The following additional requirements must be met before the RHN Proxy Server installation can be considered complete:
Client systems need full network access to the RHN Proxy Server services and ports.
RHN strongly recommends firewalling the RHN Proxy Server solution from the Internet. However, various TCP ports must be opened on the Proxy, depending on your implementation of RHN Proxy Server:
| Port | Direction | Reason |
|---|---|---|
| 80 | Outbound | Proxy uses this port to reach rhn.redhat.com, xmlrpc.rhn.redhat.com and satellite.rhn.redhat.com(unless running in a disconnected mode for Satellite) |
| 80 | Inbound | Client requests come in via either http or https |
| 443 | Inbound | Client requests come in via either http or https |
| 443 | Outbound |
To reach https://rhn.redhat.com, http://xmlrpc.rhn.redhat.com and http://your-satellite.example.com.rhn.redhat.com.
|
| 4545 | Outbound |
If your Proxy is connected to an RHN Satellite Server, Monitoring makes connections to rhnmd running on client systems via this TCP port, if Monitoring is enabled and probes configured to registered systems.
|
| 5222 | Inbound |
Opening this port allows osad client connections to the jabberd daemon on the Proxy when using RHN Push technology.
|
| 5269 | Outbound |
If your Proxy is connected an RHN Satellite Server, this port must be open to allows server-to-server connections via jabberd for RHN Push Technology.
|
There is great time sensitivity when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are reasonably close together so the that SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
The system upon which the RHN Proxy Server will be installed must resolve its own FQDN properly.
Customers who will be connecting to the central Red Hat Network Servers to receive incremental updates must have a Red Hat Network account. The sales representative assists with the setup of this account at the time of purchase.
It is imperative that customers keep track of all primary login information. For RHN Proxy Server, this includes usernames and passwords for the Organization Administrator account and SSL certificate generation. Red Hat strongly recommends this information be copied onto two separate floppy disks, printed out on paper, and stored in a fireproof safe.
Since the Proxy forwards virtually all local HTTP requests to the central RHN Servers, you must take care to put files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Proxy: /var/www/html/pub/. Files placed in this directory can be downloaded directly from the Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstarts.
In addition, Red Hat recommends that the system running the code not be publicly available. No users but the system administrators should have shell access to these machines. All unnecessary services should be disabled. You can use ntsysv or chkconfig to disable services.
Finally, you should have the following technical documents in hand for use in roughly this order:
The RHN Proxy Server Installation Guide — This guide, which you are now reading, provides the essential steps necessary to get an RHN Proxy Server up and running.
The RHN Client Configuration Guide — This guide explains how to configure the systems to be served by an RHN Proxy Server or RHN Satellite Server. (This will also likely require referencing The RHN Reference Guide, which contains steps for registering and updating systems.)
The RHN Channel Management Guide — This guide identifies in great detail the recommended methods for building custom packages, creating custom channels, and managing private Errata.
The RHN Reference Guide — This guide describes how to create RHN accounts, register and update systems, and use the RHN website to its utmost potential. This guide will probably come in handy throughout the installation and configuration process.