Jamf Nation Community

@wburnett you shouldn't need to install Lynx on the Jamf Pro Server to configure it. If you assign an Elastic IP to your server and then open port 8443 to your server, you can use a web browser from your computer to configure the Jamf Pro Server.

If you want to place the JPS in a private VLAN in AWS, I would suggest placing a proxy or utilizing an Elastic Load Balancer to forward traffic to the JPS sitting in the private VLAN. You can follow @kitzy great blog post on how to do that. The great thing about using an ELB is that you can set it to receive traffic on 443 and then forward to your JPS over 8080. This is terminating SSL on the ELB and not on your JPS. You can utilize Amazon's certificate service to host your SSL cert and tie it to the ELB.

Hopefully that helps clear it up a little. If it doesn't, I can get a little more granular.

Hi Steve, thanks for the reply.

I got a little stuck on ELB's which is why I was trying a separate method, but that makes more sense. I gave it another go and was able to get through most of the blog post from John Kitzmiller this time, but not all the way. I have the SG's configured per the article (443 on all addresses into the ELB, and 8080 only from the ELB to the two jamf servers) and health checks set up to poke at /healthCheck.html. However, the servers in both 1b and 1c are coming up unhealthy - unfortunately without much more info with which to debug or troubleshoot (unhealthy - request timed out).

Are there some common solutions for this? I did some googling and came up with the following, but I'm not too familiar with the container terminology

https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-unhealthy-checks-ecs/
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-application-load-balancer.html#alb-configure-routing

@wburnett I ran into that myself when first setting up our environment. If I remember correctly, I was getting those errors because I had not completed the setup of the Jamf Pro server before adding the server to the load balancer. I would add an public IP address to the master server and allow traffic through to that server temporarily. Once you've done that, allow 8443 through to the server on that public IP. I would take it a step further and lock the traffic down to your machine's public IP.

Once you've done that, navigate to the JPS, run through the initial configuration, and once you are in the JPS you should be able to tear down that public IP. Of course test the ELB before tearing it down.

Ah @stevewood that makes a lot of sense! I think that's how I got stuck in the OP of this thread - I was unable to finish configuring the main jamf pro server since I couldn't get to the GUI, which was why I resorted to trying lynx. Should that come up if I go to <public ip>:8443?

I just did some checking and it looks like I'm running into some problems with tomcat8 not starting properly, so I'll have to investigate and figure out what's going on, that has to be the culprit. I'm going to try a fresh AMI tomorrow and see if I can get tomcat up and running properly. I appreciate you taking the time to respond!

Hey @stevewood , I've been playing with this for the last week or so, but I'm still not able to get into the jamf web portal - I'm getting the following error: "Bad Request This combination of host and port requires TLS." even though I've set up a self signed cert on the linux ami, using the tomcat documentation here: https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

I've tried building a vpn server in my amazon VPC with a security group allowing traffic between the two, but that doesn't seem to have helped.

Hi Devin,

Would any of these times work to meet with our team to discuss Jamf Cloud for Government in detail? All times are EST

Mon Sept 7th
9AM 10AM
2PM

Wed Sept. 9th:
9AM
10AM
1PM