Professional Documents
Culture Documents
(EDITABLE EN) InvGate Insight Proxy Installation v3
(EDITABLE EN) InvGate Insight Proxy Installation v3
InvGate Insight
Proxy Installation
Versión en español disponible aquí.
Table of Contents
Table of Contents 2
Introduction 4
2. Proxy Installation 4
2.1 Requirements 4
2.1.1 Connectivity 4
2.1.2 Hardware 5
2.1.3 Software 5
2.2 Browsers approved for the proxy setup 5
2
5.1 CentOS 7 15
5.2 Windows 15
8. HTTPS Configuration 16
8.1 Windows 16
8.1.1 VirtualHost Configuration 16
8.2 CentOS 7 18
8.2.1 Requirements installation 18
8.2.2 Proprietary Certificates generation 18
8.2.3 VirtualHost Configuration 18
3
Introduction
This document describes the steps necessary to install the InvGate Insight proxy on a
Linux or Windows server.
The proxy will be necessary to remotely distribute the agents to any machine that is
not visible by the application server. For example, those in closed or protected
networks.
If the installed agents do not have visibility to the application server, the proxy
installation is also required. Otherwise, they will not be able to report to InvGate
Insight.
2. Proxy Installation
2.1 Requirements
These are the minimum requirements the InvGate Insight proxy needs.
2.1.1 Connectivity
● Visibility to the InvGate Insight central server.
4
● Visibility from the agents to the proxy server (if the agents are going to report to
it).
● Visibility from the proxy server to the machines where the agents will be installed
(if you want to use the proxy to install them remotely).
2.1.2 Hardware
● RAM: 8 GB.
2.1.3 Software
● For Linux servers:
5
3. Steps for Proxy Installation and Configuration
The first thing to do is install the proxy on a network machine with Internet access.
The process consists of two stages. The first one is the installation and the second one
is the configuration, that is done from a web interface in a browser.
3.1.1 Windows
1. Download the ZIP with the latest stable version of the proxy from:
https://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-windo
ws-latest.zip
6
4. Select the directory where it will be installed:
5. Then, indicate the port number by which the agents will connect to the proxy.
7
6. Start the installation process by pressing Install.
7. Once the installation process finishes, pressing “Close” will open your default web
browser.
8
3.1.2 CentOS 7
For CentOS you have two options, the Script Installation or a Manual Installation.
1. Update CentOS:
yum update
5. Allow access to HTTP and HTTPS ports and Postgres port. It is highly
recommended to have a firewall to protect the server.
9
systemctl enable firewalld
6. Disable SELINUX:
setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'
/etc/selinux/config
*Note: replace in the previous step the version number with the parameter
corresponding to "rpm_version" of the info file of the downloaded ZIP.
1. This is where the proxy setup wizard begins. Press the button: "Yes, I already
installed all requirements".
10
2. Enter the URL of the central InvGate Insight server, with which the proxy will
exchange data. Then, enter a name with which the proxy will be identified from
the InvGate Insight interface, and the URL that the agents will use to connect
with the proxy, which can be the IP and port where the proxy was installed (i.e:
http://192.168.0.1:80) or a previously configured domain name. Then press
"Register Proxy"
3. In the next screen, press the "Set up Database" button that will carry out the
necessary settings for the database (SQLite) required by the proxy.
11
4. Run the creation of migrations for the proxy data models by pressing the "Run
migrations" button. Once the process is finished, the message “All Migrations
Applied. Continue” will be displayed. Press it to continue.
12
5. After the configuration process, click on the button "Great!" to end.
6. The interface provided by the proxy will be shown below, where you can
download the latest versions of the agents for the different operating systems
(Windows, GNU / Linux and macOS).
If the agents for the different platforms were uploaded to the central server, the proxy
will download them by displaying them on the main screen.
13
Note: this process could take a couple of minutes.
4.1 Windows
1. Download the ZIP with the latest stable version of the proxy from:
https://download.invgate.net/neoassets-proxy/releases/neo_assets_proxy-wind
ows-latest.zip.
4.2 CentOS 7
Run the following commands:
1. Download the ZIP with the latest stable version, extract it, and install the rpm:
Note: Replace the version number with the “rpm_version” parameter in the “info” file from the
downloaded ZIP.
14
5. Steps to uninstall the proxy
5.1 CentOS 7
Run the following command:
sudo yum remove invgate-neo-assets-proxy
5.2 Windows
1. Navigate to C:\Program Files (x86)\InvGate\Insight Proxy
2. Run “uninstall.exe”
/usr/share/invgate/neoassets/neo-assets-proxy/
/usr/share/invgate/neoassets/neo-assets-proxy/debug.log
● The Apache logs for the InvGate Insight proxy will be located in the path:
/var/log/httpd/access_neo_assets_proxy.log
/var/log/httpd/error_neo_assets_proxy.log
● To see the status of the proxy services (apache and huey), run:
journalctl -u httpd24-httpd
journalctl -u huey-proxy
15
7. Network proxy settings
If the network where the Insight proxy was installed uses a proxy to access the
Internet, you must set up the configuration of this webproxy, so that the Insight proxy
can report to the server that is in the cloud.
7.1 Windows
In the case of Windows, the webproxy to be used must be configured within the
browser and then within a terminal we execute the following command:
7.2 CentOS 7
To configure the proxies that must be used in CentOS, it is enough to define the
environment variables HTTP_PROXY and HTTPS_PROXY on the server where the
Insight proxy was installed. For example, if the webproxy has the address proxy.server:
8080, you must modify the configuration file /etc/environment with:
sudo nano /etc/environment
http_proxy="http://my.proxyserver.net:8080/"
https_proxy="http://my.proxyserver.net:8080/"
8. HTTPS Configuration
8.1 Windows
Now you must inform Apache that your instance may receive requests through the
433 port, and redirect to that port all the requests arriving to the 80 port.
For this, modify the following file in your text editor of choice:
C:\Program Files (x86)\InvGate\Insight Proxy\Apache\conf\insight-proxy.conf
16
Add the next configuration, being discover.crt, chain.crt and discover.key the
certificate files.
Listen 80
Listen 443
<VirtualHost *:80>
Servername localhost
RewriteEngine On
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [END,NE,R=308]
</VirtualHost>
<VirtualHost *:443>
ServerName insight-proxy
Alias /static "C:\Program Files (x86)\InvGate\Insight Proxy\steg\static"
Alias /media "C:\Program Files (x86)\InvGate\Insight Proxy\steg\media"
WSGIScriptAlias / "C:\Program Files (x86)\InvGate\Insight
Proxy\steg\wsgi.py"
SSLEngine On
SSLProtocol all
SSLCertificateFile "C:\discover.crt"
SSLCertificateChainFile "C:\chain.crt"
SSLCertificateKeyFile "C:\discover.key"
</VirtualHost>
17
8.2 CentOS 7
To generate and install the SSL certificates on the Apache Server, it will be necessary to
install the openssl and mod_ssl packages. Use yum to obtain them.
sudo yum install httpd24-mod_ssl openssl
2. Generate CSR:
sudo openssl req -new -key discover.key -out discover.csr
Now you must inform Apache that your instance may receive requests through the
433 port, and redirect to that port all the requests arriving to the 80 port.
18
sudo vi
/usr/share/invgate/neoassets/neo-assets-proxy/config/invgate-neo-assets-proxy.co
nf
<VirtualHost *:80>
Servername localhost
RewriteEngine On
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [END,NE,R=308]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName localhost.localdomain
DocumentRoot /usr/share/invgate/neoassets/neo-assets-proxy
WSGIPassAuthorization On
WSGIScriptAlias /
/usr/share/invgate/neoassets/neo-assets-proxy/steg/wsgi.py
WSGIDaemonProcess localhost.localdomain
python-path=/usr/share/invgate/neoassets/neo-assets-proxy
python-home=/usr/share/invgate/ neoassets/neo-assets-proxy/.venv
<Location/>
WSGIProcessGroup localhost.localdomain
</Location>
<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/static>
Require all granted
</Directory>
<Directory/usr/share/invgate/neoassets/neo-assets-proxy/steg/media>
Require all granted
</Directory>
19
CustomLog /var/log/httpd/access_neo_assets_proxy.log combined
SSLEngine On
SSLProtocol all
SSLCertificateFile /etc/pki/tls/certs/discover.crt
SSLCertificateKeyFile /etc/pki/tls/private/discover.key
9.1 Windows
To change the location of the database of the proxy, once the installation is complete, it
will be necessary to follow the next steps:
DATABASE_URL=sqlite:///[folder_path]\db.sqlite3
20