Do NOT run the following installations and/or JetProxy script in JetPatch Server Manager
Nginx Installation
- Pre-req: minimum NGINX 1.21.X (latest stable version supported),For Ubuntu 22, NGINX 1.26.X will be installed by script itself.
sudo apt update
sudo apt install nginx
sudo systemctl start nginx
sudo systemctl enable nginx
JetProxy Application Configuration
Download the attached shell script according to the operating system you are using:
intigua-proxy-setup-script-ubuntu.sh = for Ubuntu machines (attached at the bottom of the article)
You can use 'wget' command to directly download the file to the machine, or copy the script manually.
wget https://kc.jetpatch.com/hc/en-us/article_attachments/360091693531/intigua-proxy-setup-script-ubuntu.sh
Below command need to be executed using sudoer privilege.:
Change the permission of the script:
chmod +x intigua-proxy-setup-script*
Note: For Ubuntu 22
When running the script, you may encounter a prompt in the middle of the process containing information about a pending kernel upgrade. If you want to upgrade the kernel, select 'OK' and press Enter; otherwise, press Esc to skip this step.
In the next step, you will see another prompt asking 'Which services should be restarted?' You can select 'Cancel' and press Enter to proceed without restarting any services.
Use the PROXY server for JetPatch only:
./intigua-proxy-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname>
Example: ./intigua-proxy-setup-script-ubuntu.sh 10.10.10.10
For Ubuntu-22:
echo |./intigua-proxy-setup-script-ubuntu.sh 10.10.10.10
In case you would like to use the PROXY server for JetPatch and WSUS (optional):
./intigua-proxy-setup-script-ubuntu.sh <JetPatch-Server-IP-OR- Hostname> <WSUS-Server-IP-OR-Hostname>
# Example: ./intigua-proxy-setup-script-ubuntu.sh 10.10.10.10 20.20.20.20
For Ubuntu-22:
echo |./intigua-proxy-setup-script-ubuntu.sh 10.10.10.10 20.20.20.20
NGINIX Troubleshooting: If case NGINIX does not start, run the following:
systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx
Validate JetProxy Is Working
To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach
https://<YOUR_PROXY_ADDRESS>/vmanage-server
You should redirect to the JetPatch login screen.
To check if the JetProxy is also redirecting the WSUS:
http://<YOUR_PROXY_ADDRESS>:8530
or
https://<YOUR_PROXY_ADDRESS>:8531
Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming http/https communication.
Firewall Rules Configuration
Using Proxy for JetPatch only
firewall-cmd --zone=public --add-port=443/tcp –permanent
firewall-cmd –reload
Using Proxy also for WSUS server:
firewall-cmd --zone=public --add-port=8530/tcp –permanent
firewall-cmd --zone=public --add-port=8531/tcp –permanent
firewall-cmd –reload
Creating a JetProxy Management Service
The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.
This is also important for connector upgrades.
Additional Configuration for High Scale Environments
In high scale environments (>500 Endpoints) the following steps are required:
- Append/modify fs.file-max = 70000 to /etc/sysctl.conf file
- Add/modify the following lines in /etc/security/limits.conf
- nginx soft nofile 10000
- nginx hard nofile 30000
- Reload changes by sysctl -p
- In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000; and change the line worker_connections to 30000.
- Reload changes:
nginx -t && nginx -s reload
- ulimit -Hn
- ulimit -Sn
- 30000
- 10000
The above steps (for scale environments) should also be performed if:
|
Comments
0 comments
Please sign in to leave a comment.