Skip to content

Installing the Filter Node (NGINX)

Request processing

Request processing by a filter node consists of the following phases:

  • Initial processing by the NGINX-Module-Wallarm
  • Postanalytics and the statistical analysis of the processed requests.

These instructions describe the installation of the Wallarm filter node as a dynamic module for NGINX on the same server with postanalytics.

To install the filter node, do the following:

  1. Install NGINX.

  2. Add the Wallarm repositories, from which you will download packages.

  3. Install the Wallarm packages.

  4. Configure postanalytics.

  5. Connect the Wallarm module.

  6. Connect the filter node to the Wallarm cloud.

Prerequisites

  • Prior to taking any steps listed below, either disable or configure SELinux if it is installed on the operating system.
  • Make sure that you execute all commands below as superuser (e.g. root).

1. Install NGINX

Install NGINX from the official NGINX repositoriy by following the instruction that corresponds with your operating system from the list below.

Stable NGINX version

Make sure you are installing the stable version of NGINX. The mainline part of the path must be omitted from the NGINX repository link.

2. Add the Wallarm Repositories

The filter node is installed and updated from the Wallarm repositories.

Depending on your operating system, run one of the commands:

sudo apt install dirmngr
curl -fsSL https://repo.wallarm.com/wallarm.gpg | sudo apt-key add -
sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node stretch/2.16/' | sudo tee /etc/apt/sources.list.d/wallarm.list"
sudo apt update
sudo apt install dirmngr
curl -fsSL https://repo.wallarm.com/wallarm.gpg | sudo apt-key add -
sh -c "echo 'deb http://repo.wallarm.com/debian/wallarm-node buster/2.16/' | sudo tee /etc/apt/sources.list.d/wallarm.list"
sudo apt update
curl -fsSL https://repo.wallarm.com/wallarm.gpg | sudo apt-key add -
sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node xenial/2.16/' | sudo tee /etc/apt/sources.list.d/wallarm.list"
sudo apt update
curl -fsSL https://repo.wallarm.com/wallarm.gpg | sudo apt-key add -
sh -c "echo 'deb http://repo.wallarm.com/ubuntu/wallarm-node bionic/2.16/' | sudo tee /etc/apt/sources.list.d/wallarm.list"
sudo apt update
sudo yum install -y epel-release
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.16/x86_64/Packages/wallarm-node-repo-1-5.el7.noarch.rpm
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/7/2.16/x86_64/Packages/wallarm-node-repo-1-5.el7.noarch.rpm
sudo yum install -y epel-release
sudo rpm -i https://repo.wallarm.com/centos/wallarm-node/8/2.16/x86_64/Packages/wallarm-node-repo-1-5.el8.noarch.rpm

Repository access

Your system must have access to https://repo.wallarm.com to download the packages.

Ensure the access is not blocked by a firewall.

3. Install the Wallarm Packages

Depending on your operating system, run one of the commands:

sudo apt install --no-install-recommends wallarm-node nginx-module-wallarm
sudo apt install --no-install-recommends wallarm-node nginx-module-wallarm
sudo yum install wallarm-node nginx-module-wallarm

4. Configure Postanalytics

Postanalytics uses the in-memory storage Tarantool. The Tarantool database is used to keep in a circular buffer a local copy of the data stream processed by a WAF node, including request/response headers and request bodies (but not response bodies).

The recommended value is 75% of the total server memory. However, there is a more accurate way to define the required value. To make a WAF node efficient, the database should keep at least 15 minutes of transmitted data with about 2x overhead for data serialization. Following these points, the amount of memory can be estimated by the formula:

Speed of request processing per minute in bytes * 15 * 2

For example, if a WAF node is handling at peak 50 MBps of end user requests, the required Tarantool database memory consumption can be estimated as the following:

50 MBps / 8 (bits in a byte) * 60 (seconds in a minute) * 15 * 2 = 11,250,000,000 bytes (or ~ 10.4 GB)

The sizing of Tarantool memory is controlled using the SLAB_ALLOC_ARENA attribute in the /etc/default/wallarm‑tarantool configuration file. To allocate memory:

  1. Open for editing the configuration file of Tarantool:
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/default/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
vi /etc/sysconfig/wallarm-tarantool
  1. Set the SLAB_ALLOC_ARENA attribute to memory size. For example:
SLAB_ALLOC_ARENA=10.4
  1. Restart Tarantool:
sudo systemctl restart wallarm-tarantool
sudo systemctl restart wallarm-tarantool
sudo service wallarm-tarantool restart
sudo service wallarm-tarantool restart
sudo systemctl restart wallarm-tarantool
sudo systemctl restart wallarm-tarantool
sudo systemctl restart wallarm-tarantool

To learn how long a Tarantool instance is capable of keeping traffic details with the current level of WAF node load, you can use the wallarm‑tarantool/gauge‑timeframe_size monitoring metric.

To get more information about memory allocation, please use this documentation.

5. Connect the Wallarm Module

Open the /etc/nginx/nginx.conf file.

Ensure that you have the include /etc/nginx/conf.d/* line in the file. If you do not, add it.

Add the following directive right after the worker_processes directive:

load_module modules/ngx_http_wallarm_module.so;

Configuration example with the added directive:

user  nginx;
worker_processes  auto;
load_module modules/ngx_http_wallarm_module.so;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

Copy the configuration files for the system setup:

sudo cp /usr/share/doc/nginx-module-wallarm/examples/*.conf /etc/nginx/conf.d/

6. Connect the Filter Node to the Wallarm Cloud

API Access

The API choice for your filter node depends on the Cloud you are using. Please, select the API accordingly:

Ensure the access is not blocked by a firewall.

The filter node interacts with the Wallarm cloud.

To connect the node to the cloud using your cloud account requisites, proceed with the following steps:

  1. Make sure that your Wallarm account has the Administrator role enabled and two-factor authentication disabled, therefore allowing you to connect a filter node to the cloud.

    You can check the above mentioned parameters by navigating to the user account list in the Wallarm console.

    User list in Wallarm console

  2. Run the addnode script in a system with the filter node:

    Info

    You have to pick the script to run depending on the Cloud you are using.

    sudo /usr/share/wallarm-common/addnode
    
    sudo /usr/share/wallarm-common/addnode -H us1.api.wallarm.com
    

    To specify the name of the created node, use the -n <node name> option.

  3. Provide your Wallarm account’s login and password when prompted.

Installation Completed

The installation is completed.

Now you need to configure the filter node to filter traffic. See Configure the Proxying and Filtering Rules.