HTTPS access to MapTiler Server using Windows Server and Microsoft IIS

This article will walk you through the setup of HTTPS communication between clients and MapTiler Server using Microsoft IIS, acting as a reverse proxy, on Windows Server 2016.

Previous successful installation of MapTiler Server and Microsoft IIS on your computer are the necessary prerequisites for the steps taken in this article.

Setting IIS as a reverse proxy for MapTiler Server

We will set up the IIS to act as a reverse proxy. For this to work, you will first need to install Application Request Routing and URL Rewrite modules.

Rewrite rules

Select your site in the left pane of IIS Manager, in our case it’s the Default Web Site, open the URL Rewrite module and click on Add Rule in the right pane. In the next dialog window, choose Reverse Proxy.

Configure the rule as in the example and don’t forget to change the hostname value. If your computer does not have a DNS record associated with it, use its public (if it is discoverable on the internet) or private IP address.

When you open the website in the browser on the same computer where the web server is running, you will see this error page.

So now we want to instruct the maptiler-server to not use gzip compression, and we are going to do so by rewriting the headers of the requests going from web server to maptiler-server.

Configuring the rewrite rules

We are going to manually edit the web.config file for your site. You can find it in the content root of your site. The whole process is explained in this article. After completing it, you should end up with the following web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:3650/{R:1}" />
		     <serverVariables>
      			<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
      			<set name="HTTP_ACCEPT_ENCODING" value="" />
             	     </serverVariables>
                </rule>
	    
            </rules>
            <outboundRules>
		<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
                    <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
     	 	    <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
    		</rule>
                <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://localhost:3650/(.*)" />
                    <action type="Rewrite" value="http{R:1}${YOUR_HOSTNAME}{R:2}" />
                </rule>
                <preConditions>
		    <preCondition name="NeedsRestoringAcceptEncoding">
    			<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
      		    </preCondition>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                </preConditions>
            </outboundRules>
        </rewrite>
    </system.webServer>
</configuration>

NOTE: Replace ${YOUR_HOSTNAME} with your specific value

Now you should be able to access the MapTiler Server from your network or internet by navigating to http://${YOUR_HOSTNAME}.

Adding a self-signed certificate to IIS

To secure the traffic between clients and your IIS server, we are going to add a self-signed certificate to the server.

Navigate to your server page on the left pane of the IIS manager and click on the Server Certificate module.

Then on the right pane select Create Self-Signed Certificate and add a Web Hosting certificate

Now that the certificate is installed we want to bind it to our site. To do that, navigate to your site and choose Bindings from the right pane. Add a new binding for HTTPS traffic for this certificate.

After completing this step, you should be able to navigate to https://${YOUR_HOSTNAME}.

Since this certificate was not published by a trusted certificate authority, your browser will probably display a warning about that. This could be fine for your use case, i.e the server is running on a private network without access to the internet. The next section will talk through obtaining a certificate from a trusted authority.

Using a certificate from Let’s Encrypt

We are going to use the ACMEv2 client for Windows in order to obtain, install and renew the certificate. Download the tool here.

Unarchive the content and run the wacs.exe, an interactive prompt should open. Follow the questions with the answers specific to your setup. After the installation is completed, you should be able to access the MapTiler Server using your browser without the pesky warnings. If you have gone through the setup of self-signed certificates, make sure that the binding for the HTTPS access uses the newly created certificate.

Conclusion

Now you are able to serve your tiles securely to whoever needs them. Either on your private network or on the internet. For additional information, follow the Microsoft documentation:

A reverse proxy rule template
Set up caching
Run multiple MapTiler Server instances

Related guides

More related guides

On this page

MapTiler Cloud

MapTiler