Articles in this section

Installing JetProxy (Multiple Site Solution)

Todd Kirkland
  • Updated
Follow

Hardware Requirements

See https://kc.jetpatch.com/hc/en-us/articles/360024120731-Hardware-specifications 

Network Requirements

  • Ensure connectivity between JetProxy and JetPatch server using telnet over port 443.
  • Ensure firewall settings allowing connection on the JetProxy over port 443/HTTPS.
  • Ensure the machine can resolve the hostname of the servers (if used)
  • (Optional) Ensure the below requirements for WSUS server if this one is needed.

Before We Start

You can either set up from scratch a JetPatch Proxy and then you will have to perform all steps in the article or just use a JetPatch OVF which already includes Nginx Configuration and skip straight to the "JetProxy Application Configuration" section. 

 

Nginx Configuration

Configure Proxy for JetPatch server using Nginx. 

a. Create the following file:

/etc/yum.repos.d/nginx.repo

b. Copy the following in the file, and save it:

CentOS/RHEL 7:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/7/$basearch/

gpgcheck=0

enabled=1

CentOS/RHEL 6:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/6/$basearch/

gpgcheck=0

enabled=1

CentOS/RHEL 5:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/5/$basearch/

gpgcheck=0

enabled=1

c. Run:

yum install nginx

d. When Nginx installation is complete, delete the following file:

/etc/nginx/conf.d/default.conf

e. To enable Nginx to run even after reboot, do the following command:

systemctl enable nginx.service

 

JetProxy Application Configuration

Download the attached shell script according to the operating system you are using: 

intigua-gw-setup-script-rhel.sh = for RHEL / CentOS / OEL machines (5/6/7)

intigua-gw-setup-script-ubuntu.sh = for Ubuntu machines

Change the permission of the script:

chmod +x intigua-gw-setup-script*

Execute using sudoer privilege.  Example command line (change IP address to the JetPatch server):

#For RHEL/CentOS/OEL machines
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-Hostname>

#For Ubuntu machines
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname>

Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10

In case you would like to use the PROXY server for WSUS (optional):

#For RHEL/CentOS/OEL machines
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>

#For Ubuntu machines
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname> <WSUS-Server-IP-OR-Hostname>

# Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10 20.20.20.20

If Nginx does not start, run the following:

systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx

Creating a JetProxy Management Service

The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.

This is also important for connector upgrades.

Additional Configuration

In high scale environments (>500 Endpoints) the following steps are required: 

  1. Append/modify fs.file-max = 70000  to  /etc/sysctl.conf file
  2. Add/modify the following lines in /etc/security/limits.conf
    • nginx       soft    nofile   10000
    • nginx       hard    nofile  30000
  3. Reload changes by sysctl -p
  4. In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000;  and change the line worker_connections to 30000.
  5. Reload changes:
 nginx -t && nginx -s reload
To verify: Open a shell in Nginx user and enter the following commands:
  • ulimit -Hn
  • ulimit -Sn
 The output should be:
  • 30000
  • 10000

The above steps (for scale environments) should also be performed if: 

  • In "/var/log/nginx/error.log" the following errors are seen:
    • (24: Too many open files)
    • worker_connections are not enough while connecting
  • In "/var/log/nginx/access.log" many connections are getting http 500 errors

 

Validate JetProxy Is Working 

To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach 

https://<YOUR_PROXY_ADDRESS>/vmanager-server

You should redirect to the JetPatch login screen.

Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming https communication.

#Using Proxy for JetPatch only:
firewall-cmd --zone=public --add-port=443/tcp –permanent
firewall-cmd –reload


#Using Proxy for JetPatch and WSUS server:
firewall-cmd --zone=public --add-port=8530/tcp –permanent
firewall-cmd --zone=public --add-port=8531/tcp –permanent
firewall-cmd –reload

Related articles

Comments

0 comments

Please sign in to leave a comment.