A forward proxy server is a computer on your LAN that allows you to connect outside the network without compromising the security of your internal network. Use of a forward proxy server is very common in perimeter networks (also known as demilitarized zones [DMZ] or screened subnets) to protect the identity of internal machines. While most ArcGIS Server services do not need to connect outside of the network, the PrintingTools service or custom geoprocessing services may need to access external web services. If your organization uses a forward proxy server to connect externally, you need to configure ArcGIS Server to use your forward proxy server.
The standard way to configure a reverse proxy server is through the use of the http_proxy environment variable. If this is already configured for the ArcGIS Server account, there are no additional steps for you to perform. To configure this environment variable and define the forward proxy server, edit the init_user_param.sh script in the <ArcGIS Server installation directory>/arcgis/server/usr directory. To do so, follow these steps:
- Open the init_user_param.sh script in a text editor.
- Locate the line export http_proxy=http://<user name>:<password>@<proxy-server-name.domain.org>:<port number>/, and modify the sample URL to match the name and port number of your forward proxy server. If a user name and password are required to connect to your forward proxy server, specify the user name and password parameters in the URL. If a user name and password are not required, delete the <user name>:<password>@ text from the URL.
- Optionally, you can use the no_proxy environment variable to specify a list of domains for which the default proxy is not required. To use this variable, uncomment the line export no_proxy="<local>;*.<domain>.<com>", and add entries to this list. The wildcard character * and <local> can be used when specifying the domain. Each entry must be separated by a semicolon (;).
- Save and close the init_user_param.sh script.
- For your settings to take effect, you need to restart ArcGIS Server. You can do this by running the startserver.sh script on each GIS server in your deployment.
ArcGIS Server is now configured with the forward proxy server settings specified in the init_user_param.sh script.