chore: auto-commit 2026-03-24 19:59

2026-03-24 19:59:02 +00:00 · 2026-03-24 19:59:02 +00:00 · 3dcc4f8cff
commit 3dcc4f8cff
parent b4b7181e1f
4 changed files with 524 additions and 1407 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,379 @@
-X-Real-IP: "$remote_addr"        
+# Wallarm Deployment System
 X-Forwarded-For: "$proxy_add_x_forwarded_for"
 X-Forwarded-Proto: "$scheme"
 X-Forwarded-Host: "$host"
 A comprehensive solution for deploying Wallarm filtering nodes on virtual machines or bare metal servers. This system provides automated deployment, preflight checks, and management of Wallarm security nodes with support for multiple instances on the same server.
 ## Features
 - **Automated Preflight Checks** - Validates system readiness, network connectivity, and resource availability
 - **Smart Artifact Management** - GitLab-first approach with local fallback support
 - **Multiple Node Support** - Deploy multiple Wallarm instances on the same VM with unique port configurations
 - **Interactive Configuration** - User-friendly prompts for cloud region, ports, tokens, and upstream applications
 - **Comprehensive Validation** - Network tests, port availability checks, and deployment verification
 - **Persistence & Management** - Automatic service creation, start scripts, and health monitoring
 - **Clean Uninstallation** - Safe removal of containers, images, and configuration files
 ## Prerequisites
 ### System Requirements
 - **Operating System**: Linux (Ubuntu 20.04+, CentOS/RHEL 8+, Debian 11+)
 - **Architecture**: x86_64 (amd64)
 - **Memory**: Minimum 2GB RAM (4GB recommended for production)
 - **Storage**: Minimum 10GB free disk space
 - **Network**: Outbound connectivity to Wallarm cloud endpoints
 ### Software Dependencies
 - **Bash**: Version 4.0+ (included with most Linux distributions)
 - **curl**: For downloading artifacts and connectivity testing
 - **sudo**: For Docker installation and system configuration
 - **systemd** or **sysvinit**: For service management
 ## Quick Start
 ### 1. Download the Scripts
 ```bash
 # Download the preflight check script
 curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-ct-check.sh" > wallarm-ct-check.sh
 chmod +x wallarm-ct-check.sh
 # Download the deployment script
 curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-ct-deploy.sh" > wallarm-ct-deploy.sh
 chmod +x wallarm-ct-deploy.sh
 # Download the uninstall script (optional)
 curl -sL "https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main/wallarm-ct-uninstall.sh" > wallarm-ct-uninstall.sh
 chmod +x wallarm-ct-uninstall.sh
 ```
 ### 2. Run Preflight Check
 ```bash
 ./wallarm-ct-check.sh
 ```
 The preflight check will:
 - Verify system compatibility (OS, architecture, init system)
 - Test network connectivity to Wallarm cloud endpoints
 - Check for existing Docker installations
 - Validate resource availability
 - Generate a `.env` file with results
 ### 3. Deploy Wallarm Node
 ```bash
 ./wallarm-ct-deploy.sh
 ```
 The deployment script will:
 1. Read preflight check results
 2. Prompt for configuration (ports, upstream application, Wallarm token)
 3. Install Docker if not present
 4. Download and load Wallarm Docker image
 5. Configure and start the Wallarm container
 6. Verify deployment with health checks
 ## Detailed Usage
 ### Workflow Overview
 1. **Preflight Check** → **Deployment** → **Verification** → **Management**
 ### Configuration Requirements
 #### Wallarm Node Token
 Before deployment, you need a Wallarm Node Token from the Wallarm Console:
 - **Create Token**: Navigate to Wallarm Console → **Nodes** → **Create node**
 - **Token Format**: Base64 encoded string (alphanumeric with `+`, `/`, `=`, `-`, `_`)
 - **Documentation**: [Official Wallarm Documentation](https://docs.wallarm.com/admin-en/installation-docker-en/)
 #### Header Configuration for Firewalls/Ingress Controllers
 To ensure proper IP address detection and metadata forwarding, configure your firewall or ingress controller to include these headers:
 ```nginx
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Host $host;
 ```
 **Note**: The deployment script configures the first three headers automatically. You must manually add `X-Forwarded-Host: "$host"` to your existing firewall/ingress configuration.
 ### Multiple Node Deployment on Same VM
 You can deploy multiple Wallarm nodes on the same virtual machine by:
 1. **Unique Port Configuration**: Each instance must use unique ingress and monitoring ports
   - Default ingress port: 80 (configurable during deployment)
   - Monitoring port: ingress_port + 10 (auto-calculated)
   - Example: Instance 1 (80/90), Instance 2 (8080/8090), Instance 3 (8888/8898)
 2. **Instance Naming**: Each deployment generates a unique instance name
   - Format: `wallarm-<hostname>-<date>-<random>`
   - Example: `wallarm-server1-20250324-ab3c`
 3. **Isolated Configuration**: Each instance has its own:
   - Docker container with unique name
   - Configuration directory (`/opt/wallarm/<instance-name>/`)
   - Port binding and network namespace
   - Log files and start scripts
 **Resource Considerations for Multiple Nodes**:
 - Add 500MB RAM per additional Wallarm instance
 - Each instance requires ~2GB disk space
 - Consider CPU allocation (1 vCPU core per 2-3 instances for moderate traffic)
 ## Artifact Sources (Priority Order)
 The system uses a smart fallback approach for artifact retrieval:
 ### 1. **Primary Source**: GitLab Repository
   - URL: `https://git.sechpoint.app/customer-engineering/wallarm`
   - Contains: Docker binaries and Wallarm images with SHA256 checksums
   - Benefits: Version control, access control, audit trail
 ### 2. **Secondary Source**: Local Directories
   - `./binaries/` - Docker static binaries (`docker-29.2.1.tgz`)
   - `./images/` - Wallarm Docker images (`wallarm-node-6.11.0-rc1.tar.gz`)
   - Benefits: Air-gapped environments, faster deployment
 ### 3. **Tertiary Source**: Current Directory
   - Any `docker-*.tgz` or `wallarm-node-*.tar.gz` files in script location
   - Benefits: Ad-hoc deployments, testing scenarios
 ### 4. **Fallback Source**: Internal Proxy Servers
   - Original infrastructure URLs (with embedded credentials)
   - Used only when other sources are unavailable
 ## Suggested Resources
 ### Hardware Recommendations
 | Deployment Type | vCPUs | RAM  | Storage | Network | Recommended For |
 |----------------|-------|------|---------|---------|-----------------|
 | **Development** | 2     | 4GB  | 20GB    | 100Mbps | Testing, PoC environments |
 | **Production**  | 4     | 8GB  | 40GB    | 1Gbps   | Moderate traffic (up to 100 RPS) |
 | **Enterprise**  | 8+    | 16GB+| 100GB   | 10Gbps  | High traffic, multiple nodes |
 ### Cloud VM Recommendations
 - **AWS**: t3.large (development), m5.xlarge (production), c5.2xlarge (enterprise)
 - **Azure**: D2s v3 (development), D4s v3 (production), D8s v3 (enterprise)
 - **GCP**: e2-standard-4 (development), n2-standard-8 (production), c2-standard-8 (enterprise)
 ### Bare Metal Considerations
 - **CPU**: Intel Xeon Silver/Gold or AMD EPYC (minimum 4 physical cores)
 - **Memory**: ECC RAM recommended for production environments
 - **Storage**: SSD/NVMe for better I/O performance
 - **Network**: Dual NIC for redundancy, 10Gbps recommended
 ## Script Reference
 ### `wallarm-ct-check.sh`
 **Purpose**: System validation and preflight checks
 **Key Functions**:
 - OS compatibility verification (Ubuntu, CentOS, Debian)
 - Network connectivity testing (US/EU cloud endpoints)
 - Resource availability assessment
 - Docker installation checking
 - Environment file generation (`.env`)
 **Usage**:
 ```bash
 # Run check with default settings
 ./wallarm-ct-check.sh
 # Enable debug output
 DEBUG=1 ./wallarm-ct-check.sh
 # Disable SSL certificate validation (for self-signed certs)
 WALLARM_INSECURE_SSL=0 ./wallarm-ct-check.sh
 ```
 ### `wallarm-ct-deploy.sh`
 **Purpose**: Wallarm node deployment and configuration
 **Key Functions**:
 - Interactive configuration wizard
 - Docker engine installation (with VFS storage driver for LXC)
 - Artifact download with checksum verification
 - Wallarm container deployment
 - Nginx configuration with proper headers
 - Health check and deployment verification
 **Usage**:
 ```bash
 # Interactive deployment
 ./wallarm-ct-deploy.sh
 # Deployment with pre-filled environment
 WALLARM_TOKEN="your_token_here" ./wallarm-ct-deploy.sh
 # Skip preflight check verification (not recommended)
 SKIP_PREFLIGHT=1 ./wallarm-ct-deploy.sh
 ```
 ### `wallarm-ct-uninstall.sh`
 **Purpose**: Safe removal of Wallarm nodes
 **Key Functions**:
 - Interactive confirmation with safety checks
 - Container stopping and removal
 - Image cleanup
 - Configuration directory removal
 - Optional Docker binary cleanup
 **Usage**:
 ```bash
 # Interactive uninstallation
 ./wallarm-ct-uninstall.sh
 # Force removal without prompts (use with caution)
 FORCE=1 ./wallarm-ct-uninstall.sh
 # Remove Docker binaries (if no other containers exist)
 REMOVE_DOCKER=1 ./wallarm-ct-uninstall.sh
 ```
 ## Troubleshooting
 ### Common Issues
 #### 1. Preflight Check Fails
 ```bash
 # Check detailed errors
 cat .env
 # Verify network connectivity manually
 curl -I https://api.wallarm.com
 curl -I https://us1.api.wallarm.com
 # Check system compatibility
 uname -m
 cat /etc/os-release
 ```
 #### 2. Deployment Fails - Port Conflicts
 ```bash
 # Check for listening ports
 sudo ss -tlnp | grep ':80\|:90\|:8080'
 # Find process using port
 sudo lsof -i :80
 # Configure different ports during deployment
 ```
 #### 3. Wallarm Token Issues
 ```bash
 # Verify token format (should be base64)
 echo "your_token" | base64 -d 2>/dev/null | base64
 # Get new token from Wallarm Console
 # https://docs.wallarm.com/admin-en/installation-docker-en/
 ```
 #### 4. Docker Installation Problems
 ```bash
 # Check Docker service status
 sudo systemctl status docker
 # Verify Docker group membership
 groups $USER
 # Test Docker without sudo
 docker run --rm hello-world
 ```
 #### 5. Header Configuration Warnings
 Ensure your upstream firewall/load balancer includes:
 - `X-Real-IP: "$remote_addr"`
 - `X-Forwarded-For: "$proxy_add_x_forwarded_for"`
 - `X-Forwarded-Proto: "$scheme"`
 - `X-Forwarded-Host: "$host"`
 ### Log Files
 - **Preflight Check**: `~/logs/wallarm-check.log`
 - **Deployment**: `~/logs/wallarm-deployment.log`
 - **Container Logs**: `/opt/wallarm/<instance-name>/container.log`
 - **System Logs**: `/var/log/syslog` or `/var/log/messages`
 ## Security Considerations
 ### Network Security
 - Use firewall rules to restrict access to monitoring ports (default: 90, 190, 290, etc.)
 - Consider VPN or private networking for management interfaces
 - Implement rate limiting for ingress ports
 ### Access Control
 - Restrict `sudo` access to deployment scripts
 - Use separate service accounts for Wallarm containers
 - Implement proper secret management for Wallarm tokens
 ### Monitoring & Auditing
 - Enable Docker logging driver with rotation
 - Monitor container resource usage
 - Regular security updates for Docker and host OS
 ## Maintenance
 ### Regular Tasks
 1. **Log Rotation**: Configure logrotate for container logs
 2. **Docker Updates**: Periodically update Docker engine
 3. **Image Updates**: Check for new Wallarm node versions
 4. **Backup**: Regular backup of configuration directories
 ### Version Updates
 When updating Wallarm node version:
 1. Pull new image from GitLab or official registry
 2. Stop existing container
 3. Deploy new container with updated image
 4. Verify functionality before removing old container
 ## Disclaimer
 **IMPORTANT LEGAL NOTICE**
 This software is provided "AS IS", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In no event shall Sechpoint or its affiliates be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.
 ### No Responsibility Clause
 - Sechpoint assumes no responsibility for any harm, damage, or loss caused by the use of this software
 - Users are solely responsible for testing, validating, and securing their deployments
 - This software may contain bugs, security vulnerabilities, or compatibility issues
 - Use at your own risk and with appropriate professional oversight
 ### User Responsibilities
 1. **Testing**: Thoroughly test in non-production environments before deployment
 2. **Security**: Implement appropriate security controls and monitoring
 3. **Backup**: Maintain regular backups of configurations and data
 4. **Updates**: Keep the software and dependencies updated
 5. **Compliance**: Ensure usage complies with all applicable laws and regulations
 ### Support
 - This is an unsupported deployment tool
 - No official support, maintenance, or updates are guaranteed
 - Community contributions are welcome via GitLab repository
 ## Contributing
 Contributions to improve the Wallarm deployment system are welcome:
 1. Fork the repository on GitLab
 2. Create a feature branch
 3. Make changes with comprehensive testing
 4. Submit a merge request with description
 ## License
 Proprietary - See disclaimer section for usage terms.
 ## Contact & Support
 - **Repository**: https://git.sechpoint.app/customer-engineering/wallarm
 - **Issues**: Use GitLab issue tracker for bug reports
 - **Documentation**: [Wallarm Official Documentation](https://docs.wallarm.com/)
 ---
 *Last Updated: 2026-03-24*  
 *Version: 1.2*  
 *For use with Wallarm Node 6.11.0-rc1 and Docker 29.2.1*
--- a/wallarm-ct-check.sh
+++ b/wallarm-ct-check.sh
@ -54,7 +54,18 @@ else
    CURL_INSECURE_FLAG=""
 fi
-# Internal registry endpoints (from stealth deployment)
+# GitLab artifact URLs (primary source) - same as deployment script
 GITLAB_BASE_URL="https://git.sechpoint.app/customer-engineering/wallarm"
 GITLAB_RAW_URL="https://git.sechpoint.app/customer-engineering/wallarm/-/raw/main"
 GITLAB_DOCKER_BINARY_URL="${GITLAB_RAW_URL}/binaries/docker-29.2.1.tgz"
 GITLAB_WALLARM_IMAGE_URL="${GITLAB_RAW_URL}/images/wallarm-node-6.11.0-rc1.tar.gz"
 # Local artifact directories (relative to script location)
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 LOCAL_BINARY_DIR="${SCRIPT_DIR}/binaries"
 LOCAL_IMAGE_DIR="${SCRIPT_DIR}/images"
 # Internal registry endpoints (from stealth deployment) - fallback source
 INTERNAL_DOCKER_REGISTRY="https://deployment:elqXBsyT4BGXPYPeD07or8hT0Lb9Lpf@hub.ct.sechpoint.app"
 INTERNAL_DOCKER_DOWNLOAD="https://deployment:elqXBsyT4BGXPYPeD07or8hT0Lb9Lpf@ct.sechpoint.app"
 # Extracted hostnames (without credentials) for logging and error messages
@ -68,6 +79,7 @@ US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us
 # Global result tracking
 CHECK_RESULT="pass"
 CHECK_ERRORS=()
 GITLAB_REACHABLE="false"
 # ==============================================================================
 # LOGGING & ERROR HANDLING FUNCTIONS
@ -478,6 +490,16 @@ test_cloud_endpoints() {
 perform_network_tests() {
    log_message "INFO" "=== NETWORK CONNECTIVITY TESTING ==="
    # Test GitLab connectivity (primary artifact source)
    log_message "INFO" "Testing connectivity to GitLab artifact repository..."
    GITLAB_REACHABLE="false"
    if test_connectivity "$GITLAB_BASE_URL" "GitLab artifact repository"; then
        GITLAB_REACHABLE="true"
        log_message "SUCCESS" "GitLab artifact repository is reachable (primary source)"
    else
        log_message "WARNING" "GitLab artifact repository is not reachable - will use fallback sources"
    fi
    # Test US cloud endpoints
    local us_reachable
    us_reachable=$(test_cloud_endpoints "US" "${US_DATA_NODES[@]}")
@ -486,38 +508,90 @@ perform_network_tests() {
    local eu_reachable
    eu_reachable=$(test_cloud_endpoints "EU" "${EU_DATA_NODES[@]}")
-    # Test internal Docker registry
+    # Test internal Docker registry (fallback source)
    local registry_reachable="false"
-    if test_connectivity "$INTERNAL_DOCKER_REGISTRY" "Internal Docker Registry"; then
+    if test_connectivity "$INTERNAL_DOCKER_REGISTRY" "Internal Docker Registry (fallback)"; then
        registry_reachable="true"
    fi
-    # Test internal Docker download server
+    # Test internal Docker download server (fallback source)
    local download_reachable="false"
-    if test_connectivity "$INTERNAL_DOCKER_DOWNLOAD" "Internal Docker Download Server"; then
+    if test_connectivity "$INTERNAL_DOCKER_DOWNLOAD" "Internal Docker Download Server (fallback)"; then
        download_reachable="true"
    fi
-    # Check for local fallback resources
+    # Check for local fallback resources (multiple locations)
-    if [ "$download_reachable" = "false" ]; then
+    log_message "INFO" "Checking for local artifact fallback resources..."
-        log_message "INFO" "Checking for local Docker binary fallback..."
+    
-        if [ -n "$(ls docker-*.tgz 2>/dev/null)" ]; then
+    # Docker binary locations (priority: local binaries directory -> current directory)
-            log_message "SUCCESS" "Found local Docker binary: $(ls docker-*.tgz | head -1)"
+    local has_local_docker=false
-        else
+    local docker_sources=()
-            log_message "WARNING" "No local Docker binaries found"
+    
    # Check local binaries directory
    if [ -d "$LOCAL_BINARY_DIR" ]; then
        log_message "INFO" "Checking local binaries directory: $LOCAL_BINARY_DIR"
        local binary_files=$(ls "$LOCAL_BINARY_DIR"/*.tgz 2>/dev/null | head -5)
        if [ -n "$binary_files" ]; then
            log_message "SUCCESS" "Found local Docker binaries in $LOCAL_BINARY_DIR:"
            for file in $binary_files; do
                log_message "SUCCESS" "  - $(basename "$file")"
            done
            has_local_docker=true
            docker_sources+=("$LOCAL_BINARY_DIR/")
        fi
    fi
-    if [ "$registry_reachable" = "false" ]; then
+    # Check current directory
-        log_message "INFO" "Checking for local Wallarm image fallback..."
+    local current_docker_files=$(ls docker-*.tgz 2>/dev/null | head -5)
-        if [ -n "$(ls wallarm-node-*.tar 2>/dev/null)" ]; then
+    if [ -n "$current_docker_files" ]; then
-            log_message "SUCCESS" "Found local Wallarm image: $(ls wallarm-node-*.tar | head -1)"
+        log_message "SUCCESS" "Found local Docker binaries in current directory:"
-        else
+        for file in $current_docker_files; do
-            log_message "WARNING" "No local Wallarm images found"
+            log_message "SUCCESS" "  - $file"
        done
        has_local_docker=true
        docker_sources+=("current directory")
    fi
    if [ "$has_local_docker" = "false" ]; then
        log_message "WARNING" "No local Docker binaries found in $LOCAL_BINARY_DIR/ or current directory"
    else
        log_message "INFO" "Docker binary sources: ${docker_sources[*]}"
    fi
    # Wallarm image locations (priority: local images directory -> current directory)
    local has_local_wallarm=false
    local wallarm_sources=()
    # Check local images directory (prefers .tar.gz format)
    if [ -d "$LOCAL_IMAGE_DIR" ]; then
        log_message "INFO" "Checking local images directory: $LOCAL_IMAGE_DIR"
        local image_files=$(ls "$LOCAL_IMAGE_DIR"/*.tar.gz "$LOCAL_IMAGE_DIR"/*.tar 2>/dev/null | head -5)
        if [ -n "$image_files" ]; then
            log_message "SUCCESS" "Found local Wallarm images in $LOCAL_IMAGE_DIR:"
            for file in $image_files; do
                log_message "SUCCESS" "  - $(basename "$file")"
            done
            has_local_wallarm=true
            wallarm_sources+=("$LOCAL_IMAGE_DIR/")
        fi
    fi
-
+    # Check current directory (.tar.gz and .tar formats)
    local current_image_files=$(ls wallarm-node-*.tar.gz wallarm-node-*.tar 2>/dev/null | head -5)
    if [ -n "$current_image_files" ]; then
        log_message "SUCCESS" "Found local Wallarm images in current directory:"
        for file in $current_image_files; do
            log_message "SUCCESS" "  - $file"
        done
        has_local_wallarm=true
        wallarm_sources+=("current directory")
    fi
    if [ "$has_local_wallarm" = "false" ]; then
        log_message "WARNING" "No local Wallarm images found in $LOCAL_IMAGE_DIR/ or current directory"
    else
        log_message "INFO" "Wallarm image sources: ${wallarm_sources[*]}"
    fi
    echo "$us_reachable:$eu_reachable:$registry_reachable:$download_reachable"
 }
@ -610,30 +684,73 @@ main() {
    download_reachable=$(echo "$network_results" | cut -d: -f4)
    # Critical check: Need at least one source for Docker and Wallarm
-    if [ "$registry_reachable" = "false" ] && [ "$download_reachable" = "false" ]; then
+    # Priority: GitLab (primary) -> local files -> internal proxy (fallback)
    # If GitLab is reachable, we have our primary source
    if [ "$GITLAB_REACHABLE" = "true" ]; then
        log_message "SUCCESS" "GitLab artifact repository is reachable (primary source available)"
    else
        log_message "WARNING" "GitLab artifact repository is not reachable - checking fallback sources"
        # Check for local files in multiple locations
        local has_local_docker=false
        local has_local_wallarm=false
-        if [ -n "$(ls docker-*.tgz 2>/dev/null)" ]; then
+        # Check Docker binary locations
        if [ -d "$LOCAL_BINARY_DIR" ] && [ -n "$(ls "$LOCAL_BINARY_DIR"/*.tgz 2>/dev/null)" ]; then
            has_local_docker=true
            log_message "INFO" "Found local Docker binaries in $LOCAL_BINARY_DIR/"
        elif [ -n "$(ls docker-*.tgz 2>/dev/null)" ]; then
            has_local_docker=true
            log_message "INFO" "Found local Docker binaries in current directory"
        fi
-        if [ -n "$(ls wallarm-node-*.tar 2>/dev/null)" ]; then
+        # Check Wallarm image locations (support both .tar.gz and .tar)
        if [ -d "$LOCAL_IMAGE_DIR" ] && [ -n "$(ls "$LOCAL_IMAGE_DIR"/*.tar.gz "$LOCAL_IMAGE_DIR"/*.tar 2>/dev/null)" ]; then
            has_local_wallarm=true
            log_message "INFO" "Found local Wallarm images in $LOCAL_IMAGE_DIR/"
        elif [ -n "$(ls wallarm-node-*.tar.gz wallarm-node-*.tar 2>/dev/null)" ]; then
            has_local_wallarm=true
            log_message "INFO" "Found local Wallarm images in current directory"
        fi
-        if [ "$has_local_docker" = "false" ] || [ "$has_local_wallarm" = "false" ]; then
+        # Determine if we have sufficient resources
-            log_message "ERROR" "Critical: Neither internal registry nor download server reachable"
+        local has_sufficient_resources=true
-            log_message "ERROR" "No local Docker binary or Wallarm image found"
+        
-            add_error "Insufficient resources: Need network access to $DOCKER_REGISTRY_HOST or $DOCKER_DOWNLOAD_HOST, or local docker-*.tgz and wallarm-node-*.tar files"
+        if [ "$has_local_docker" = "false" ] && [ "$download_reachable" = "false" ]; then
            log_message "ERROR" "No Docker binary source available"
            log_message "ERROR" "  - GitLab unreachable: $GITLAB_BASE_URL"
            log_message "ERROR" "  - Local binaries not found in $LOCAL_BINARY_DIR/ or current directory"
            log_message "ERROR" "  - Internal download server unreachable: $DOCKER_DOWNLOAD_HOST"
            has_sufficient_resources=false
        fi
        if [ "$has_local_wallarm" = "false" ] && [ "$registry_reachable" = "false" ]; then
            log_message "ERROR" "No Wallarm image source available"
            log_message "ERROR" "  - GitLab unreachable: $GITLAB_BASE_URL"
            log_message "ERROR" "  - Local images not found in $LOCAL_IMAGE_DIR/ or current directory"
            log_message "ERROR" "  - Internal registry unreachable: $DOCKER_REGISTRY_HOST"
            has_sufficient_resources=false
        fi
        if [ "$has_sufficient_resources" = "false" ]; then
            add_error "Insufficient resources: Need at least one source for Docker and Wallarm artifacts.
 Possible sources:
 1. GitLab (primary): Ensure network access to $GITLAB_BASE_URL
 2. Local files: Place artifacts in:
   - Docker binary: $LOCAL_BINARY_DIR/docker-29.2.1.tgz or current directory
   - Wallarm image: $LOCAL_IMAGE_DIR/wallarm-node-6.11.0-rc1.tar.gz or current directory
 3. Internal proxy: Ensure network access to $DOCKER_DOWNLOAD_HOST and $DOCKER_REGISTRY_HOST"
        fi
    fi
    log_message "SUCCESS" "Network testing completed:"
    log_message "SUCCESS" "  GitLab Artifact Repository: $GITLAB_REACHABLE"
    log_message "SUCCESS" "  US Cloud Reachable: $us_reachable"
    log_message "SUCCESS" "  EU Cloud Reachable: $eu_reachable"
-    log_message "SUCCESS" "  Internal Registry Reachable: $registry_reachable"
+    log_message "SUCCESS" "  Fallback Registry Reachable: $registry_reachable"
-    log_message "SUCCESS" "  Internal Download Reachable: $download_reachable"
+    log_message "SUCCESS" "  Fallback Download Reachable: $download_reachable"
    # Phase 3: Write results
    log_message "INFO" "=== PHASE 3: WRITING RESULTS ==="
--- a/wallarm-ct-deploy.sh
+++ b/wallarm-ct-deploy.sh
@ -1551,7 +1551,7 @@ else
    exit 1
 fi
 EOF
-
+    
    sudo chmod +x "$start_script"
    log_message "SUCCESS" "Start script created: $start_script"
@ -1880,4 +1880,4 @@ if [ -z "$BASH_VERSION" ]; then
 fi
 # Run main function
-main "$@"
+main "$@"
--- a/wallarm-ct-deploy.sh.backup
+++ b/wallarm-ct-deploy.sh.backup