Installing Jamf Pro Using the Installer

Installing Jamf Pro using the installer involves the following steps:

  1. Install the prerequisite software (if you haven't already).

  2. Configure the firewall.

  3. Run the Jamf Pro Installer.

  4. Create the Jamf Pro database.

  5. Connect to the Jamf Pro server.

  6. (Optional) Disable TLS 1.0 and 1.1 in Java 11.

  7. Secure your Jamf Pro server.

Note:

Jamf recommends that you install Jamf Pro before creating the Jamf Pro database. The advantage is that the Jamf Pro Server Tools CLI is installed with the Jamf Pro installer. The CLI simplifies the process of creating the database as opposed to creating the database manually. In addition, while the Jamf Pro database can be created and configured before Jamf Pro is installed, the Jamf Pro-to-MySQL connection information cannot be configured until after Jamf Pro is installed.

General Requirements

Note:

The Jamf Pro web app and the MySQL database can be installed on the same server or different servers. You may want to install the MySQL database on a different server if you have a larger environment that requires more resources. Additional configuration is required to implement this scenario. For more information, see Installing the Jamf Pro Web App and MySQL on Different Servers.

The server used to host Jamf Pro should meet the minimum requirements for operating system, Tomcat version, database configuration, and Java installation. For additional information on these Jamf Pro Server Environment requirements, see the Jamf Pro Release Notes for your version of Jamf Pro.

In addition, the following resources are recommended as the minimum allocation for a typical installation of Jamf Pro:

Linux
  • A 64-bit capable Intel processor

  • 8 GB of RAM

  • 150 GB of disk space available

  • The "wget" utility installed

  • Ports 8443 and 8080 available

Note:

Each installation of Jamf Pro and its required services is unique, and requirements, such as Jamf Pro web app memory, may vary depending on your implementation. For information about allocating additional memory to the Jamf Pro web app, see Jamf Pro Web App Memory.

If you have questions regarding scaling your environment's resources beyond the typical recommendations, contact Jamf Support.

Step 1: Installing the Prerequisite Software

Java must be installed on the server where you will install Jamf Pro. MySQL must be installed on a server before you can create the Jamf Pro database.

For instructions, see the Installing Java and MySQL for Jamf Pro 10.14.0 or Later article.

Note:

MySQL is not required to be installed on the same server as the Jamf Pro web application. For more information, see Configuring Clustering Settings.

Step 2: Configuring the Firewall

The following instructions will assist you in configuring the firewall to allow inbound access on port 8443, which provides access to the Jamf Pro web application.

Red Hat Enterprise Linux

Requirements

The firewall is enabled by default on Red Hat Enterprise Linux. However, the firewall must be configured to allow traffic through the port used by Jamf Pro (typically 8443).

  1. Check to see if the firewall is running by executing the following command:
    systemctl status firewalld
  2. If the firewall is "active":
    1. List the ports that are open by executing the following command:
      sudo firewall-cmd --list-ports
    2. Edit the firewall configuration to allow access to port 8443 by executing the following commands:
      sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent
      sudo firewall-cmd --reload

For more information, see the following documentation from Red Hat:

Ubuntu

Requirements

The firewall is not enabled by default in Ubuntu. However, it is highly recommended that you enable and configure the firewall on any production systems.

  1. Check to see if the firewall is running by executing the following command:
    sudo ufw status
  2. If the firewall is not running, enable it by executing the following command:
    sudo ufw enable
  3. Edit the firewall configuration to allow access to port 8443 by executing the following commands:
    sudo ufw allow 8443/tcp
    sudo ufw reload

For more information, see Firewall in the Ubuntu Server Guide.

Step 3: Running the Jamf Pro Installer

The Jamf Pro Installer for Linux installs Apache Tomcat, the Jamf Pro web app, and Jamf Pro Server Tools.

  1. Copy the Jamf Pro Installer for Linux (jamfproinstaller.run) to the server.
    Note:

    To obtain the Jamf Pro Installer for Linux, log in to Jamf Account and navigate to the Products page for Jamf Pro.

  2. Log in to the server as a user with superuser privileges.
  3. Initiate the installer by executing a command similar to the following:
    sudo sh /path/to/jamfproinstaller.run
  4. If your server has less available disk space than recommended to install Jamf Pro, you will be prompted to either continue or abort the installation process. Type “y” to proceed or “n” to abort.

    You can bypass the disk space check by executing the installer with the -d flag. Execute a command similar to the following:

    sudo sh /path/to/jamfproinstaller.run -- -d
  5. When the requirement check is complete, type "y" to proceed.
  6. Configure Jamf Pro to start automatically when the server is rebooted:
    1. Check the state of the Tomcat service's “enabled on boot” setting by executing the following command:
      sudo systemctl is-enabled jamf.tomcat8.service
    2. If the result indicates the Tomcat service is “disabled”, enable the service permanently by executing the following command:
      sudo systemctl enable jamf.tomcat8
    3. Confirm the “enabled on boot” setting is "enabled" by executing the following command:
      sudo systemctl is-enabled jamf.tomcat8.service
    4. If the Tomcat service is not already running, you can start the Tomcat service manually by rebooting the server or by executing the following command:
      sudo systemctl start jamf.tomcat8

Step 5: Connecting to the Jamf Pro Server

  1. Configure the database connection settings using Jamf Pro Server Tools GUI or CLI. For instructions, see the Editing the Database Connection Using Jamf Pro Server Tools article.
  2. Access Jamf Pro by opening a web browser and typing the protocol, IP address or hostname of the server, and port. For example: https://JAMF_PRO_URL.com:8443
    Note:

    Some web browsers may initially prevent access to Jamf Pro on port 8443 and may produce an "invalid certificate" error. If this error occurs, do the following:

    1. Enter your Jamf Pro server URL in the web browser's address bar using "http" and port 8080 (e.g., "http://JAMF_PRO_URL.com:8080").

    2. When prompted by the Jamf Pro setup assistant for the Jamf Pro URL, enter your Jamf Pro server URL using "https" and port 8443 (e.g., https://JAMF_PRO_URL.com:8443).

    You can begin using your Jamf Pro server URL to access Jamf Pro after you have uploaded a valid certificate and restarted Tomcat. For more information, see SSL Certificate in the Jamf Pro Documentation.

Step 6: (Optional) Disabling TLS 1.0 and 1.1 in Java 11

If you are using the TLS 1.0 or 1.1 protocols in Java 11 for any existing workflows, it is recommended that you disable them because they are deprecated. For instructions, see the Disabling TLS 1.0 and 1.1 in Java 11 article.

Installed Files and Folders

The following files and folders are installed when you run the Jamf Pro Installer:

Jamf Pro web app

The files that make up the Jamf Pro web app are stored in the following location:

/usr/local/jss/tomcat/webapps/ROOT/

Apache Tomcat

Tomcat is the web application server that runs the Jamf Pro web app. A directory named tomcat is installed in the following location:

/usr/local/jss/

For more information about the version of Tomcat installed by the Jamf Pro Installer, see the Apache Tomcat Versions Installed by the Jamf Pro Installer article.

jamf.tomcat8

This is the service file for Tomcat. It is installed in the following location:

/etc/init.d/jamf.tomcat8

server.xml

The Jamf Pro Installer installs a modified copy of Tomcat's server.xml file. This file enables SSL, ensures that Jamf Pro appears in the root context, and enables database connection pooling. It is installed in the following location:

/usr/local/jss/tomcat/conf/

keystore

Tomcat requires a keystore file to provide connections over SSL. The Jamf Pro Installer creates a default .keystore file and stores it in the following location:

/usr/local/jss/tomcat/

Jamf Pro Server Tools

Jamf Pro Server Tools, filename server-tools-gui.jar, is installed in the following location:

/usr/local/jss/bin/

Jamf Pro Server Tools also has a command-line interface (CLI), filename jamf-pro, that is installed in the same location.

Note:

The Jamf Pro installer for Linux includes only the 64-bit version of the CLI. If you are using 32-bit Linux, you must manually download and use the 32-bit version of the CLI. For instructions, see the Using the Jamf Pro Server Tools Command-Line Interface article.

Database backup location

By default, Jamf Pro Server Tools stores database backups in the following location:

/usr/local/jss/backups/database/

Logs

Logs for the installation and for the Jamf Pro server are stored in the following location:

/usr/local/jss/logs/