HowTo: Set up a reverse proxy with ArcGIS 10.1 for Server on IIS ARR with SSL
【相关信息】
Article ID: 40694
Software:
ArcGIS for Server 10.1
Platforms: N/A
【问题描述】
The instructions provided describe how to set up a reverse proxy with ArcGIS 10.1 for Server on Internet Information Services (IIS) Application Request Routing (ARR) with Secure Sockets Layer (SSL).
For guidance on setting up a standard reverse proxy without SSL, see
How To: Set up a reverse proxy with ArcGIS 10.1 for Server on IIS ARR
Article ID: 40694
Software:
ArcGIS for Server 10.1
Platforms: N/A
【问题描述】
The instructions provided describe how to set up a reverse proxy with ArcGIS 10.1 for Server on Internet Information Services (IIS) Application Request Routing (ARR) with Secure Sockets Layer (SSL).
For guidance on setting up a standard reverse proxy without SSL, see
How To: Set up a reverse proxy with ArcGIS 10.1 for Server on IIS ARR
1 个回复
EsriSupport
赞同来自:
The following architecture is described in this document:
For an HTTPS/SSL architecture to function with ArcGIS for Server with IIS ARR, SSL must be deployed end-to-end. Furthermore, IIS ARR requires a trusted certificate to exist between ARR and the web endpoint it connects to, otherwise it will return a security error and refuse to route to the back-end server, in this case the Web Adaptor.
Step 1 - Configure Back-End ArcGIS Server Site
A. Deploy ArcGIS Server Site onto AGSHOST.DOMAIN.COM.
B. Configure ArcGIS Server to use SSL as defined in
Enabling SSL Using the Self Signed Certificate.
Step 2 - Enable SSL on ISS
A. Deploy IIS 7.5 onto WAHOST.<DOMAIN>.COM. (This is the machine the Web Adaptor will be installed on.)
B. Install a Trusted Certificate on the IIS server and configure HTTPS binding for the website. For more information see
How to Setup SSL on IIS or visit
Microsoft Support.
Setting Up a Trusted Certificate for IIS within an Esri Network
i. Open ISS > Server Certificates > Create Domain Certificate.
ii. Specify Identifying Values for the server.
iii. Specify Online Certificate Authority: ESRI Enterprise Root\REDSRVRFRCA.empty.local
iv. Friendly Name: WAHOST.DOMAIN.COM
v. Click OK.
vi. Open IIS > Default Website > Bindings.
Type: https
IP address: All Unassigned
Port: 433
SSL Certificate: WAHOST.DOMAIN.COM xi. Click OK.
Step 3 - Deploy and Configure Web Adaptor
A. Deploy ArcGIS Web Adaptor onto WAHOST.DOMAIN.COM as outlined in
ArcGIS Server Web Adaptor for IIS.
Example path for Web Adaptor: WEBADAPTORURL (default=arcgis)
B. Configure the Web Adaptor.
C. Open URL: https://WAHOST.DOMAIN.COM/WEBADAPTORURL/WebAdaptor (This path is https://yourserver/arcgis/webadaptor by default.)
GIS Server URL: https://AGSHOST.DOMAIN.COM:6443
Other values are a matter of preference.
Step 4 - Deploy IIS with SSL and ARR
A. Install IIS 7.5 on the public-facing server.
B. Install a Trusted Certificate on the IIS server and configure HTTPS binding for the website. For more information see
How to Setup SSL on IIS or visit
Microsoft Support.
Setting Up a Trusted Certificate for IIS within an Esri Network
i. Open IIS > Server Certificates > Create Domain Certificate.
ii. Specify Identifying Values for the server.
iii. Specify Online Certificate Authority: ESRI Enterprise Root\REDSRVERFRCA.empty.local
iv. Friendly Name: ARRHOST.DOMAIN.COM
v. Click OK.
vi. Open IIS > Default Website > Bindings.
Type: https
IP address: All Unassigned
Port: 443
SSL Certificate: ARRHOST.DOMAIN.COM xi. Click OK.
C. Install
ISS Application Request Routing.
Step 5 - Configure IIS ARR
A. Open IIS Manager.
B. Right-click Server Farms and select 'Create Server Farm'.
C. Complete the Create Server Farm Wizard.
Example farm name: AGSFARM (This value is arbitrary.)
D. Add server addresses.
Example server address: WAHOST.DOMAIN.COM (This must match the FQDN of the web adaptor host.)
Step 6 - Define ARR Routing Rules
A. In IIS Manager under Server Farms, locate the newly created server farm and open ARR Routing Rules. Reboot the server if the options shown below are unavailable.
B. From the Advanced Routing Menu, click URL Rewrite.
C. Select and disable all inbound and outbound rules.
D. In the Actions menu, select Add Rule(s) > Inbound Rules > Blank Rule.
E. In Edit Inbound Rule, complete the form as described below.
Name
Name: AGSRTRULE (This value is arbitrary.)
Match URL
Requested URL: Matches the Pattern
Using: Wildcards
Pattern: *WEBADAPTORPATH*
Check 'Ignore case'
Conditions
No values here.
Server Variables
No values here.
Action
Action Type: Route to Server Farm
Action Properties - Scheme: http://
Action Properties - Server farm: AGSFARM (This value must match the farm name created in Step 3.)
Action Properties - Path: /{R:0}
Check 'Stop processing of subsequent rules'
Step 7 - Set the WebContextURL Property
A. Open http://localhost:6080/arcgis/a ... date.
B. Add the value below:
C. Save and close.
Supportability Though there may be other methods of employing IIS/ARR with SSL as a reverse proxy/load balancer for ArcGIS 10.1 for Server, this is the method Esri Support provides guidance for and uses to test reported bugs. Customers seeking help using alternative methods of deploying IIS/ARR with ArcGIS for Server will be instructed to use this workflow and/or be directed to Esri Professional Services for a more tailored/customized deployment architecture.
【原文链接】
http://support.esri.com/en/kno ... 40694
要回复问题请先登录或注册