Issues with Reverse Proxy Setup

IainBruce · ‎02-10-2014

Hi All,

I have been battling to get reverse proxy configured to enable us to display maps externally from an internal server via a proxy server.

I seem to be heading the right way, but several key files are not yet coming through correctly.

Here are our specifics: ArcGIS Server 10, Internal Server/Proxy/External all running Win 2008 R2 IIS7.5.

Basically I have a website on the external server that is maps.mycompany.com. URL rewrite rule on that site that catches all and rewrites to my web proxy box, taking with it the query string.

My webproxy catches that in iis with a redirect rule looking for *proposalmappublic*. That then routes via a iis server farm to the internal server again taking with it the query string.

In terms of firewall, The external server can talk to the web proxy and the web proxy can talk to the internal server. Company policy does not allow a direct punch through from external to internal.

If I browse to maps.mycompany.com/LocalViewPub/Sites/ProposalsMapPublic from an external source, I get the left hand nav panel with address search etc and also the zoom/map navigation control. The map itself does not show.

Looking at the console in chrome, I see that I am getting 3 502 (bad gateway) errors when the page loads. These are for:

http://webproxy/LocalViewPub/Dojo/ESRIJSAPI/js/dojo/dijit/themes/tundra/tundra.css

http://webproxy/LocalViewPub/Dojo/LocalView/Default.ashx

http://webproxy/LocalViewPub/Dojo/ESRIJSAPI/default.ashx

I have tried creating rules on the webproxy to forward these specific requests on to the internal server with no success. I even tried creating the path of those files on the webproxy to see if I could trick the process to returning some other status. (I know this is a frig, but I am trying everything!).

If I hit maps.mycompany.com/LocalViewPub/Sites/ProposalsMapPublic from my web proxy, I get 404 page not found on those pages. Same result, panels load but no map. If I replace webproxy with my internal server address the map loads fine.

I would say it is a firewall issue, but I want to get my facts straight before I approach my security guys. Can anyone confirm if I am right with this thought, or if I haven't configured something correctly.

Many thanks

DrewDowling · ‎02-11-2014

What web api are you using? I see both dojo and .aspx in the links. Is the rest endpoint reachable from outside your network?. The reverse proxy server needs to have some very specific rules set up to correctly filter requested the the ArcGIS server rest/soap endpoints.

IainBruce · ‎02-11-2014

Hi,

I am looking at using aspx for this - I'm guessing we have a config issue then.

I can see the rest services fine from the external site using maps.mycompany.com/arcgis/rest/services.

Any advice greatly appreciated.

DrewDowling · ‎02-13-2014

Yeah if you can see the rest endpoints from an external client then I would think the reverse proxy is set up correctly. I'm confused about the nav panel, address search etc you say you can see. Are these javascript elements?

You could try creating a very simple web page with a single basemap. Something like the attached zip file in this example

Change the tiledMapServiceLayer to look at your own basemap and see if it draws. This might help identify if the problem is ArcServer or network based.

IainBruce · ‎02-13-2014

Hi thanks for the tips. I will be trying your suggestion from the zip this morning.

IN the meantime, the image below is the navigation wrapper that we need to display. From speaking to our gis expert, I believe this wrapper was bought as a part of our package.

I am a web developer by trade so if this requires me to build up a custom page, I am sure I will be fine with that - it is just knowing where to find all of the components I need.

Many thanks,

[ATTACH=CONFIG]31431[/ATTACH]

manvinderkandhari · ‎03-14-2014

Hi Iain,
did you resolved this issue? we are also facing same problem.
Any direction will be great help.
Thanks

IainBruce · ‎03-17-2014

Hi,

Yes I eventually found the problem. I used chrome developer tools to check what the errors were that were coming through.

I noticed that there were a handful of files coming back with http errors.

My issue was that the files were not matching the reverse proxy pattern specified in the esri setup guide. Allow me to explain..

We had an IIS rule that was matching requests with wildcard *localviewpub* . It was then routing to a serverfarm (our internal server) and passing the query string as /{R:0}. This rule seemed to work for the majority of the reroute.

What I noticed was that within the compilation of the site, there were a handfull of files that didn't have localviewpub within the url and were therefore not being routed.

I found a constant part of each of those urls (which turned out to be the map name) and created a new rule with the wildcard *propmappublic*.

That rule handled the rest of the missing files and everything fell in to place from that.

Our situation was like this:

Public facing IIS webserver with maps website. Server level URL rewrite of requests to maps domain. Route to web proxy server farm passing entire query string

Firewall

DMZ Web Proxy Box. 2 Server level URL rewrite rules, routing to server farm of internal site. passign entire query string.

Firewall

Internal Server

Hope this helps - if you need anything specific, drop me a PM