Setting up the JAMF NetBoot/SUS Appliance Behind a Proxy

jarednichols
Honored Contributor

If you're behind a proxy, you will likely need to configure it in order for the SUS portion of the appliance to work properly. The NetBoot/SUS appliance uses Reposado for the SUS service, which can be configured for proxy support.

  1. Log into your NetBoot/SUS appliance with the "shelluser" account.
  2. cd to /var/lib/reposado
  3. use an editor like vi or nano to edit preferences.plist with sudo rights
  4. Refer to https://github.com/wdas/reposado/blob/master/docs/reposado_preferences.txt and look in the Optional Keys section and find that there is a key called AdditionalCurlOptions where proxy information can be added. For example, you would add
    <key>AdditionalCurlOptions</key>
    <array>
        <string>proxy = "web-proxy.yourcompany.com:8080"</string>
    </array>
    to the preferences.plist file. This example adds proxy information when the proxy does not need authentication. If you have an authenticated proxy, refer to curl documentation to find the correct formatting for this setup. Reposado is merely passing the parameters to Curl in the format that Curl understands.
  5. Save the preferences.plist file

No restart is needed between proxy setting changes as they're sent to Curl on a per-request basis.

1 ACCEPTED SOLUTION

Victor
New Contributor

Cheers for this tip. I sit behind a Bluecoat proxy server and kick starting the sync process via the SUS server browser interface was getting me no where. I eventually starting testing a lower level process by running the 'curl' binary (which does the heavy work grabing the catalogs and updates) that is packaged with the JAMF setup from the shell command line to determine where I was failing.

The Curl manual at http://curl.haxx.se/docs/manual.html was helpful and got me to a state of having a working Curl command with one of the catalog URL. Getting the right sequence of command line paramaters in the preferences.plist file was a trial an error job. I got so far and then had a couple technical folks from JAMF look over what I had tried and where I was failing.

Eventually, we got the basic authentication working one setup up from the "curl" command by running "repo_sync" with the additions to your preferences.plist:

<key>AdditionalCurlOptions</key>
<array> <string>proxy = "web-proxy.yourcompany.com:8080"</string> <string>proxy-user = "username:password"</string>
</array>

Now this may look dead simple and obvious to a number of you, but not for me from reading the curl manual. But many thanks to you and JAMF getting me on the right track.

View solution in original post

1 REPLY 1

Victor
New Contributor

Cheers for this tip. I sit behind a Bluecoat proxy server and kick starting the sync process via the SUS server browser interface was getting me no where. I eventually starting testing a lower level process by running the 'curl' binary (which does the heavy work grabing the catalogs and updates) that is packaged with the JAMF setup from the shell command line to determine where I was failing.

The Curl manual at http://curl.haxx.se/docs/manual.html was helpful and got me to a state of having a working Curl command with one of the catalog URL. Getting the right sequence of command line paramaters in the preferences.plist file was a trial an error job. I got so far and then had a couple technical folks from JAMF look over what I had tried and where I was failing.

Eventually, we got the basic authentication working one setup up from the "curl" command by running "repo_sync" with the additions to your preferences.plist:

<key>AdditionalCurlOptions</key>
<array> <string>proxy = "web-proxy.yourcompany.com:8080"</string> <string>proxy-user = "username:password"</string>
</array>

Now this may look dead simple and obvious to a number of you, but not for me from reading the curl manual. But many thanks to you and JAMF getting me on the right track.