How to Know your proxy server?
A reverse proxy server is a computer that is deployed within a perimeter network (also known as a demilitarized zone [DMZ] or screened subnet) that handles requests from the Internet and forwards them to the machines in your internal network. The forwarding of requests on behalf of the reverse proxy server masks the identity of the machines behind your organization's firewall, thus protecting internal machines from being attacked directly by Internet users. Additional security functions can be implemented in the reverse proxy server to further protect your internal network from outside users.
If your reverse proxy server supports a health check function, you can use the Portal for ArcGIS heath check end point to determine if the portal is available to receive requests. This is useful to quickly determine if there's a software or hardware failure in the site. For more information, see the portal Health Check topic in the ArcGIS REST API.
Before adding Portal for ArcGIS to your organization's reverse proxy server, you must complete the following:
- Configure HTTPS (HTTP and HTTPS or HTTPS-only) on the reverse proxy server. Portal for ArcGIS requires HTTPS for some communication. Consult the product documentation for your proxy server to learn how to set up HTTPS.
- If you've federated ArcGIS Server with your portal, you'll need to unfederate (remove) the server before proceeding. For full instructions, see Removing an ArcGIS Server site from your portal.
- Configure ArcGIS Web Adaptor with your portal if your portal will use Integrated Windows Authentication. Portal for ArcGIS requires the use of ArcGIS Web Adaptor for this purpose, and this will allow the reverse proxy server to communicate with your portal correctly. For full instructions, see the configuration topics for IIS, Java (Windows), or Java (Linux).
After removing any federated servers and configuring ArcGIS Web Adaptor with Portal for ArcGIS, ArcGIS Web Adaptor can be used with your organization's reverse proxy server by adding the components directly to proxy server directives. For example, if you're using Apache as a reverse proxy server, you need to add ArcGIS Web Adaptor to the ProxyPass directives in the Apache web server configuration file httpd.conf:
ProxyPass /arcgis ProxyPassReverse /arcgis
The ProxyPass directives must match the name designated for ArcGIS Web Adaptor (/webadaptorname in the sample above). If the URL to your site does not end with the default string /arcgis, specify the nondefault name of ArcGIS Web Adaptor (for example, /myorg).
Verify that the proxy server supports gzip encoding and is configured to allow the Accept-Encoding header. This header allows HTTP 1.1 responses to be compressed using gzip encoding. For example, if the header is allowed, a request to load the map viewer will return a compressed response of approximately 1.4 MB to the browser. If the header is not allowed or ignored, the request will return an uncompressed response of approximately 6.8 MB to the browser. If your network speed is slow, it may take a long time for the map viewer to load if responses are not compressed. It's highly recommended that you allow this header as part of your reverse proxy server configuration.