Table of Contents |
---|
Info | ||||||||
---|---|---|---|---|---|---|---|---|
The information from this article is valid, however, starting from the following releases HTTPS for a Master-Agent connection can be used without use of a proxy as explained with the JobScheduler Universal Agent - HTTPS Agent and Master Authentication article:
|
Scope
- The connection to JobScheduler Universal Agent can be secured by HTTPS. For the required Architecture see JobScheduler Universal Agent - Secure HTTPS communication.
- This
...
- article describes the steps required to set up secure HTTPS communication.
...
Prerequisites
You will have to install one of the following software components for configuring your reverse proxy:
httpd
nginx
would need to installhttpd
for configuring HTTPS connections on your serverYou would need to installnginx
for configuring your reverse proxy
Get a TLS Certificate
A TLS certificate can be acquired by
- buying a TLS certificate
- creating a self-signed certificate
Configure a reverse proxy
JobScheduler Universal Agent itself does not provide configuration options to encrypt it's communication by HTTPS. The recommended solution is to run a reverse proxy on the same host but under a different user.
...
Info |
---|
This is the configurate for the file |
Import the self-signed certificate into the Java Truststore of JobScheduler Master
This step is not required if the TLS certificate was bought from a trusted certificate authority.
- Copy the certificate file (e.g. agent_host.crt) to your JobScheduler Master host
- Locate the JVM that JobScheduler Master is using
- If you are uncertain, search the
scheduler.log
file forjvm.dll
(Windows) orLD_LIBRARY_PATH
(Unix). This will list the path of your Java installation (JRE or JDK).
- If you are uncertain, search the
- Run the Java keytool from that Java installation to import the certificate
Code Block | ||||
---|---|---|---|---|
| ||||
keytool <path_to_java_keytool>/keytool -importcert -keystore <java<path_to_java_for_scheduler>/lib/security/cacerts -alias agent_host -file <path_to_certificate>/agent_host.crt -storepass changeit |
Info |
---|
|
Configure JobScheduler Master to use the reverse proxy
The proxy URL along with the HTTPS keyword is configured in the process class for the Agent:
Code Block | ||||
---|---|---|---|---|
| ||||
<process_class max_processes="20" remote_scheduler="https://agent_host:24445"/> |
References
- JobScheduler Universal Agent - Secure HTTPS communication
- Common pitfalls when setting up HTTPS communication to an Agent