ArcGIS Enterprise - Portal & Hosting Server behind F5 (Reverse Proxy)

339
3
02-06-2020 12:04 PM
Highlighted
New Contributor

We have our ArcGIS Portal, ArcGIS Server (Hosting), ArcGIS Server (Image Server) &  ArcGIS Server (Raster Server) - all Federated and working well within the Intranet. All versions are 10.7.1 and all running on their own VMs (linux) and all has their own Webadaprtors on their individual machines with tomcat.

To make it accessible for the Internet, we have the complete setup behind F5 (Reverse proxy). F5 is configured to resolve / allow only the requests to the Portal with the intention of forcing any access to the ArcGIS Servers be only via the Portal and not directly to the ArcGIS Servers.

Problem:

When accessing from external location, the Portal is loading and working fine, but some ArcGIS Server hosted layers are not getting loaded with “server cannot be reached error”, ie. from Portal interface, some Items data hosted on the ArcGIS Server are being accessed with the hostname of the ArcGIS Server directly, which is not available for external access. 

Question: 

If there should be 2 separate connections on the F5 (Reverse proxy) - one for the Portal and one for the Hosting server? Or is there away to have the Portal server communicate backend with Hosting sever without going through the proxy server for the hosted content, Feature layers etc.?

Also, There is documentation on Esri for setting up ArcGIS Portal to work with a Reverse proxy and a separate documentation to setup the ArcGIS Server to work with Reverse proxy. But there is no documentation about setting up both together with Reverse proxy, like our scenario above. 

Need some guidance, please.

Cheers,

-Mullai.

Reply
0 Kudos
3 Replies
Highlighted
Esri Frequent Contributor

What I gather is that your F5 isn't configured to send requests to the ArcGIS Server, is that correct? Even if Server is federated with Portal, all apps and webmaps will still need access to the services hosted on the server. Your F5 will need to act as the reverse proxy for both Portal and the hosting server.

Highlighted
New Contributor

Hi Jonathan,

Thanks for the reply. 

- I am assuming we need to do the same for the Image Server and the Raster Server also, as they are on their own VMs and hostnames.

- How about the datastore, the relational datastore is on a separate VM and the TileCache datastore is also on another VM, do we add configuration on F5 for these? OR the ArcGIS Servers will communicate in the backend without the reverse proxy involvement?

Cheers,

-Mullai.

Reply
0 Kudos
Highlighted
New Contributor

Got a reply email from Esri, Thanks for the Reply. 


"Hello Mullai, You are correct that ArcGIS Server communicates with DataStore at the backend, so there is no need configuring F5 for DataStore VMs." 
 

Cheers,

-Mullai.

Reply
0 Kudos