Makine Görüntüsü
[link-launch-instance]: https://cloud.google.com/deep-learning-vm/docs/quickstart-marketplace
[img-ssh-key-generation]: ../../../images/installation-gcp/common/ssh-key-generation.png
[versioning-policy]: ../../../updating-migrating/versioning-policy.md#version-list
[img-wl-console-users]: ../../../images/check-user-no-2fa.png
[img-create-wallarm-node]: ../../../images/user-guides/nodes/create-cloud-node.png
[deployment-platform-docs]: ../../../installation/supported-deployment-options.md
[node-token]: ../../../quickstart/getting-started.md#deploy-the-wallarm-filtering-node
[api-token]: ../../../user-guides/settings/api-tokens.md
[wallarm-token-types]: ../../../user-guides/nodes/nodes.md#api-and-node-tokens-for-node-creation
[platform]: ../../../installation/supported-deployment-options.md
[ptrav-attack-docs]: ../../../attacks-vulns-list.md#path-traversal
[attacks-in-ui-image]: ../../../images/admin-guides/test-attacks-quickstart.png
[wallarm-nginx-directives]: ../../../admin-en/configure-parameters-en.md
[autoscaling-docs]: ../../../admin-en/installation-guides/google-cloud/autoscaling-overview.md
[real-ip-docs]: ../../../admin-en/using-proxy-or-balancer-en.md
[allocate-memory-docs]: ../../../admin-en/configuration-guides/allocate-resources-for-node.md
[limiting-request-processing]: ../../../user-guides/rules/configure-overlimit-res-detection.md
[logs-docs]: ../../../admin-en/configure-logging.md
[oob-advantages-limitations]: ../overview.md#limitations
[wallarm-mode]: ../../../admin-en/configure-wallarm-mode.md
[wallarm-api-via-proxy]: ../../../admin-en/configuration-guides/access-to-wallarm-api-via-proxy.md
[img-grouped-nodes]: ../../../images/user-guides/nodes/grouped-nodes.png
[cloud-init-spec]: ../../cloud-platforms/cloud-init.md
[wallarm_force_directive]: ../../../admin-en/configure-parameters-en.md#wallarm_force
[web-server-mirroring-examples]: overview.md#configuration-examples-for-traffic-mirroring
[ip-lists-docs]: ../../../user-guides/ip-lists/overview.md
[api-spec-enforcement-docs]: ../../../api-specification-enforcement/overview.md
# GCP Makine Görüntüsünden Wallarm OOB Dağıtımı
Bu makale, [Wallarm OOB](overview.md)'un, [resmi Makine Görüntüsü](https://console.cloud.google.com/launcher/details/wallarm-node-195710/wallarm-node) kullanılarak Google Cloud Platform üzerinde dağıtımı için talimatlar sunmaktadır. Burada tanımlanan çözüm, bir web veya proxy sunucu tarafından aynalanan trafiği analiz etmek üzere tasarlanmıştır.
## Kullanım Senaryoları
Among all supported [Wallarm deployment options][deployment-platform-docs], GCP Machine Image is recommended for Wallarm deployment in these **use cases**:
* Your existing infrastructure resides on GCP.
* You aim to deploy a security solution as a separate cloud instance, rather than installing it directly on frontend systems like NGINX.
## Requirements
* A GCP account
* Access to the account with the **Administrator** role in Wallarm Console for the [US Cloud](https://us1.my.wallarm.com/) or [EU Cloud](https://my.wallarm.com/)
* Access to `https://us1.api.wallarm.com:444` for working with US Wallarm Cloud or to `https://api.wallarm.com:444` for working with EU Wallarm Cloud. If access can be configured only via the proxy server, then use the [instructions][wallarm-api-via-proxy]
* Access to the IP addresses below for downloading updates to attack detection rules and [API specifications][api-spec-enforcement-docs], as well as retrieving precise IPs for your [allowlisted, denylisted, or graylisted][ip-lists-docs] countries, regions, or data centers
=== "US Cloud"
```
34.96.64.17
34.110.183.149
35.235.66.155
34.102.90.100
34.94.156.115
35.235.115.105
```
=== "EU Cloud"
```
34.160.38.183
34.144.227.90
34.90.110.226
```
* Executing all commands on a Wallarm instance as a superuser (e.g. `root`)
## 1. Launch a filtering node instance
### Launch the instance via the Google Cloud UI
To launch the filtering node instance via the Google Cloud UI, please open the [Wallarm node image on the Google Cloud Marketplace](https://console.cloud.google.com/launcher/details/wallarm-node-195710/wallarm-node) and click **GET STARTED**.
The instance will launch with a preinstalled filtering node. To see detailed information on launching instances in the Google Cloud, please proceed to the [official Google Cloud Platform documentation][link-launch-instance].
### Launch the instance via Terraform or other tools
When using a tool like Terraform to launch the filtering node instance using Wallarm GCP image, you may need to provide the name of this image in the Terraform configuration.
* Image name has the following format:
```bash
wallarm-node-195710/wallarm-node-<IMAGE_VERSION>-build
```
* To launch the instance with the filtering node version 5.x, please use the following image name:
```bash
wallarm-node-195710/wallarm-node-6-1-0-20250508-144827
```
To get the image name, you can also follow these steps:
1. Install [Google Cloud SDK](https://cloud.google.com/sdk/docs/install).
2. Execute the command [`gcloud compute images list`](https://cloud.google.com/sdk/gcloud/reference/compute/images/list) with the following parameters:
```bash
gcloud compute images list --project wallarm-node-195710 --filter="name~'wallarm-node-6-1-*'" --no-standard-images
```
3. Copy the version value from the name of the latest available image and paste the copied value into the provided image name format. For example, the filtering node version 4.10 image will have the following name:
```bash
wallarm-node-195710/wallarm-node-6-1-0-20250508-144827
```
## 2. Configure the filtering node instance
Perform the following actions to configure the launched filtering node instance:
1. Navigate to the **VM instances** page in the **Compute Engine** section of the menu.
2. Select the launched filtering node instance and click the **Edit** button.
3. Allow the required types of incoming traffic by ticking the corresponding checkboxes in the **Firewalls** setting.
4. If necessary, you can restrict connecting to the instance with the project SSH keys and use a custom SSH key pair for connecting to this instance. To do this, perform the following actions:
1. Tick the **Block project-wide** checkbox in the **SSH Keys** setting.
2. Click the **Show and edit** button in the **SSH Keys** setting to expand the field for entering an SSH key.
3. Generate a pair of public and private SSH keys. For example, you can use the `ssh-keygen` and `PuTTYgen` utilities.
![Generating SSH keys using PuTTYgen][img-ssh-key-generation]
4. Copy an open key in OpenSSH format from the interface of the used key generator (in the current example, the generated public key should be copied from the **Public key for pasting into OpenSSH authorized_keys file** area of the PuTTYgen interface) and paste it into the field containing the **Enter entire key data** hint.
5. Save the private key. It will be required for connecting to the configured instance in the future.
5. Click the **Save** button at the bottom of the page to apply the changes.
## 3. Connect to the filtering node instance via SSH
To see detailed information about ways of connecting to instances, proceed to this [link](https://cloud.google.com/compute/docs/instances/connecting-to-instance).
!!! info "Connecting to the instance via a custom private key"
If during base instance creation process you have enabled connection to the instance via a custom SSH key pair, make sure you have access to the private key from this key pair.
## 4. Generate a token to connect an instance to the Wallarm Cloud
The local Wallarm filtering node needs to connect with the Wallarm Cloud using a Wallarm token of the [appropriate type][wallarm-token-types]. An API token allows you to create a node group in the Wallarm Console UI, which helps in organizing your node instances effectively.
![Grouped nodes][img-grouped-nodes]
Generate a token as follows:
=== "API token"
1. Open Wallarm Console → **Settings** → **API tokens** in the [US Cloud](https://us1.my.wallarm.com/settings/api-tokens) or [EU Cloud](https://my.wallarm.com/settings/api-tokens).
1. Find or create API token with the `Node deployment/Deployment` usage type.
1. Copy this token.
=== "Node token"
1. Open Wallarm Console → **Nodes** in the [US Cloud](https://us1.my.wallarm.com/nodes) or [EU Cloud](https://my.wallarm.com/nodes).
1. Do one of the following:
* Create the node of the **Wallarm node** type and copy the generated token.
* Use existing node group - copy token using node's menu → **Copy token**.
## 5. Filtreleme Düğümünü Wallarm Cloud'a Bağlayın
Bulut örneğindeki düğüm, [cloud-init.py][cloud-init-spec] betiği aracılığıyla Cloud'a bağlanır. Bu betik, sağlanan bir jeton kullanarak düğümü Wallarm Cloud'a kaydeder, küresel olarak izleme [modu][wallarm-mode]na ayarlar ve NGINX'in `location /` bloğunda yalnızca aynalanan trafik kopyalarını analiz etmek üzere [`wallarm_force`][wallarm_force_directive] yönergelerini uygular. NGINX'in yeniden başlatılması, kurulumu tamamlar.
Cloud görüntüsünden oluşturulan örnekte `cloud-init.py` betiğini aşağıdaki gibi çalıştırın:
=== "US Cloud"
``` bash
sudo env WALLARM_LABELS='group=<GROUP>' /opt/wallarm/usr/share/wallarm-common/cloud-init.py -t <TOKEN> -m monitoring -p mirror -H us1.api.wallarm.com
```
=== "EU Cloud"
``` bash
sudo env WALLARM_LABELS='group=<GROUP>' /opt/wallarm/usr/share/wallarm-common/cloud-init.py -t <TOKEN> -m monitoring -p mirror
```
* `WALLARM_LABELS='group=<GROUP>'` mevcut bir düğüm grubu adı ayarlar (varsa mevcut, yoksa oluşturulur). Bu yalnızca bir API jetonu kullanılıyorsa uygulanır.
* `<TOKEN>` jetonun kopyalanan değeridir.
## 6. Web veya Proxy Sunucunuzu, Trafiği Wallarm Düğümüne Yansıtacak Şekilde Yapılandırın
1. Web veya proxy sunucunuzu (örneğin NGINX, Envoy) gelen trafiği Wallarm düğümüne yansıtacak şekilde yapılandırın. Yapılandırma ayrıntıları için web veya proxy sunucunuzun belgelerine başvurmanızı öneririz.
[web-server-mirroring-examples] bağlantısı içinde, en popüler web ve proxy sunucularından (NGINX, Traefik, Envoy) biri için örnek yapılandırmayı bulabilirsiniz.
1. Düğümün bulunduğu örnekteki `/etc/nginx/sites-enabled/default` dosyasına aşağıdaki yapılandırmayı ekleyin:
```
location / {
include /etc/nginx/presets.d/mirror.conf;
# 222.222.222.22 adresini, aynalama sunucusunun adresi ile değiştirin
set_real_ip_from 222.222.222.22;
real_ip_header X-Forwarded-For;
}
```
Wallarm Console'un [saldırganların IP adreslerini görüntülemesi][real-ip-docs] için `set_real_ip_from` ve `real_ip_header` yönergeleri gereklidir.
## 7. Wallarm İşlemini Test Edin
1. The request with test [Path Traversal][ptrav-attack-docs] attack to an address of either the web or proxy server mirroring traffic or the machine with the Wallarm node:
```
curl http://<ADDRESS>/etc/passwd
```
2. Open Wallarm Console → **Attacks** section in the [US Cloud](https://us1.my.wallarm.com/search) or [EU Cloud](https://my.wallarm.com/search) and make sure the attack is displayed in the list.
![Attacks in the interface][attacks-in-ui-image]
Since Wallarm OOB operates in the monitoring mode, the Wallarm node does not block the attack but registers it.
## 8. Dağıtılmış Çözümü İnce Ayar Yapın
The deployment is now complete. The filtering node may require some additional configuration after deployment.
Wallarm settings are defined using the [NGINX directives][wallarm-nginx-directives] or the Wallarm Console UI. Directives should be set in the following files on the Wallarm instance:
* `/etc/nginx/sites-enabled/default` defines the configuration of NGINX
* `/etc/nginx/conf.d/wallarm.conf` defines the global configuration of Wallarm filtering node
* `/etc/nginx/conf.d/wallarm-status.conf` defines the filtering node monitoring service configuration
* `/opt/wallarm/wstore/wstore.yaml` with the postanalytics service (wstore) settings
You can modify the listed files or create your own configuration files to define the operation of NGINX and Wallarm. It is recommended to create a separate configuration file with the `server` block for each group of the domains that should be processed in the same way (e.g. `example.com.conf`). To see detailed information about working with NGINX configuration files, proceed to the [official NGINX documentation](https://nginx.org/en/docs/beginners_guide.html).
!!! info "Creating a configuration file"
When creating a custom configuration file, make sure that NGINX listens to the incoming connections on the free port.
Below there are a few of the typical settings that you can apply if needed:
* [Wallarm node auto-scaling][autoscaling-docs]
* [Displaying the client's real IP][real-ip-docs]
* [Allocating resources for Wallarm nodes][allocate-memory-docs]
* [Limiting the single request processing time][limiting-request-processing]
* [Limiting the server reply waiting time](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout)
* [Limiting the maximum request size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size)
* [Wallarm node logging][logs-docs]
To apply the settings, restart NGINX on the Wallarm instance:
``` bash
sudo systemctl restart nginx
Each configuration file change requires NGINX to be restarted to apply it.
```