Skip to content

Deployment Overview of Haltdos Community WAF on Server

Prerequisites and Basic Requirements

To deploy the Haltdos Community WAF, the following system requirements must be met:

  • Operating System: Ubuntu (compatible with apt package manager).

  • Privileges: Root access or sudo privileges are required for installation and configuration.

  • Domain: A valid domain name is required for the FQDN, specifically under the hostkey.in zone.

  • Ports: Ports 80 and 443 must be available for the reverse proxy and SSL certificate validation.

  • Docker: Docker Engine must be installed and running on the host system.

FQDN of the Final Panel

The fully qualified domain name (FQDN) for the Haltdos Community WAF panel follows the format <prefix><Server ID>.hostkey.in. Based on the configuration, the prefix is haltdos.

  • Format: haltdos<Server ID>.hostkey.in

  • Zone: hostkey.in

  • Access Port: 443 (HTTPS)

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • /root/nginx: Contains the Docker Compose configuration for the Nginx proxy and Certbot.

  • /root/nginx/compose.yml: The Docker Compose file defining the Nginx service.

  • /etc/nginx/sites-available/haltdos.conf: The Nginx virtual host configuration file.

  • /etc/nginx/sites-enabled/haltdos.conf: Symbolic link to the enabled virtual host.

  • /etc/letsencrypt/live/haltdos<Server ID>.hostkey.in/: Directory containing the SSL certificate and private key.

  • /data/nginx/user_conf.d/: Directory for user-specific Nginx configurations.

  • /data/nginx/nginx-certbot.env: Environment file for the Nginx-Certbot container.

Application Installation Process

The Haltdos Community WAF is installed using the official setup script provided by the developer. The installation process involves the following steps:

  1. Navigate to the /root directory.

  2. Download the setup script from https://binary.haltdos.com/community/waf/setup.sh.

  3. Execute the script to install the application.

The installation command sequence is as follows: 

cd /root
curl -s -k -o setup.sh https://binary.haltdos.com/community/waf/setup.sh
chmod +x setup.sh
./setup.sh

Access Rights and Security

Security measures implemented during deployment include:

  • Firewall: Ports 80 and 443 are utilized for external access. Any existing services or containers occupying these ports are stopped prior to deployment.

  • SSL/TLS: Let's Encrypt is used to obtain and manage SSL certificates automatically.

  • Nginx Configuration: The Nginx reverse proxy is configured to enforce HTTPS by redirecting HTTP traffic (port 80) to HTTPS (port 443).

  • Docker Network: The Nginx proxy container runs in host network mode to directly access host ports.

Docker Containers and Their Deployment

The deployment utilizes Docker containers for the Nginx reverse proxy and Let's Encrypt certificate management. The configuration is defined in a Docker Compose file located at /root/nginx/compose.yml.

The Docker Compose configuration includes:

  • Service Name: nginx

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Volumes:

  • nginx_secrets mapped to /etc/letsencrypt

  • /data/nginx/user_conf.d mapped to /etc/nginx/user_conf.d

To start the container stack, the following command is executed: 

docker compose up -d
This command is run from the /root/nginx directory.

Proxy Servers

Nginx is configured as a reverse proxy to handle incoming traffic on ports 80 and 443.

  • HTTP (Port 80): Redirects all traffic to HTTPS.

  • HTTPS (Port 443): Handles SSL termination and proxies requests to the internal Haltdos service.

  • Internal Proxy Target: The Nginx configuration proxies requests to https://127.0.0.1:9000.

  • SSL Certificates: Managed by Let's Encrypt, stored in /etc/letsencrypt/live/.

  • SSL Protocols: TLSv1.2 and TLSv1.3 are enabled.

The Nginx configuration file is located at /etc/nginx/sites-available/haltdos.conf and includes the following proxy headers:

  • Host

  • X-Real-IP

  • X-Forwarded-For

  • X-Forwarded-Proto

Permission Settings

File and directory permissions are set as follows during the deployment:

  • /root/nginx: Mode 0755, owned by root:root.

  • /root/nginx/compose.yml: Mode 0644, owned by root:root.

  • /etc/nginx/sites-available/haltdos.conf: Mode 0644.

  • /etc/nginx/sites-enabled/haltdos.conf: Symbolic link to the available configuration.

Location of Configuration Files and Data

Key configuration files and data locations are:

  • Nginx Virtual Host: /etc/nginx/sites-available/haltdos.conf

  • Docker Compose: /root/nginx/compose.yml

  • SSL Certificates: /etc/letsencrypt/live/haltdos<Server ID>.hostkey.in/

  • Nginx Environment: /data/nginx/nginx-certbot.env

  • User Configs: /data/nginx/user_conf.d/

Available Ports for Connection

The following ports are configured for external and internal communication:

  • Port 80: HTTP (Redirects to HTTPS).

  • Port 443: HTTPS (Primary access for the Haltdos panel).

  • Port 9000: Internal communication between Nginx and the Haltdos service (not exposed externally).

  • Port 3000: Internal port referenced in some configuration contexts, though the active Nginx proxy targets port 9000.

Starting, Stopping, and Updating

Service management commands for the deployed components are as follows:

Nginx Service:

  • Start: systemctl start nginx

  • Stop: systemctl stop nginx

  • Restart: systemctl restart nginx

  • Enable on Boot: systemctl enable nginx

Docker Containers (Nginx-Certbot):

  • Start/Restart: docker compose up -d (run from /root/nginx)

  • Stop: docker compose down (run from /root/nginx)

  • View Logs: docker compose logs -f (run from /root/nginx)

Haltdos Application: The Haltdos application is managed via the installation script. Updates or reinstallation require re-running the official setup script: 

cd /root
./setup.sh

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×