Installing JetProxy (RHEL/OEL/CENTOS)

Do NOT run the following installations and/or JetProxy script in JetPatch Server Manager

Nginx Installation

The steps in this tutorial require the user to have root privileges.

CentOS Only: add the EPEL repository, open the terminal and use the following command:

sudo yum install epel-release

Now that the Nginx repository is installed on your server, install Nginx using the following yum command:

sudo yum install nginx -y

Nginx does not start on its own. To get Nginx running, type:

sudo systemctl start nginx

We need Nginx to start when your system boots. To do so, enter the following command:

sudo systemctl enable nginx

Nginx Configuration 

Configure Proxy for JetPatch server using Nginx. 

a. Create/Edit the following file:

/etc/yum.repos.d/nginx.repo

b. Copy the following lines in the file if they don't exist, and save the file:

EL8:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/8/$basearch/

gpgcheck=0

enabled=1

EL7:

[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/rhel/7/$basearch/

gpgcheck=0

enabled=1

c. When Nginx installation is complete, delete the following file:

/etc/nginx/conf.d/default.conf

JetProxy Application Configuration

Download the attached shell script according to the operating system you are using: 

intigua-proxy-setup-script-centos-rhel-ol.sh = for RHEL / CentOS / OL machines (7/8) (attached at the bottom of the article)

Below command need to be executed using sudoer privilege.:

Change the permission of the script:

chmod +x intigua-proxy-setup-script*

Use the PROXY server for JetPatch only:

For RHEL/CentOS/OL machines:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-Hostname>

Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10

In case you would like to use the PROXY server for JetPatch and WSUS (optional):

For RHEL/CentOS/OL machines:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>

# Example: ./intigua-proxy-setup-script-centos-rhel-ol.sh 10.10.10.10 20.20.20.20

In case Nginx does not start, run the following:

systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx

Validate JetProxy Is Working 

To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach 

https://<YOUR_PROXY_ADDRESS>/vmanage-server

You should redirect to the JetPatch login screen.

To check if the JetProxy is also redirecting the WSUS:

http://<YOUR_PROXY_ADDRESS>:8530 
or
https://<YOUR_PROXY_ADDRESS>:8531

Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming http/https communication.

Firewall Rules Configuration

Using Proxy for JetPatch only

CentOS/RHEL:
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload

Using Proxy also for WSUS server:

CentOS/RHEL:
sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload

Creating a JetProxy Management Service

The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.

This is also important for connector upgrades.

Additional Configuration for High Scale Environments

In high scale environments (>500 Endpoints) the following steps are required: 

1. Append/modify fs.file-max = 70000  to  /etc/sysctl.conf file
2. Add/modify the following lines in /etc/security/limits.conf
   • nginx       soft    nofile   10000
   • nginx       hard    nofile  30000
3. Reload changes by sysctl -p
4. In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000;  and change the line worker_connections to 30000.
5. Reload changes:

 nginx -t && nginx -s reload