService"}Write-Host "Checking site..."$sitePath = ("IIS:\Sites\" + $siteName)$site = Get-Item $sitePath -ErrorAction SilentlyContinueif (!$site) { Write-Host "Site does not exist, creating..." $id = (dir iis:\sites | foreach {$_.id} | sort -Descending | select -first 1) + 1 new-item $sitePath -bindings @{protocol="http";bindingInformation=$siteBindings} -id $id -physicalPath $webRoot} else { Write-Host "Site exists. Complete"}Write-Host "Set app pool..."Set-ItemProperty $sitePath -name applicationPool -value $appPoolNameWrite-Host "Set bindings..."Set-ItemProperty $sitePath -name bindings -value @{protocol="http";bindingInformation=$siteBindings}New-ItemProperty $sitePath -name bindings -value @{protocol="https";bindingInformation=$siteBindingsSecure}Get-Item $siteCertificate | Set-Item IIS://SslBindings/0.0.0.0!443Write-Host "Set path..."Set-ItemProperty $sitePath -name physicalPath -value "$webRoot"Write-Host "IIS configuration complete!"
At 15below we use octopus and have built an open source octopus helper.
One of the functions in the helper powershells include installing into IIS and adding an SSL cert.
the project itself can be found here: https://github.com/15below/Ensconce
with regard to how to use the helper, firstly reference the createWebSite.ps1. - this works out if you are using IIS6 or 7.Then create the app pool, website and add the ssl cert.
here is a small example
$deployTools = "D:\DeployTools\". $deployTools\createWebSite.ps1CreateAppPool "MyAppPool"CreateWebsite "MyWebsite" "D:\WebsiteDir" "MyAppPool" "MyAppName" "myWebsite.com" "D:\Logs\MyWebsite"AddSslCertificate "MyWebsite" "CertificateName" "myWebsite.com"
You can also use the ensconce tool to deploy your application and update any config data. - more info on this can be found on the GitHub wiki.
Along with the two changes you have already made, http -> https
and 80 -> 443
.
Add the following to the end of the deployment script. Where $siteCertThumb is the thumbprint of the certificate stored in the LocalMachine\My store.
Write-Host "Add certificate to binding..."Get-Item CERT:\LocalMachine\MY\$siteCertThumb | New-Item IIS://SslBindings/$siteBindings