Installation


Requirements

Role Operating System Database
Primary Node CentOS/RHEL 7/8+, or Debian 9/10+, x86_64, with systemd and nftables PostgreSQL 9.3 / 9.4 / 9.5 / 9.6 / 10+ (10+ is preferred)
Replica Node CentOS/RHEL 7/8+, or Debian 9/10+, x86_64, with systemd and nftables Not required

Prepare nftables


nftables used for CC defense.

nftables is not installed for CentOS 7 by default, installation is required:

#yum -y install nftables
#systemctl enable nftables
#systemctl start nftables

nftables has been installed for CentOS 8, and as backend of firewalld, just enable firewalld:

#systemctl enable firewalld
#systemctl start firewalld

Now, you can view the ruleset through:

#nft list ruleset

If the rule is not empty, it may affect the effectiveness of the firewall policy. Assuming that the nftables rule is empty now, then continue.

Step 1: Download

$cd ~
$wget https://www.janusec.com/download/janusec-latest.tar.gz
$tar zxf ./janusec-latest.tar.gz

Step 2: Install

Switch to root and run install.sh , janusec application gateway will be installed to /usr/local/janusec/

$su
#cd janusec-0.9.xx
#./install.sh

Select 1. Primary Node, then it will:

  • copy files to /usr/local/janusec/
  • copy service file to system service directory
  • Enable Janusec Application Gateway as a system service, but not start it for the first time.

Step 3: Config

PostgreSQL is not included in release package, you should prepare database name and account.
Now we assume you have PostgreSQL installed already, and database name and account is ready, then edit /usr/local/janusec/config.json :

Primary Node (The First Node)

{
    “node_role”: “primary”,
    “primary_node”: {
        “database”: {
            “host”: “127.0.0.1”,
            “port”: “5432”,
            “user”: “your_postgresql_user”,
            “password”: “your_postgresql_password”,
            “dbname”: “janusec
        }
    },
    “replica_node”: {
        “node_key”: “”,
        “sync_addr”: ""
    }
}

  • “node_role”: “primary” ( fixed primary )
Replica Node (Optional)

Usually only one Primary Node is required for small scale web applications.
Replica Nodes is for large scale web applications, and need GSLB (Global Server Load Balance) of yourselves.
You must copy the node_key in web administration portal if you need replica nodes, and paste into the config.json of replica nodes.

{
    “node_role”: “replica”,
    “primary_node”: {
        “admin_http_listen”: “”,
        “admin_https_listen”: “”,
        “database”: {
            “host”: “”,
            “port”: “”,
            “user”: “”,
            “password”: “”,
            “dbname”: ""
        }
    },
    “replica_node”: {
        “node_key”: “produced_by_web_admin_in_primary_node”,
        “sync_addr”: “http://primary_ip/janusec-admin/api
    }
}

  • “node_role”: “replica” (fixed replica)
  • “node_key”: “produced_by_web_admin_in_primary_node” (produced by web admin)
  • “sync_addr”: “http://primary_ip/janusec-admin/api” (replace with the primary IP address)

Step 4: Start

#systemctl start janusec

Step 5: Test Installation

Open web browser such as Chrome, navigate with address:

http://your_primary_ip_address/janusec-admin/

This is the first administration address for Janusec Application Gateway.
Login with default username admin and password J@nusec123 .
You should change the password for security reasons.

©JANUSEC All Rights Reserved.      Contact: support#janusec.com    QQ Group: 776900157