Took me a long while to get my server to a place where I actually feel confident in maintaining it.
I’m sure a lot can be improved upon, but here is how it worked for me.
Caveats:
- Sites using the same App pool identity, will have access to the same Windows Credential Vault, and thus access to any secrets stored there.
Remediate this by using service accounts for the app pools, but remember that any only sites using Local System can use the “run as” functionality of Scripts and Automations.
(Mentioned in the docs here: IIS - PowerShell Universal - Choosing an app pool identity
Step 1 - Preparations
First of, follow Step 1 in the IIS setup guide IIS - PowerShell Universal - Step 1
Step 2 - *unzips*
Now, instead of throwing the content of the Windows ZIP file into wwwroot, we are going to make 2 new folders, one for the dashboard, and one for the “persistent storage”:
C:\inetpub\PSU_Site1
C:\inetpub\PSU_Site1_data
Unzip PSU into C:\inetpub\PSU_Site1, and run Get-ChildItem C:\inetpub\PSU_Site1 -recurse | unblock-file on it
Once unzipped (the files), open up Appsettings.json
- In the Logging: section, update path to:
"C:\\inetpub\\PSU_Site1_data\\PowerShellUniversal\\log.txt" - In the Data: section, update RepositoryPath to:
"C:\\inetpub\\PSU_Site1_data\\UniversalAutomation\\Repository"
ConnectionString to:
"filename=C:\\inetpub\\PSU_Site1_data\\UniversalAutomation\\database.db;upgrade=true" - In the UniversalDashboard: section, update AssetsFolder to:
"C:\\inetpub\\PSU_Site1_data\\PowerShellUniversal\\Dashboard"
Now with the repository seperated, updating PSU is as easy as deleting everyting but Appsettings.json and webconfig from C:\inetpub\PSU_Site1, and pasting in the newer zip version without overwriting, and then unblocking the files.
Step 3 - App Pools
Follow all of Step 3 in the docs IIS - PowerShell Universal - application pool configuration
*If you use a service account for the app pool, you need to assign it Read/Write rights to the two folders above, and not the 2 folders mentioned in the docs, you should also add the account to the local users group, if login on your server is restricted.
Step 4 - IIS Conf
follow step in the docs, with one change - IIS - PowerShell Universal - iis web site configuration
When updating the webconfig file as part of Step 4.1, update it to this instead:
<aspNetCore processPath=".\Universal.Server.exe" arguments=".\Universal.Server.dll -iis" forwardWindowsAuthToken="false" stdoutLogEnabled="true" stdoutLogFile=".\logs\log" hostingModel="InProcess" />
Step 5 - Rest of the f*cking owl
same as Step 5 in the docs
IIS - PowerShell - Universal Starting the website
Product: PowerShell Universal
Version: 2.5.5