Safous WAAP Installation

There are 2 component that need to be installed: App Gateway (similar as ZTA App Gateway) and WAAP module. The steps to install are as follows: 

  1. Confirm prerequisites are fulfilled
  2. Get installation Token from WAAP service in Admin Portal
  3. Install App Gateway for WAAP
  4. Install WAAP module

Confirm Prerequisite are Fulfilled

WAAP uses similar App gateway as ZTNA, so it share the same requirement for its gateway installation.

Server Specification

Parameter Guidelines    
Operating System
  • Ubuntu Server 22.04
  • Ubuntu Server 24.04
  • Red Hat Enterprise Linux 8 (Server package required)
  • Red Hat Enterprise Linux 9 (Server package required)
  • Rocky Linux 9.x
   
CPU Cores
  • 4 core as baseline
  • 1 additional core for every 30k users
   
RAM
  • 6 GB as baseline
  • 512 KB per additional user
   
Disk 60 GB    
Network Bandwidth 32 Kbps    

 

Internet connectivity to these domains & port

  • *.safous.com (443)
  • *.safous.cn (443)
  • *.ubuntu.com (80 & 443)
  • *.amazonaws.com (443)
  • *.bugsnag.com (443)

To ensure connectivity to those domains can work properly,

    • Enable those domains list on any firewall and WAF or any security service that might block domains 
    • For the domains with asterisk wildcard (*), please ensure that you have appropriate connectivity to all domains containing it, not just one specific domain.
    • Make sure that no proxies that being use to communicate to those domain from the App Gateway, which might leads terminates the TLS connection in between the installed App Gateway server and the destination resource. 
    • Basically, there shouldn't be any system can manipulate the traffic between the App Gateway and the Safous ZTNA PoP

Get Installation Token

  1. Login to Safous Admin Portal (https://portal.safous.com/), which you can refer to this link and go to Tenant > Services where you can find Get Token button
    waap-install-01

    Important Note!!
    Get Token button will be grey-out once you already installed all Auth Gateway as contracted

  2. Once you click Get Token button, it will pop-up the Safous Installation Token
    waap-install-02

Install App Gateway for WAAP

App Gateway Installation

  1. SSH to your virtual machine/host where you want to install the App Gateway. Please make sure to use a user with root privilege.
  2. Please copy the Safous Installation Token as <INSTALLATION_TOKEN> value, then execute this command
    TOKEN=<INSTALLATION_TOKEN>

    Important Note!!
    TOKEN only valid for 24 hours since it generated

  3. Download installer by executing this command
    curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/installer -o installer || echo 'Error'


  4. Run installation mechanism of App Gateway by executing this command
    sudo bash installer
  5. Once you run previous command for installation, it will ask series of input either it’s based on options or string-based input. The first one is to verify whether the domain that you will use is the right one or not (either using Safous domain or your owned domain). 


  6. If that’s the correct one, then just press enter, if it’s not the correct one please changes as the correct one 

  7. Next, it will get the necessary SSL certificate for your App Gateway 

  8. Once the installation system already got the certificate for App Gateway, depends on which Safous service domain that you use, it will give different option. These options will be available if you use xxx.waap.safous.com
    pop-option-new
      • Choose number 1, if it deployed in Japan
      • Choose number 2, if it deployed in Indonesia, Malaysia, Philippines, Thailand, or Vietnam 
      • Choose number 3, if it deployed in Other Location
  9. Next, it will ask to input password 
    • Enter a first-time password. Note that the requirements are:
      • At least 8 digits long
      • Have at least 1 upper case letter
      • Have at least 1 lower case letter
      • Have at least 1 symbol
    • Enter the password the second time


      Please keep this password. It may be needed for troubleshooting purpose by Safous Support Team.
  10. It will ask site name for App Gateway that will be deployed, please enter name you prefer 
           
        • If you’re deploying App Gateway for different site, ensure you’re using different name than the existing one 
        • If you’re deploying App Gateway for the same site to have HA functionality, ensure it use the same name

  11. Then the installer will check and ensure all package dependencies has been installed for App Gateway to running correctly 


  12. Next the installation will proceed to install package requirements and other configuration. Once it finished, you can see all checklist at the end of installation

Install WAAP Module 

  1. SSH to your virtual machine/host where you install the App Gateway. Please make sure to use a user with root privilege.
  2. Download installer by executing this command
    curl -s --fail -H "Authorization: Bearer $TOKEN" https://setup.safous.com/waap/installer -o waap-installer || echo 'Error'
  3. Run installation mechanism of App Gateway by executing this command
    sudo bash waap-installer
  4. Once you run previous command for installation, it will ask whether you want to run the installer automatically (recommended) or manually. If run automatically, then it will give you the generated DB password for root DB. If run manually, it will ask you to input the DB root password manually. 


  5. If that’s the correct one, then just press enter, if it’s not the correct one please changes as the correct one 
  6. Then the installer will check and ensure all package dependencies has been installed for WAAP mdoule to run correctly 
  7. Next the installation will proceed to install package requirements and other configuration. Once it finished, you can see all checklist at the end of installation
  8. After finish, go back to admin portal. Then activate the WAAP service by clicking the button "Activate". (PS: if it's failed in the first try, try again until it's activated)
    waap-install-03

Verification

Last procedure after you can see all checklist at the end of installation is to do first time verification of App Gateway that have been installed by conducting these:

  • Ensure you’re still on the App Gateway host SSH terminal
  • Run this command down below, which need to change <DOMAIN> with the domain parameter that you could find in the installation process:
    curl https://login.<DOMAIN>
  • If the App Gateway successfully installed, it will give output like this:
  • If the App Gateway installation is failed, it will give output like this:
  • Check in admin portal, Settings -> WAAP. If you can see menus regarding WAAP, then you have installed the WAAP module correctly.
    waap-insatll-04
  • If the expected menu or output does not show up, please contact support@safous.com right away to get help with Safous Support.