A guide to using Nemesida WAF as Docker containers.

PostgreSQL Docker container deployment

To run a container with DBMS PostgreSQL, you need to do the following:

1. Download the image containing the DBMS PostgreSQL:

# docker pull postgres

2. Create a directory for DBMS PostgreSQL configuration files:

# mkdir -p /opt/nwaf/nwaf-db

3. Launch the container with the DBMS PostgreSQL image using the command:

# iptables -t filter -N DOCKER
# docker run --rm --name nwaf-db -v /opt/nwaf/nwaf-db:/var/lib/postgresql/data -e POSTGRES_PASSWORD=postgrespassword -p 5432:5432 -d postgres

where:

  • --rm – container removal after closedown;
  • --name – container name;
  • -e – superuser password for PostgreSQL access (required option);
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-db:/var/lib/postgresql/data – mounting the directory with configuration files inside the container;
  • -p 5432:5432 – container port 5432 forwarding to the external port 5432.

4. Stop the container with the DBMS PostgreSQL image to create a basic set of configuration files:

# docker stop /CONTAINER ID/

View the container ID using the command (CONTAINER ID column):

# docker ps -a

5. Allow external database connections by making changes to the file /opt/nwaf/nwaf-db/pg_hba.conf.

Example:

# IPv4 local connections:
host    all             all             10.1.1.0/24            md5

6. Access the container console by running the command:

# docker exec -ti /CONTAINER ID/ /bin/bash

View the container ID using the command (CONTAINER ID column):

# docker ps -a

7. Create a database, user and password to connect the Nemesida WAF Cabinet component:

Nemesida WAF API
# su - postgres -c "psql -c \"CREATE DATABASE waf;\""
# su - postgres -c "psql -c \"CREATE ROLE nw_api PASSWORD 'YOUR_PASSWORD';\""
# su - postgres -c "psql -c \"GRANT ALL ON DATABASE waf TO nw_api;\""
# su - postgres -c "psql -c \"ALTER ROLE nw_api WITH LOGIN;\""
# su - postgres -c "psql waf -c \"GRANT ALL ON ALL TABLES IN SCHEMA public TO nw_api;\""
# su - postgres -c "psql waf -c \"GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO nw_api;\""
# su - postgres -c "psql waf -c \"GRANT CREATE ON SCHEMA public TO nw_api;\""
Nemesida WAF Cabinet
# su - postgres -c "psql -c \"CREATE DATABASE cabinet;\""
# su - postgres -c "psql -c \"CREATE ROLE nw_cabinet PASSWORD 'YOUR_PASSWORD';\""
# su - postgres -c "psql -c \"GRANT ALL ON DATABASE cabinet TO nw_cabinet;\""
# su - postgres -c "psql -c \"ALTER ROLE nw_cabinet WITH LOGIN;\""
# su - postgres -c "psql cabinet -c \"GRANT ALL ON ALL TABLES IN SCHEMA public TO nw_cabinet;\""
# su - postgres -c "psql cabinet -c \"GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO nw_cabinet;\""
# su - postgres -c "psql cabinet -c \"GRANT CREATE ON SCHEMA public TO nw_cabinet;\""

Make sure that the containers nwaf-api, nwaf-cabinet and nwaf-scanner have access to the corresponding database with the command: psql -h <server_ip> -U <db_user> <database> from the container. When connecting, enter the password of the user of the corresponding database.

Image update
Before updating the DBMS PostgreSQL image, check whether the container is running. To do this, you need to look at the container ID (CONTAINER ID column) using the command:

# docker ps -a

If the container is running, stop it using the command:

# docker stop /container ID/

1. When the container is stopped, delete the image:

# docker image rm postgres

2. Download the image containing the DBMS PostgreSQL:

# docker pull postgres

3. Run the container with DBMS PostgreSQL using the command:

# iptables -t filter -N DOCKER
# docker run --rm --name nwaf-db -v /opt/nwaf/nwaf-db:/var/lib/postgresql/data -e POSTGRES_PASSWORD=postgrespassword -p 5432:5432 -d postgres

Nemesida WAF API Docker container deployment

Designed for all plans.

To deploy the Nemesida WAF API container, follow these steps:

1. Load the image containing the Nemesida WAF API modules:

# docker pull nemesida/nwaf-api

2. Create a directory for configuration files:

# mkdir -p /opt/nwaf/nwaf-api

3. Create file first-launch in the configuration files directory:

# touch /opt/nwaf/nwaf-api/first-launch

4. Run the container with Nemesida WAF API using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-api:/nwaf-api -p 8080:8080 nemesida/nwaf-api

5. Stop the container with the Nemesida WAF API image to create a basic set of configuration files:

# docker stop /container ID/

View the container ID using the command (CONTAINER ID column):

# docker ps -a

6. Install PostgreSQL on a separate server and create a database, user and password to connect the Nemesida WAF API component:

# su - postgres -c "psql -c \"CREATE DATABASE waf;\""
# su - postgres -c "psql -c \"CREATE ROLE nw_api PASSWORD 'YOUR_PASSWORD';\""
# su - postgres -c "psql -c \"GRANT ALL ON DATABASE waf TO nw_api;\""
# su - postgres -c "psql -c \"ALTER ROLE nw_api WITH LOGIN;\""
# su - postgres -c "psql waf -c \"GRANT ALL ON ALL TABLES IN SCHEMA public TO nw_api;\""
# su - postgres -c "psql waf -c \"GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO nw_api;\""
# su - postgres -c "psql waf -c \"GRANT CREATE ON SCHEMA public TO nw_api;\""

7. Allow external database connections by making changes to the pg_hba.conf file.

Example:

# IPv4 local connections:
host    all             all             10.1.1.0/24            md5

Be sure to check that the container has access to the created database by connecting to it with the command: psql -h <server_ip> -U nw_api waf from the container. When connecting, enter the password of nw_api user.

8. For directories nwaf-api allow read access for everyone:

# chmod -R 0555 /opt/nwaf/nwaf-api

9. Make changes to the configuration files according to the instructions in the Nemesida WAF API manual.

10. Run the container with Nemesida WAF API using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-api:/nwaf-api -p 8080:8080 nemesida/nwaf-api

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-api:/nwaf-api – mounting the directory with configuration files inside the container;
  • -p 8080:8080 – container port 8080 forwarding to the external port 8080.

If you have problems starting services after starting the container, add the --ulimit nofile=65536:65536 option to the container startup command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/nwaf-api:/nwaf-api -p 8080:8080 nemesida/nwaf-api

Image update
Before updating Nemesida WAF API image, verify if the container is runnung. To do this, view the container ID (CONTAINER ID column) using the command:

# docker ps -a

If the container is running, stop it using the command:

# docker stop /container ID/

1. With the container stopped, delete the image:

# docker image rm nemesida/nwaf-api

2. Load the image containing the Nemesida WAF API modules:

# docker pull nemesida/nwaf-api

3. Run the container with Nemesida WAF API using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-api:/nwaf-api -p 8080:8080 nemesida/nwaf-api

After the update, previous versions of the configuration files will be placed in old subdirectory.

Nemesida WAF Cabinet Docker container deployment

Designed for all plans.

To deploy the Nemesida WAF Cabinet container, follow these steps:

1. Load the image containing the Nemesida WAF Cabinet modules:

# docker pull nemesida/nwaf-cabinet

2. Create a directory for configuration files:

# mkdir -p /opt/nwaf/nwaf-cabinet

3. Create file first-launch in the configuration files directory:

# touch /opt/nwaf/nwaf-cabinet/first-launch

4. Run the container with Nemesida WAF Cabinet using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet

5. Stop the container with the Nemesida WAF Cabinet image to create a basic set of configuration files:

# docker stop /container ID/

View the container ID using the command (CONTAINER ID column):

# docker ps -a

6. Install PostgreSQL on a separate server and create a database, user and password to connect the Nemesida WAF Cabinet component:

# su - postgres -c "psql -c \"CREATE DATABASE cabinet;\""
# su - postgres -c "psql -c \"CREATE ROLE nw_cabinet PASSWORD 'YOUR_PASSWORD';\""
# su - postgres -c "psql -c \"GRANT ALL ON DATABASE cabinet TO nw_cabinet;\""
# su - postgres -c "psql -c \"ALTER ROLE nw_cabinet WITH LOGIN;\""
# su - postgres -c "psql cabinet -c \"GRANT ALL ON ALL TABLES IN SCHEMA public TO nw_cabinet;\""
# su - postgres -c "psql cabinet -c \"GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO nw_cabinet;\""
# su - postgres -c "psql cabinet -c \"GRANT CREATE ON SCHEMA public TO nw_cabinet;\""

7. Allow external connections to the database by making changes to the pg_hba.conf file.

Example:

# IPv4 local connections:
host    all             all             10.1.1.0/24            md5

Be sure to check that the container has access to the created database by connecting to it with the command: psql -h <server_ip> -U nw_cabinet cabinet from the container. When connecting, enter the password of nw_cabinet user.

8. For directories nwaf-cabinet allow read access for everyone:

# chmod -R 0555 /opt/nwaf/nwaf-cabinet

9. Make changes to the configuration files according to the instructions in the Nemesida WAF Cabinet manual.

10. Run the container with Nemesida WAF Cabinet using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet – mounting the directory with configuration files inside the container;
  • -p 8090:80 – container port 80 forwarding to the external port 8090.

If you have problems starting services after starting the container, add the --ulimit nofile=65536:65536 option to the container startup command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet

11. Run the migration and account creation command and follow the script instructions:

# docker exec -ti /container ID/ bash -c "bash /opt/migrate.sh"

View the container ID using the command (CONTAINER ID column):

# docker ps -a

Image update
Before updating Nemesida WAF Cabinet image, verify if the container is runnung. To do this, view the container ID (CONTAINER ID column) using the command:

# docker ps -a

If the container is running, stop it using the command:

# docker stop /container ID/

1. With the container stopped, delete the image:

# docker image rm nemesida/nwaf-cabinet

2. Load the image containing the Nemesida WAF Cabinet modules:

# docker pull nemesida/nwaf-cabinet

3. Run the container with Nemesida WAF Cabinet using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet

After the update, previous versions of the configuration files will be placed in old subdirectory.

Filtering node Docker container deployment

To deploy the filtering node container one has to do the following:

Commercial versionCommunity Edition

Currently, the image is only available with latest version of Nginx stable.

1. Load an image containing the dynamic module and Nemesida AI MLA:

# docker pull nemesida/nwaf-dyn

2. Create a directory for the dynamic module configuration files:

# mkdir -p /opt/nwaf/waf-config

3. Create file first-launch in the configuration files directory:

# touch /opt/nwaf/waf-config/first-launch

4. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn

The container will terminate by creating a basic set of configuration files in the configuration files directory.

5. Edit the configuration files according to the instructions.

6. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/waf-config:/nginx.configs – mounting the directory with configuration files inside the container.

If you have problems starting services after launching the docker container, add the --ulimit nofile=65536:65536 option to the container launch command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn

Currently, the image is only available with latest version of Nginx stable.

1. Load an image containing the dynamic module:

# docker pull nemesida/nwaf-dyn-ce

2. Create a directory for dynamic module configuration files:

# mkdir -p /opt/nwaf/waf-config

3. Create file first-launch in the configuration files directory:

# touch /opt/nwaf/waf-config/first-launch

4. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn-ce

The container will terminate by creating a basic set of configuration files in the configuration files directory.

5. Edit the configuration files according to the instructions.

6. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn-ce

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/waf-config:/nginx.configs – mounting the directory with configuration files inside the container.

If you have problems starting services after launching the docker container, add the --ulimit nofile=65536:65536 option to the container launch command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn

Image update
Commercial versionCommunity Edition

1. Before updating the image with a filtering node, verify if the container is running. To do this, view the container ID (CONTAINER ID column) using the command:

# docker ps -a

2. If the container is running, stop it using the command:

# docker stop /container ID/

3. With the container stopped, delete the image:

# docker image rm nemesida/nwaf-dyn

4. Load an image containing the dynamic module and Nemesida AI MLA:

# docker pull nemesida/nwaf-dyn

5. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn

After the update, previous versions of the configuration files will be placed in old subdirectory.

1. Before updating the image with a filtering node, verify if the container is running. To do this, view the container ID (CONTAINER ID column) using the command:

# docker ps -a

2. If the container is running, stop it using the command:

# docker stop /container ID/

3. With the container stopped, delete the image:

# docker image rm nemesida/nwaf-dyn-ce

4. Load an image containing the dynamic module:

# docker pull nemesida/nwaf-dyn-ce

5. Run the container with dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 -p 5672:5672 nemesida/nwaf-dyn-ce

After the update, previous versions of the configuration files will be placed in old subdirectory.

Nemesida AI MLC Docker container deployment

Used only in the commercial version of Nemesida WAF.

To deploy the Nemesida AI MLC container, follow these steps:

1. Download the image containing the Nemesida AI MLC module:

# docker pull nemesida/nwaf-mlc

2. Create a directory for Nemesida AI MLC configuration files:

# mkdir -p /opt/nwaf/mlc-config

3. In the configuration files directory, create the first-launch file:

# touch /opt/nwaf/mlc-config/first-launch

4. Launch the container with the Nemesida AI MLC image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/mlc-config:/nwaf_mlc.configs nemesida/nwaf-mlc

The container will finish its work on its own by creating a basic set of configuration files in the configuration files directory.

5. Edit the configuration files according to the instructions.

The values for the rmq_host parameter are stored in the configuration file of the container with the dynamic module /opt/waf/waf-config/rabbitmq_password.

6. Launch the container with the dynamic module image using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/mlc-config:/nwaf_mlc.configs nemesida/nwaf-mlc

where:

  • --rm – deleting the container after completion of work;
  • -d – running the container in the background;
  • -v /opt/nwaf/mlc-config:/nwaf_mlc.configs – mounting a directory with configuration files inside the container.

If you have problems starting services after launching the docker container, add the --ulimit nofile=65536:65536 option to the container launch command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/mlc-config:/nwaf_mlc.configs nemesida/nwaf-mlc

Image update

1. Before updating the Nemesida AI MLC image, check whether the container is running. To do this, you need to look at the container ID (CONTAINER ID column) using the command:

# docker ps -a

2. If the container is running, stop it using the command:

# docker stop /container ID/

3. When the container is stopped, delete the image:

# docker image rm nemesida/nwaf-mlc

4. Download the image containing the Nemesida AI MLC module:

# docker pull nemesida/nwaf-mlc

5. Run the container with Nemesida AI MLC using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/mlc-config:/nwaf_mlc.configs nemesida/nwaf-mlc

After the update, the previous versions of the configuration files will be placed in the old subdirectory.

Nemesida WAF Scanner Docker container deployment

Designed for the Enterprise plan.
For correct work of the Nemesida WAF Scanner module, you need to provide access to the web application bypassing the Nemesida WAF.

To deploy Nemesida WAF Scanner Docker container one has to do the following: 1. Load the image containing the Nemesida WAF Scanner:

# docker pull nemesida/nwaf-scanner

2. Create a directory for Nemesida WAF Scanner configuration files:

# mkdir -p /opt/nwaf/nwaf-scanner

3. Create file first-launch in the configuration files directory:

# touch /opt/nwaf/nwaf-scanner/first-launch

4. Run the container with Nemesida WAF Scanner using the command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-scanner/:/nwaf-scanner nemesida/nwaf-scanner

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-scanner:/nwaf-scanner – mounting the directory with configuration files inside the container.

The container will finish its work on its own by creating a basic set of configuration files in the configuration files directory.

5. Make changes to the configuration files according to the instructions on the documentation page Nemesida WAF Scanner.

View the container ID using the command (CONTAINER ID column):

# docker ps -a

6. Stop the container with the Nemesida WAF API modules and the Nemesida WAF Cabinet with the command:

# docker stop /container ID/

7. Make changes to the configuration files for connecting to database of modules Nemesida WAF API and the Nemesida WAF Cabinet modules to interact with Nemesida WAF Scanner:

  • In file /opt/nwaf/api-cab-config/postgresql/main/postgresql.conf:
listen_addresses = '*'
  • In file /opt/nwaf/api-cab-config/postgresql/main/pg_hba.conf:
host    all             all             10.1.1.0/24            md5

8. Run the container with Nemesida WAF API, Nemesida WAF Cabinet and Nemesida WAF Scanner, using commands:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet – mounting the directory with configuration files inside the container;
  • -p 8090:80 – container port 80 forwarding to the external port 8090.
# docker run --rm -d -v /opt/nwaf/nwaf-scanner/:/nwaf-scanner nemesida/nwaf-scanner

where:

  • --rm – container removal after closedown;
  • -d – container running in background mode;
  • -v /opt/nwaf/nwaf-scanner:/nwaf-scanner – mounting the directory with configuration files inside the container.

If you have problems starting services after launching the docker container, add the --ulimit nofile=65536:65536 option to the container launch command.

Example:

# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/nwaf-cabinet:/nwaf-cabinet -p 8090:80 nemesida/nwaf-cabinet
# docker run --rm --ulimit nofile=65536:65536 -d -v /opt/nwaf/nwaf-scanner/:/nwaf-scanner nemesida/nwaf-scanner

9. To start the scan process, run the command:

docker exec -ti /container ID/ bash -c "/usr/bin/nws"

Image update
1. Before updating Nemesida WAF Scanner image, verify if the container is running. To do this, view the container ID (CONTAINER ID column) using the command:

# docker ps -a

2. If the container is running, stop it using the command:

# docker stop /container ID/

3. With the container stopped, delete the image:

# docker image rm nemesida/nwaf-scanner

4. Load the image containing the Nemesida WAF Scanner modules:

# docker pull nemesida/nwaf-scanner

5. Run the container with Nemesida WAF Scanner, using command:

# iptables -t filter -N DOCKER
# docker run --rm -d -v /opt/nwaf/nwaf-scanner/:/nwaf-scanner nemesida/nwaf-scanner 

Docker container deployment using Docker Compose
To deploy containers with Filtering node, Nemesida AI MLC, Nemesida WAF API, Nemesida WAF Cabinet and Nemesida WAF Cabinet, you must perform the following steps:

1. Install the Docker Compose;

2. Download the docker-compose.yml file with launch parameters;

3. Create directories for Nemesida WAF config files relative to loaded docker-compose.yml:

# mkdir -p /opt/nwaf/{waf-config,mlc-config,nwaf-api,nwaf-cabinet,nwaf-scanner,nwaf-db}

4. Create a first-launch file in the configuration file directories:

# touch /opt/nwaf/{waf-config,mlc-config,nwaf-api,nwaf-cabinet,nwaf-scanner}/first-launch

5. Run Docker Compose using the commands:

# iptables -t filter -N DOCKER
# docker-compose up --build -d

6. For directories nwaf-api and nwaf-cabinet allow read access for everyone:

# chmod -R 0555 /opt/nwaf/nwaf-api
# chmod -R 0555 /opt/nwaf/nwaf-cabinet

7. Perform migrations and create users for the Nemesida WAF Cabinet modules:

# docker-compose exec nwaf-cabinet "/bin/bash" "/opt/migrate.sh"

8. Stop Docker Compose:

# docker-compose down

9. Make changes to the configuration files according to the instructions on the documentation pages Dynamic module, Nemesida AI MLC, Nemesida WAF API, Nemesida WAF Cabinet and Nemesida WAF Scanner.

10. Run Docker Compose using the commands:

# iptables -t filter -N DOCKER
# docker-compose up -d

If you have problems starting services after starting containers, then make changes to docker-compose.yml by adding the ulimits section to the appropriate section of the desired container.

Example:

  nwaf-dyn:
    image: nemesida/nwaf-dyn
    container_name: nwaf-dyn
    ports:
      - 80:80
      - 5672:5672
    volumes:
      - /opt/nwaf/waf-config:/nginx.configs
    ulimits:
      nofile:
        soft: "65536"
        hard: "65536"

Docker container deployment using Kubernetes
To deploy containers with Filtering node, Nemesida AI MLC, Nemesida WAF API, Nemesida WAF Cabinet and Nemesida WAF Scanner, you must perform the following steps:

1. Install the Kubernetes;

2. Download the kubernetes-compose.yml file with launch parameters;

3. Create directories for Nemesida WAF config files relative to loaded kubernetes-compose.yml:

# mkdir -p /opt/nwaf/{waf-config,mlc-config,nwaf-api,nwaf-cabinet,nwaf-scanner,nwaf-db}

4. Create a first-launch file in the configuration file directories:

# touch /opt/nwaf/{waf-config,mlc-config,nwaf-api,nwaf-cabinet,nwaf-scanner}/first-launch

5. Run Kubernetes using the commands:

# kubectl apply -f kubernetes-compose.yml

6. For directories nwaf-api and nwaf-cabinet allow read access for everyone:

# chmod -R 0555 /opt/nwaf/nwaf-api
# chmod -R 0555 /opt/nwaf/nwaf-cabinet

7. Perform migrations and create users for the Nemesida WAF Cabinet modules:

# kubectl exec -ti /container name/ -- /bin/bash -c "/opt/migrate.sh"

View the container name (Name column) using the command:

# kubectl get pods

8. Make changes to the configuration files according to the instructions on the documentation pages Dynamic module, Nemesida AI MLC, Nemesida WAF API, Nemesida WAF Cabinet and Nemesida WAF Scanner.

For the components to work correctly, it is recommended to change the standard port used by the Nemesida WAF Cabinet. To do this, make the appropriate changes to the configuration file /opt/nwaf/nwaf-cabinet/nginx/cabinet.conf and, if necessary, to the file kubernetes-compose.yml with startup parameters.

9. Run Kubernetes using the commands:

# kubectl apply -f kubernetes-compose.yml

The containers will be deleted and automatically replaced with new ones.