Installing WAPT Server on Ubuntu¶
Setting up the GNU/Linux Ubuntu server¶
In order to install a fresh Ubuntu Linux server 20.04 LTS Focal Fossa (physical or virtual) please refer to the Ubuntu GNU/Linux Installation Guide.
Warning
Install 64bit version.
Install the server without the graphical user interface.
Only LTS version are supported by WAPT.
Danger
Nginx is the ONLY supported web server for WAPT. Apache on Linux is no longer supported in WAPT.
Configuring network parameters¶
The different parameters presented below are not specific to WAPT; you may adapt them as required for your environment.
Modify the following files in order to get a proper naming (FQDN) and network addressing strategy.
In the following example:
Configuring the name of the WAPT Server¶
Hint
The short name of the WAPT Server must not be longer than 15 characters (the limit is due to sAMAccountName restriction in Active Directory).
The name of the WAPT Server must be a FQDN, that is to say it has both the server name and the DNS suffix.
Modify the
/etc/hostnamefile and write the FQDN of the server.# /etc/hostname of the WAPT server srvwapt.mydomain.lanConfigure the
/etc/hostsfile, be sure to put both the FQDN and the short name of the server.# /etc/hosts of the WAPT server 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.10 srvwapt.mydomain.lan srvwapt
Hint
On the line defining the DNS server IP address, be sure to have the IP of the server (not 127.0.0.1), then the FQDN, then the short name.
Do not change the line with localhost.
Configuring the IP address of the WAPT server¶
Configure the IP address of the WAPT Server in
/etc/network/interfaces.# /etc/network/interfaces of the WAPT server auto eth0 iface eth0 inet static address 10.0.0.10 netmask 255.255.255.0 gateway 10.0.0.254
Apply the network configuration by rebooting the machine with a
reboot.reboot
If it has not already been done, create the DNS entry for the WAPT Server in the Organization’s Active Directory.
After reboot, configure the system language in English in order to have non-localized logs for easier searching of common errors.
apt install locales-all -y localectl set-locale LANG=en_US.UTF-8 localectl status
Check whether the NTP service is installed, started and whether the time is correct.
dpkg -l | grep ntp service ntp status date
Hint
If the NTP package is not installed.
apt install ntp -y
systemctl enable ntp
systemctl start ntp
Update your Ubuntu.
apt update && apt upgrade
Install systemd.
apt install systemd -y
Install certificate authorities shipped with Mozilla’s browser.
apt install ca-certificates
Reboot the server.
reboot
The Ubuntu server is now ready. You may now go on to the next step and install WAPT on your Ubuntu.
Attention
The upgrade procedure is different from installation. For upgrade, please refer to the documentation on upgrading the WAPT Server.
Installing the WAPT Server requires a few steps:
Configuring the repositories.
Installing additional Linux packages.
Installing and provisioning the PostgreSQL database.
Post-configuring the WAPT Server.
Note
The WAPT Server packages and repository are signed by Tranquil IT and it is necessary to get the gpg public key below in order to avoid warning messages during installation.
Configuring DEB repository¶
The configuration of repositories for WAPT Enterprise and WAPT Discovery Edition differs. Make sure to choose the right one!
Discovery¶
Important
Follow this procedure for getting the right packages for the WAPT Discovery Edition. For WAPT Enterprise Edition please refer to the next block.
Note
Not Available as of 2024-01-09.
WAPT Discovery will be release later. For the free version, refer to wapt-1.8 documentation https://www.wapt.fr/en/doc-1.8/
Enterprise¶
Important
Follow this procedure for getting the right packages for the WAPT Enterprise Edition. For WAPT Discovery Edition please refer to the previous block.
Install
apt-transport-httpsfor the use of https.apt install apt-transport-https lsb-release gnupg -y
Retrieve the .gpg key and add Tranquil IT’s repository.
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg | apt-key add - echo "deb https://srvwapt-pro.tranquil.it/entreprise/debian/wapt-2.0/ $(lsb_release -c -s) main" > /etc/apt/sources.list.d/wapt.list
Create
wapt.confin/etc/apt/auth.conf.dto store your login information.
Hint
Replace user and password to access WAPT Enterprise repository, with those provided by our sales department.
cat > /etc/apt/auth.conf.d/wapt.conf <<EOF
machine srvwapt-pro.tranquil.it
login user
password password
EOF
Apply the correct ACLs on
wapt.conf.chmod 600 /etc/apt/auth.conf.d/wapt.conf
Installing the WAPT Server packages¶
export DEBIAN_FRONTEND=noninteractive
apt update
apt install tis-waptserver tis-waptsetup
unset DEBIAN_FRONTEND
Post-configuring¶
Attention
For post-configuration to work properly, you must first have properly configured the hostname of the WAPT server. To check, use the command echo $(hostname) which must return the DNS address that will be used by WAPT agents on client computers.
Warning
The post-configuration script rewrites the nginx configuration.
If you use a special configuration, save your wapt.conf file with the command :
cp /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-available/wapt.conf.old
It will be necessary to overwrite the configuration after the post-configuration with the command :
cp /etc/nginx/sites-available/wapt.conf.old /etc/nginx/sites-available/wapt.conf
Hint
This post-configuration script must be run as root.
Run the script.
/opt/wapt/waptserver/scripts/postconf.sh
Click on Yes to run the postconf script.
do you want to launch post configuration tool?
< yes > < no >
Choose a password for the SuperAdmin account of the WAPT server (minimum length is 10 characters).
Please enter the wapt server password (min. 10 characters)
*****************
< OK > < Cancel >
Confirm the password.
Please enter the server password again:
*****************
< OK > < Cancel >
Choose the authentication mode for the initial registering of the WAPT agents:
Choice #1 allows to register computers without authentication. The WAPT server registers all computers that ask to be registered.
Choice #2 activates the initial registration based on kerberos (you can activate it later).
Choice #3 does not activate the kerberos authentication mechanism for the initial registering of machines equipped with WAPT. The WAPT server will require a login and a password for each machine registering with it.
WaptAgent Authentication type? -------------------------------------------------------------------------- ( ) 1 Allow unauthenticated registration ( ) 2 Enable kerberos authentication required for machines registration. Registration will ask for password if kerberos not available (x) 3 Disable kerberos but registration require strong authentication -------------------------------------------------------------------------- < OK > < Cancel >
Select OK to start WAPT Server.
Press OK to start waptserver
< OK >
Select Yes to configure Nginx.
Do you want to configure nginx?
< Yes > < No >
Fill in the FQDN of the WAPT server.
FQDN for the WAPT server (eg. wapt.example.com)
---------------------------------------------
wapt.mydomain.lan
---------------------------------------------
< OK > < Cancel >
Select OK and a self-signed certificate will be generated, this step may take a long time.
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.......................................+...............................+...
Nginx is now configured, select OK to restart Nginx:
The Nginx config is done.
We need to restart Nginx?
< OK >
The post-configuration is now finished.
Postconfiguration completed.
Please connect to https://wapt.mydomain.lan/ to access the server.
< OK >
Listing of post-configuration script options:
Options |
Description |
|---|---|
|
Configures Nginx so that port 80 is permanently redirected to 443 |
The server is now ready. You may go to the documentation on installing the WAPT console.