Nemesida WAF, Nemesida WAF API and Nemesida WAF Cabinet docker container deployment guide.
In the Docker container it is recommended to use version Nemesida WAF Free. For full version Nemesida AI machine training module to work a privileged mode is required, which is not safe in such an environment.
To deploy the Nemesida WAF Container one has to do the following:
1. Download the archive with Docker image, containing Nemesida WAF dynamic module and Nemesida AI.
2. Upload the image to Docker using the command:
# docker load < nwaf-dyn-latest.tar.gz
3. Create a directory for Nemesida WAF configuration files :
# mkdir /opt/nwaf/waf-config
4. Create file first-launch
in the configuration files directory:
# touch /opt/nwaf/waf-config/first-launch
5. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn/1.18
The container will terminate by creating a basic set of configuration files in the configuration files directory.
6. Edit the configuration files according to the instructions on page Nemesida WAF and Nemesida AI.
7. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn/1.18
where:
--rm
- container removal after closedown.-d
- container running in background mode.-v /opt/nwaf/waf-config:/nginx.configs
- mounting the directory with configuration files inside the container.
1. Download the archive with Docker image, containing Nemesida WAF dynamic module.
2. Upload the image to Docker using the command:
# docker load < nwaf-dyn-free-latest.tar.gz
3. Create a directory for Nemesida WAF configuration files :
# mkdir /opt/nwaf/waf-config
4. Create file first-launch
in the configuration files directory:
# touch /opt/nwaf/waf-config/first-launch
5. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn-free/1.18
The container will terminate by creating a basic set of configuration files in the configuration files directory.
6. Edit the configuration files according to the instructions on page Nemesida WAF.
7. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn-free/1.18
where:
--rm
- container removal after closedown.-d
- container running in background mode.-v /opt/nwaf/waf-config:/nginx.configs
- mounting the directory with configuration files inside the container.
1. Before updating Nemesida WAF image, verify if the container is running. To do this, view the container ID (CONTAINER ID column) using the command:
# docker ps -a
2. If the container is running, stop it using the command:
# docker stop /container ID/
3. With the container stopped, delete the image:
# docker image rm nwaf-dyn/1.18
4. Download the archive with Docker image, containing Nemesida WAF dynamic module and Nemesida AI. Upload the image to Docker using the command:
# docker load < nwaf-dyn-latest.tar.gz
5. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn/1.18
After the update, previous versions of the configuration files will be placed in old
subdirectory.
1. Before updating Nemesida WAF image, verify if the container is running. To do this, view the container ID (CONTAINER ID column) using the command:
# docker ps -a
2. If the container is running, stop it using the command:
# docker stop /container ID/
3. With the container stopped, delete the image:
# docker image rm nwaf-dyn-free/1.18
4. Download the archive with Docker image, containing Nemesida WAF dynamic module. Upload the image to Docker using the command:
# docker load < nwaf-dyn-free-latest.tar.gz
5. Run the container with Nemesida WAF image using the command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/waf-config:/nginx.configs -p 80:80 nwaf-dyn-free/1.18
After the update, previous versions of the configuration files will be placed in old
subdirectory.
1. Download the archive with Docker image, containing Nemesida WAF API and Nemesida WAF Cabinet modules.
2. Upload the image to Docker using the command:
# docker load < nwaf-api-cabinet-latest.tar.gz
3. Create two directories:
- For configuration files (for example,
api-cab-config
):# mkdir /opt/nwaf/api-cab-config
- For database (for example,
api-cab-base
):# mkdir /opt/nwaf/api-cab-base
4. Create file first-launch
in the configuration files directory:
# touch /opt/nwaf/api-cab-config/first-launch
5. Run the container with Nemesida WAF API image + Nemesida WAF Cabinet, using commands:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/api-cab-config:/nwaf-api -v /opt/nwaf/api-cab-base:/var/lib/postgresql -p 8080:8080 -p 8090:80 nwaf-api-cabinet
where:
--rm
- container removal after closedown.-d
- container running in background mode.-v /opt/nwaf/api-cab-config:/nwaf-api
- mounting the directory with configuration files inside the container.-v /opt/nwaf/api-cab-base:/var/lib/postgresql
- mounting the directory with database inside the container.-p 8080:8080
- container port8080
forwarding to the external port8080
.-p 8090:80
- container port80
forwarding to the external port8090
.
One can view the container ID using the command (CONTAINER ID column) :
# docker ps -a
6. Allow access to reading for all for the directory api-cab-config
:
# chmod -R 0555 /opt/nwaf/api-cab-config
7. Run the migration and account creation command and follow the script instructions:
# docker exec -ti /container ID/ bash -with "bash /opt/migrate.sh"
One can stop the container using the command:
# docker stop /ID контейнера/
8. Make changes to the configuration files according to the instructions on the documentation pages Nemesida WAF API and Nemesida WAF Cabinet.
9. To run the container, fulfill the following commands:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/api-cab-config:/nwaf-api -v /opt/nwaf/api-cab-base:/var/lib/postgresql -p 8080:8080 -p 8090:80 nwaf-api-cabinet
where:
--rm
- container removal after closedown.-d
- container running in background mode.-v /opt/nwaf/api-cab-config:/nwaf-api
- mounting the directory with configuration files inside the container.-v /opt/nwaf/api-cab-base:/var/lib/postgresql
- mounting the directory with database inside the container.- p 8080:8080 - container port
8080
forwarding to the external port8080
. -p 8090:80
- container port80
forwarding to the external port8090
.
# docker ps -a
2. If the container is running, stop it using the command:
# docker stop /ID контейнера/
3. With the container stopped, delete the image:
# docker image rm nwaf-api-cabinet
4. Download the archive with Docker image, containing modules Nemesida WAF API and Nemesida WAF Cabinet. Upload the image to Docker using the command:
# docker load < nwaf-api-cabinet-latest.tar.gz
5. Run the container with Nemesida WAF API image + Nemesida WAF Cabinet, using command:
# iptables -t filter -N DOCKER # docker run --rm -d -v /opt/nwaf/api-cab-config:/nwaf-api -v /opt/nwaf/api-cab-base:/var/lib/postgresql -p 8080:8080 -p 8090:80 nwaf-api-cabinet