Installation
      Back to home
      1. Support Center
      2. Safous WAAP Admin Guide
      3. Installation

      Safous WAAP Installation

      There are 2 component that need to be installed: App Gateway (similar as ZTA App Gateway) and WAAP module. The steps to install are as follows: 

      1. Confirm prerequisites are fulfilled
      2. Get installation Token from WAAP service in Admin Portal
      3. Install App Gateway for WAAP
      4. Install WAAP module

      Confirm Prerequisite are Fulfilled

      WAAP uses similar App gateway as ZTNA, so it share the same requirement for its gateway installation.

      Server Specification

      Parameter Guidelines    
      Operating System
      • Ubuntu Server 20.04
      • Ubuntu Server 22.04
      • Red Hat Enterprise Linux 8 (Server base Environment)
      		    
      CPU Cores
      • 4 core as baseline
      • 1 additional core for every 30k users
      		    
      RAM
      • 6 GB as baseline
      • 512 KB per additional user
      		    
      Disk 60 GB    
      Network Bandwidth 32 Kbps    

       

      Internet connectivity to these domains & port

      • *.docker.com (443)
      • *.docker.io (80 & 443)
      • *.github.com (80 & 443)
      • *.safous.com (443)
      • *.safous.cn (443)
      • *.githubusercontent.com (443)
      • sfs.to (80 & 443)
      • *.ubuntu.com (80 & 443)
      • *.amazonaws.com (443)
      • *.bugsnag.com (443)

      To ensure connectivity to those domains can work properly,

        • Enable those domains list on any firewall and WAF or any security service that might block domains 
        • For the domains with asterisk wildcard (*), please ensure that you have appropriate connectivity to all domains containing it, not just one specific domain.
        • Make sure that no proxies that being use to communicate to those domain from the App Gateway, which might leads terminates the TLS connection in between the installed App Gateway server and the destination resource. 
        • Basically, there shouldn't be any system can manipulate the traffic between the App Gateway and the Safous ZTNA PoP

      Get Installation Token

      1. Login to Safous Admin Portal (https://portal.safous.com/), which you can refer to this link and go to Tenant > Services where you can find Get Token button



        Important Note!!
        Get Token button will be grey-out once you already installed all Auth Gateway as contracted

      2. Once you click Get Token button, it will pop-up the Safous Installation Token

      Install App Gateway for WAAP

      App Gateway Installation

      1. SSH to your virtual machine/host where you want to install the App Gateway. Please make sure to use a user with root privilege.
      2. Please copy the Safous Installation Token as <INSTALLATION_TOKEN> value, then execute this command
        TOKEN=<INSTALLATION_TOKEN>

        Important Note!!
        TOKEN only valid for 24 hours since it generated

      3. Download installer by executing this command
        curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/installer -o installer || echo 'Error'


      4. Run installation mechanism of App Gateway by executing this command
        sudo bash installer
      5. Once you run previous command for installation, it will ask series of input either it’s based on options or string-based input. The first one is to verify whether the domain that you will use is the right one or not (either using Safous domain or your owned domain). 


      6. If that’s the correct one, then just press enter, if it’s not the correct one please changes as the correct one 

      7. Next, it will get the necessary SSL certificate for your App Gateway 

      8. Once the installation system already got the certificate for App Gateway, depends on which Safous service domain that you use, it will give different option. These options will be available if you use xxx.waap.safous.com
        pop-option-new
          • Choose number 1, if it deployed in Japan
          • Choose number 2, if it deployed in Indonesia, Malaysia, Philippines, Thailand, or Vietnam 
          • Choose number 3, if it deployed in Other Location
      9. Next, it will ask to input password 
        • Enter a first-time password. Note that the requirements are:
          • At least 8 digits long
          • Have at least 1 upper case letter
          • Have at least 1 lower case letter
          • Have at least 1 symbol
        • Enter the password the second time


          Please keep this password. It may be needed for troubleshooting purpose by Safous Support Team.
      10. It will ask site name for App Gateway that will be deployed, please enter name you prefer 
               
            • If you’re deploying App Gateway for different site, ensure you’re using different name than the existing one 
            • If you’re deploying App Gateway for the same site to have HA functionality, ensure it use the same name

      11. Then the installer will check and ensure all package dependencies has been installed for App Gateway to running correctly 


      12. Next the installation will proceed to install package requirements and other configuration. Once it finished, you can see all checklist at the end of installation

      Install WAAP Module 

      1. SSH to your virtual machine/host where you install the App Gateway. Please make sure to use a user with root privilege.
      2. Download installer by executing this command
        curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/waap/installer -o waap-installer || echo 'Error'
      3. Run installation mechanism of App Gateway by executing this command
        sudo bash waap-installer
      4. Once you run previous command for installation, it will ask whether you want to run the installer automatically (recommended) or manually. If run automatically, then it will give you the generated DB password for root DB. If run manually, it will ask you to input the DB root password manually. 


      5. If that’s the correct one, then just press enter, if it’s not the correct one please changes as the correct one 
      6. Then the installer will check and ensure all package dependencies has been installed for WAAP mdoule to run correctly 
      7. Next the installation will proceed to install package requirements and other configuration. Once it finished, you can see all checklist at the end of installation
      8. After finish, go back to admin portal. Then activate the WAAP service by clicking the button "Activate". (PS: if it's failed in the first try, try again until it's activated)

      Verification

      Last procedure after you can see all checklist at the end of installation is to do first time verification of App Gateway that have been installed by conducting these:

      • Ensure you’re still on the App Gateway host SSH terminal
      • Run this command down below, which need to change <DOMAIN> with the domain parameter that you could find in the installation process:
        curl https://login.<DOMAIN>
      • If the App Gateway successfully installed, it will give output like this:
      • If the App Gateway installation is failed, it will give output like this:
      • Check in admin portal, Setting -> WAAP. If you can see menus regarding WAAP, then you have installed the WAAP module correctly.
      • If the expected menu or output does not show up, please contact support@safous.com right away to get help with Safous Support.