Portal and Reverse Proxy: Too Many Redirect Errors

5213
30
01-21-2019 05:21 AM
IrfanClemson
Occasional Contributor II

Hello,

I have not been able to find step by step directions for ArcGIS for Portal and Reverse Proxy which uses IIS as a server. I have a setup in place which mostly work but fails at one critical point. Here's the setup:

1) Reverse Proxy Server (Windows) with static IP address accessible from the outside (only ports 80/443 allowed in).

2) An internal machine ('GIS') which has ArcGIS for Portal and Server installed along with their respective Web Adaptors ('portal' and 'arcgis' respectively).

3) The Portal also has WebContextURL of like 'https://gis.mydomain.com/portal'

4) The RP server has a couple of URL Rewrite entries--basically, direct to Server Farm which has the 'GIS' machine.

5) A proper SSL certificate is install as gis.mydomain.com in the IIS of both the RP server and the 'GIS' server.

So far this setup works great: I am able to access all content from the outside, such as https://gis.mydomain.com/portal/home and Gallery etc. But clicking on the Signup link in the Portal home page generates a browser error: Too Many Redirects (Header of 302). So the header being passed backed from the internal machine is 302 instead of 200.

I don't know what's happening. Maybe some extra security comes in picture when the signup.html page is called? 

Any idea?

Thanks!

Irfan

*** Update: Reverse Proxy Rules Screen Cap Added in this Question***

30 Replies
DanielCota1
Occasional Contributor

Hi Irfan Clemson‌,

Are you able to hit the admin directory at https://gis.mydomain.com/portal/admin ?

If so, does it let you sign in there?

0 Kudos
IrfanClemson
Occasional Contributor II

Hi Daniel, 

Unfortunately, the same http redirect error. Of course I am able to see this link when bypassing the Reverse Proxy.

https://gis.mydomain.com/portal/portaladmin 

Thanks.

0 Kudos
DanielCota1
Occasional Contributor

Irfan Clemson 

My mistake. I meant to specify the endpoint as /portaladmin.

So you are saying that https://gis.mydomain.com/portal/portaladmin DOES resolve okay?

0 Kudos
IrfanClemson
Occasional Contributor II

Hi,

Yes, that domain does resolve fine on some other machines when the 'host' file is modified to target the internal server--thus bypassing the Reverse Proxy server. 

Interesting thing about calling the portal admin url is that it tries to find multiple portal end points:

Portal (via SSL)

/portal/portaladmin/ (not SSL/not secure).

Both end points still show 302 error.

One clue might be that in my URL Rewrite rules, as in my post above, the 'schema' of http makes it work but having httpS doesn't matter even if I disable those rules.

Thanks!

0 Kudos
IrfanClemson
Occasional Contributor II

Added a screen cap of the Reverse Proxy Rules in the original Question.

0 Kudos
JonathanQuinn
Esri Frequent Contributor

When you reach the sign in page via the home page, there will always be a redirect for a request to Portaladmin:

The portal/portaladmin page (without a slash) redirects to portal/portaladmin/ (with a trailing slash).

If your RP is rewriting that again, then that may be a problem. It's important to know which specific request is being redirected, though. Is the request to signing.html redirecting, or another page the home app is accessing?

0 Kudos
IrfanClemson
Occasional Contributor II

Hi,

Thank you. There are several dozens of such entries--as in this screen cap below--but none of them are directing to Portal/admin. The screen cap shows what happens, when on the home page, one clicks on the signin.html page. Again, the rest of the SSL functionality works fine.

I **think** , as I said above, my URL rules don't work on the HTTPS schema may give some clue--the rules are now part of the original Question above. 

0 Kudos
JonathanQuinn
Esri Frequent Contributor

I see, ok. If you disable your URL redirect rule where does portal redirect to? The internal machine name, (https://portal.domain.com:7443/arcgis/home/signin.html)? I use HAProxy and I've noticed if the Host header isn't set, then I see infinite redirects for certain requests.

0 Kudos
IrfanClemson
Occasional Contributor II

If I disable the Rewrite rules then the portal is unreachable from outside to the address like https://gis.mydomain.com/portal

I can't believe that there is not step by step directions provided by ESRI or anyone else which would work for Windows and IIS server. ESRI's Windows RP documentation mentions Apache in Windows environment!!

Or I must be missing something obvious.

0 Kudos