K2 Site Configuration

You can do the following on the K2 Site Configuration page:

  1. Create the K2 Site.
  2. Select an existing site if one exists.
  3. Select a binding if multiple IIS bindings are used.

If you create a new site with the installer, a K2 Self Signed Certificate will be automatically generated and used. If you choose an existing site, that site must already have a certificate.

When selecting "Use an existing Web Site", this site must already exist.
Depending on your environment, you may see a slightly different screen to the one shown here. You will at least see the Create a new Web site option.
On a simple full installation (single server) the Setup Manager uses the K2 User Account seen in the image below for the Application Pool, the K2 Service Account and the K2 Administrator account.
When doing a custom installation, you will see a slightly different screen where you can enter three different accounts (App Pool, Service, and Admin).
When generating the XML file for an unattended install, you will see the create a new website and use an existing website section.

Feature Description

Create a New Web Site

If you want to create a new site, type the name in the Web Site Name field, and K2 will create it automatically.

Use an Existing Web Site Name

The name of the site created under IIS. Use the Bindings button to select which binding to use.

Note: You can create the site without closing the K2 Setup Manager. Click Refresh to reload the list of available web site options.

Test the User Account credentials

To test the username / password combination, click the Test button.
If the Web site drop down does not list a site, you may need to create one. Type in the name of the web site you want to create, and K2 will do the rest. If a site was recently created and does not display, you may need to perform an IIS reset. Then, click the Refresh button on this page.

Strict-Transport-Security (HSTS)

K2 recommends enabling HSTS if your K2 sites and web endpoints make use of SSL (HTTPS). In short, enabling HSTS tells the client browser to force the use of HTTPS for the domain.

See the HTTP Strict Transport Security Cheat Sheet for information on HSTS.

If you have non-K2 related sites and web services that use HTTP and the same host header, but run on different ports, these services could start failing if HSTS is enabled.
If HSTS is enabled by mistake and you run into issues due to a mixed protocol configuration, you can disable it by completely removing the following entry under the ViewFlow, K2 Designer, and SmartForms Runtime web.config files:
<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Strict-Transport-Security" value="max-age=5184000;" />

What to do on this page

Enter the load balanced URL here if installing the K2 Site over a load balanced environment. Also, if choosing HTTPS for the web site, you need to have already set up the binding and certificate.

To configure the K2 Site:

Option 1- Create a new web site:

  1. Enter the name for the New web site or keep the default name, K2.
  2. Click Next to proceed.
  3. The Setup Manager will create the new web site.

The Setup Manager creates two bindings with the default set to HTTP. The Setup Manager does not show the bindings page unless you click on the Binding button, and this is the only time a security certificate gets created (K2 self sign cert).

Option 2 - Use an existing Web site:

  1. Select the web site to use from the Web Site drop down menu.
  2. Click Next to proceed.

The Setup Manager shows the bindings page next and a default selected. If you select HTTPS, you must use your own security certificate. You can only chose 2 binding, 1 of each type.