Installation
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Installation

      App Gateway Installation for Custom Domain

      Before proceeding with the installation of App Gateway installation with custom domain (non Safous domain name), there are several thing need to be ensure from the customer side:

      1. Domain name that will be use
        • If you have domain that specifically being used for Safous service and no other record that added to the domain, then you can use directly with wildcard (e.g. *.new-dom.com)
        • If the domain that you use is already have sub domain record (e.g. www.domain.com , app.domain.com , etc), then you need to create wildcard record with another suffix that haven't been used for Safous service (e.g. *.ztna.domain.com)
      2. SSL Certificate that will be use
        • SSL certificate must be wildcard type and verified by public authority
        • SSL certificate has the same value/record for CN (common name) and DNS (Subject Alternative Name)
        • SSL certificate must use fullchain certificate, where the first cert is the server cert, the second one is the parent and the third one is the root

       

       

      Installation:

      1. Ensure you already added these CNAME record in you public DNS management. If the domain that you want to use for you custom tenant domain is ztna.company.com, then you need to add these record as example (*note: if your tenant in china, please use tcp.ztna.safous.cn instead for the content)
        *.ztna.company.com.               IN      CNAME   tcp.ztna.safous.com.


      2. Login to Safous Admin Portal (https://portal.safous.com/), which you can refer to this link and go to Tenant > Services where you can find Get Token button


      3. Once you click Get Token button, it will pop-up the Safous Installation Token


      4. Please copy the Safous Installation Token as <INSTALLATION_TOKEN> value, then execute this command
        TOKEN=<INSTALLATION_TOKEN>

        Important Note!!
        TOKEN only valid for 14 days since it generated

      5. Download installer by executing this command
        curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/installer -o installer || echo 'Error'


      6. Run installation mechanism of App Gateway by executing this command
        sudo bash installer


      7. Once you run previous command for installation, it will ask series of input either it’s based on options or string-based input. The first one is to verify whether the domain that you will use is the right one or not (either using Safous domain or your owned domain). If it's using your owned domain, it will asked you to place your SSL certificate and key in specific directory path (*note: you need to provide Wildcard SSL if using own domain)


      8. If you haven't placed the SSL certificate and key, please cancel the installation and place it correctly. If it's done, type "Y" and press enter on your keyboard


      9. Once the installation system already detect the certificate for App Gateway,these options will be available to choose: 
          • Choose number 1, if it deployed in Indonesia
          • Choose number 2, if it deployed in Japan
          • Choose number 3, if it deployed in Vietnam
          • Choose number 4, if it deployed other than Indonesia, Japan & Vietnam  


      10. Then the installer will asked the License key that you got in delivery documents from Safous team


      11. Next, it will ask to input password 
        • Enter a first-time password. Note that the requirements are:
          • At least 8 digits long
          • Have at least 1 upper case letter
          • Have at least 1 lower case letter
          • Have at least 1 symbol
        • Enter the password the second time


      12. It will ask site name for App Gateway that will be deployed, please enter name you prefer 
            • If you’re deploying App Gateway for different site, ensure you’re using different name than the existing one 
            • If you’re deploying App Gateway for the same site to have HA functionality, ensure it use the same name


      13. Then the installer will checked and ensuring all package dependencies has been installed for App Gateway to running correctly 


      14. Next the installation will proceed to install package requirements and other configuration. Once it finished, you can see all checklist at the end of installation

       

       

      Verification

      Last procedure after you can see all checklist at the end of installation is to do first time verification of App Gateway that have been installed by conducting these:

      • Ensure you’re still on the App Gateway host SSH terminal
      • Run this command down below, which need to change <DOMAIN> with the domain parameter that you could find in the installation process:
        curl https://login.<DOMAIN>

         

      • If the App Gateway successfully installed, it will give output like this:
      • If the App Gateway installation is failed, it will give output like this:
      • If the output resembles success example, your app gateway installation is finished and you could create your new user to login to user portal by refer to this link

      • If the output resembles failed example, please contact support@safous.com right away to get help with Safous Support.