Installing with Kong

Prerequisites

Kong must meet the following criteria:

  • Must be installed from packages
  • Must be installed on one of the following operating systems:
    • Debian 8.x (jessie)
    • Debian 9.x (stretch)
    • Ubuntu 14.04 LTS (trusty)
    • Ubuntu 16.04 LTS (xenial)
    • CentOS 6.x
    • CentOS 7.x

Known limitations

Installation

Installation of postanalytics on a separate server

If you are planning to install postanalytics on a separate server, you must install postanalytics first. See details in Separate postanalytics installation.

To install the Wallarm module with Kong, you need to:

  1. Add Wallarm repositories.
  2. Install Wallarm packages.
  3. Configure postanalytics.
  4. Connect the filter node to the Wallarm cloud.
  5. Configure the postanalytics server addresses.
  6. Configure the filtration mode.

1. Add Wallarm repositories

The filter node installs and updates from the Wallarm repositories.

Depending on your operating system, run one of the following commands:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
CentOS 6.x
CentOS 7.x
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node jessie/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node trusty/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
yum install --enablerepo=extras -y epel-release centos-release-SCL
rpm -i https://repo.wallarm.com/centos/wallarm-node/6/x86_64/Packages/wallarm-node-repo-1-2.el6.noarch.rpm
yum install -y epel-release
rpm -i https://repo.wallarm.com/centos/wallarm-node/7/x86_64/Packages/wallarm-node-repo-1-2.el7.centos.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages. Ensure the access is not blocked by a firewall.

2. Install Wallarm packages

To install the filter node and postanalytics on the same server, run the command:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
CentOS 6.x
CentOS 7.x
apt-get install --no-install-recommends wallarm-node kong-module-wallarm
apt-get install --no-install-recommends wallarm-node kong-module-wallarm
apt-get install --no-install-recommends wallarm-node kong-module-wallarm
apt-get install --no-install-recommends wallarm-node kong-module-wallarm
yum install wallarm-node kong-module-wallarm
yum install wallarm-node kong-module-wallarm
To install the filter node alone, run the command:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
CentOS 6.x
CentOS 7.x
apt-get install --no-install-recommends wallarm-node-nginx kong-module-wallarm
apt-get install --no-install-recommends wallarm-node-nginx kong-module-wallarm
apt-get install --no-install-recommends wallarm-node-nginx kong-module-wallarm
apt-get install --no-install-recommends wallarm-node-nginx kong-module-wallarm
yum install wallarm-node-nginx kong-module-wallarm
yum install wallarm-node-nginx kong-module-wallarm

3. Configure postanalytics

Skip this step if you installed postanalytics on a separate server as you already have your postanalytics configured.

The amount of memory determines the quality of work of the statistical algorithms. The recommended value is 75% of the total server memory. For example, if the server has 32 GB of memory, the recommended allocation size is 24 GB.

Allocate the operating memory size for Tarantool:

Open for editing the configuration file of Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
CentOS 6.x
CentOS 7.x
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool

Set the allocated memory size in the configuration file of Tarantool via the SLAB_ALLOC_ARENA directive.

For example:

SLAB_ALLOC_ARENA=24

Restart Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
CentOS 6.x
CentOS 7.x
systemctl restart wallarm-tarantool
systemctl restart wallarm-tarantool
service wallarm-tarantool restart
service wallarm-tarantool restart
service wallarm-tarantool restart
systemctl restart wallarm-tarantool

4. Connect the filter node to the Wallarm cloud

The filter node interacts with the Wallarm cloud located on a remote server.

The addnode script connects the filter node to the Wallarm cloud.

  1. Run the script addnode: /usr/share/wallarm-common/addnode

  2. Enter the login and password. This is the same login and password that you use to access Wallarm console at https://my.wallarm.com. The profile must have the Administrator role and 2FA should be disabled. If the profile has the Analyst role or has 2FA enabled, the script will error out.

API Access

To interact with the Wallarm cloud, the filter node must have access to https://api.wallarm.com:444. Ensure the access is not blocked by a firewall.

5. Configure the postanalytics server addresses

  • Skip this step if you installed postanalytics and the filter node on the same server.
  • Do this step if you installed postanalytics and the filter node on separate servers.

Add the server address of postanalytics to /etc/kong/nginx-wallarm.template:


     upstream wallarm_tarantool {
        server <ip1>:3313;
        server <ip2>:3313;
        ...
        server <ipN>:3313;
    }

    ...

    wallarm_tarantool_upstream wallarm_tarantool;

6. Set up the filtration mode

Uncomment the wallarm_mode string in the file /etc/kong/nginx-wallarm.template.

To uncomment, remove the # character at the beginning of the string.

By default, the directive is set to offwallarm_mode off.

Set it to monitoring.

File contents example:

#
# Wallarm module specific parameters
#

wallarm_mode monitoring;
# wallarm_mode_allow_override on;

Start Kong

To start Kong with the installed Wallarm module, run the command:

kong start --nginx-conf /etc/kong/nginx-wallarm.template

The installation is complete

Check that the filter node runs and filters the traffic. See Check the filter node operation.

results matching ""

    No results matching ""