Install NATS Server on Faveo Helpdesk Server

This document is for clients using the Agent Software. NATS Server needs to be installed on the Faveo Server to ensure the Agents (Assets) data is received/listened to by the Faveo Server. This guide outlines the steps to install and configure the NATS server on a Faveo Helpdesk server.

• 1. Installing the NATS Server
• 2. Configure NATS as a Systemd Service
• 3. Supervisor Configuration
• 4. Proxy Configuration
  • 4.a Apache Configuration
  • 4.b NGINX Configuration

---

1. Installing the NATS Server

Download the NATS Server Binary

Find the latest version of NATS Server from the official NATS releases and replace 2.10.24 in the URL below with the desired version:

curl -L https://github.com/nats-io/nats-server/releases/download/v2.10.24/nats-server-v2.10.24-linux-amd64.zip -o nats-server.zip

Extract and Move the Binary

Extract the downloaded file and place the binary in a system-wide path:

unzip nats-server.zip -d nats-server
sudo cp nats-server/nats-server-v2.10.24-linux-amd64/nats-server /usr/local/bin/

NOTE: Replace 2.10.24 with the downloaded version.

Verify the Installation

Ensure NATS is installed correctly:

nats-server --version

2. Configure NATS as a Systemd Service

Ensure the NATS configuration file exists at /var/www/faveo/nats.conf. This path is used in the below Service file.

Create a Systemd Service File

Create a service file for NATS:

sudo nano /etc/systemd/system/nats.service

Add the following content:

• For Debian Based Servers:

[Unit]
Description=NATS Server
After=network.target

[Service]
PrivateTmp=true
Type=simple
ExecStart=/usr/local/bin/nats-server -c /var/www/faveo/nats.conf
ExecReload=/usr/bin/kill -s HUP $MAINPID
ExecStop=/usr/bin/kill -s SIGINT $MAINPID
User=www-data
Group=www-data
Restart=always
RestartSec=5s
LimitNOFILE=1000000

[Install]
WantedBy=multi-user.target

• For RHEL Based Servers:

[Unit]
Description=NATS Server
After=network.target

[Service]
PrivateTmp=true
Type=simple
ExecStart=/usr/local/bin/nats-server -c /var/www/faveo/nats.conf
ExecReload=/usr/bin/kill -s HUP $MAINPID
ExecStop=/usr/bin/kill -s SIGINT $MAINPID
User=apache
Group=apache
Restart=always
RestartSec=5s
LimitNOFILE=1000000

[Install]
WantedBy=multi-user.target

Enable and Start the Service

Reload systemd and start the service:

sudo systemctl daemon-reload
sudo systemctl enable nats
sudo systemctl start nats
sudo systemctl status nats

3. Supervisor Configuration

Add the below contents to the supervisor conf file.

For Debian Based Systems

Open the file with nano editor.

nano /etc/supervisor/conf.d/faveo-worker.conf

Add the below configurations at the end of the file.

[program:faveo-Nats]
process_name=%(program_name)s
command=php /var/www/faveo/artisan nats:listen
autostart=true
autorestart=true
user=www-data
redirect_stderr=true
stdout_logfile=/var/www/faveo/storage/logs/nats-worker.log

Restart Supervisor

systemctl restart supervisor

Check the service status.

supervisorctl

For RHEL Based Systems

Open the file with nano editor.

nano /etc/supervisord.d/faveo-worker.ini

Add the below configurations at the end of the file.

[program:faveo-Nats]
process_name=%(program_name)s
command=php /var/www/faveo/artisan nats:listen
autostart=true
autorestart=true
user=apache
redirect_stderr=true
stdout_logfile=/var/www/faveo/storage/logs/nats-worker.log

Restart Supervisor

systemctl restart supervisord

Check the service status.

supervisorctl

4. Proxy Configuration

Faveo requires a reverse proxy configuration so that the NATS WebSocket connection can be securely proxied through your web server.
Please follow the configuration instructions based on the web server installed on your system(Apache or NGINX).

---

4a. Apache Configuration

Make the changes in the SSL conf files as below:

For Debian Based Servers:

nano /etc/apache2/sites-available/faveo-ssl.conf

For RHEL Based Servers:

nano /etc/httpd/conf.d/faveo-ssl.conf

Add the following proxy configuration for Apache (inside block):

ProxyPass "/natsws" "ws://127.0.0.1:9235/"
ProxyPassReverse "/natsws" "ws://127.0.0.1:9235/"
Header always set Upgrade "websocket"
Header always set Connection "Upgrade"
Header always set X-Forwarded-Host %{HTTP_HOST}e
Header always set X-Forwarded-For %{REMOTE_ADDR}e
Header always set X-Forwarded-Proto %{HTTPS}e

Example:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName --DOMAINNAME--
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/faveo/public

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile      /etc/ssl/certs/faveolocal.crt
        SSLCertificateKeyFile   /etc/ssl/private/private.key
        SSLCertificateChainFile /usr/local/share/ca-certificates/faveorootCA.crt

        # NATS Proxy
        ProxyPass "/natsws" "ws://127.0.0.1:9235/"
        ProxyPassReverse "/natsws" "ws://127.0.0.1:9235/"
        Header always set Upgrade "websocket"
        Header always set Connection "Upgrade"
        Header always set X-Forwarded-Host %{HTTP_HOST}e
        Header always set X-Forwarded-For %{REMOTE_ADDR}e
        Header always set X-Forwarded-Proto %{HTTPS}e
    </VirtualHost>
</IfModule>

Install and Enable required modules

For Debian Based Servers:

sudo a2enmod proxy proxy_wstunnel headers proxy_http

For RHEL Based Servers

yum install -y mod_proxy mod_proxy_http mod_proxy_wstunnel mod_headers

Then ensure the following lines exist in /etc/httpd/conf/httpd.conf. if not present, add at the end of file

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule headers_module modules/mod_headers.so

Restart Apache

For Debian Based Servers:

sudo systemctl restart apache2

For RHEL Based Servers

sudo systemctl restart httpd

4b. NGINX Configuration

For Debian Based Servers:

nano /etc/nginx/sites-available/faveo.conf

For RHEL Based Servers:

nano /etc/nginx/nginx.conf

Add the following configuration for NGINX:

location ~ ^/natsws {
    proxy_pass http://127.0.0.1:9235;
    proxy_http_version 1.1;

    proxy_set_header Host $host;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Example

server {
    listen 443 ssl;
    server_name --DOMAINNAME--;

    ssl_certificate /etc/ssl/certs/your_domain.crt;
    ssl_certificate_key /etc/pki/tls/private/your_domain.key;

    location ~ ^/natsws {
        proxy_pass http://127.0.0.1:9235;
        proxy_http_version 1.1;

        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Restart Nginx

sudo systemctl restart nginx