Documentation - Captures AGO/Enterprise Compatibility and Configuration Steps
Including potential pattern for proxy setup, linking video.
Proxy setup had prerequisites IIS Extensions. Available for free but need to be enabled.
Tentative Title: "Enabling HTTPS Gateway for GCZ Using IIS Reverse Proxy"
Background
The GCZ local provider runs on a NodeJS web server which does not have an HTTPS binding. This prevents the GCZ feature services from being registered in ArcGIS Online or ArcGIS Enterprise for consumption in web maps and apps. Those platforms require all services to use HTTPS, with valid SSL certificates.
To address this, the GCZ feature services can be routed through a reverse proxy that is configured with a valid certificate. There are several reverse proxy solutions in the marketplace. In addition, popular web servers feature reverse proxy capabilities as well.
This document outlines a reverse proxy implementation using the IIS URL Rewrite and Application Request Routing (ARR) modules, and follows instructions in this blog post:
Prerequisites
The two required IIS modules can be downloaded for free from the Microsoft IIS website and installed on IIS versions 7 and above.
https://www.iis.net/downloads/microsoft/application-request-routing
https://www.iis.net/downloads/microsoft/url-rewrite
Configuration
Let’s assume that the GCZ is running on a server named “gcz-server” on port 8083. The URL to access it would begin with http://gcz-server:8083. The objective is to make this available to third-party applications such as ArcGIS Online or ArcGIS Enterprise through an IIS website running on https://webserver.company.com. We can have the entire website reroute to the gcz-server, or have a specific application in the website do that. In this example, since the website already has other existing applications used for other purposes, we will be adding an application to the website and implementing the URL rewrite on it. Therefore, the front-end url to gcz will be https://webserver.company.com/gcz .
Step 1: Create web application
-
Create a folder in the web server at, for example, c:\gcz. -
In IIS Manager console, right-click on the website and Add Application
-
Create the application with the alias “gcz”, pointing to the folder c:\gcz
Step 2: Implement URL rewrite rule on the gcz application
-
Click on the gcz application you created in Step 1, from the tree view on the left. Select the URL Rewrite Icon from the middle pane, and then double click it to load the URL Rewrite interface. 
-
Chose the ‘Add Rule’ action from the right pane of the management console… -
… and the select the ‘Reverse Proxy Rule’ from the ‘Inbound and Outbound Rules’ category. -
Enter the name of the gcz server and port, and enable SSL Offloading, to route all HTTPS requests to the back-end gcz server over HTTP. Click OK to finish. -
The configuration is written to a web.config file in the application folder, with this entry: Conclusion
-
This completes the configuration of the reverse proxy. The gcz feature service can be accessed by substituting the URL to the IIS reverse proxy application configured above, for the gcz server url.
Original url: http://gcz-server:8083/ignite-provider/rest/services/gcz/FeatureServer/
Reverse proxy url with https:
https://webserver.company.com/gcz/ignite-provider/rest/services/gcz/FeatureServer/ -
The reverse proxy url can now be registered with ArcGIS Online or ArcGIS Enterprise as long as it has a valid SSL certificate.
