Deploy IIS
Overview
Cinchy version 5 on IIS comes bundled with common components such as Connections, Meta Forms, and the Event Listener. This page details the configuration and deployment instructions for the Cinchy Platform, including SSO.
Prerequisites
System Requirements
- SQL SERVER 2017+
- SSMS (optional)
- Install IIS 7.5+ / enable IIS from Windows features
- Dotnet 6
DotNet 6 Installation
Dotnet 7 isn't supported with Cinchy 5.x
Minimum Hardware Requirements
Platform Requirements:
- 2 x 2 Ghz Processor
- 8-16GB Ram
Connections and Worker/Listener Requirements:
- 4 x 2 Ghz Processor
- 16-24GB RAM
Minimum Database Server Hardware Recommendations
- 4 × 2 GHz Processor
- 24-32 GB RAM
- Hard disk storage dependent upon use case. Cinchy maintains historical versions of data and performs soft deletes which will add to the storage requirements.
Get Access to Cinchy.net (Cinchy Prod Access)
- Access to Cinchy.net (Cinchy Prod) can be obtained during onboarding.
- Alternatively, users can request access by sending an email to support@cinchy.com.
Access Cinchy Releases Table from Cinchy UI
Navigate to the Cinchy Releases table from the Cinchy user interface.
Download Release Artifacts
Download the following items from the "Release Artifacts" column:
- Cinchy V5.6.2.zip
- Cinchy Connection
- Cinchy Event Listener
- Cinchy Meta-Forms (optional)
- Cinchy Maintenance CLI (optional)
Please note that the link to "Cinchy V5.6.2.zip" should be replaced with the actual download link when available.
Create a Database
For more information about creating a database in SQL server, see the Microsoft Create a database page.
- On your SQL Server 2017+ instance, create a new database and name it Cinchy. :::tip If you choose an alternate name, use the name in the rest of the instructions instead of Cinchy. :::
- Create a single user account with
db_owner privileges
for Cinchy to connect to the database. If you choose to use Windows Authentication instead of SQL Server Authentication, the authorized account must be the same account that runs the IIS Application Pool.
Create an IIS application pool
- On the Windows Server machine, launch an instance of PowerShell as Administrator.
- Copy and run the PowerShell snippet below to create the application pool and set its priorities. You can also manually create the app pool via the IIS Manager.
- Verify Db_name → Security → Users → select the user → properties → membership
Import-Module WebAdministration
$applicationPoolNameSSO="CinchySSO"
$applicationPoolNameWeb="CinchyWeb"
New-WebAppPool -Name $applicationPoolNameSSO
$appPath = "IIS:\AppPools\"+ $applicationPoolNameSSO
$appPool = Get-IISAppPool $applicationPoolNameSSO
$appPool.managedRuntimeVersion = ""
Set-ItemProperty -Path $appPath -Name managedRuntimeVersion $appPool.managedRuntimeVersion
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameSSO" -Name Recycling.periodicRestart.time -Value 0.00:00:00
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameSSO" -Name ProcessModel.idleTimeout -Value 1.05:00:00
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameSSO" -Name Recycling.periodicRestart.privateMemory -Value 0
New-WebAppPool -Name $applicationPoolNameWeb
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -Name Recycling.periodicRestart.time -Value 0.00:00:00
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -Name ProcessModel.idleTimeout -Value 1.05:00:00
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -Name Recycling.periodicRestart.privateMemory -Value 0
- If you use Windows Authentication in the database or want to run the application under a different user account, execute the commands below to change the application pool identity.
You can also use an alternate name in the application pool.
$credentials = (Get-Credential -Message "Please enter the Login credentials including your Domain Name").GetNetworkCredential()
$userName = $credentials.Domain + '\' + $credentials.UserName
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -name processModel.identityType -Value SpecificUser
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -name processModel.userName -Value $username
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameWeb" -name processModel.password -Value $credentials.Password
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameSSO" -name processModel.identityType -Value SpecificUser
Set-ItemProperty "IIS:\AppPools\$applicationPoolNameSSO" -name processModel.userName -Value $username
Create the application directories
- Download and unzip the "Cinchy vX.X" application package from the
Releases Table.
This will create two directories:
Cinchy
andCinchySSO
. For example, if you unzip at the root of your C drive, the two directories will beC:\Cinchy
andC:\CinchySSO
. - Make sure your application pool accounts has read and execute access to these directories.
- Run the below commands in the Administrator instance of PowerShell to create separate directories for Errorlogs and Logs.
md C:\CinchyLogs\Cinchy
md C:\CinchyLogs\CinchySSO
md C:\CinchyErrors
You can also create it under a single folder. For example,
md C:\your_folder_name\CinchyLogs\Cinchy
. If you do, make sure to replace any
related directory instructions with the your folder path. pool.
Update the CinchySSO appsettings.json
- Open the
C:\CinchySSO\appsettings.json
file in a text editor and update the values below.
App Settings
- Under AppSettings section, update the values outlined in the table.
Replace <base url>
with your chosen protocol and domain. For example, if using
HTTPS on app.cinchy.co
, substitute <base url>
with https://app.cinchy.co
.
For localhost, use http://localhost/Cinchy
.
Parameter | Description | Example |
---|---|---|
CinchyUri | The base URL appended with /Cinchy . | http://localhost/Cinchy |
CertificatePath | Path to the CinchySSO v5 folder for the certificate. | C:\\CinchySSO\\cinchyidentitysrv.pfx |
StsPublicOriginUri | Base URL of the .well-known discovery. | http://localhost/CinchySSO |
StsPrivateOriginUri | Private Base URL of the .well-known discovery. | http://localhost/CinchySSO |
CinchyAccessTokenLifetime | Duration for the Cinchy Access Token in v5.4+. Defaults to 7.00:00:00 (7 days). | 7.00:00:00 |
DB Type | Database type. Either PostgreSQL or TSQL . | For SQLSERVER installation:TSQL |
SSO installation
For more information on the SSO installation, please see the SSO installation page
Connection string
To connect the application to the database, you must set the SqlServer
value.
-
Find and update the value under the "ConnectionStrings" section:
"SqlServer" : ""
SQL Server Authentication example
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True;"
SQL Server Windows Authentication example
"SqlServer" : "Server=MyServer;Database=Cinchy;Trusted_Connection=True;Connection Timeout=30;Min Pool Size=10;"
Serilog
Cinchy has a serilog
property that configures where the logs are located. In
the below code, update the following:
"Name"
must be set to "File" so it writes to a physical file on the disk.- Set
"path"
to the file path to where you want it to log. - Replace
"WriteTo"
section with following:
"WriteTo": [
{
"Name": "File",
"Args": {
// For the "path" variable, please refer to the original path in your system where these log folders were created.
"path": "C:\\CinchyLogs\\CinchySSO\\log.json",
"preserveLogFilename": true,
"shared": "true",
"rollingInterval": "Day",
"rollOnFileSizeLimit": true,
"fileSizeLimitBytes": 100000000,
"retainedFileCountLimit": 30,
"formatter": "Serilog.Formatting.Compact.CompactJsonFormatter, Serilog.Formatting.Compact"
}
}
]
Update appsettings.json
- Navigate to the installation folder for Cinchy (C:\Cinchy).
- Open the appsettings.json file and update the following properties:
AppSettings
Key | Description | Example |
---|---|---|
StsPrivateAuthorityUri | Match your private Cinchy SSO URL. i.e | http://localhost/CinchySSO |
StsPublicAuthorityUri | Match your public Cinchy SSO URL. i.e | http://localhost/CinchySSO |
CinchyPrivateUri | Match your private Cinchy URL. i.e | http://localhost/Cinchy |
CinchyPublicUri | Match your public Cinchy URL. | http://localhost/Cinchy |
UseHttps | Use HTTPS. | false |
DB Type | Database type. | TSQL |
MaxRequestBodySize | Introduced in Cinchy v5.4. Sets file upload size for the Files API. Defaults to 1G. | 1073741824 // 1g |
LogDirectoryPath | Match your Web/IDP logs folder path. | C:\\CinchyLogs\\CinchyWeb |
SSOLogPath | Match your SSO log folder path. | C:\\CinchyLogs\\CinchySSO\\log.json |
Setup the connection string
To connect the application to the database, the SqlServer
value needs to be
set.
SQL Server Authentication example
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True;"
SQL Server Windows Authentication example
"SqlServer" : "Server=MyServer;Database=Cinchy;Trusted_Connection=True;Connection Timeout=30;Min Pool Size=10;"
Create the IIS applications
- Open an administrator instance of PowerShell.
- Execute the below commands to create the IIS applications and enable anonymous authentication. (This is required to allow authentication to be handled by the application).
New-WebApplication -Name Cinchy -Site 'Default Web Site' -PhysicalPath C:\Cinchy -ApplicationPool CinchyWeb
New-WebApplication -Name CinchySSO -Site 'Default Web Site' -PhysicalPath C:\CinchySSO -ApplicationPool CinchySSO
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/anonymousAuthentication" -Name Enabled -Value True -PSPath IIS:\ -Location "Default Web Site"
To enable HTTPS, you must load the server certificate and the standard IIS configuration completed at the Web Site level to add the binding.
Test the application
- Access the
<base url>/Cinchy
(http://app.cinchy.co/Cinchy) through a web browser. - Once the login screen appears, enter the credentials:
- The default username is admin and the password is cinchy.
- You will be prompted to change your password the first time you log in.
Next steps
Navigate to the following sub-pages to deploy the following bundled v5 components: