Reverse Proxy and SSL issues with Portal 10.4.1

2590
5
09-19-2016 04:43 PM
Anish_Adhikari
Occasional Contributor

Hi, I have been trying to make the reverse proxy for portal work along with the web adapter but having issues. ArcGIS server, web adaptors(for portal and server) and portal are installed inside the firewall on a single Server along-with CA issued SSL certificate. Our DMZ web server has reverse proxy setup that forwards external requests to the GIS Server. The DMZ web server has its own valid SSL certificate. The reverse proxy works with the initial portal entry URL and it shows all the content. However, it errors out when I try to login. It says page not found. Upon further troubleshooting, it seems like the DMZ web server is not sending https requests to the web adapter. I tried to enable https only on ArcGIS Server. I get an web adapter error which says

"Cannot proxy HTTP request, ArcGIS Server has been configured to accept only HTTPS requests. Please configure your Web Server to use SSL/HTTPS."

I don't get this error when I bypass the reverse proxy and use just my internal server url. So it seems logical to think that the issue is with the DMZ web server. 

I imported my GIS server SSL cert into the DMZ server and have created bindings for port 443 for the GIS server ip address, It still does not seem to be working. I could however not specify anything on the hostname field as it was grayed out.  

I am running IIS 7.5 on WIndows Server 2008 R2 on web server

IIS 8.5 on Windows Server 2012 R2

Any help would be greatly appreciated!!

0 Kudos
5 Replies
RebeccaStrauch__GISP
MVP Esteemed Contributor

I was going to say you need to set up two web adaptors, one for http and one for https, but now after reading this for 10.4.x, I'm not sure...

Enable HTTPS on ArcGIS Server

By default, ArcGIS Server uses HTTP protocol for all communication. If you update ArcGIS Server's communication protocol to HTTP/HTTPS or HTTPS only, it takes ArcGIS Web Adaptor one minute to recognize the changes to your site.

Legacy:

At version 10.2.1 and earlier, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. At 10.2.2 and later versions, this is no longer necessary.

To learn more about ArcGIS Server's communication protocol, see Securing ArcGIS Server communication.

I'm at version 10.2.2 and still have two web adaptors for that purpose.  But you may want to see the link provided in the quote about helps, and maybe also check out ArcGIS Security—Trust ArcGIS | ArcGIS   to see if that help.  I am not currently using the on-premise  Portal.

0 Kudos
AvinashPatel1
Occasional Contributor III

In this case you need to change apache Load balancer server.conf file 
in configuration use secure connection syntax 

JonathanQuinn
Esri Frequent Contributor

What version are you using?  If you can reach https://<gis_server>:6443/arcgis/rest/services and http://<gis_server>:6080/arcgis/rest/services then your GIS Server is configured for both http and https communication.  The Web Adaptor is smart enough to forward traffic to both endpoints, so no real need to have two unless you're going for different authentication mechanisms.  I'd suggest that you make sure that your reverse proxy, web server hosting the web adaptor, and GIS Servers all are configured for http and https.  Also make sure you're not offloading SSL within your reverse proxy, as that can cause problems for anything that requires https in Portal or Server.

0 Kudos
Anish_Adhikari
Occasional Contributor

I am using ARcGIS Server 10.4.1. Yes, I can reach both url with no issues and also I can access https through the web adaptor url on the GIS server so there are no issues there. Problem seems to be in the web server. 

0 Kudos
MiriEshel
New Contributor III

Hello Anish,

Did you or anyone ever find a solution for this problem? I have the same error message now with ArcGIS Server 10.5.1.

Thanks,

Miri

0 Kudos