Linux Configuration Options for Running the Jamf PKI Proxy

This section describes how to run the Jamf PKI Proxy as a background service for Linux if you do not want the Jamf PKI Proxy to run in an active Terminal.

Linux Methods for Running the Jamf PKI Proxy as a Background Service

You can use the following methods to run the Jamf PKI Proxy in the background on Linux:

  • Using systemctl with a non-interactive user (recommended)

  • Running the jamf-pki-proxy in the background

Method 1: Using systemctl with a Non-Interactive User (Recommended)

This method involves the following main steps:

  1. Creating a Non-Interactive User

  2. Creating the SystemD Unit File

Step 1: Creating a Non-interactive User

  1. Create a non-interactive user that will be used solely for running the Jamf PKI Proxy by executing the following command:
    sudo useradd -m -s /usr/sbin/nologin jamfpkiproxy

    For security purposes, this is a non-interactive user that will not have login privileges.

  2. Create the configuration directory for the Jamf PKI Proxy by executing the following command:
    sudo mkdir -p /home/jamfpkiproxy/.jamf
  3. Copy the configuration directory to the jamfpkiproxy user by executing the following command:
    sudo cp -r ~/.jamf/* /home/jamfpkiproxy/.jamf
    Note:

    The ~/.jamf directory would have been created and set up when the Jamf PKI Proxy was configured. See Configuring the Jamf PKI Proxy and Venafi Connection.

  4. Change the ownership of the configuration directory to the jamfpkiproxy user by executing the following command:
    sudo chown -R jamfpkiproxy:jamfpkiproxy /home/jamfpkiproxy/.jamf
  5. If a package manager was used to install the jamf-pki-proxy binary, it will be located in /usr/local/bin. For direct downloads of the binary, install here: /usr/local/bin/
  6. Change the ownership of the jamf-pki-proxy binary to the jamfpkiproxy user by executing the following command:
    sudo chown jamfpkiproxy:jamfpkiproxy /usr/local/bin/jamf-pki-proxy

Step 2: Creating the SystemD Unit File

  1. Create the unit file in systemd by executing the following command:
    sudo touch /etc/systemd/system/jamf.pki.proxy.service
  2. Open the file by executing the following command:
    sudo vi /etc/systemd/system/jamf.pki.proxy.service
  3. Paste the following:
    [Unit]
    Description=Jamf Pro PKI Proxy
    After=network.target
    
    [Service]
    Type=simple
    ExecStart=/usr/local/bin/jamf-pki-proxy start
    StandardOutput=journal
    StandardError=journal
    UMask= 0007
    RestartSec= 10
    Restart=on-failure
    User=jamfpkiproxy
    Group=jamfpkiproxy
    
    [Install]
    WantedBy=multi-user.target
    
  4. Reload systemd by executing the following command:
    sudo systemctl daemon-reload
  5. Check the status to make sure the systemd loaded successfully by executing the following command:
    sudo systemctl status jamf.pki.proxy
    The output should look similar to the following:
    jamf.pki.proxy.service - Jamf Pro PKI ProxyLoaded: loaded (/etc/systemd/system/jamf.pki.proxy.service; disabled; vendor preset: enabled)Active: inactive (dead)
    
  6. If you would like the service to start automatically when the host boots, execute the following command:
    sudo systemctl enable jamf.pki.proxy
  7. If you would like to stop the service from starting automatically when the host boots, execute the following command:
    sudo systemctl disable jamf.pki.proxy
  8. Start the jamf.pki.proxy.service by executing the following command:
    sudo systemctl start jamf.pki.proxy
  9. To stop the service, execute the following command:
    sudo systemctl stop jamf.pki.proxy

Method 2: Running the Jamf PKI Proxy in the Background

To run the jamf-pki-proxy in the background, execute the following command:
/<path>/<to>/jamf-pki-proxy start & nohup

Running the Jamf PKI Proxy in a Docker Container on Linux

If you want to run the Jamf PKI Proxy in a Docker container, execute the following command:
docker run -d -v ~/.jamf/:/.jamf -v /etc/ssl:/etc/ssl:ro -p 9443:9443 jamfllc /jamf-pki-proxy:latest start

Logging Information for Linux

After you have configured the Jamf PKI Proxy to run as a background service, the Jamf PKI Proxy logs output to syslog at the following location: /var/log/syslog. The log statements from the Jamf PKI Proxy can be searched under jamf.pki.proxy.

You can also use journalctl to view the logging for the jamf-pki-proxy by running the following command:
sudo journalctl -u jamf.pki.proxy.service