So this is pretty out of scope to what I normally do, but I’m a small shop and this needs doing, and it’s part of my project, so I’m stuck with it.

We have a new application, which runs as a Windows Service. It has a few different components to it, some of which have access to sensitive information. All is SSL secured, with logins and MFA requirements to access that portion.

That portion, which is the root domain of https://name.domain[.]com (Which gets redirected by the application itself to https://name.domain[.]com/app1), I need accessible only via our internal intranet.

A side portion of the application, whose address is https://name.domain[.]com/directory/app2, I need to be internet facing.

And I don’t know how to do that, nor how to do it safely. And I have no budget whatsoever to pay for anything extra for it. The application itself doesn’t run off of IIS; and I honestly have no clue what it runs off of in the back-end; I just know that I’ve set up the internal DNS to point at the host name set for it and it just works.

I’ve seen it mention I should use a Reverse Proxy, and people recommend using IIS ARR.

Could someone perhaps give me a bit more guidance on what I need to do? And hopefully specific to a Windows Environment?