Customize the Workflow Manager configuration file

Available with Workflow Manager license.

As an administrator, you can add and manage properties in the workflowManager.conf file to configure custom settings for ArcGIS Workflow Manager Server and the web app. After installing Workflow Manager, the configuration file is located at ~/.esri/WorkflowManager/<hostname>/workflowManager.conf.

Note:

If your ArcGIS Enterprise system contains more than one ArcGIS Server machine with Workflow Manager Server, changes to the configuration file must be repeated in each instance of ArcGIS Server.

Administrative parameters

The following parameters can be modified to define custom attributes.

Note:

If you are upgrading Workflow Manager, some parameters may not exist and must be manually added to the configuration file.

ParameterDescriptionExample format

LogRetentionPeriod

Controls the frequency of when log messages in the web app are deleted by the cleanup task. This property is set to seven days by default.

This property does not alter the frequency of when Workflow Manager Server logs are deleted.

LogRetentionPeriod = 7 days

allowUnsecureWebhooks

Controls whether incoming webhooks require header security. Starting at 11.2, this property is set to false by default.

Note:

If you are using the ArcGIS Survey123 webhook to create jobs in Workflow Manager, you must set this property to true.

Caution:

Setting this property to true allows anyone with the webhook URL to create jobs in the web app.

allowUnsecureWebhooks = false

webRequestAllowLocal

Controls whether the Send Web Request step permits requests to localhost.

webRequestAllowlocal = false

webRequestAllowedProtocols

Controls which protocol is permitted during the Send Web Request step.

webRequestAllowedProtocols = ["https"]

webRequestBlockedHosts

Controls which hosts are blocked from receiving web requests during the Send Web Request step.

webRequestBlockedHosts = ["169.254.169.254/32", "127.0.0.1/32", "1/128"]

webRequestBlockedPorts

Controls which ports are blocked during the Send Web Request step.

webRequestBlockedPorts = ["80", "81"]

webRequestEnforceValidDomain

Blocks requests to hosts with an invalid top-level domain (TLD). This property is set to false by default.

webRequestEnforceValidDomain = false

Geoprocessing tool names that match Arcade expressions

If the name of a geoprocessing tool matches the name of an ArcGIS Arcade expression, such as Buffer or Clip, uncomment allowedList and add tool names that should not be evaluated as Arcade expressions. Alternatively, you can enclose the tool name in single or double quotation marks in the Run Pro GP Tool step's configuration.

Configure a high-availability deployment

For highly available Workflow Manager deployments, each machine must be configured to enable high availability.

Note:

When federating the ArcGIS Server machines where Workflow Manager Server is installed with your ArcGIS Enterprise portal, set the Administration URL to a URL that can be used to communicate with all servers in the site.

  1. Open the ~/.esri/WorkflowManager/<hostname>/workflowManager.conf file in a text editor.
  2. Uncomment the following lines in the workflowManager.conf file:
    • play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider"
    • play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"

    If these lines don't exist in the workflowManager.conf file, add them to the bottom of the file.

  3. Save the file.
  4. Restart the ArcGIS Workflow Manager Server service.
  5. Repeat the steps for each Workflow Manager Server machine.

    Workflow Manager Server is now configured for high availability.

Sample configuration file

The following is a sample Workflow Manager configuration file that can be used or referenced in your system:

#########################################################
# Workflow Manager configuration settings
# Set any user-defined configuration options in this file
#########################################################

include "application.conf"

wmx {
  arcadeExpressionTimeout = 10 seconds

  featureBatchSize = 100

  webRequestTimeout = 1 minute

  webhookTokenExpiration = 30 minutes

  webhookMaxAttachmentSize = 10m

  logRetentionPeriod = 7 days

  jobAutoExecutionLimit = 25

  // Note: Using unsecured webhooks will allow anyone that can access the webhook URL to create jobs
  allowUnsecureWebhooks = false

//  webRequestAllowLocal = true
//  webRequestAllowedProtocols = ["http", "https"]
//  webRequestBlockedHosts = ["169.254.169.254/32"]
//  webRequestBlockedPorts = []
//  webRequestEnforceValidDomain = false
//  webRequestRestrictedHeaders = ["Content-Length", "Content-Location", "Forwarded", "From", "Host", "Referer", "Referer-Policy", "User-Agent", "Via", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "Strict-Transport-Security", "X-Frame-Options", "X-XSS-Protection", "X-Content-Type-Options", "Access-Control-Allow-Origin", "Content-Security-Policy", "Origin"]
}

// Uncomment to modify the allowedList of GP Tool names that are also Arcade functions
// wmx.steps.proGP {
//   allowedList = []
// }

// The following settings can be used to modify security settings

// Uncomment this to modify the allowed cipher suites. Can use same options as ArcGIS Server
//akka.ssl-config.enabledCipherSuites = [
//  "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
//  "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
//  "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
//  "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
//  ]

// Uncomment this to modify the allowed TLS protocols
//akka.ssl-config.enabledProtocols = [
//  "TLSv1.2",
//  // "TLSv1.1", // Deprecated - only use if absolutely required
//  // "TLSv1" // Deprecated - only use if absolutely required
//]

// Uncomment this to enable CORS
//play.filters.enabled += "play.filters.cors.CORSFilter"
//play.filters.cors {
//  pathPrefixes = ["/workflow"]
//  allowedOrigins = ["https://www.example.com", ...]
//  allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"]
//  allowedHttpHeaders = ["Accept", "Accept-Language", "Content-Language", "Content-Type"]
//  preflightMaxAge = 1 day
//}

// Uncomment the following lines to configure site to support multi-machine deployments
// play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider"
// play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"

// This can be used to change the maximum file size for attachments.
// If file sizes larger than 500MB are required, the hosted feature layer for the workflow item will also
// need to be updated in addition to this parameter. See the Workflow Manager documentation for more information.
// play.http.parser.maxDiskBuffer = 500m

// This can be used to change the max allowable POST body size
//play.http.parser.maxMemoryBuffer = 2m

Related topics