The RHN Proxy SSL Redirect Server receives the requests from the RHN Proxy Broker Server, encrypts them with SSL, and passes those requests on to the Spacewalk Servers. Although the RHN Proxy SSL Redirect Server is an optional service, if not used, the connection between the RHN Proxy Broker Server and the Spacewalk Servers will not be secure.
It is recommended you use one RHN Proxy SSL Redirect Server even if you have multiple RHN Proxy Broker Servers. The RHN Proxy SSL Redirect Server can coexist on the same machine as an RHN Proxy Broker Server, but coexisting will double the number of HTTP requests on the machine.
Use the following command to install the RHN Proxy SSL Redirect Server (as root on the appropriate machine):
rpm -Uvh rhns-proxy-redirect*.noarch.rpm |
The software dependencies should have already been installed with RHN Proxy Broker Server. Refer to Section 2.1 Software Requirements for details.
The RHN Proxy SSL Redirect Server code is installed in /var/www/rhns/proxy (code is shared between the RHN Proxy Broker Server and the RHN Proxy SSL Redirect Server) and /var/www/rhns/common.
During the configuration of the Apache Web Server, the conf/rhn_proxy_redirect.conf file should have been included in the httpd.conf Apache configuration file. Edit the rhn_proxy_redirect.conf file to control access to the RHN Proxy SSL Redirect Server.
Settings are configured in /etc/rhn/rhn.conf.
The common section of the configuration file should contain a traceback_mail setting. To email a different set of people for RHN Proxy SSL Redirect Server tracebacks, use the proxy.redirect.traceback_mail directive:
# ___traceback mail___ proxy.redirect.traceback_mail = root@mycompany.com, bob@mycompany.com |
To override the default debug level for the RHN Proxy SSL Redirect Server:
# ___logging___ proxy.redirect.debug = 5 # I want a high level of debugging. |
The higher the number, the more debug messages are written to the log file. Refer to Table G-1 for details on the debug levels.
In the RHN Proxy SSL Redirect Server section of the configuration file, at a minimum, set the proxy.redirect.rhn_parent variable. For example,
# ___this ssl redirect's downstream proxy/server parent___ proxy.redirect.rhn_parent = xmlrpc.rhn.redhat.com/XMLRPC |
If the RHN Proxy SSL Redirect Server server does not have direct access to the Internet, you can configure it to go through the organization's HTTP Proxy server. This is different from the RHN Proxy Broker Server. For example:
# ___this redirect's http proxy (most likely a corporate gateway proxy)___ proxy.redirect.http_proxy = outer_http_proxy.mycompany.com:8080 |
If the HTTP Proxy server requires a username and password:
proxy.redirect.http_proxy_username = bob proxy.redirect.http_proxy_password = secretword |
The /var/log/rhn/rhn_proxy_redirect.log file contains the log messages for the RHN Proxy SSL Redirect Server. The proxy.redirect.debug directive in rhn.conf determines how verbose the log messages for RHN Proxy SSL Redirect Server are. Refer to Table G-1 for details on the debug levels.
Restart the Apache Web Server after configuring the RHN Proxy Broker Server, RHN Authentication Daemon, and RHN Proxy SSL Redirect Server.
![]() |
Warning |
---|---|
Modifications of /etc/rhn/rhn.conf take effect immediately, but if modifying any httpd /etc/httpd/conf/*.conf file, one must "bounce" the HTTP server with the command /sbin/service httpd restart |