Looking for information on how to host Rock internally? Well look no further. In this step-by-step guide we'll walk through the process of getting Rock up and running. Before we jump in, let's cover a few things to make sure we get started off on the right foot.

System Requirements

Rock was developed on Microsoft's ASP.Net platform so it requires a Windows Server environment to run. Below are specific requirements of the hosting platform:

Things You'll Need During Installation

Here is a short list of settings that you'll need to complete the Rock installation.

• Internal and external web addresses for your organization
• An email address to send exception messages to

Other Considerations

Windows Updates
Rock's foundation is built upon Microsoft's .NET technology. Since .NET is an ever-evolving technology, we recommend that you install all the latest updates for your Windows Server.

Server Version
The instructions and pictures in this guide are written for Windows Server 2012. If you plan to install Rock on a newer version, there are a few differences in the installation you will need to watch out for.

Certificates
As you configure Rock, make sure you purchase and configure an SSL certificate before making it available at a publicly accessible domain. Prices range from $9–$100+ per year, and while the setup may seem daunting, there are plenty of helpful tutorials that walk you through the setup process. Also, you can check with your current domain registrar to see if they offer SSL Certificates. If you're new to SSL, Google provides a detailed list of best practices. Check out the Configuring IIS chapter below for additional details.

Now that we have these things covered, let’s begin!

Let’s open up Start > Server Manager. Once opened, the first thing we need to do is to install the Web Server role. That can be done by clicking on Manage and then Add Roles and Features.

Click Next.

On the next screen, select Role-based or feature-based installation.

Choose Select a server from the server pool and then highlight your server from the list below. Click Next.

On the next screen, check the box for Web Server (IIS).

You will be prompted to add some required features for IIS. Click on Add Features. Then click Next.

On the Select Features screen, add .NET Framework 3.5 Features and click Next.

You will be presented with some information about the IIS feature. Click Next.

On the Select Role Services screen, scroll down to Application Development and check the boxes for ASP.NET 4.7 and Websocket Protocol.

You will be prompted to add some required features for ASP.NET. Click on Add Features.

Next, check the box labeled Application Initialization. Then click Next.

On the final screen, select Restart the destination server automatically if required and click Install.

Installation will begin.

Performance: Disable Unnecessary Windows OS Services

Built-in Windows services, such as the Print Spooler can consume CPU resources and increase exposure to future security vulnerabilities. To optimize performance, stop these unnecessary services and set their startup type to Disabled.

Congratulations! The web server is now installed. Let's move on to configuring Internet Information Services.

Configuring IIS

Open up the Internet Information Services Manager by clicking Start > Administrative Tools > Internet Information Services (IIS) Manager. Expand your server's node in the treeview on the left side, then click on Application Pools. Right click on DefaultAppPool and click on Advanced Settings.

Change the Application Pools.NET Framework Version to v4.0 (if it's not already) and change the Start Mode to Always Running. Then change Identity setting to LocalSystem and change Idle Time-out (minutes) to 0. Then click OK.

Now right-click on DefaultAppPool and click on Recycling. Un-check Regular Time Intervals and instead provide a convenient time for Rock to restart each day (such as 4:00am) in the Specific Time(s) option. Click next and then click Finish.

Finally, expand Sites (below Application Pools on the left side) and right-click Default Web Site. Choose Manage Website -> Advanced Settings. Change Preload Enabled to True and click OK.

Generally the bindings will be configured for you automatically. However, if they're changed and you need to reset them, in most cases you'll use the configuration pictured below. Note that in some cases you must provide a Host Name; You can use an asterisk (*) in place of a host name.

Click on the SSL Settings padlock icon to view your SSL settings.

Performance Setting: Response Compression Settings

Now let's check that IIS compression is enabled for dynamic content.

To do this, open the Compression feature:

If the option Enable dynamic content compression is available, select it and click Apply. If the option is grayed out, the dynamic content compression module may not be installed, and you can skip this step.

That was easy! Now let's move on and set up our database.

Getting SQL Server Express

To download SQL Server Express, Click Here.

Some versions of SQL Server Express come in different editions. The version we recommend is the 64-bit version of SQL Server Express. Once you have SQL Server downloaded, let's move on to the next section.

Installing SQL Server

In this section, we will be installing SQL Server onto our Rock server. Let's begin.

Start the SQL Server installer and on the first screen click on New SQL Server stand-alone installation or add features to an existing installation.

On the next screen, agree to the license agreement and then click Next.

Keep the Include SQL Server Product Updates checkbox checked and click Next.

Next, the SQL installer will prepare to set up.

On the Feature Selection screen, we recommend using the settings shown in Figure 4.8. These are the minimum required settings needed for Rock. Click Next to continue.

On the Instance Configuration screen, click on the Default Instance button. Click Next.

Leave the default settings on the Server Configuration screen and click Next.

On the Database Engine Configuration screen, set the Authentication Mode to Mixed Mode and set a password for SQL Server. Click Next.

Skip past the Error Reporting unless you would like to send Microsoft error reports. Click Next.

Installation will begin, so hold tight.

Once it's complete with the installation, you can close the installer.

Now, the SQL Server Installation Center (the first screen of the installer) should still be open on your desktop. Whereas you clicked the first option last time, now we need to click Install SQL Server Management Tools. This will launch the web browser, pointed to the SSMS Download page. You need to download SQL Server Management Studio, not just the upgrade package. Download and then run this package. (You can close the Installation Center window now). There aren't many options in the installation of this package- just accept the license and let the installer run.

Configuring SQL Server

In this section, we'll start by setting up a user account for Rock to use to access the SQL Server. But before you begin creating users, it's important to understand the type of SQL Server environment you're working with:

• Azure SQL Database: A fully managed database service where you interact with the database directly. To create users in Azure SQL Database, you'll need to use actual SQL commands in SSMS. We provide you with those SQL commands after the series of screenshots below.
• SQL Server on Azure VMs: A traditional SQL Server instance running on an Azure Virtual Machine. In the context of creating new users, this is the same as hosting locally. Instead of running SQL commands, you can use the windows and screens pictured below.

Creating a New User Account (Azure VM or Local)

To begin, let's open SQL Server Management Studio. Change the Windows Authentication option to SQL Server Authentication and log in using the password we created during the SQL Server installation. By default, the admin username is sa. Use that username when logging in for the first time.

On the Object Explorer, expand the Security folder and right click on Logins and click on New Login.

Create a login called RockUser (or another username if you prefer), set the Authentication Type to SQL Server authentication, and create a password. Be sure to keep this password secured and only share it with those who truly need it. Also, uncheck the Enforce password policy setting for this account.

Next, click on Server Roles. Check the dbcreator role. Then click OK.

Creating a New User Account (Azure SQL)

Open SQL Server Management Studio and change the Windows Authentication option to SQL Server Authentication. Then, log in with a username of sa and the password we created during the SQL Server installation.

We're going to be running some SQL commands. Don't worry if you're not familiar with SQL, we'll walk you through each step.

To start, expand the Databases folder and then expand the System Databases folder. Right-click the master database and select New Query.

Paste the SQL below into the New Query window. Be sure to update the password, keeping it in single quotes. Do not use special characters for this password.

CREATE LOGIN [RockUser]

WITH PASSWORD = 'xxxxxxx';

CREATE USER [RockUser]

FROM LOGIN [RockUser]

WITH DEFAULT_SCHEMA = dbo;

ALTER ROLE dbmanager ADD member [RockUser]

ALTER ROLE loginmanager ADD member [RockUser]
            

To run the SQL, simply click the Execute button as pictured below.

At this point you would proceed with the SQL Server Configuration Manager setup described in the next section below, followed by the firewall configuration. Then proceed to the Installing Rock chapter, where your database will be built.

After your database is built, come back to SSMS. To access your new database, expand the Databases folder. The new database should be listed below the System Databases and Database Snapshots folders. Just like we did above, right-click the database name and select New Query. Paste the below SQL into the query window and execute it.

CREATE USER [RockUser]

FOR LOGIN [RockUser]

WITH DEFAULT_SCHEMA = dbo;

ALTER ROLE db_owner ADD member [RockUser]
            

You can test the newly-created RockUser login by quitting and restarting SSMS, then entering the new user and password to log back in.

SQL Server Configuration Manager

Now let's open up SQL Server Configuration Manager. Expand the SQL Server Network Configuration item and click on Protocols for MSSQLSERVER. Right click on TCP/IP and click on Enable.

Opening the SQL Manager

You can run the SQL Server Configuration Manager by navigating to Start > Microsoft SQL Server yyyy > SQL Server yyyy Configuration Manager, or by navigating to Start > Run. Refer to the SQL Server Configuration for instructions for your file name depending on your version of SQL Server.

Next, click on SQL Server Services and then right click on SQL Server Agent (MSSQLSERVER) and click on Properties.

Set the start mode to Automatic and click on Apply. Now, since our earlier changes warned us that we'd need to restart the service to take effect, you should right-click the SQL Server service and choose "Restart".

Firewall with Advanced Security

Next, let's open up Firewall with Advanced Security. Right click on Inbound Rules and click New Rule.

Click on Port and click Next.

Choose TCP and type in the specified local port, "1433."

Click on Allow the connection and click Next.

Choose which profiles this rule is applied to and click Next.

Give the rule a name and click Finish.

The first thing we need to do is to download the Rock installer, which you can find at rockrms.com/Rock/GetStarted. Place the Start.aspx and web.config files from the installer package in the root of the web folder. By default, the web root folder will be located here: C:\inetpub\wwwroot.

Open up a web browser and go to http://localhost/Start.aspx to begin the installation process.

Now we will enter in the SQL server information. If the SQL server is installed on this server, you can type in "localhost" in the Database Server box. If you are using another server for SQL, you can enter the server name instead.

Next, enter in a name for the Rock Database (e.g. "Rock") and enter in the username and password we created earlier in the SQL Chapter. Click Next.

Now the Rock installer will run some checks to make sure the environment is ready for use. If everything checks out, you will see the Pass! screen. Click Next.

The next screen will allow us to create an admin username and password for Rock. This will be the default admin account for Rock. Be sure to use a good password, and limit who has access to it. Click Next.

Now you'll need to enter in your organization URLs.

• Internal URL: The web address you'll use to connect to Rock internally. (Example: http://admin.rocksolidchurchdemo.com)
• Public URL: The public facing website for your organization. (Example: http://www.rocksolidchurchdemo.com)

Now let's enter in your Organization Information.

• Organization Name: The name of your organization
• Organization Default Email Address: The default email sending address for Rock
• Organization Phone Number: The main phone number of your organization
• Organization Website: The website of your organization

Now that you have all of your organization's information entered into Rock, click Next to begin the Rock installation.

Rock will begin downloading the needed files onto the webserver and configuring the database. You can observe this process by clicking on the Show Console button.

When complete, click on the Flip the Switch button. Keep in mind, this loading screen will take the longest to load since Rock is starting up for the first time.

Now that Rock is installed, you can begin by logging in. Log in with the Rock admin account you created during the installation.

Once logged in, you'll be taken to the Rock homepage. You will see the Administrator Checklist, which is a list of the recommended first steps to maximize the potential of Rock at your organization. Don't worry about completing the list today. You can get to it as you become more familiar with Rock. The list will disappear once you mark off all the items. It may reappear after updates, if special configurations are needed. Think of it as a friend that only shows up in your time of need.

Snapshot Isolation Settings

We recommend enabling snapshot isolation for your Rock database. This keeps database reads from being locked by database writes. Below are the settings we recommend (found by right-clicking on the database name in SQL Server Management Studio and selecting Properties.)

Default Settings May Vary

Depending on your SQL Server edition and version this may already be the default.

It's All in the Details

The process for setting up a two-server environment is not that much different from the single-server setup described in this guide. Here is a high-level task list for each server:

• Install & Configure SQL Server

• Install the required Server Roles and Features
• Configure Internet Information Services (IIS)
• Point Rock at the database server during installation

Be sure to check out the rest of the Rock guides and manuals to help you get started.

Self-Installing Rock

If you're installing Rock and SQL Server on separate VMs or servers yourself, in your own network (not in Azure), then port 1433 should only be open to the Rock server. This is so Rock itself can talk to the SQL db. In this setup your self-hosted SQL server should not be NATed (exposed via a public IP) to the Internet at all. It should be internal to your network with only Rock (and perhaps a dev machine) allowed to talk to it.

To do this, open the firewall rule you created in the Installing & Configuring SQL Server chapter above. Under the Scope tab, add the IP address of your Rock web server to the Local IP address if it's on your internal network, or to the Remote IP address section if it is external to your network. No other ports need to be open if the database is external to the network (i.e., on another external server).