Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 2. Installing and configuring the Red Hat Lightspeed proxy

To set up the Red Hat Lightspeed proxy, you will need to modify Red Hat Subscription Manager (RHSM) and your firewall. You will install the proxy and create a new rhproxy user. You will accept the automatically generated security certificate or create your own. Then, you will configure your client systems. You can customize your proxy by setting configuration options, running commands with options, and integrating with third-party servers.

2.1. Enabling the subscription manager repository
링크 복사

Red Hat Subscription Manager (RHSM) tracks the Red Hat products that your organization has purchased and the systems that the products are installed on. To start setting up the Red Hat Lightspeed proxy, enable the RHSM repository.

Prerequisites

  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • For the Red Hat Lightspeed proxy installation, you have at least one system running RHEL version 9.
  • You are logged in to the system as root or have sudo permissions.
  • Your architectural environment is Intel or Arm.

Procedure

  1. Open your command-line interface (CLI).

  2. Depending on your architectural environment, enter one of the following commands:

    • Intel architecture system: 

      [root@server ~]# subscription-manager repos --enable=insights-proxy-for-rhel-10-x86_64-rpms
      Copy to Clipboard Toggle word wrap

    • ARM (AARCH64) architecture system: 

      [root@server ~]# subscription-manager repos--enable=insights-proxy-for-rhel-10-aarch64-rpms
      Copy to Clipboard Toggle word wrap

Verification

  • If you successfully enabled RHSM, you will see the following output in the CLI:

    Repository insights-proxy-for-rhel-10-x86_64-rpms is enabled for this system.

Additional resources

2.2. Installing the rhproxy and service controller
링크 복사

Install the rhproxy Red Hat Package Manager (RPM), which in turn installs the service controller. Then, use the service controller to install and manage the rhproxy service.

Prerequisites

  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • For the Red Hat Lightspeed proxy installation, you have at least one system running RHEL version 9.
  • You are logged in to the system as root or have sudo permissions.
  • Your architectural environment is Intel or Arm.

Procedure

  • Open the command-line interface (CLI) and run the following command: 

    [root@server ~] # dnf install -y rhproxy
    Copy to Clipboard Toggle word wrap

The /usr/bin/rhproxy path is now available for you to use.

Verification step

  • Verify the installation was successful by running the following command. If the installation is successful, the installed version is confirmed in the output. If the installation is unsuccessful, the output indicates that the procedure failed: 

    [root@server ~]# rpm -q rhproxy
    Copy to Clipboard Toggle word wrap

2.3. Creating a new proxy user and logging into Podman
링크 복사

By default, rhproxy runs without root permissions. Create a new user named rhproxy and then log in to Podman to manage your systems.

Prerequisites

  • Podman is installed on your system.
  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • For the Red Hat Lightspeed proxy installation, you have at least one system running RHEL version 9.
  • You are logged in to the system as root or have sudo permissions.
  • Your architectural environment is Intel or Arm.

Procedure

  1. To add your new rhproxy user, run the following command in the CLI: 

    [root@server ~]# useradd rhproxy
    Copy to Clipboard Toggle word wrap

  2. Verify that your new user has been successfully added by running the following command: 

    [root@server ~]# id rhproxy
    Copy to Clipboard Toggle word wrap

    • The following output displays:

      uid=1002(rhproxy) gid=1002(rhproxy) groups=1002(rhproxy)

    • This output confirms that the user rhproxy exists in the system. It also prints the user and group IDs and the group that the user resides in.
  3. Switch to your new rhproxy user account.

  4. Log in to Podman with your Red Hat credentials and run the following command as the rhproxy user: 

    [rhproxy@server ~]$ podman login registry.redhat.io
    Copy to Clipboard Toggle word wrap

    Verification

    • If your login is successful, the following output displays:
  • Login succeeded.

2.4. Configuring the firewalls for bidirectional communication with Red Hat Lightspeed
링크 복사

After you have installed Red Hat Lightspeed proxy you must configure your firewalls to allow bidirectional communication with Red Hat Lightspeed. This includes configuring the firewall on the system where the Red Hat Lightspeed proxy is installed and also configuring any global firewalls that might be in place between your clients and the Red Hat Lightspeed services.

2.4.1. Configuring your Red Hat Lightspeed proxy firewall
링크 복사

After you have installed the Red Hat Lightspeed proxy and configured the firewall, you must also configure any global firewalls to allow bidirectional communication with Red Hat Lightspeed. Allow all Red Hat subscription management and Red Hat Lightspeed client tools to communicate with the Red Hat Lightspeed services through the proxy.

For your systems to be able to access the Red Hat Lightspeed proxy, you must open ports 3128 and 8443 and restart the service. These required ports are also specified in the rhproxy.env file that gets created when you install Red Hat Lightspeed proxy.

If you are using your own proxy to connect to Red Hat Lightspeed, or you want the most up-to-date list of required ports to configure, see the rhproxy.env file in the Red Hat Lightspeed rhproxy GitHub repository.

The following procedure describes how to configure the required Red Hat ports on your firewall.

Prerequisites

  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • Your RHEL system(s) are version 8 or 9.
  • You have created a new rhproxy user.
  • Your architectural environment is either Intel or Arm.

Procedure

  1. From the CLI, use the following commands to add required ports 3128 and 8443: 

    [root@server ~] # firewall-cmd --permanent --add-port=3128/tcp
    Copy to Clipboard Toggle word wrap 
    [root@server ~] #  firewall-cmd --permanent --add-port=8443/tcp
    Copy to Clipboard Toggle word wrap 
    [root@server ~] # firewall-cmd --reload
    Copy to Clipboard Toggle word wrap

  2. Now that you have made adjustments to your firewall, you will need to install and start the rhproxy service: 

    [rhproxy@server ~] $ rhproxy install
    Copy to Clipboard Toggle word wrap 
    [rhproxy@server ~] $ rhproxy start
    Copy to Clipboard Toggle word wrap

Result

After a few seconds, you will be able to forward Red Hat Lightspeed traffic to http://<rhproxy-hostname>:3128.

Verification steps

  • Verify that the firewall configuration was successful by checking the status of the rhproxy service: 

    [rhproxy@server ~] $ rhproxy status
    Copy to Clipboard Toggle word wrap
    • When successful, the output confirms that the rhproxy service is active and running, and the most recent activity is logged.
  • Enter the following command to test the functionality: 
[rhproxy@server ~]$ curl -L -x http://$(hostname):3128 https://mirrors.fedoraproject.org/
Copy to Clipboard Toggle word wrap

Additional resources

To enable your client systems to securely access Red Hat Lightspeed, allow access to the Red Hat hostnames in your firewall or proxy.

Important

If you are connecting to Red Hat Lightspeed with your own web proxy instead of the Red Hat Lightspeed proxy, you must also complete the global firewall configuration.

2.4.2.1. Adding the required Red Hat hostnames to your firewall allowlist
링크 복사

To allow bidirectional communication with Red Hat Lightspeed, configure a firewall or proxy on the outgoing network to permit traffic to Red Hat hostnames. If clients in your environment use any other repositories with additional hostnames, you must also allow traffic to those nodes.

When you install Red Hat Lightspeed proxy, the /home/rhproxy/.config/rhproxy/env/redhat.servers allowlist file gets created. This file contains the required hostnames for bidirectional communication with Red Hat Lightspeed.

If you are using your own proxy to connect to Red Hat Lightspeed, or if you want to view the most up-to-date list, see the Red Hat Lightspeed rhproxy GitHub repository.

Prerequisites

  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • Your systems are running RHEL version 8 or later.
  • You created a new rhproxy user.
  • Your architectural environment is Intel or Arm.
  • You completed the steps in Configuring your Red Hat Lightspeed proxy firewall.

Procedure

  1. Log on as a System Administrator on the outgoing network firewall or proxy.

  2. Add the following Red Hat hostnames to the allowlist configuration: 

    api.access.redhat.com
cert-api.access.redhat.com
console.redhat.com
cert.console.redhat.com
cloud.redhat.com
cert.cloud.redhat.com
connect.cloud.redhat.com
subscription.rhsm.redhat.com
sso.redhat.com
cdn.redhat.com
mirrors.fedoraproject.org
mirrormanager.fedoraproject.org
codecs.fedoraproject.org
    Copy to Clipboard Toggle word wrap
  3. Optional: If clients in your environment use any other repositories with additional hostnames, and you enabled those hostnames in the mirror.servers file on the Red Hat Lightspeed proxy node, make the corresponding changes to the firewall proxy.
  4. Optional: If you use Extra Packages for Enterprise Linux (EPEL) in your environment, configure the outgoing network firewall or proxy to permit traffic to the required hostnames. These hostnames are defined in the epel.servers allowlist file.
  5. Restart your firewall service to ensure that your allowlist changes take effect.

Verification steps

You can now connect and use Red Hat Lightspeed to gain visibility of your systems and proactively identify and mitigate operational and vulnerability risks.

  • Enter the following curl command to test the functionality: 
[rhproxy@server ~]$ curl -L -x http://$(hostname):3128 https://mirrors.fedoraproject.org/
Copy to Clipboard Toggle word wrap

Additional resources

2.5. Obtaining a security certificate
링크 복사

In order to establish a secure connection, you will need a certificate for accessing any resources served by the proxy. Note that the rhproxy service creates a self-signed certificate for downloads if none are found in the /home/rhproxy/.local/share/rhproxy/certs/ file.

  • If you prefer, you can provide your own HTTPS certificate and key, and record them in appropriate files. If you chose this route:

    • Record your certificate in the following file:

      /home/rhproxy/.local/share/rhproxy/certs/rhproxy.crt

    • Record your key in the following file:

      /home/rhproxy/.local/share/rhproxy/certs/rhproxy.key

Additional resources

2.6. Configuring client systems
링크 복사

After the Red Hat Lightspeed proxy is installed and running, you must configure your client systems so that Red Hat Subscription Manager (RHSM) and the Red Hat Lightspeed client tools can communicate with Red Hat Lightspeed through the proxy. You only need to do this configuration one time after the initial installation by using the helper script, configure-client.sh.

Prerequisites

  • You have root user access.
  • You have at least one active Red Hat Enterprise Linux (RHEL) subscription.
  • You have at least one system running RHEL version 8 or later.
  • You created a new rhproxy user.
  • Your architectural environment is Intel or Arm.
Important

If you change the hostname or IP address of your Red Hat Lightspeed proxy, you must rerun the configure-client.sh script on each client system.

Procedure

  1. In the CLI, run the following the curl command to download the helper script to configure-client.sh: 

    [root@client ~]# curl -k -L https://<rhproxy-hostname>:8443/download/bin/configure-client.sh -o configure-client.sh
    Copy to Clipboard Toggle word wrap 
    [root@client ~]# chmod +x configure-client.sh
    Copy to Clipboard Toggle word wrap

  2. Run the following script: 

    [root@client ~]# ./configure-client.sh --configure --proxy-host <rhproxy-hostname>
    Copy to Clipboard Toggle word wrap

Verification step

  1. Run the following command on the client systems: 

    [root@client ~]# insights-client --test-connection
    Copy to Clipboard Toggle word wrap

  2. Run the following command on the Red Hat Lightspeed proxy server: 

    [rhproxy@server ~]$ rhproxy status
    Copy to Clipboard Toggle word wrap

Additional resources

2.7. Viewing the proxy server tag for a Red Hat Lightspeed client
링크 복사

Once you have configured a registered Red Hat Lightspeed client system to use a proxy server, you can view the client system with its tag in the Hybrid Cloud Console. The insights-proxy:<proxy-hostname> tag indicates which Red Hat Lightspeed proxy host the system uses.

Note

The Red Hat Lightspeed proxy server itself does not use the tag for identification. Only systems connected to a proxy server have the insights-proxy:<proxy-hostname> tag.

For more information about how to view client systems and their associated proxy servers in inventory, see Assessing and filtering your inventory.

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat