Extreme Networks

Hi, just follow up.

Purpose of this comment is to share a knowledge how to get more user friendly configuration of Extreme Management Center.

Start position:
- fresh install of ExtremeManagementControl (EMC) on RHEL (v7) or Centos server (v7)
- available on port https://example.com:8443 only.

Final position:
- availabe on example.com
- Apache witch rewrite rule
- JBoss and Tomacat works on encpryted line
- everything works like a charm
- Simple communication scheme:

---80|443--->[Apache]---8443--->[Tomcat/JBOSS]
[pc]------------------------------------------------------------------
---8443<---[Apache]<---8443---[Tomcat/JBOSS]

Steps:
1) After a fresh install EMC is available on: https://example.com:8443
2) Install httpd
put to this to file: /ect/httpd/conf.d/emc.conf:

ServerName emc.example.com:80
ErrorLog "logs/error-ssl.log"
CustomLog "logs/access-ssl.log" common

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%25%7Bhttp_host%7D%25%7Brequest_uri%7D/ [R,L]



Require all granted

3) Edit file /usr/local/Extreme_Networks/NetSight/appdata/NSJBoss.properties like this:
-------------------------------------------------
log4j.configuration=file\:./log4j.properties
enterasys.mysqlrealm.rpt.password=enterasys
java.security.manager=
enterasys.embeddednac.enable=false
jboss.bind.address.management=127.0.0.1
oneView.flexreport.capacityplanning.limit=2000
enterasys.datasource.connectionurl=jdbc\:mysql\://127.0.0.1\:4589/netsight?jdbcCompliantTruncation\=false&useUnicode\=true&characterEncoding\=UTF-8&useSSL\=false
jboss.http.port=8080
enterasys.mysqlrealm.rpt.username=netsight
username=root
USE_IPV6=true
oneView.responsetime.app.redline=1000
jboss.https.port=443
java.security.policy=../server/default/conf/server.policy
dashboard.cache.time=2
enterasys.tomcat.ciphers=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
enterasys.webservices.queryendsystems=true
ANTLR_USE_DIRECT_CLASS_LOADING=true
oneView.responsetime.tcp.redline=1000
enterasys.mysqlrealm.password=enterasys
nmsMobile.demoMode=false
enterasys.mysqlrealm.username=netsight
OneView.DisplayNacConfigurationTab=true
enterasys.tomcat.https.port=8443
oneView.maxImageSize=3000x2000
enterasys.jboss.log4j.logfile=../../appdata/logs/server.log
jboss.bind.address=YOUR_IP_ADDRESS
domain=example.com
jboss.server.log.dir=../../appdata/logs
enterasys.datasource.rpt.connectionurl=jdbc\:mysql\://127.0.0.1\:4589/netsightrpt?jdbcCompliantTruncation\=false&useUnicode\=true&characterEncoding\=UTF-8&useSSL\=false
-------------------------------------------------

Most important lines:
jboss.http.port=8080
jboss.https.port=443
enterasys.tomcat.https.port=8443
jboss.bind.address=YOUR_IP_ADDRESS
domain=example.com
-------------------------------------------------

File /var/Extreme_Networks/.netsight you can left as it is.

4) Now issue this commands:

systemctl restart httpd to restart httpd service
./usr/local/Extreme_Networks/NetSight/scripts/stopserver.sh && /usr/local/Extreme_Networks/NetSight/scripts/startserver.sh to restart JBOSS service.

5) Now you can access with your http browser your own instanace easily with emc.example.com and will be forwarded to https://emc.example.com:8443. Since this time any communication will be encrypted by default.

Best regards.