To configure the forward proxy, use the ArcGIS Enterprise Administrator API to update the security configuration JSON.
- Sign in to the ArcGIS Enterprise Administrator Directory.
- Click Security > Configuration > Update Configuration.
- Specify values that correspond with your environment for the following parameters:
{ "httpProxyHost": "forwardproxy.example.com", "httpsProxyHost": "forwardproxy.example.com", "httpProxyPort": 8888, "httpsProxyPort": 8888, "nonProxyHosts": "portal.example.com" }- httpProxyHost and httpsProxyHost must point to the machine name or the IP address of the forward proxy.
- httpProxyPort and httpsProxyPort must be the listening port number for the forward proxy.
- httpProxyUser, httpsProxyUser, httpProxyPassword, and httpsProxyPassword are optional parameters that are needed if the forward proxy requires authentication.
- nonProxyHosts must include the domain name of the external ArcGIS Enterprise URL, along with any hostnames or IP addresses that should not go through the proxy. Multiple machine and domain items are separated using a pipe (|), for example:
"nonProxyHosts": "portal.example.com|*.example.com"
- Click Update Security Configuration to save the updated parameters.
Once saved, a number of pods will restart automatically including arcgis-rest-portal, arcgis-rest-administrator-api, and all of the Utilities and System service pods. To ensure the forward proxy changes are applied to each pod, it is recommended to restart all other user-published GIS services.
A forward proxy server can either tunnel encrypted traffic or decrypt and then reencrypt traffic. If ArcGIS Enterprise does not appear to be working correctly with the forward proxy, it's likely the proxy server is decrypting and reencrypting traffic. A proxy server that decrypts traffic will use a root certifying authority to present certificates. ArcGIS Enterprise will not trust the root certifying authority by default, so you must import the certificate. See Import certificates for details.