Proxy installation - Linux

In ESMC 7 the ERA Proxy functionality was replaced by Apache HTTP Proxy, commonly distributed as apache2 or httpd package. ESET Management Agents (starting in version 7) can connect to the ESMC Server via Apache HTTP Proxy. Read more about how proxy for ESET Management Agents works.

Select your scenario:

New installation on Linux

Upgrade from previous version with ERA Proxy installed on Linux

Upgrade ERA Proxy on Virtual Appliance

 

New installation on Linux

1.Install and configure the Apache HTTP Proxy.

2.Configure the Apache HTTP Proxy to forward agents' connections:

a.On the proxy machine, open the file

i.Debian distributions
/etc/apache2/mods-enabled/proxy.conf

ii.Red Hat distributions
/etc/httpd/conf/httpd.conf

b.Add a line to the end of the file with the port used by Agent to connect to the ESMC Server. By default it is 2222.
AllowCONNECT 443 563 2222

c.On the proxy machine, open the file

i.Debian distributions
/etc/apache2/apache2.conf

ii.Red Hat distributions
/etc/httpd/conf/httpd.conf

d.Find the line:
Listen 80
and change it to
Listen 3128

e.If you have added restrictions for IP addresses in your proxy configuration (step 1), you have to allow access to your ESMC Server:
Add a separate ProxyMatch segment:

I.The address that your Agents use to connect to the ESMC Server.

II.All other possible addresses of your ESMC Server (IP, FQDN)
(add all of the code shown below; IP address 10.1.1.10 and hostname hostname.example are only examples to be replaced with your actual addresses. You can also generate the ProxyMatch expression in this Knowledgebase article.)

<ProxyMatch ^(hostname\.example(:[0-9]+)?(\/.*)?|10\.1\.1\.10(:[0-9]+)?(\/.*)?)$>

Allow from all

</ProxyMatch>

f.Restart the Apache HTTP Proxy service.

 

Upgrade from previous version with ERA Proxy installed on Linux

Upgrading an environment with ERA 6.x Proxy on Linux is very similar to a Windows upgrade, except for the configuration of file paths. Follow the article for infrastructure upgrade and use the appropriate package and file paths for your Linux distribution.

For the best-practices of upgrading an infrastructure using ERA Proxy to version 7, view the step by step guides for:

Upgrade ERA Proxy on Virtual Appliance

Upgrade ERA Proxy on Windows host

 

SELinux setting

When using Proxy on the ESMC Virtual Appliance (other Linux distributions may have the same requirement), the SELinux policy must be modified. Open the terminal on the ESMC VA and run the following commands:

/usr/sbin/setsebool -P httpd_can_network_connect 1

sudo semanage port -a -t http_port_t -p tcp 2222