Skip to main content
Version: 4.6.x.x LTS

Installation and Deployment

Overview

This chapter describes the steps that have to be executed when installing nevisProxy. The package is operating-system-specific and uses the package mechanism of the target OS. It may also be provided in various flavors (i.e. with customer-specific modifications).

Prerequisites

The following requirements need to be fulfilled to install nevisProxy:

  • Linux (RHEL 7/8, SLES 12/15) operating system (64bit) on a host with ~60MB of free space in the installation directory and ~20MB of free space in the spool directory.

If you want to use all the features that nevisProxy provides, it is necessary to install the MariaDB libraries mariadb-libs on machines running Red Hat Enterprise Linux. On machines that run the SUSE Linux, you have to install the MySQL libraries mysql-libs.

  • Use the following command to install the MariaDB libaries:
yum install mariadb-libs
  • And this command to install the MySQL libraries:
yum install mysql-libs

Installation

Installation instructions

Use the following command to install the package and start the server:

rpm -i nevisproxy<version>-1.<flavour>.<architecture>.rpm

If no configuration package is provided for nevisProxy, proceed as described in the chapter Preparing the initial installation .

Software upgrade

Proceed as follows to upgrade to a new software version without changing the configuration:

  • Deinstall the old package.
  • Install the new package.

Deinstallation

Use the following command to deinstall the nevisProxy package:

rpm -e nevisproxy

Troubleshooting

OpenSSL compatibility

Because nevisProxy usually uses the most recent OpenSSL version, it is possible that some backends will not be accessible anymore due to a stricter security policy. For example, because a cipher algorithm has been disabled or some key size has been restricted.

If a backend cannot be reached anymore, check the possible cause of it in navajo.log. Usually an SSL/TLS error should be logged. For example:

2016 02 08 20:46:14.011 isi3web OpenSSLHan 18203.140737049229056.471b-14549607721132811-152c26b8412 3-ERROR : OpenSSL-failure: 140737049229056:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3448:0x0a

In this case, the dh-key (Diffie-Hellman) provided by the backend is too small. You can now either update your backend or remove the DH-algorithm from the SSLCypherSuites of the HttpsConnectorServlet (e.g., "!aNULL:!aDSS:!MD5:!kEDH+AES:RSA+AES:!kEDH+3DES:RSA+3DES").

In any case, it is better to keep the backends up to date. If you run a java-based backend, you can set the following java-property:

  • javax.net.debug=ssl,handshake

This will provide more information on the backend on why it refuses the connection. Common cases are:

  • Starting from java8, SSLv3 and MD5 are not supported anymore. In this case you should update your certificates.
  • Starting from java8, the Diffie-Hellman key must be at least 1024 bytes.