Installation
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Installation

      App Gateway Installation for Custom Domain

      Before proceeding with the installation of the App Gateway with a custom domain (non-Safous domain name), there are several things that need to be ensured from the customer side:

      1. Domain Name to be Used
        • If you have a domain that is specifically being used for the Safous service and no other records are added to the domain, then you can use it directly with a wildcard (e.g., *.new-dom-company.com).
        • If the domain that you use already has subdomain records (e.g., www.company.com, app.company.com, etc.), then you must create a wildcard record with another suffix that hasn't been used, e.g., *.ztna.company.com.
      2. License to be Used
        • License will be provided in the delivery document
        • Please ensure that subdomain in the license is matched with subdomain that you want.
      3. SSL Certificate to be Used
        • The SSL certificate must be a wildcard type and verified by a public authority.
        • The SSL certificate must have the same value/record for the CN (Common Name) and DNS (Subject Alternative Name).
        • DNS in the certificate must matches with subdomain in the license. For example, if subdomain in the license is *.ztna.company.com, then DNS value in the certificate must be *.ztna.company.com. Please check this article for the explanation of this rule. 
        • The SSL certificate must use a full chain certificate, where the first certificate is the server certificate, the second one is the intermediate certificate, and the third one is the root certificate.

      Installation:

      1. Ensure you have already added these CNAME records in your public DNS management. If the domain that you want to use for your custom tenant domain is ztna.company.com, then you need to add these records as an example (*note: if your tenant is in China, please use tcp.ztna.safous.cn instead for the content).
        *.ztna.company.com.               IN      CNAME   tcp.ztna.safous.com.


      2. Login to Safous Admin Portal (https://portal.safous.com/), which you can refer to this link and go to Tenant > Services where you can find Get Token button


      3. Once you click Get Token button, it will pop-up the Safous Installation Token


      4. Please copy the Safous Installation Token as <INSTALLATION_TOKEN> value, then execute this command
        TOKEN=<INSTALLATION_TOKEN>

        Important Note!!
        TOKEN only valid for 24 hours since it generated

      5. Download installer by executing this command
        curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/installer -o installer || echo 'Error'
      6. Run installation of App Gateway by executing this command
        sudo bash installer
      7. Once you run the previous command for installation, it will ask for a series of inputs, either option-based or string-based. The first input is to verify whether the domain you will use is the correct one (either using the Safous domain or your own domain). If you are using your own domain, it will ask you to place your SSL certificate and key in a specific directory path. *Note: you need to provide a Wildcard SSL if using your own domain.


      8. If you haven't placed the SSL certificate and key, please cancel the installation and place it correctly. If it's done, type "Y" and press enter on your keyboard


      9. Once the installation system already detect the certificate for App Gateway,these options will be available to choose: 
          • Choose number 1, if it deployed in Indonesia
          • Choose number 2, if it deployed in Japan
          • Choose number 3, if it deployed in Vietnam
          • Choose number 4, if it deployed other than Indonesia, Japan & Vietnam  
      10. Then the installer will ask for the License key that you received in the delivery documents from the Safous team.


      11. Next, it will ask to input password 
        • Enter a first-time password. Note that the requirements are:
          • At least 8 digits long
          • Have at least 1 upper case letter
          • Have at least 1 lower case letter
          • Have at least 1 symbol
        • Enter the password the second time


      12. It will ask site name for App Gateway that will be deployed, please enter name you prefer 
        • If you’re deploying App Gateway for different site, ensure you’re using different name than the existing one
        • If you’re deploying App Gateway for the same site to have HA functionality, ensure it use the same name


      13. Then the installer will check and ensure that all package dependencies have been installed for the App Gateway to run correctly.


      14. Next, the installation will proceed to install the package requirements and other configurations. Once it is finished, you will see all the checklists at the end of the installation.

       

       

      Verification

      The final procedure, after you see all the checklists at the end of the installation, is to perform the first-time verification of the App Gateway that has been installed by conducting the following steps:

      • Ensure you’re still on the App Gateway host SSH terminal
      • Run this command down below, which need to change <DOMAIN> with the domain parameter that you could find in the installation process:
        curl https://login.<DOMAIN>
      • If the App Gateway successfully installed, it will give output like this:
      • If the App Gateway installation is failed, it will give output like this:
      • If the output resembles success example, your app gateway installation is finished and you can create your new user to login to user portal (check this link)
      • If the output resembles the failed example, please contact support@safous.com right away to get help from Safous Support.