Articles in this section

Installing JetProxy (Multiple Site Solution)

Todd Kirkland
  • Updated
Follow

Hardware Requirements

See JetProxy hardware requirements

Network Requirements

  • Ensure connectivity between JetProxy and JetPatch server using telnet over port 443.
  • Ensure firewall settings allowing connection on the JetProxy over port 443/HTTPS.
  • Ensure the machine can resolve the hostname of the servers (if used)
  • (Optional) Ensure the below requirements for WSUS server if this one is needed.

Before We Start

You can either set up from scratch a JetPatch Proxy and then you will have to perform all steps in the article or just use a JetPatch OVF which already includes Nginx Configuration and skip straight to the "JetProxy Application Configuration" section. 

 

Nginx Installation

The steps in this tutorial require the user to have root privileges.

To add the CentOS 7 EPEL repository, open the terminal and use the following command:

sudo yum install epel-release

Now that the Nginx repository is installed on your server, install Nginx using the following yum command:

sudo yum install nginx -y

Nginx does not start on its own. To get Nginx running, type:

sudo systemctl start nginx

We need Nginx to start when your system boots. To do so, enter the following command:

sudo systemctl enable nginx

 

Nginx Configuration

Configure Proxy for JetPatch server using Nginx. 

a. Create/Edit the following file:

/etc/yum.repos.d/nginx.repo

b. Copy the following lines in the file if they don't exist, and save the file:

CentOS/RHEL 7:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/7/$basearch/

gpgcheck=0

enabled=1

CentOS/RHEL 6:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/6/$basearch/

gpgcheck=0

enabled=1

CentOS/RHEL 5:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/5/$basearch/

gpgcheck=0

enabled=1

c. When Nginx installation is complete, delete the following file:

/etc/nginx/conf.d/default.conf

 

JetProxy Application Configuration

Download the attached shell script according to the operating system you are using: 

intigua-gw-setup-script-rhel.sh = for RHEL / CentOS / OEL machines (5/6/7)

intigua-gw-setup-script-ubuntu.sh = for Ubuntu machines

 

Below command need to be executed using sudoer privilege.:

Change the permission of the script:

chmod +x intigua-gw-setup-script*

 

Use the PROXY server for JetPatch only:

For RHEL/CentOS/OEL machines:
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-Hostname>

For Ubuntu machines:
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname>

Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10

In case you would like to use the PROXY server for JetPatch and WSUS (optional):

For RHEL/CentOS/OEL machines:
./intigua-gw-setup-script-centos-rhel.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>

For Ubuntu machines:
./intigua-gw-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname> <WSUS-Server-IP-OR-Hostname>

# Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10 20.20.20.20

In case Nginx does not start, run the following:

systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx

 

Validate JetProxy Is Working 

To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach 

https://<YOUR_PROXY_ADDRESS>/vmanage-server

You should redirect to the JetPatch login screen.

To check if the JetProxy is also redirecting the WSUS:

http://<YOUR_PROXY_ADDRESS>:8530 
or
https://<YOUR_PROXY_ADDRESS>:8531

Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming http/https communication.

 

Firewall Rules Configuration

Using Proxy for JetPatch only

CentOS/RHEL:
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload
Ubuntu:
firewall-cmd --zone=public --add-port=443/tcp –permanent
firewall-cmd –reload

Using Proxy also for WSUS server:

CentOS/RHEL:
sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload
Ubuntu:
firewall-cmd --zone=public --add-port=8530/tcp –permanent
firewall-cmd --zone=public --add-port=8531/tcp –permanent
firewall-cmd –reload

 

Creating a JetProxy Management Service

The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.

This is also important for connector upgrades.

 

Additional Configuration for High Scale Environments

In high scale environments (>500 Endpoints) the following steps are required: 

  1. Append/modify fs.file-max = 70000  to  /etc/sysctl.conf file
  2. Add/modify the following lines in /etc/security/limits.conf
    • nginx       soft    nofile   10000
    • nginx       hard    nofile  30000
  3. Reload changes by sysctl -p
  4. In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000;  and change the line worker_connections to 30000.
  5. Reload changes:
 nginx -t && nginx -s reload
To verify: Open a shell in Nginx user and enter the following commands:
  • ulimit -Hn
  • ulimit -Sn
 The output should be:
  • 30000
  • 10000

The above steps (for scale environments) should also be performed if: 

  • In "/var/log/nginx/error.log" the following errors are seen:
    • (24: Too many open files)
    • worker_connections are not enough while connecting
  • In "/var/log/nginx/access.log" many connections are getting http 500 errors

Related articles

Comments

0 comments

Please sign in to leave a comment.