Firewall and Proxy Settings

Patching servers through firewall

As long as your servers have access to the Internet, even behind NAT — you will be able to use KernelCare patch server without any problems.

Generally, KernelCare requires connection to only two servers for a proper work:

An additional address is used for KernelCare agent installation/update:

Patching servers through proxy

If your servers don't have direct Internet access but can gain access to the Internet using proxy, the configuration is not that different. KernelCare can pick up standard environment variables for a proxy.

Make sure you have environment settings for proxy setup, and everything else will be the same as if servers were directly connected to the Internet:

# export http_proxy=
# export https_proxy=


Settings defined by export are case-insensitive, so the example above could be as follows:

# export HTTP_PROXY=
# export HTTPS_PROXY=

You can define these settings in the KernelCare config /etc/sysconfig/kcare/kcare.conf.


$ cat /etc/sysconfig/kcare/kcare.conf

If you define these settings in the config, you don't need to export them each kcarectl launch and don't need to edit cron jobs.

All kcarectl launches will be aware of proxy settings from the config. In this case, you need to set proxy settings only once.