Select to view content in your preferred language

ArcGIS Portal Reverse Proxy

1088
3
Jump to solution
11-16-2023 06:45 AM
CodyPatterson
MVP Regular Contributor

Update: I removed the WebContextURL and I was able to get in, but it does not seem as if it's redirecting anything. Our Reverse Proxy is not able to currently be accessed from outside, but when accessing the https://100.100.100.100/arcgis it redirects back to my https://my-company/webadaptor/home portal environment, since this is an internal address, I wouldn't be able to access it publicly correct?

 

Hey all,

I'm currently attempting to establish an Apache reverse proxy in my organization's DMZ, I believe we've gotten most if not all ready to go, for now we're using a self-signed certificate for testing purposes.

 

At this point, I've configured the WebContextUrl and have the Reverse Proxy ready to go, but when I attempt to connect to https://100.100.100.100:8443/webadaptor/ I get redirected to the portal REST directory and I'm met with an Invalid redirect_uri Error 400. This is the reverse proxy setup here:

Listen 100.100.100.100:8443

<VirtualHost _default_:8443>
ServerName 100.100.100.100

SSLEngine On
SSLProxyEngine On

SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key

ProxyPass /webadaptor https://my-company/webadaptor
ProxyPassReverse /webadaptor https://my-company/webadaptor

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# Additional security settings
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>

My webcontexturl is setup this way: WebContextURL : https://my-company/portal

I'm not actually able to connect to the portal environment through the WebContextURL, what should I try?

This is on ArcGIS Portal 11.1, Ubuntu 20.04.6 LTS CLI, Apache 2.4.41

 

Thank you in advance!

0 Kudos
1 Solution

Accepted Solutions
CodyPatterson
MVP Regular Contributor

Solved this somewhat myself, I was able to bind the IP address within the proxy, and remove the WebContextURL this was my setup here, no clue why you need the WebContextURL as it seemingly just broke everything:

<VirtualHost _default_:443>
ServerName 100.100.100.100

SSLEngine On
SSLProxyEngine On

SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key

ProxyPass /webadaptor https://my-company/webadaptor
ProxyPassReverse /webadaptor https://my-company/webadaptor

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# Additional security settings
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>

View solution in original post

0 Kudos
3 Replies
CodyPatterson
MVP Regular Contributor

Update, I added my IP to the OAuth app info, and now I'm left at a blank "Sign In" page, nothing loads.

CodyPatterson_0-1700147762784.png

 

CodyPatterson_1-1700147802478.png

 

0 Kudos
CodyPatterson
MVP Regular Contributor

Another update, changed the proxypass and proxypassreverse url to add :7443 and /arcgis and I'm now seeing this:

CodyPatterson_0-1700148848338.png


It's redirecting me to my now established WebContextURL, but it's now showing me this.

0 Kudos
CodyPatterson
MVP Regular Contributor

Solved this somewhat myself, I was able to bind the IP address within the proxy, and remove the WebContextURL this was my setup here, no clue why you need the WebContextURL as it seemingly just broke everything:

<VirtualHost _default_:443>
ServerName 100.100.100.100

SSLEngine On
SSLProxyEngine On

SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key

ProxyPass /webadaptor https://my-company/webadaptor
ProxyPassReverse /webadaptor https://my-company/webadaptor

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# Additional security settings
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>

0 Kudos