Available with Workflow Manager license.
As an administrator, you can add and manage properties in the workflowManager.conf file to configure custom settings for ArcGIS Workflow Manager Server and the web app. After installing Workflow Manager, the configuration file is located at ~/.esri/WorkflowManager/<hostname>/workflowManager.conf.
Note:
If your ArcGIS Enterprise system contains more than one ArcGIS Server machine with Workflow Manager Server, changes to the configuration file must be repeated in each instance of ArcGIS Server.
Administrative parameters
The following parameters can be modified to define custom attributes.
Note:
If you are upgrading Workflow Manager, some parameters may not exist and must be manually added to the configuration file.
| Parameter | Description | Example format |
|---|---|---|
LogRetentionPeriod | Controls the frequency of when log messages in the web app are deleted by the cleanup task. This property is set to seven days by default. This property does not alter the frequency of when Workflow Manager Server logs are deleted. | LogRetentionPeriod = 7 days |
allowUnsecureWebhooks | Controls whether incoming webhooks require header security. Starting at 11.2, this property is set to false by default. Caution:Setting this property to true allows anyone with the webhook URL to create jobs in the web app. | allowUnsecureWebhooks = false |
webRequestAllowLocal | Controls whether the Send Web Request step permits requests to localhost. | webRequestAllowlocal = false |
webRequestAllowedProtocols | Controls which protocol is permitted during the Send Web Request step. | webRequestAllowedProtocols = ["https"] |
webRequestBlockedHosts | Controls which hosts are blocked from receiving web requests during the Send Web Request step. | webRequestBlockedHosts = ["169.254.169.254/32", "127.0.0.1/32", "1/128"] |
webRequestBlockedPorts | Controls which ports are blocked during the Send Web Request step. | webRequestBlockedPorts = ["80", "81"] |
webRequestEnforceValidDomain | Controls which request headers will be blocked during the false by default. | webRequestEnforceValidDomain = false |
webRequestRestrictedHeaders | Controls which request headers are blocked during the Send Web Request step. | webRequestRestrictedHeaders = ["Content-Length", "Content-Location", "Forwarded", "From", "Host", "Referer", "Referer-Policy", "User-Agent", "Via", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "Strict-Transport-Security", "X-Frame-Options", "X-XSS-Protection", "X-Content-Type-Options", "Access-Control-Allow-Origin", "Content-Security-Policy", "Origin"] |
Geoprocessing tool names that match Arcade expressions
If the name of a geoprocessing tool matches the name of an ArcGIS Arcade expression, such as Buffer or Clip, uncomment allowedList and add tool names that should not be evaluated as Arcade expressions. Alternatively, you can enclose the tool name in single or double quotation marks in the Run Pro GP Tool step's configuration.
Configure a high-availability deployment
For highly available Workflow Manager deployments, each machine must be configured to enable high availability.
Note:
When federating the ArcGIS Server machines where Workflow Manager Server is installed with your ArcGIS Enterprise portal, set the Administration URL to a URL that can be used to communicate with all servers in the site.
- Open the ~/.esri/WorkflowManager/<hostname>/workflowManager.conf file in a text editor.
- Uncomment the following lines:
play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider" play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"If these lines don't exist in the workflowManager.conf file, add them to the bottom of the file.
- Optionally, uncomment the following lines to allocate concurrent connections for Workflow Manager Server:
concurrency.activeConnectionLimit = 85 concurrency.queuedConnectionLimit = 6000The default active concurrent connections is limited to 85 for single-machine deployments. Highly-available deployments must allocate equally between each Workflow Manager Server machine.
- Save the file.
- Restart the ArcGIS Workflow Manager Server service.
- Repeat the steps for each Workflow Manager Server machine.
Workflow Manager Server is now configured for high availability.
Sample configuration file
The following is a sample Workflow Manager configuration file that can be used or referenced in your system:
#########################################################
# Workflow Manager configuration settings
# Set any user-defined configuration options in this file
#########################################################
include "application.conf"
wmx {
arcadeExpressionTimeout = 10 seconds
featureBatchSize = 100
webRequestTimeout = 1 minute
webhookTokenExpiration = 30 minutes
webhookMaxAttachmentSize = 10m
logRetentionPeriod = 7 days
jobAutoExecutionLimit = 25
// Note: Using unsecured webhooks will allow anyone that can access the webhook URL to create jobs
allowUnsecureWebhooks = false
// webRequestAllowLocal = true
// webRequestAllowedProtocols = ["http", "https"]
// webRequestBlockedHosts = ["169.254.169.254/32"]
// webRequestBlockedPorts = []
// webRequestEnforceValidDomain = false
// webRequestRestrictedHeaders = ["Content-Length", "Content-Location", "Forwarded", "From", "Host", "Referer", "Referer-Policy", "User-Agent", "Via", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "Strict-Transport-Security", "X-Frame-Options", "X-XSS-Protection", "X-Content-Type-Options", "Access-Control-Allow-Origin", "Content-Security-Policy", "Origin"]
}
// Uncomment to modify the allowedList of GP Tool names that are also Arcade functions
// wmx.steps.proGP {
// allowedList = []
// }
// The following settings can be used to modify security settings
// Uncomment this to modify the allowed cipher suites. Can use same options as ArcGIS Server
//pekko.ssl-config.enabledCipherSuites = [
// "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
// "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
// "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
// "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
// ]
// Uncomment this to modify the allowed TLS protocols
//pekko.ssl-config.enabledProtocols = [
// "TLSv1.2",
// // "TLSv1.1", // Deprecated - only use if absolutely required
// // "TLSv1" // Deprecated - only use if absolutely required
//]
// Uncomment this to enable CORS
//play.filters.enabled += "play.filters.cors.CORSFilter"
//play.filters.cors {
// pathPrefixes = ["/workflow"]
// allowedOrigins = ["https://www.example.com", ...]
// allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"]
// allowedHttpHeaders = ["Accept", "Accept-Language", "Content-Language", "Content-Type"]
// preflightMaxAge = 1 day
//}
// Uncomment the following lines to configure site to support multi-machine deployments
// play.modules.disabled += "esri.workflow.utils.inject.LocalDataProvider"
// play.modules.enabled += "esri.workflow.utils.inject.DistributedDataProvider"
// This can be used to change the maximum file size for attachments.
// If file sizes larger than 500MB are required, the hosted feature layer for the workflow item will also
// need to be updated in addition to this parameter. See the Workflow Manager documentation for more information.
// play.http.parser.maxDiskBuffer = 500m
// This can be used to change the max allowable POST body size
//play.http.parser.maxMemoryBuffer = 2m
// Note this line is added to modify the default value from 85 to 75 for active concurrent connection against the hosted feature server from Workflow Manager server.
concurrency.activeConnectionLimit = 75
// Note this line is added to modify the default value from 8000 to 6000 for queued concurrent connection against the hosted feature server from Workflow Manager server.
//concurrency.queuedConnectionLimit = 6000