Web Adaptor for Portal

1206
6
05-21-2018 09:27 AM
ElliotGarcia
New Contributor

We are getting an error trying to register Portal web adaptor in RHEL 7 - with apache and tomcat.  SSL certs are installed and configured with both.  We have a web adaptor for ArcGIS that went through just fine to its remote AGS server.  Then we installed another web adaptor called portal and we get the following error when we try to configure the portal on a remote server.

"You must bind your security certificate to port 443 on your web site before you can configure the Web Adaptor with Portal for ArcGIS."

Kirk CheslaJayanta Poddar

0 Kudos
6 Replies
RandallWilliams
Esri Regular Contributor

Tomcat's defaults are 8080 and 8443, for HTTP and HTTPS respectively.

The GIS Server is expecting Tomcat's ports to be bound to 80 and 443. In order to bind to ports this low in Linux, you'll need to use IPTables, authbind or something else to reroute. Don't run Tomcat as root.

Can you get to Tomcat on port 443?

ElliotGarcia
New Contributor

Thanks Randall Williams‌, Tomcat is not getting up on 443 (https), and I am able to get up Tomcat on 8443. I am not running tomcat on root. Could you please guide how to re-route usiing IPTables / AuthBind?  

0 Kudos
RandallWilliams
Esri Regular Contributor

Here's a resource - you'll need to run these commands to edit the iptables as root or as a member of the SUDOers group (you can't run sudo (Super-User-DO) unless you're in the SUDOers group). 

Howto start tomcat on port 80 without root privileges on linux – Mihail Stoynov's blog 

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

ElliotGarcia
New Contributor

Thank you Randall Williams‌, will keep you updated once the "iptables" implemented on the remote machine.

0 Kudos
Luis_DiegoVargas1
Esri Contributor

Hello @Elliot Garcia,

You resolve this "issue"? I try the iptables and dont work.

Regards.

0 Kudos
DanielUrbach
Occasional Contributor II

Elliot,

Is Apache using AJP to proxy to Tomcat?  I've had success registering the web adaptor on Tomcat when it is listening on 8443 with this configuration.

-Danny

0 Kudos