The information from this article is valid, however, starting from the following releases HTTPS for a Master-Agent connection can be used without use of a proxy as explained with the JobScheduler Universal Agent - HTTPS Agent and Master Authentication article:

Scope

Prerequisites

You will have to install one of the following software components for configuring your reverse proxy:

Get a TLS Certificate

A TLS certificate can be acquired by

Configure a reverse proxy

JobScheduler Universal Agent itself does not provide configuration options to encrypt it's communication by HTTPS. The recommended solution is to run a reverse proxy on the same host but under a different user.

The reverse proxy needs to be configured to

 <VirtualHost *:24445>
 
  ProxyPass / http://localhost:4445/
  ProxyPassReverse / http://localhost:4445/
 
  # Enable/Disable SSL for this virtual host.
  SSLEngine on
 
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/pki/tls/certs/agent_host.crt
  SSLCertificateKeyFile /etc/pki/tls/private/agent_host.key
 
</VirtualHost>

This is the configurate for the file ssl.conf that is usually stored usually under /etc/httpd/conf.d

server {
    listen       34445;
 
    ssl                  on;
    ssl_certificate      /etc/pki/tls/certs/agent_host.crt;
    ssl_certificate_key  /etc/pki/tls/private/agent_host.key;
 
    ssl_protocols  TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;
 
    location / {
        proxy_pass http://localhost:4445/;
    }
}

This is the configurate for the file nginx.conf that is usually stored usually under /etc/nginx

Import the self-signed certificate into the Java Truststore of JobScheduler Master

This step is not required if the TLS certificate was bought from a trusted certificate authority.

 <path_to_java_keytool>/keytool -importcert -keystore <path_to_java_for_scheduler>/lib/security/cacerts -alias agent_host -file <path_to_certificate>/agent_host.crt -storepass changeit
  • Java keytool is usually under the bin folder for Java. in that case you search for the Java that you are using for the JobScheduler Master.

Configure JobScheduler Master to use the reverse proxy

The proxy URL along with the HTTPS keyword is configured in the process class for the Agent:

<process_class  max_processes="20" remote_scheduler="https://agent_host:24445"/>

References