Proxy installation - Linux

In the ESMC 7, the ERA Proxy functionality is replaced by the Apache HTTP Proxy, commonly distributed as a apache2 or httpd package. ESET Management Agents (only since version 7) can connect to the the ESMC Server via Apache HTTP Proxy. Read more about how the proxy for ESET Management Agents works.

Select your scenario:

New installation on Linux

Upgrade from previous version with ERA Proxy installed on Linux

Upgrade ERA Proxy on Linux or Virtual Appliance

New installation on Linux

1.Install and configure the Apache HTTP Proxy.

2.Configure the Apache HTTP Proxy to forward agents' connections:

a.On the proxy machine open the file

i.Debian distributions
/etc/apache2/mods-enabled/proxy.conf

ii.Red Hat distributions
/etc/httpd/conf/httpd.conf

b.Add a line to the end of the file with the port used by Agent to connect to the ESMC Server. By default, the port is 2222.
AllowCONNECT 443 563 2222 8883

c.On the proxy machine open the file

i.Debian distributions
/etc/apache2/apache2.conf

ii.Red Hat distributions
/etc/httpd/conf/httpd.conf

d.Find the line:
Listen 80
and change it to
Listen 3128

e.If you have added restrictions for IP addresses in your proxy configuration (step 1), you have to allow access to your ESMC Server:

Add a separate ProxyMatch segment:

I.The address which your Agents use to connect to the ESMC Server.

II.All other possible addresses of your ESMC Server (IP, FQDN)
(add the whole below code; IP address 10.1.1.10 and hostname hostname.example are only examples to be substituted by your addresses. You can also generate the ProxyMatch expression in this Knowledgebase article.)

<ProxyMatch ^(hostname\.example(:[0-9]+)?(\/.*)?|10\.1\.1\.10(:[0-9]+)?(\/.*)?)$>

Allow from all

</ProxyMatch>

f.Restart the Apache HTTP Proxy service.

 

Upgrade from previous version with ERA Proxy installed on Linux

Upgrading an environment with ERA 6.x Proxy on Linux is very similar to the Windows upgrade, except for the configuration of file paths. Follow the article for infrastructure upgrade and use the appropriate package and file paths for your Linux distribution.

To view the best practices for the upgrade of an infrastructure which uses ERA Proxy to version 7, see the guides for:

Upgrade ERA Proxy on Linux or Virtual Appliance

Upgrade ERA Proxy on Windows host

 

SELinux setting

When using Proxy on the ESMC Virtual Appliance, the SELinux policy must be modified (some other Linux distributions may have the same requirement). Open the terminal on the ESMC VA and run the following commands:

/usr/sbin/setsebool -P httpd_can_network_connect 1

sudo semanage port -a -t http_port_t -p tcp 2222