Installing the filter node

Installing as a dynamic module for NGINX

  • Do you have a free open source NGINX instance running in you environment? If you do, deploy Wallarm as a dynamic module for NGINX, see Installing as a dynamic module for NGINX.
  • Do you have a commercial NGINX Plus instance running in you environment? If you do, install Wallarm as a module for NGINX Plus, see Installing with NGINX Plus.

To install the filter node, you must:

  1. Add the Wallarm repositories, from which you will download packages.
  2. Install the Wallarm packages.
  3. Configure postanalytics.
  4. Connect the filter node to the Wallarm cloud.

1. Add the Wallarm repositories

The installation and updating of the filter node is done from the Wallarm repositories.

Depending on your operating system, run one of the commands:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node jessie/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-get install dirmngr
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node trusty/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
apt-key adv --keyserver keys.gnupg.net --recv-keys 72B865FD
echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/' >/etc/apt/sources.list.d/wallarm.list
apt-get update
yum install --enablerepo=extras -y epel-release centos-release-SCL
rpm -i https://repo.wallarm.com/centos/wallarm-node/6/x86_64/Packages/wallarm-node-repo-1-2.el6.noarch.rpm
yum install -y epel-release
rpm -i https://repo.wallarm.com/centos/wallarm-node/7/x86_64/Packages/wallarm-node-repo-1-2.el7.centos.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages. Ensure the access is not blocked by a firewall.

2. Install the Wallarm packages

Depending on your operating system, run one of the commands:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
apt-get install --no-install-recommends wallarm-node nginx-wallarm
apt-get install --no-install-recommends wallarm-node nginx-wallarm
apt-get install --no-install-recommends wallarm-node nginx-wallarm
apt-get install --no-install-recommends wallarm-node nginx-wallarm
apt-get install --no-install-recommends wallarm-node nginx-wallarm
yum install wallarm-node nginx-wallarm
yum install wallarm-node nginx-wallarm

3. Configure postanalytics

The amount of memory determines the quality of work of the statistical algorithms. The recommended value is 75% of the total server memory. For example, if the server has 32 GB of memory, the recommended allocation size is 24 GB.

Allocate the operating memory size for Tarantool:

Open for editing the configuration file of Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool

Set the allocated memory size in the configuration file of Tarantool via the SLAB_ALLOC_ARENA directive.

For example:

SLAB_ALLOC_ARENA=24

Restart Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
systemctl restart wallarm-tarantool
systemctl restart wallarm-tarantool
service wallarm-tarantool restart
service wallarm-tarantool restart
service wallarm-tarantool restart
service wallarm-tarantool restart
systemctl restart wallarm-tarantool

4. Connect the filter node to the Wallarm cloud

The filter node interacts with the Wallarm cloud located on a remote server.

The addnode script connects the filter node to the Wallarm cloud.

  1. Run the script addnode:

    You have to pick which script to run depending on the Cloud you are using.

    EU Cloud
    US Cloud
    sudo /usr/share/wallarm-common/addnode
    sudo /usr/share/wallarm-common/addnode -H us1.api.wallarm.com

  2. Enter the login and password. This is the same login and password that you use to access Wallarm console at https://my.wallarm.com or https://us1.my.wallarm.com/. The profile must have the Administrator role and 2FA should be disabled. If the profile has the Analyst role or has 2FA enabled, the script will error out.

API Access

The API choice for your filter node depends on the Cloud you are using. Please, select the API accordingly:

Ensure the access is not blocked by a firewall.

The installation is complete

The installation is complete.

Now you must configure the filter node to filter traffic. See Configure the proxying and filtering rules.

results matching ""

    No results matching ""