Help

How do I convert the jss into a FQDN

EliasG
Contributor

Posted on ‎05-07-2014 03:32 PM

We would like to change 8443 to a FQDN so we can access jss from home etc. what's the best way to do this?

0 Kudos
5 REPLIES 5

calum_rmit
New Contributor III

Posted on ‎05-07-2014 04:26 PM

8443 is the port number, i probably wouldn't mess with this it will be set in so many locations that changing it might cause problems.

Instead i would have your network administrator make port 8443 accessible from external and have it forwarded to your JSS.

FQDN is fully qualified domain name, for example yourjss.example.com is a FQDN, depending upon what this is, it might be possible to have this hosted externally as well. Generally i use split DNS so that my external and internal domain name for my JSS is the same, that means that if im internal yourjss.example.com resolves to a internal IP address, but externally from home for example yourjss.example.com will resolve to an externally available IP at your site.

Hope that helps

0 Kudos

GabeShack
Valued Contributor III

Posted on ‎05-08-2014 09:39 AM

The best way to do this is to setup a 2nd JSS on the DMZ that is linked to the internal one. You just need the server domain name to be the same or to have a dns redirect.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools
0 Kudos

were_wulff
Valued Contributor II

Posted on ‎05-08-2014 10:03 AM

Hi @EliasG ,

As has already been mentioned here, what we'd want to do to make what you want to do possible would be set up a second JSS webapp in a DMZ.

While we can technically just open up port 8443 to the outside world, it's a pretty insecure method and we'd strongly recommend setting up a second JSS webapp in a DMZ on your network.

We have a basic overview KB on that process here: https://jamfnation.jamfsoftware.com/article.html?id=174

We also offer expanded services to set up a time to go over everything in your environment, what you want to accomplish, and going through the start to finish setup as well.

If you have additional questions about that, or about the expanded services, I'd recommend getting in touch with your Technical Account Manager.

Thanks!

Amanda Wulff
JAMF Software Support

0 Kudos

Kumarasinghe
Valued Contributor

Posted on ‎05-08-2014 04:52 PM

Or even easier if you have a public facing load balancer.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎05-08-2014 04:59 PM

FWIW, our setup is like the below: external image link

For DNS we resolve to JSS.mycomany.com with a valid SSL cert. This has internal & external DNS pointing to it.

Get your Certs in place, & change the JSS URL in the management settings too.

Our DMZ server then has the web app disabled too.

0 Kudos