Installing as a Heroku App

Wallarm can protect web-applications and API deployed on the Heroku platform. The Wallarm filter node can be installed by connecting the application to a Buildpack that was built specifically for Heroku apps.

You can get the Heroku Buildpack from the Wallarm public repository.

The Buildpack contains the following features:

Installation prerequisites

Before installing the filter node make sure you have a Wallarm account with Administrator role.

Language and app server agnostic

The Wallarm Node buildpack provides the wallarm/bin/start-wallarm command. This command takes your app server's startup command as an argument.

For example, to get Wallarm Node and Unicorn up and running, run the following command:

$ cat Procfile
web: wallarm/bin/start-wallarm bundle exec unicorn -c config/unicorn.rb

Environment variables

You can use the following environment variables:

  • WALLARM_API_HOST — The Wallarm API address.
  • WALLARM_USER — The user at my.wallarm.com that has rights to add new nodes.
  • WALLARM_PASSWORD — The user password.
  • WALLARM_MODE — The request handling mode: off, monitoring (default), blocking.
  • WALLARM_TARANTOOL_MEMORY — The amount of memory in gigabytes allocated to postanalytics; 50% of total memory by default.

For example, to set your WALLARM_MODE to the blocking mode, run the following command:

$ heroku config:set WALLARM_MODE=block

Customizable NGINX configuration

You can provide your own NGINX configuration by creating a file named nginx.conf.erb in the directory wallarm/etc.

Start by copying the buildpack's default configuration file.

Application and Dyno coordination

The buildpack will not start NGINX with the Wallarm module until a file is written to /tmp/app-initialized. Since NGINX binds to the dyno's $PORT and since $PORT determines if the app can receive traffic, you can delay NGINX traffic reception until your application is ready to handle it. The examples below show how and when you should write the file when working with Unicorn.

Filter node setup example

Here are the two setup examples. The first example demonstrates the installation of a new app; The second one demonstrates the installation of an existing app. In both cases, we are using Ruby & Unicorn. However, you can use the Buildpack to install Wallarm for applications which are written in other programming languages or use other servers.

Existing application

Update the buildpacks using the following command:

$ heroku buildpacks:add https://github.com/wallarm/heroku-buildpack-wallarm-node.git

Update the Procfile to contain the following:

web: wallarm/bin/start-wallarm bundle exec unicorn -c config/unicorn.rb
$ git add Procfile
$ git commit -m 'Update procfile for Wallarm Node buildpack'

Update Unicorn configuration to include the following :

require 'fileutils'
listen '/tmp/nginx.socket'
before_fork do |server,worker|
  FileUtils.touch('/tmp/app-initialized')
end

Commit the changes using the following commands:

$ git add config/unicorn.rb
$ git commit -m 'Update unicorn config to listen on NGINX socket.'

Connect to the Wallarm cloud by running the command depending on the Cloud you are using.

EU Cloud
US Cloud
heroku config:set WALLARM_USER=<your email>
heroku config:set WALLARM_PASSWORD=<your password>
heroku config:set WALLARM_API_HOST=us1.api.wallarm.com
heroku config:set WALLARM_USER=<your email>
heroku config:set WALLARM_PASSWORD=<your password>

Deploy the changes using the following command:

$ git push heroku master

New application

We are using Ruby & Unicorn. However, you can use the Buildpack to install Wallarm for applications which are written in other programming languages or use other servers.

These are the components you need to have installed on your system for the following instructions to work: gcc, heroku cli, bundler.

Create a directory for the app using the following command:

$ mkdir myapp; cd myapp
$ git init

Create a Gemfile containing the following code:

source 'https://rubygems.org'
gem 'unicorn'

Create a config.ru file using the following command:

run Proc.new {[200,{'Content-Type' => 'text/plain'}, ["hello world"]]}

Create a config/unicorn.rb file containing the following configurations for an application server that receives connections through the local socket:

require 'fileutils'
preload_app true
timeout 5
worker_processes 4
listen '/tmp/nginx.socket', backlog: 1024

before_fork do |server,worker|
  FileUtils.touch('/tmp/app-initialized')
end

Install Gems using the following command:

$ bundle install

Create a Procfile containing the following:

web: wallarm/bin/start-wallarm bundle exec unicorn -c config/unicorn.rb

Create & push the Heroku app by running the commands depending on the Cloud you are using.

EU Cloud
US Cloud
$ heroku create
$ heroku buildpacks:add heroku/ruby
$ heroku buildpacks:add https://github.com/wallarm/heroku-buildpack-wallarm-node.git
$ heroku config:set WALLARM_USER=<your email>
$ heroku config:set WALLARM_PASSWORD=<your password>
$ git add .
$ git commit -am "init"
$ git push heroku master
$ heroku logs -t
$ heroku create
$ heroku buildpacks:add heroku/ruby
$ heroku buildpacks:add https://github.com/wallarm/heroku-buildpack-wallarm-node.git
$ heroku config:set WALLARM_API_HOST=us1.api.wallarm.com
$ heroku config:set WALLARM_USER=<your email>
$ heroku config:set WALLARM_PASSWORD=<your password>
$ git add .
$ git commit -am "init"
$ git push heroku master
$ heroku logs -t

Check the app using the following command:

$ heroku open

results matching ""

    No results matching ""