Available with Workflow Manager license.
As an administrator, you can add and manage properties in the workflowManager.conf file to configure custom settings for ArcGIS Workflow Manager Server and the web app. After installing Workflow Manager, the configuration file is located at ~/.esri/WorkflowManager/<hostname>/workflowManager.conf.
Note:
If your ArcGIS Enterprise system contains more than one ArcGIS Server machine with Workflow Manager Server, changes to the configuration file must be repeated in each instance of ArcGIS Server.
Administrative parameters
The following parameters can be modified to define custom attributes.
Note:
If you are upgrading Workflow Manager, some parameters may not exist and must be manually added to the configuration file.
Parameter | Description | Example format |
---|---|---|
LogRetentionPeriod | Controls the frequency of when log messages in the web app are deleted by the cleanup task. This property is set to seven days by default. This property does not alter the frequency of when Workflow Manager Server logs are deleted. | LogRetentionPeriod = 7 days |
allowUnsecureWebhooks | Controls whether incoming webhooks require header security. Starting at 11.2, this property is set to false by default. Note:If you are using the ArcGIS Survey123 webhook to create jobs in Workflow Manager, you must set this property to true. Caution:Setting this property to true allows anyone with the webhook URL to create jobs in the web app. | allowUnsecureWebhooks = false |
webRequestAllowLocal | Controls whether the Send Web Request step permits requests to localhost. | webRequestAllowlocal = false |
webRequestAllowedProtocols | Controls which protocol is permitted during the Send Web Request step. | webRequestAllowedProtocols = ["https"] |
webRequestBlockedHosts | Controls which hosts are blocked from receiving web requests during the Send Web Request step. | webRequestBlockedHosts = ["169.254.169.254/32", "127.0.0.1/32", "1/128"] |
webRequestBlockedPorts | Controls which ports are blocked during the Send Web Request step. | webRequestBlockedPorts = ["80", "81"] |
webRequestEnforceValidDomain | Blocks requests to hosts with an invalid top-level domain (TLD). This property is set to false by default. | webRequestEnforceValidDomain = false |
Geoprocessing tool names that match Arcade expressions
If the name of a geoprocessing tool matches the name of an ArcGIS Arcade expression, such as Buffer or Clip, uncomment allowedList and add tool names that should not be evaluated as Arcade expressions. Alternatively, you can enclose the tool name in single or double quotation marks in the Run Pro GP Tool step's configuration.
Configure a high-availability deployment
For highly available Workflow Manager deployments, each machine must be configured to enable high availability.
Note:
When federating the ArcGIS Server machines where Workflow Manager Server is installed with your ArcGIS Enterprise portal, set the Administration URL to a URL that can be used to communicate with all servers in the site.
- Open the ~/.esri/WorkflowManager/<hostname>/workflowManager.conf file in a text editor.
- Uncomment the following lines in the workflowManager.conf file:
- play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider"
- play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"
If these lines don't exist in the workflowManager.conf file, add them to the bottom of the file.
- Save the file.
- Restart the ArcGIS Workflow Manager Server service.
- Repeat the steps for each Workflow Manager Server machine.
Workflow Manager Server is now configured for high availability.
Sample configuration file
The following is a sample Workflow Manager configuration file that can be used or referenced in your system:
#########################################################
# Workflow Manager configuration settings
# Set any user-defined configuration options in this file
#########################################################
include "application.conf"
wmx {
arcadeExpressionTimeout = 10 seconds
featureBatchSize = 100
webRequestTimeout = 1 minute
webhookTokenExpiration = 30 minutes
webhookMaxAttachmentSize = 10m
logRetentionPeriod = 7 days
jobAutoExecutionLimit = 25
// Note: Using unsecured webhooks will allow anyone that can access the webhook URL to create jobs
allowUnsecureWebhooks = false
// webRequestAllowLocal = true
// webRequestAllowedProtocols = ["http", "https"]
// webRequestBlockedHosts = ["169.254.169.254/32"]
// webRequestBlockedPorts = []
// webRequestEnforceValidDomain = false
// webRequestRestrictedHeaders = ["Content-Length", "Content-Location", "Forwarded", "From", "Host", "Referer", "Referer-Policy", "User-Agent", "Via", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "Strict-Transport-Security", "X-Frame-Options", "X-XSS-Protection", "X-Content-Type-Options", "Access-Control-Allow-Origin", "Content-Security-Policy", "Origin"]
}
// Uncomment to modify the allowedList of GP Tool names that are also Arcade functions
// wmx.steps.proGP {
// allowedList = []
// }
// The following settings can be used to modify security settings
// Uncomment this to modify the allowed cipher suites. Can use same options as ArcGIS Server
//akka.ssl-config.enabledCipherSuites = [
// "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
// "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
// "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
// "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
// ]
// Uncomment this to modify the allowed TLS protocols
//akka.ssl-config.enabledProtocols = [
// "TLSv1.2",
// // "TLSv1.1", // Deprecated - only use if absolutely required
// // "TLSv1" // Deprecated - only use if absolutely required
//]
// Uncomment this to enable CORS
//play.filters.enabled += "play.filters.cors.CORSFilter"
//play.filters.cors {
// pathPrefixes = ["/workflow"]
// allowedOrigins = ["https://www.example.com", ...]
// allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"]
// allowedHttpHeaders = ["Accept", "Accept-Language", "Content-Language", "Content-Type"]
// preflightMaxAge = 1 day
//}
// Uncomment the following lines to configure site to support multi-machine deployments
// play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider"
// play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"
// This can be used to change the maximum file size for attachments.
// If file sizes larger than 500MB are required, the hosted feature layer for the workflow item will also
// need to be updated in addition to this parameter. See the Workflow Manager documentation for more information.
// play.http.parser.maxDiskBuffer = 500m
// This can be used to change the max allowable POST body size
//play.http.parser.maxMemoryBuffer = 2m