Automating the deployment of Web sites on IIS with PowerShell

Source: Internet
Author: User
Tags argumentlist

This article focuses on how to automate the deployment of an ASP. NET Web site on IIS through PowerShell, without involving the basic syntax of PowerShell, and if you don't have a PowerShell foundation, you can use this as the cornerstone of learning PowerShell by learning the script in this article to check out the specific syntax , you may achieve a multiplier effect.

Generally we need to set up a website in the following steps:

1. Install the. NET Framework

2. IIS Installed

3. Registering, enabling ISAPI and CGI restrictions

4. Establish website

5. Set default home page, authentication, set MIME type

6. Bind domain name or IP address

7. Set permissions

8. Set Firewall Inbound Rules

function Introduction

The main feature is to place the site folder, PowerShell script file,. NET Framework installer, PowerShell upgrade program in the same folder, run the script file as an administrator, and the script automatically installs the. Net Framework and upgrade PowerShell and copy the site files to the site directory, eventually creating a Web site.

Let's talk about what to do if you implement the above steps through PowerShell:

Install the. NET Framework

First check whether the. NET Framework is already installed, if it is not installed again. Now I know there are two ways to determine whether the. NET Framework is installed, one is to check the registry, one is to check the installation path (a bit unreliable), and in this article I will check the registry to see if the. NET Framework. The framework's registry path is in the "Hklm:\software\microsoft\net framework Setup\", so it can be implemented with the following code:

Test-path "Hklm:\software\microsoft\net Framework Setup\"

But the code above only checks the. NET Framework for installation and does not know which version is installed, so you need to match the following code:

$version = GCI ' hklm:\software\microsoft\net Framework SETUP\NDP ' | Sort Pschildname-desc | Select-fi 1-exp Pschildname

GCI is an abbreviation for Get-childitem, Srot is the abbreviation of Sort-object, which can be viewed by running Get-help get-childitem-detailed to see the details of the function. Other functions can only be replaced with Get-chilitem. The specific code is as follows:

function checkframework{    try    {     $exists = test-path "hklm:\software\microsoft\net Framework setup\"     if ($exists-eq $false)     {    return $false     }     else     {    $version = GCI ' hklm:\software\microsoft\net Framework SETUP\NDP ' | Sort Pschildname-desc | Select-fi 1-exp pschildname    if ($version-ge "v4.0")    {    return $true    }    else    {    Return $false    }     }    }    catch    {        write-error $_. Exception.Message    }}

After checking, the. NET Framework is installed, and the calling installer is implemented through the Start-process function, just find the exe file under the folder and call the Start-process function:

Write-progress "Installing the. NET Framework" Please wait ... "Get-childitem $PSScriptRoot-filter *.exe | %{start-wait $_-argumentlist "/quiet"}
Write-progress "Completed" "Completed"-completed

Write-progress is to display the progress bar information, $PSScriptRoot to get the path where the current script is located. The-argumentlist parameter indicates that the installation process is performed silently, and if the parameter is not present, the specific installation process is displayed. The next step is to upgrade PowerShell to version 4.0, because later scripts are written based on 4.0来.

Upgrade PowerShell

It is also necessary to check the PowerShell version before upgrading, if it is already 4.0, there is no need to re-update it again. The way to upgrade PowerShell is the same as installing the. NET Framework, except that the system automatically restarts to complete the upgrade when the upgrade is complete, or does not restart automatically after installation, using the-argumentlist parameter "/quiet/ Norestart "is OK, but the script in this article is automatically restarted. If your script is not based on version 4.0, you can set it to not restart automatically. So how do you get the system to automatically execute the current script after it restarts? You might think of the registry, yes, this is done by writing the registry, if it is already 4.0 version can be implemented in another way, the specific code is as follows:

#Register-scheduledjob can only be used after 3.0 # $scriptPath =  $MyInvocation. scriptname# $trigger = New-jobtrigger-atstartup- Randomdelay 00:01:00#register-scheduledjob-trigger $trigger-filepath $SCRIPTPATP-name upgradepowershell$ Registryvalue = "{0}\system32\windowspowershell\v1.0\powershell.exe {1}"-F $env: windir, $MyInvocation. scriptname$ Registrypath = "Hkcu:\software\microsoft\windows\currentversion\runonce" $exists = Test-path $registryPathif ($exists -eq $false) {new-item $registryPath}new-itemproperty "$registryPath" Upgrade-propertytype string-value "$ Registryvalue "

The code for the comment is another implementation, but it can only be used in versions later than 3.0. Under HKCU There is no RunOnce this item, so you need to determine whether the registry path exists, HKLM under the words there is RunOnce path. RunOnce means that the registration information will be deleted once execution is executed.

Installing IIS

You need to use the following code to introduce the Servermanager module before the installation calls the method of installing IIS, otherwise there is no way to invoke the specific function:

Import-module Servermanager

Adding features and roles primarily with the Add-windowsfeature-name,name parameter is the name of a feature or role, and if you do not know the name of the specific feature and role you can use Get-windowsfeature to get the name of the related role or feature:

$features = Get-windowsfeature Web-*foreach ($item in $features) {if ($item. Installed-eq $false) {write-host "Installation: $ite M.displayname "$item | Add-windowsfeature}}

First get all the roles and features starting with web-, one by one to determine if they are installed, and then install them without installing them.

Registering, enabling ISAPI and CGI restrictions

Before running the registration command, determine if it is already registered, if it is already enabled. Registering the ISAPI in PowerShell and registering it at the command prompt is similar to running as an administrator. If you are running the full path of aspnet_regiis.exe directly, the commands in PowerShell and CMD are the same:


If the first switch to the Aspnet_regiis.exe directory, under CMD can be run directly aspnet_regiis.exe-i, under PowerShell will need to run./aspnet_regiis.exe-i, Otherwise, PowerShell does not recognize the aspnet_regiis.exe-i command. The following script gets whether it is already registered and enabled, and assigns a value to the $isapiconfiguration variable:

$isapiConfiguration = get-webconfiguration "/system.webserver/security/isapicgirestriction/add[@path = ' $isapiPath ' ]/@allowed "

$isapiPath is a variable that holds the full path of the ISAPI. If the variable $isapiconfiguration equals NULL, the ISAPI is not registered, and if the variable is not equal to NULL, and $isapiconfiguration.value equals false, the ISAPI is not enabled.

#检查系统是否是64bitfunction is64bit {[Intptr]::size-eq 8} #注册或启用ISAPIfunction registerandenableisapi{$is 64Bit = Is64  Bit $isapiPath = "" if ($is 64Bit) {$isapiPath = "$env: Windir\\framework64\v4.0.30319\aspnet_isapi.dll"} else {$isapiPath = "$env: Windir\\framework\v4.0.30319\aspnet_isapi.dll"} $isapiConfiguration = Get-we Bconfiguration "/system.webserver/security/isapicgirestriction/add[@path = ' $isapiPath ']/@allowed" if ($  Isapiconfiguration-eq $null) {Write-host "IIS is not registered Aspnet_isapi.dll" $tmpPath = "" if ($is 64Bit) {$tmpPath = "$env: windir\\framework64\v4.0.30319\"} else {$tmpPath = "$env: Windir\\framew Ork\v4.0.30319\ "} set-location $tmpPath. \aspnet_regiis.exe-i $isapiConfiguration = get-webconfiguration"/s ystem.webserver/security/isapicgirestriction/add[@path = ' $isapiPath ']/@allowed "} if ($isapiConfiguration. Value-eq $false) {Write-host "IIS has registered Aspnet_isapi.dll, but "set-webconfiguration" is not enabled/system.webserver/security/isapicgirestriction/add[@path = ' $isapiPath ']/@allowed "- Value TRUE if (is64bit) {set-webconfiguration "/system.webserver/security/isapicgirestriction/add[@path = ' $env   : Windir\\framework\v4.0.30319\aspnet_isapi.dll ']/@allowed "-value true} write-host" ISAPI enabled "} Else {Write-host "IIS has registered Aspnet_isapi.dll and is enabled"}}

Create an application pool 

You need to introduce the "webadministration" module before creating a new application pool and creating a new Web site, otherwise the following error will occur:

This module is not available under version 2.0, so upgrade to 4.0 version.

Because the application pool is created automatically when we create the site manually, it is only necessary to set the relevant properties of the application pool, but the application pool is not created automatically when creating a new site with PowerShell scripts, so we need to create the application pool first. Point to the new application pool when you create the site.

Set-location Iis:\apppools$existsapppool = Test-path $appPoolNameif ($existsAppPool-eq $false) {$appPool = New-item $app Poolname #设置标识: localservice=1; localsystem=2; newworkservice=3; Applicationpoolidentity=4 $appPool. processmodel.identitytype=4 #设置 the. NET Framework version $appPool. managedruntimeversion= "V4.0" #设置托管管道模式: integration = 0; classic =1 $appPool. managedpipelinemode=0 $appPool. startmode= "alwaysrunning" #设置启用32位应用程序 false=0; True=1 $appPool. enable32bitapponwin64=0 $appPool | set-item}else{write-error "application pool already exists"}

Create a Web site

Because the dynamic compression feature is installed, it is automatically enabled when you create a new site, so if you need to enable dynamic content compression, you need to check that the feature is installed.

#安装动态内容压缩功能function enablegzip{    $check = get-windowsfeature web-dyn-compression    if ($check. Installed-eq $ False)    {        add-windowsfeature web-dyn-compression    }}

Check that the site directory exists, create a new directory if it does not exist, and set permissions, and the following error will occur if the directory you are associating with does not exist:

#设置权限function setsecurity ($name, $path) {$acl = get-acl $path $ar = New-object System.Security.AccessControl.FileSystemAccessRule ("$name", "Readandexecute", "Containerinherit,objectinherit", " None "," Allow ") $acl. SetAccessRule ($ar) set-acl $acl-path $path}function checkdirectory ($path) {$existsPath =test-path $path if ($existsPath -eq $false) {write-host "" $path "directory does not exist, create new directory" New-item-path $path-type Directory} #设置network service user rights Wri  Te-progress "Setting directory permissions, please wait ..." SetSecurity "Network Service" $path setsecurity "Everyone" $path write-progress "completed"-completed}

$name is the group or user name, $path is the site path.

Copy the site files under the current folder to the site directory, because copying files can be time-consuming, so the progress bar is used to show the progress of the copy, if the progress bar is not used, as long as two statements can be completed:

$siteFilePath = (Get-childitem $psscriptroot |? { $_.psiscontainer}) [0].fullnamecopy-item "$siteFilePath \*" $sitePath-force-recurse

How to use the progress bar:

#将脚本文件所在目录下的文件夹下的文件全部拷贝到站点目录下function copyfiles{    $siteFilePath = (Get-childitem $psscriptroot |? { $_.psiscontainer}) [0].fullname    $files =get-childitem "$siteFilePath \*"    $count = $files. Length for    ($i =0; $i-lt $count; $i + +)    {        $copied = $i +1;        Copy-item $files [$i] $sitePath-force-recurse        $percentage = $copied/$count        $msg = "copied: {0:p0}"-F $percentage C9/>write-progress-activity "Copying Files to:" $sitePath "directory"-status $msg-percentcomplete ($percentage *100)    }    Write-progress "Copy End"-completed}

After the preparation is done, the site is established.

Set-location Iis:\sitesif ((Test-path $siteName)-eq $true) {write-error "site already exists";} else{#新建站点 new-website $siteName-physicalpath $sitepath #绑定域名 new-webbinding-name $siteName-host $hostname-port 8 0-protocol http #获取本机IP $ojbItem = Get-wmiobject-class win32_networkadapterconfiguration-filter ipenabled=true-compu  Tername.  $ipaddress = $ojbItem. ipaddress[0] #绑定IP地址和端口 new-webbinding-name $siteName-ip $ipaddress-port $port-protocol http #设置应用程序池 set-itemproperty $siteName-name applicationpool-value $appPoolName #启用Forms身份验证 $config = Get-webconfigura tion system.web/authentication $siteName $config. mode= "Forms" $config |set-webconfiguration system.web/ Authentication #启用匿名身份验证 Set-webconfigurationproperty-filter system.webserver/security/authentication/ Anonymousauthentication-pspath machine/webroot/apphost-location $siteName-name enabled-value $true}

Add inbound rules If you have a firewall turned on

function Addfirewallrule ($name, $tcpPorts, $appName = $null, $serviceName = $null) {    try    {        $FW = new-object- ComObject hnetcfg.fwpolicy2         $rule = new-object-comobject hnetcfg.fwrule        $rule. Name = $name        if ($appName-ne $null) {$rule. ApplicationName = $appName}        if ($serviceName-ne $null) {$rule. ServiceName = $serviceName}        $rule. Protocol = 6 #NET_FW_IP_PROTOCOL_TCP        $rule. Localports = $tcpPorts        $rule. Enabled = $true        $rule. Grouping = "@firewallapi. dll,-23255"        $rule. Profiles = 7 # all        $rule. Action = 1 # net_fw_action_allow        $rule. Edgetraversal = $false        $fw. Rules.add ($rule)        write-host "Firewall Inbound rule added successfully"    }    catch    {        write-error $_. Exception.Message    }}

Creating a virtual directory is simple, but you also need to check that the path to the virtual directory exists and set permissions on the virtual directory

New-item "$siteName \ $name"-type virtualdirectory-physicalpath $path

You can also add MIME types if needed

#添加扩展名 $mime for the hash table type such as $mimes = @{". A" = "application/stream"; ". B "=" Application/stream ";". c "=" Application/stream ";} function Addmime ($mime) {    try    {        if ($mimes-eq $null-or $mimes. Count-le 0)        {            return        }        foreach ($item in $mimes. Keys)        {            write-host "add MIME type: $item"            $extension = Get-webconfigurationproperty//staticcontent-name Collection |? {$_.fileextension-eq $item}         if ($extension-ne $null)         {        write-host "the extension already exists"         }         else         {        Add-webconfigurationproperty//staticcontent-name collection-value @{fileextension= $item; mimeType= $mimes [$item]}         }        }        Write-host "MIME type add complete"    }    catch     {        write-error $_. Exception.Message    }}

Test Web site

#请求接口function Getrequest ($url) {    $request = []::create ($url)    $response = [ System.Net.HttpWebResponse] $request. GetResponse ()    $code = [System.Int32] $response. StatusCode    $response. Close ()    $response. Dispose ()    write-host $code}

The test site is implemented by invoking the related functions of the. NET Framework.

The above is the entire process of automating the deployment of Web sites with PowerShell scripting, and there may be missing features that are not implemented. If you are interested in automating the deployment of a Web site, you can implement a PowerShell script yourself. Also please Daniel many advice, point out the deficiencies and errors in this article.

Automating the deployment of Web sites on IIS with PowerShell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.