Articles in this section

Installing JetProxy (EL 7.X/8.X/9.X)

Do NOT run the following installations and/or JetProxy script in JetPatch Server Manager

Note: EL 7.X/8.X/9.X assumes RHEL/OL/AlmaLinux

Nginx repo configuration 

Create a .repo file to download the Nginx in the Proxy server. 

a. Create/Edit the following file:

/etc/yum.repos.d/nginx.repo

b. Copy the following lines in the file if they don't exist, and save the file:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Nginx Installation

The steps in this tutorial require the user to have root privileges.

Insall Nginx using the following yum command:

sudo yum install nginx -y

Nginx does not start on its own. To get Nginx running, type:

sudo systemctl start nginx

We need Nginx to start when your system boots. To do so, enter the following command:

sudo systemctl enable nginx

c. When Nginx installation is complete, delete the following file:

/etc/nginx/conf.d/default.conf

JetProxy Application Configuration

Download the attached shell script (it says CentOS, but works for AlmaLinux as well)

Below command need to be executed using sudoer privilege.:

Change the permission of the script:

chmod +x intigua-proxy-setup-script*

Use the PROXY server for JetPatch only:

./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-Hostname>

Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10

Only configure JetProxy with WSUS if all endpoints can use the WSUS Primary set to download updates directly from Microsoft. Otherwise, skip this step and use a WSUS Replica server:

./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>

# Example: ./intigua-proxy-setup-script-centos-rhel-ol.sh 10.10.10.10 20.20.20.20

In case Nginx does not start, run the following:

systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx

If you are getinng the mkdir permission issue:

nginx: [emerg] mkdir() "/usr/share/nginx/cache" failed (13: Permission denied)

Run the following:

sudo mkdir -p /usr/share/nginx/cache
sudo chown nginx:nginx /usr/share/nginx/cache
sudo chmod 755 /usr/share/nginx/cache
sudo systemctl restart nginx

Check the nginx status:

sudo systemctl status nginx

Firewall Rules Configuration

Using Proxy for JetPatch only

sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload

Using Proxy also for WSUS server:

sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload

Validate JetProxy Is Working 

To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach 

For versions Prior to 5.0:

https://<YOUR_PROXY_ADDRESS>/vmanage-server

Post 5.0:

https://<YOUR_PROXY_ADDRESS>

You should redirect to the JetPatch login screen.  If not, check communication from JetProxy to Primary JetPatch console over 443.

To check if the JetProxy is also redirecting the WSUS:

http://<YOUR_PROXY_ADDRESS>:8530 
or
https://<YOUR_PROXY_ADDRESS>:8531

Creating a JetProxy Management Service

The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.

This is also important for connector upgrades.

Additional Required Configuration for JetProxy

Step 0: If using WSUS with JetProxy, follow this article

Follow all steps below to optimize JetProxy, fix common issues, and avoid HTTP errors.

Step 1: Configure SELinux for network connectivity

If SELinux is enabled, run:

sudo setsebool -P httpd_can_network_connect 1

This prevents HTTP 110 Connection Timed Out errors due to SELinux blocking outbound requests.

Step 2: Adjust OS limits to handle high load

(1) Edit /etc/sysctl.conf:
Add or update:

fs.file-max = 70000

(2) Edit /etc/security/limits.conf:
Add or update:

nginx soft nofile 10000
nginx hard nofile 30000

(3) Reload OS settings:

sudo sysctl -p

Step 3: Adjust NGINX settings to payload errors (skip this step if you followed the JetProxy with WSUS article)

Edit the NGINX configuration file (/etc/nginx/conf.d/intigua.conf):

Add or update this client_max_body_size line clearly at the top section after the ssl_dhparam /etc/ssl/certs/dhparam.pem; line and before the
server {
listen 80; line

# Allow larger request payloads (resolves HTTP 413 Payload Too Large errors)
client_max_body_size 100m;
Verify and reload NGINX:
nginx -t && nginx -s reload


Step 4: Verify that new limits are applied correctly

Check soft and hard limits for NGINX user:

Expected output: 10000
su -s /bin/bash -c 'ulimit -Sn' nginx
Expected output: 30000
su -s /bin/bash -c 'ulimit -Hn' nginx

Explanation of changes:

  • SELinux (httpd_can_network_connect): Prevents SELinux from blocking outbound connections.

  • OS Limits (fs.file-max, nofile): Resolves "Too many open files" errors under heavy load.

  • NGINX Payload Limit (client_max_body_size): Prevents HTTP 413 errors ("Payload Too Large") during large uploads.

This ensures the JetProxy operates reliably under high load with correct handling of large requests.

 
 
 

Related articles

Comments

0 comments

Please sign in to leave a comment.