Cannot to ArcGIS Enterprise (portal) 10.6 through the internet

2400
3
Jump to solution
08-13-2018 08:06 PM
Arturo_FranciscoAcosta_Bazán
Occasional Contributor


I have configured my ArcGIS Enterprise 10.6  (GIS Server and Portal) federated with the internal hostname (internal network). But in the firewall I have the URL to be able to access through the internet, so that from outside the network https: // <name_domain> .com can be accessed, but it does not work. When trying to access the internal host names are put back or ask for authentication (login) to access the portal items
Will there be an additional configuration in the webadaptors (portal / ArcGIS Server)?

1 Solution

Accepted Solutions
ZahinaKhan
New Contributor III

Hello Kamilo, 

For your internal Portal to be able to accessed from outside network, you need the Web Adaptor to be installed on a web server that is publicly accessible. 

So if your web server is in DMZ and the https://webserver is accessible from the outside,

            - Install the web adaptor on the web server (IIS)

            - Configure it with the internal Portal.

                                - In the configuration page Portal URL https://internalPortalURL:7443

                                - Portal username and password.

In order for the above workflow to work, you need to make sure that the web server and the internal Portal machine can communicate over ports 7080, 7443.

After the configuration is done, when you try to access the Portal site but is getting redirected to the Internal URL rather than the web server URL, you can add web context URL following the steps in the documentation below:

Configure your portal to use a reverse proxy server—Portal for ArcGIS (10.6) | ArcGIS Enterprise 

Do the following to change the WebContextURL:

  1. Open a web browser and sign in to the ArcGIS Portal Directory as a member of the default administrator role in your portal organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
  2. Click System > Properties > Update Properties.
  3. On the Update System Properties dialog box, insert the following JSON, substituting your own reverse proxy server or DNS alias URL as seen by users outside your organization's firewall.
    {    "WebContextURL": "https://reverseproxy.domain.com/enterprise" }
  4. Click Update Properties.

View solution in original post

3 Replies
AndrewValenski__IT_
Occasional Contributor III

I may need some more information, but it sounds like you have an internally deployed Portal that you want to also be accessible externally, but when attempting to authenticate Portal attempts to resolve using the internal path. 

First thing, is the web adaptor deployed in a proper, secure DMZ? Exposing an internal web server and attempting to have it function as a public facing web server raises a few concerns.

However, if the WA is in a proper DMZ; have you set your Web Context URL?

Arturo_FranciscoAcosta_Bazán
Occasional Contributor

Hi Andrew, thanks for you response ,

1. .."internally deployed Portal that you want to also be accessible externally, but when attempting to authenticate Portal attempts to resolve using the internal path".
It's correct .
2. "However, if the WA is in a proper DMZ; have you set your Web Context URL?"
Do we need another server with IIS or additional apache to the one that has WA ?
We have only a server like WA with IIS for all the components of the WebGIS ( two GIS Server & Portal ), In this Server WA with IIS, we have configured a file to resolve the internal IPs in the external URL. We have a security certificate on that server with WA
We have separate servers for Portal and for ArcGIS Server(02)

I have seen the webcontext information for portal  in the documentation but I do not know what URL should be placed (proxy reverse). Should it be where the WA is?
What problems could he present according to what he mentions that "Exposing an internal web server and attempting to have it function as a public facing web server raises a few concerns".

0 Kudos
ZahinaKhan
New Contributor III

Hello Kamilo, 

For your internal Portal to be able to accessed from outside network, you need the Web Adaptor to be installed on a web server that is publicly accessible. 

So if your web server is in DMZ and the https://webserver is accessible from the outside,

            - Install the web adaptor on the web server (IIS)

            - Configure it with the internal Portal.

                                - In the configuration page Portal URL https://internalPortalURL:7443

                                - Portal username and password.

In order for the above workflow to work, you need to make sure that the web server and the internal Portal machine can communicate over ports 7080, 7443.

After the configuration is done, when you try to access the Portal site but is getting redirected to the Internal URL rather than the web server URL, you can add web context URL following the steps in the documentation below:

Configure your portal to use a reverse proxy server—Portal for ArcGIS (10.6) | ArcGIS Enterprise 

Do the following to change the WebContextURL:

  1. Open a web browser and sign in to the ArcGIS Portal Directory as a member of the default administrator role in your portal organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
  2. Click System > Properties > Update Properties.
  3. On the Update System Properties dialog box, insert the following JSON, substituting your own reverse proxy server or DNS alias URL as seen by users outside your organization's firewall.
    {    "WebContextURL": "https://reverseproxy.domain.com/enterprise" }
  4. Click Update Properties.

View solution in original post