Skip to content

Configuring synchronization between Wallarm node and Cloud

The filtering node regularly synchronizes with the Wallarm Cloud to:

These instructions describe parameters and methods used to configure filtering node and Wallarm Cloud synchronization.

Access parameters

Parameters such as the filtering node name, UUID, and Wallarm API secret key, which enable filtering node to access the Cloud, are explicitly set in node.yaml. This file is automatically generated by the register-node script.

  • For Docker NGINX-based image, cloud images, NGINX Node all-in-one installer and Native Node installations, find the file at /opt/wallarm/etc/wallarm/node.yaml, unless overridden by the wallarm_api_conf directive.

  • For other installations, the node.yaml location may vary or be overridden by the wallarm_api_conf directive. Use search or check the wallarm_api_conf value to locate the file.

The node.yaml file may contain the following access parameters:

Parameter Description Default value
hostname Filtering node name. This variable is required to be set in the node.yaml file. Provided by register-node
regtoken Token for node to be able to access the Wallarm API. Provided by register-node
uuid Filtering node UUID. This variable is required to be set in the node.yaml file. Provided by regtoken
secret Secret key to access the Wallarm API. This variable is required to be set in the node.yaml file. Provided by regtoken
api.host Wallarm API endpoint. Can be:
  • us1.api.wallarm.com for the US Cloud
  • api.wallarm.com for the EU Cloud
api.wallarm.com
api.port Wallarm API port. 443
api.use_ssl Whether to use SSL when connecting to Wallarm API. true
api.ca_verify Whether to enable/disable Wallarm API server certificate verification. Can be:
  • true to enable verification
  • false to disable verification
.
true
api.ca_file Path to the SSL certificate file. /usr/share/wallarm-common/ca.pem
api.localhost Local IP address of the network interface through which requests to Wallarm API are sent. This parameter is required if the network interface used by default restricts access to Wallarm API (for example, access to the Internet may be closed). -
api.localport Port of the network interface through which requests to Wallarm API are sent. This parameter is required if the network interface used by default restricts access to Wallarm API (for example, access to the Internet may be closed). -

To change synchronization parameters, proceed with the following steps:

  1. Make changes to the node.yaml file by adding the required parameters and assigning the desired values to them.

  2. Restart NGINX to apply updated settings to the synchronization process:

    sudo systemctl restart nginx
    
    sudo service nginx restart
    
    sudo systemctl restart nginx
    
    sudo systemctl restart nginx
    
    sudo systemctl restart nginx
    

Synchronization interval

By default, the filtering node synchronizes with the Wallarm Cloud every 120‑240 seconds (2‑4 minutes). You can change the synchronization interval via the system environment variable WALLARM_SYNCNODE_INTERVAL.

To change the interval between filtering node and Wallarm Cloud synchronizations:

  1. Open the file /etc/environment.

  2. Add the WALLARM_SYNCNODE_INTERVAL variable to the file and set a desired value to the variable in seconds. The value cannot be less than the default value (120 seconds). For example:

    WALLARM_SYNCNODE_INTERVAL=800
    
  3. Save the changed file /etc/environment. New interval value will be applied to the synchronization process automatically.

Configuration example

Note that besides parameters providing the filtering node access to the Cloud (general and api sections, described in this article), the node.yaml file may also contain parameters providing different processes the access to files needed for the node operation (syncnode section).

Example of the valid node.yaml contents:

hostname: example-node-name
uuid: ea1xa0xe-xxxx-42a0-xxxx-b1b446xxxxxx
secret: b827axxxxxxxxxxxcbe45c855c71389a2a5564920xxxxxxxxxxxxxxxxxxc4613260
host: api.wallarm.com
port: 443
ca_verify: true

syncnode:
  owner: root
  group: wallarm
  mode: 0640