customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wallarm/container-deployment/install_app2.sh
SechPoint 14dadd0735 Initial commit of Wallarm deployment toolkit
2026-03-11 12:03:08 +00:00

120 lines
No EOL
3.7 KiB
Bash
Raw Blame History

#!/bin/bash
# ==============================================================================
# Wallarm PoC: Multi-Instance Safe Deployer (Podman/Docker)
# ==============================================================================
# --- Instance Configuration ---
NODE_NAME="wallarm-01"
TRAFFIC_PORT="8000"
MONITOR_PORT="9000"
# --- UPSTREAM SETTINGS ---
UPSTREAM_IP="10.0.0.14" # Internal Application IP
UPSTREAM_PORT="6042" # Internal Application Port
# --- CLOUD SETTINGS ---
TOKEN="YOUR_NODE_TOKEN_HERE"
REGION="EU" # US or EU
# --- Colors ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
echo -e "${YELLOW}🔍 PHASE 0: Pre-Flight Connectivity Checks...${NC}"
# 1. Root Check
[[ $EUID -ne 0 ]] && { echo -e "${RED}❌ ERROR: Run as root.${NC}"; exit 1; }
# 2. Specific Upstream Port Check
echo -n "Verifying connectivity to $UPSTREAM_IP on port $UPSTREAM_PORT... "
if ! timeout 3 bash -c "cat < /dev/null > /dev/tcp/$UPSTREAM_IP/$UPSTREAM_PORT" 2>/dev/null; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}❌ ERROR: The VM cannot reach the application on port $UPSTREAM_PORT.${NC}"
echo -e "${YELLOW}Action: Ask the bank's Network Team to open egress to $UPSTREAM_IP:$UPSTREAM_PORT.${NC}"
exit 1
else
echo -e "${GREEN}OK${NC}"
fi
# 3. Wallarm Cloud Check
API_HOST=$( [[ "$REGION" == "US" ]] && echo "us1.api.wallarm.com" || echo "api.wallarm.com" )
if ! curl -s --connect-timeout 5 "https://$API_HOST" > /dev/null; then
echo -e "${RED}❌ ERROR: Cannot reach Wallarm Cloud ($API_HOST). Check Proxy settings.${NC}"
exit 1
fi
# --- PHASE 1: Engine Setup ---
if [ -f /etc/redhat-release ]; then
ENGINE="podman"
dnf install -y epel-release
dnf install -y podman podman-docker podman-compose wget curl
systemctl enable --now podman.socket
# Open OS Firewalld for incoming traffic
firewall-cmd --permanent --add-port=$TRAFFIC_PORT/tcp
firewall-cmd --permanent --add-port=$MONITOR_PORT/tcp
firewall-cmd --reload
elif [ -f /etc/debian_version ]; then
ENGINE="docker"
apt update && apt install -y docker.io docker-compose wget curl
systemctl enable --now docker
else
echo -e "${RED}❌ Unsupported OS${NC}"; exit 1
fi
COMPOSE_CMD=$([[ "$ENGINE" == "podman" ]] && echo "podman-compose" || echo "docker-compose")
# --- PHASE 2: Instance Workspace ---
INSTANCE_DIR="/opt/wallarm/$NODE_NAME"
mkdir -p "$INSTANCE_DIR"
# Generate Nginx Config using the specific Upstream Port
cat <<EOF > "$INSTANCE_DIR/nginx.conf"
server {
listen 80;
wallarm_mode monitoring;
location / {
proxy_pass http://$UPSTREAM_IP:$UPSTREAM_PORT;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
server {
listen 90;
location /wallarm-status {
wallarm_status on;
allow all;
}
}
EOF
# Compose File with SELinux ( :Z ) flag
cat <<EOF > "$INSTANCE_DIR/conf.yml"
version: '3.8'
services:
$NODE_NAME:
image: docker.io/wallarm/node:4.10-latest
container_name: $NODE_NAME
restart: always
ports:
- "$TRAFFIC_PORT:80"
- "$MONITOR_PORT:90"
environment:
- WALLARM_API_TOKEN=$TOKEN
- WALLARM_API_HOST=$API_HOST
volumes:
- ./nginx.conf:/etc/nginx/http.d/default.conf:ro,Z
EOF
# --- PHASE 3: Launch ---
echo -e "${YELLOW}🚀 Launching Wallarm Instance...${NC}"
cd "$INSTANCE_DIR"
$COMPOSE_CMD -f conf.yml up -d
echo -e "\n${GREEN}✅ DEPLOYMENT COMPLETE${NC}"
echo -e "External Port: $TRAFFIC_PORT -> Internal: $UPSTREAM_IP:$UPSTREAM_PORT"
echo -e "View real-time logs: $ENGINE logs -f $NODE_NAME"
Reference in a new issue View git blame Copy permalink