Hardware Requirements
See JetProxy hardware requirements
Network Requirements
- Ensure connectivity between JetProxy and JetPatch server using telnet over port 443.
- Ensure firewall settings allowing connection on the JetProxy over port 443/HTTPS.
- Ensure the machine can resolve the hostname of the servers (if used)
- (Optional) Ensure the below requirements for WSUS server if this one is needed.
Before We Start
You can either set up from scratch a JetPatch Proxy and then you will have to perform all steps in the article or just use a JetPatch OVF which already includes Nginx Configuration and skip straight to the "JetProxy Application Configuration" section.
Nginx Installation
The steps in this tutorial require the user to have root privileges.
To add the CentOS 7 EPEL repository, open the terminal and use the following command:
sudo yum install epel-release
Now that the Nginx repository is installed on your server, install Nginx using the following yum
command:
sudo yum install nginx -y
Nginx does not start on its own. To get Nginx running, type:
sudo systemctl start nginx
We need Nginx to start when your system boots. To do so, enter the following command:
sudo systemctl enable nginx
Nginx Configuration
Configure Proxy for JetPatch server using Nginx.
a. Create/Edit the following file:
/etc/yum.repos.d/nginx.repo
b. Copy the following lines in the file if they don't exist, and save the file:
CentOS/RHEL 7:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1
CentOS/RHEL 6:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/6/$basearch/
gpgcheck=0
enabled=1
CentOS/RHEL 5:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/5/$basearch/
gpgcheck=0
enabled=1
c. When Nginx installation is complete, delete the following file:
/etc/nginx/conf.d/default.conf
JetProxy Application Configuration
Download the attached shell script according to the operating system you are using:
intigua-gw-setup-script-rhel.sh = for RHEL / CentOS / OEL machines (5/6/7)
intigua-gw-setup-script-ubuntu.sh = for Ubuntu machines
Below command need to be executed using sudoer privilege.:
Change the permission of the script:
chmod +x intigua-gw-setup-script*
Use the PROXY server for JetPatch only:
For RHEL/CentOS/OEL machines:
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-Hostname>
For Ubuntu machines:
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname>
Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10
In case you would like to use the PROXY server for JetPatch and WSUS (optional):
For RHEL/CentOS/OEL machines:
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>
For Ubuntu machines:
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname> <WSUS-Server-IP-OR-Hostname>
# Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10 20.20.20.20
In case Nginx does not start, run the following:
systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx
Validate JetProxy Is Working
To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach
https://<YOUR_PROXY_ADDRESS>/vmanage-server
You should redirect to the JetPatch login screen.
To check if the JetProxy is also redirecting the WSUS:
http://<YOUR_PROXY_ADDRESS>:8530
or
https://<YOUR_PROXY_ADDRESS>:8531
Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming http/https communication.
Firewall Rules Configuration
Using Proxy for JetPatch only
CentOS/RHEL:
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload
Ubuntu:
firewall-cmd --zone=public --add-port=443/tcp –permanent
firewall-cmd –reload
Using Proxy also for WSUS server:
CentOS/RHEL:
sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload
Ubuntu:
firewall-cmd --zone=public --add-port=8530/tcp –permanent
firewall-cmd --zone=public --add-port=8531/tcp –permanent
firewall-cmd –reload
Creating a JetProxy Management Service
The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.
This is also important for connector upgrades.
Additional Configuration for High Scale Environments
In high scale environments (>500 Endpoints) the following steps are required:
- Append/modify fs.file-max = 70000 to /etc/sysctl.conf file
- Add/modify the following lines in /etc/security/limits.conf
- nginx soft nofile 10000
- nginx hard nofile 30000
- Reload changes by sysctl -p
- In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000; and change the line worker_connections to 30000.
- Reload changes:
nginx -t && nginx -s reload
- ulimit -Hn
- ulimit -Sn
- 30000
- 10000
The above steps (for scale environments) should also be performed if:
|
Comments
0 comments
Please sign in to leave a comment.