We use SSL certificates from AWS Certificate Manager. These certificates are not downloaded as files and deployed on the servers like other SSL's. We use them with AWS Elastic Load Balancers (ELB). We use the ELB's in place of the ArcGIS Web Adapter.
I am now planning a deployment of Portal. My deployment will require using the ArcGIS Web Adapter to support Roads & Highways. I'm curious if there is a way to continue using my AWS SSL's and ELB's as well as the Web Adapter? If not, I imagine I will have to go buy an SSL certificate from a different provider to put on my Portal machine. Thoughts about AWS ELB's and the ArcGIS Web Adapter co-existing?
Thanks
Mike S.
Solved! Go to Solution.
You'll need to go into your Portal admin page as the primary login and go to: System Properties—ArcGIS REST API: Administer your portal | ArcGIS for Developers
Then, update the PrivatePortalURL and WebContextURL to the Load Balancer DNS. This will tell portal that the new DNS entry for the Load Balancer is the correct URL.
you'll want to do everything through these URLs going forward.
the easiest thing to do is use an AWS ALB as a pass-through to your Web Adapter host and let the ALB manage the SSL.
I've been tinkering with this, but without success. I'm not sure which port(s) the load balancer should be forwarding to. I thought 443 because the Web Adaptor is forwarding to 7443. And would I add my EC2 instance to my target group over 443 or 7443? Or would I add the Web Adaptor url over 443 to the target group? Any thoughts on this would be appreciated. Thanks
Michael,
The load balancer (ALB) should forward to the Web Adapter over 443, then the Web Adapter should take over from there.
now, on the ALB settings in AWS Console under EC2, click load balancers, click your load balancer, click listeners. Then under Rules, click the rule for 443(80 may be the same rule), click the Health Checks tab, and confirm the following rules are set for ArcGIS Server and Portal for ArcGIS:
Portal: <Your_Context>/portaladmin/healthCheck
ArcGIS Server: <Your_Context>/rest/info/healthCheck
Thanks for the feedback, Jacob.
My test setup was very similar to your suggestion, except for my health check url. When I go to my Portal sign in page from an external ip or domain name, I keep getting this redirect error.
My load balancer has listeners for 80 and 443, both forwarding to a target group that is pointing to my Portal health check url over https (443). My target is healthy. I can reach the Web Adaptor - Portal endpoint from the server itself using machine name, private ip, and localhost. When I try to reach the Web Adaptor - Portal sign in externally, using the external ip, public dns, or the Route 53 domain that I have pointing to the ALB, I get the redirect error above.
This is from the browser console:
Invalid 'X-Frame-Options' header encountered when loading 'https://<mydomain.com>/arcgis/sharing/rest/oauth2/authorize?client_id=arcgisonline&redirect_uri=https://<mydomain.com>/arcgis/home/postsignin.html&response_type=token&display=iframe&parent=https://<mydomain.com>&expiration=20160&locale=en': 'ALLOW-FROM https://<mydomain.com>' is not a recognized directive. The header will be ignored.
***I have not yet setup and configured ArcGIS Server to federate with this Portal***
Any ideas??
You'll need to go into your Portal admin page as the primary login and go to: System Properties—ArcGIS REST API: Administer your portal | ArcGIS for Developers
Then, update the PrivatePortalURL and WebContextURL to the Load Balancer DNS. This will tell portal that the new DNS entry for the Load Balancer is the correct URL.
you'll want to do everything through these URLs going forward.
Jacob
This worked! You are a genius. I will email Jack D and tell him you deserve a raise, a promotion, and more vacation. Thanks!!!
Thanks! Feel free to PM me or post to this section of GeoNet if you have any further issues.
Great - this is a really helpful post, Jacob. Took me a few tries, but I also have this configuration working well for me now.
Two additional questions:
Thanks in advance
Andrew