Help

Configure On Prem jamf server with Load Balancer nginx

Username
New Contributor

Posted on ‎02-08-2023 04:24 AM

Hello Jamf Nation team,

I am creating this post because we need some help to configure our jamf server behind nginx load balancer, due to our Security policies, we have jamf working behind a load balancer with nginx, but, we can access jamf directly on port 8443. We have jamf configured to work with a load balancer but we still access the application directly, bypassing the load balancer. Can you send us an example of jamf configuration working with a load balancer? It is critical for us and our security to be able to access through port 8443 directly to the application, all traffic must go through 443 and be the load balancer in charge of communicating with jamf. Our nginx configuration is correct and performs such communication.

 

- Please could someone help us if someone have something similar configured?

 

Thank you so much in advance.

0 Kudos
2 REPLIES 2

sdagley
Esteemed Contributor II

Posted on ‎02-08-2023 05:40 AM

@Username If your Jamf Pro URL was originally configured as https://yourjssname.company.com:8443 you cannot simply have your load balancer only accept traffic on port 443 because the 8443 is baked into the URL that your already enrolled Mac are using for your JSS. Your choices (IMO) would be:

1) Change your JSS configuration to https://yourjssname.company.com:443 and re-enroll all of your Macs with the new URL

2) Explain to your Security group that they need to accommodate traffic on port 8443 in addition to 443. It's not rocket science, and a _lot_ of organizations have Jamf Pro installations that use port 8443

0 Kudos

AJPinto
Honored Contributor II

Posted on ‎02-08-2023 05:54 AM

With this kind of configuration, if you are not 100% sure of what you are doing I recommend opening a ticket with JAMF.

 

JAMF has Documentation for configuring it to work with a load balancer. 

Configuring Tomcat to Work with a Load Balancer - Jamf Pro Installation and Configuration Guide for ...

 

For changing that port that is doable, but a very very bad idea. You just need to change some stuff in the server.xml on your JAMF Server. However the moment you change that stuff and JAMF starts using the different port, you will need to reenroll all of your Macs.

 

I have a feeling its far easier for your Security teams to accommodate port 8443 than it is to reenroll your entire environment.

 

0 Kudos