Operating System

Operating System should be x86_64 and one of the following:

  • Debian 9/10/11+ (Debian 10+ is preferred)
  • CentOS 7/8+
  • RHEL 7/8+


Please make sure the time is correct, time zone may be any.

Service Management

systemd is used for Service Management , check :

command -v systemctl

(Expect result: /usr/bin/systemctl)


Use psql to check PostgreSQL Connection:

psql -h -U janusec -W janusec

If not OK, refer to Operation Management , PostgreSQL part.

Check version within PSQL Shell:

select version();

The version shall be greater than 10.


Server encoding should be UTF8 .


netstat -anp | grep LISTEN | grep ':\(80\|443\)\s'

Janusec will use 80/443 , if other program occupied thest ports, you shoud change it before installation of Janusec.

If listen=true in config.json, Janusec will use 9080/9443 also, used for internal management.

netstat -anp | grep LISTEN | grep ':\(9080\|9443\)\s'

When enabling GSLB and DNS servers, the gateway also needs to use TCP/UDP 53 port. Please confirm whether the port is occupied and whether the firewall policy is permitted:

netstat -anp | grep ':53\s'


Domain should point to the IP address of the application gateway.
When the application is to be migrated, you can first use the hosts method to point the domain name to the gateway, and then modify the DNS point after the debugging is passed.


If the ACME automatic certificate is used, the corresponding domain name is required to be accessible by Internet users (test domain name in the hosts will not work), which is used for the callback verification of the certificate authority.
And, single node is required, replica nodes will not support ACME automatic certificates.

Nodes Sync

In order to sync correctly, requires:

  • Replica node use the correct time, error less than 60 seconds.
  • The node_key in /usr/local/janusec/config.json is the same with Node Management.


Log file is under /usr/local/janusec/log/


Please make sure nftables works well and there are no redundant rules that affect JANUSEC. Refer to Installation.

After JANUSEC started, the rules is like this:

[root@CentOS8]# nft list table inet janusec -a
table inet janusec { # handle 20
	set blocklist { # handle 2
		type ipv4_addr
		flags timeout

	chain input { # handle 1
		type filter hook input priority 0; policy accept;
		@nh,96,32 @blocklist drop # handle 3

If your IP was blocked during the test, the firewall rules can be cleared (the follow-up will still be triggered normally):

nft flush ruleset

Or reduce the block time on the WAF/CC configuration.

More Information

If all above are OK, you can stop the janusec service, and switch to run it under console, to view more output:

#systemctl stop janusec
#cd /usr/local/janusec

If error found, you can sent to the bottom email, or submit an issue on https://github.com/Janusec/janusec/issues


Operating System

Linux is preferred.
Console debug only for other operating systems.
The release script (release.sh) support Linux only.


Different configuration files used, ./config.json for development , and /usr/local/janusec/config.json for deployment .


At least Go 1.16+ .


git clone https://github.com/Janusec/janusec.git

©JANUSEC All Rights Reserved.      Contact: support#janusec.com    QQ Group: 776900157