Do NOT run the following installations and/or JetProxy script in JetPatch Server Manager
Note: EL 7.X/8.X/9.X assumes RHEL/OL/AlmaLinux
Nginx repo configuration
- Pre-req: minimum NGINX 1.26.X (latest stable version supported)
Create a .repo file to download the Nginx in the Proxy server.
a. Create/Edit the following file:
/etc/yum.repos.d/nginx.repo
b. Copy the following lines in the file if they don't exist, and save the file:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/<EL-version>/$basearch/
gpgcheck=0
enabled=1
Note: Change the EL- version as per the Operating system used. If its EL8, change it to 8.
Below is the example
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/8/$basearch/
gpgcheck=0
enabled=1
Nginx Installation
The steps in this tutorial require the user to have root privileges.
Insall Nginx using the following yum
command:
sudo yum install nginx -y
Nginx does not start on its own. To get Nginx running, type:
sudo systemctl start nginx
We need Nginx to start when your system boots. To do so, enter the following command:
sudo systemctl enable nginx
c. When Nginx installation is complete, delete the following file:
/etc/nginx/conf.d/default.conf
JetProxy Application Configuration
Download the attached shell script (it says CentOS, but works for AlmaLinux as well)
Below command need to be executed using sudoer privilege.:
Change the permission of the script:
chmod +x intigua-proxy-setup-script*
Use the PROXY server for JetPatch only:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-Hostname>
Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10
In case you would like to use the PROXY server for JetPatch and WSUS (optional). This is only if the WSUS Primary download server setting is OK for all devices, otherwise use a WSUS replica instead and skip this step:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>
# Example: ./intigua-proxy-setup-script-centos-rhel-ol.sh 10.10.10.10 20.20.20.20
In case Nginx does not start, run the following:
systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx
If you are getinng the mkdir permission issue:
nginx: [emerg] mkdir() "/usr/share/nginx/cache" failed (13: Permission denied)
Run the following:
sudo mkdir -p /usr/share/nginx/cache
sudo chown nginx:nginx /usr/share/nginx/cache
sudo chmod 755 /usr/share/nginx/cache
sudo systemctl restart nginx
Check the nginx status:
sudo systemctl status nginx
Firewall Rules Configuration
Using Proxy for JetPatch only
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload
Using Proxy also for WSUS server:
sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload
Validate JetProxy Is Working
To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach
https://<YOUR_PROXY_ADDRESS>/vmanage-server
You should redirect to the JetPatch login screen. If not, check communication from JetProxy to Primary JetPatch console over 443.
To check if the JetProxy is also redirecting the WSUS:
http://<YOUR_PROXY_ADDRESS>:8530
or
https://<YOUR_PROXY_ADDRESS>:8531
Creating a JetProxy Management Service
The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.
This is also important for connector upgrades.
Additional Configuration
For optimized JetProxy, please the following steps are required:
- Append/modify fs.file-max = 70000 to the bottom of the /etc/sysctl.conf file
- Add the following lines to the bottom of /etc/security/limits.conf
- nginx soft nofile 10000
- nginx hard nofile 30000
- Reload changes by sysctl -p
- In the top of the nginx.conf file (/etc/nginx/nginx.conf) add worker_rlimit_nofile 30000; and change the line worker_connections to 30000.
- Reload changes:
nginx -t && nginx -s reload
su -s /bin/bash -c 'ulimit -Sn' nginx
Hard limit
su -s /bin/bash -c 'ulimit -Hn' nginx
- 10000
- 30000
The above steps (for scale environments) should also be performed if:
|
Comments
0 comments
Please sign in to leave a comment.