Do NOT run the following installations and/or JetProxy script in JetPatch Server Manager
Nginx Installation
The steps in this tutorial require the user to have root privileges.
CentOS Only: add the EPEL repository, open the terminal and use the following command:
sudo yum install epel-release
Now that the Nginx repository is installed on your server, install Nginx using the following yum
command:
sudo yum install nginx -y
Nginx does not start on its own. To get Nginx running, type:
sudo systemctl start nginx
We need Nginx to start when your system boots. To do so, enter the following command:
sudo systemctl enable nginx
Nginx Configuration
Configure Proxy for JetPatch server using Nginx.
a. Create/Edit the following file:
/etc/yum.repos.d/nginx.repo
b. Copy the following lines in the file if they don't exist, and save the file:
EL8:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/8/$basearch/
gpgcheck=0
enabled=1
EL7:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1
c. When Nginx installation is complete, delete the following file:
/etc/nginx/conf.d/default.conf
JetProxy Application Configuration
Download the attached shell script according to the operating system you are using:
intigua-proxy-setup-script-centos-rhel-ol.sh = for RHEL / CentOS / OL machines (7/8) (attached at the bottom of the article)
Below command need to be executed using sudoer privilege.:
Change the permission of the script:
chmod +x intigua-proxy-setup-script*
Use the PROXY server for JetPatch only:
For RHEL/CentOS/OL machines:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-Hostname>
Example: ./intigua-gw-setup-script-centos-rhel.sh 10.10.10.10
In case you would like to use the PROXY server for JetPatch and WSUS (optional):
For RHEL/CentOS/OL machines:
./intigua-proxy-setup-script-centos-rhel-ol.sh <JetPatch-Server-IP-OR-HOSTNAME> <WSUS-Server-IP-OR-Hostname>
# Example: ./intigua-proxy-setup-script-centos-rhel-ol.sh 10.10.10.10 20.20.20.20
In case Nginx does not start, run the following:
systemctl stop nginx
rm /etc/nginx/conf.d/intigua.conf
systemctl start nginx
Validate JetProxy Is Working
To check if the JetProxy is working, just open a browser application (Chrome, Safari) and try to reach
https://<YOUR_PROXY_ADDRESS>/vmanage-server
You should redirect to the JetPatch login screen.
To check if the JetProxy is also redirecting the WSUS:
http://<YOUR_PROXY_ADDRESS>:8530
or
https://<YOUR_PROXY_ADDRESS>:8531
Note - In case it is not happening, check for firewall rules configuration on the JetProxy to enable incoming http/https communication.
Firewall Rules Configuration
Using Proxy for JetPatch only
CentOS/RHEL:
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
sudo firewall-cmd --reload
Using Proxy also for WSUS server:
CentOS/RHEL:
sudo firewall-cmd --permanent --add-port=8530/tcp
sudo firewall-cmd --permanent --add-port=8531/tcp
sudo firewall-cmd --reload
Creating a JetProxy Management Service
The default, the built-in management service for the JetPatch connector is not aware of the JetProxy address. Thus, you will need to create a new one for the endpoints that will be using the JetProxy address as their primary URL.
This is also important for connector upgrades.
Additional Configuration for High Scale Environments
In high scale environments (>500 Endpoints) the following steps are required:
- Append/modify fs.file-max = 70000 to /etc/sysctl.conf file
- Add/modify the following lines in /etc/security/limits.conf
- nginx soft nofile 10000
- nginx hard nofile 30000
- Reload changes by sysctl -p
- In the top of the nginx.conf file (may be located in /etc/nginx/nginx.conf) add worker_rlimit_nofile 30000; and change the line worker_connections to 30000.
- Reload changes:
nginx -t && nginx -s reload
- ulimit -Hn
- ulimit -Sn
- 30000
- 10000
The above steps (for scale environments) should also be performed if:
|
Comments
0 comments
Please sign in to leave a comment.