Installing the WAPT Server on Debian Linux


The upgrade procedure is different from installation. For upgrade, please refer to Upgrading the WAPT Server.

Installing the WAPT Server runs a few steps:

  • configuring the repositories;
  • installing additional Linux packages;
  • installing and provisioning the PostgreSQL database;
  • post-configuring the WAPT Server;

Configuring DEB repositories and installing WAPT and PostgreSQL packages


The WAPT Server packages and repository are signed by Tranquil IT and it is necessary to get the gpg public key below in order to avoid warning messages during installation.


  • If you subscribed to WAPT Enterprise do not use that repo but the Enterprise repository provided in your documentation.
apt-get update && apt-get upgrade
apt-get install apt-transport-https lsb-release
wget -O -  | apt-key add -
echo  "deb $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list


During installation, you may be asked for the Kerberos realm. Just press Enter to skip this step.

Installing the WAPT Server Debian packages:

apt-get update
apt-get install tis-waptserver tis-waptrepo tis-waptsetup



For post-configuration to work properly, you must first have properly configured the hostname of the WAPT server. To check hostname configuration use the command echo $(hostname) which must return the hostname that will be used by WAPT agents on client computers.


This post-configuration script must be run as root.

  • run the script:

  • click on Yes to run the postconf script:

    do you want to launch post configuration tool?
           < yes >          < no >
  • enter the password for the SuperAdmin account of the WAPT Server (minimum 10 caracters);

    Please enter the wapt server password (min. 10 characters)
            < OK >          < Cancel >
  • confirm the password;

    Please enter the server password again:
            < OK >          < Cancel >
  • choose the authentication mode for the initial registering of the WAPT agents;

    • choice #1 allows to register computers without authentication (same method as WAPT 1.3). The WAPT server registers all computers that ask;

    • Choice #2 activates the initial registration based on Kerberos. Check only if you have followed the documentation on configuring Kerberos authentication for Debian;

    • choice #3 does not activate the Kerberos authentication mechanism for the initial registering of machines equipped with WAPT. The WAPT server will require a login and password for each machine registering with it;

      WaptAgent Authentication type?
      (*) 1 Allow unauthenticated registration, same behavior as wapt 1.3
      ( ) 2 Enable kerberos authentication required for machines registration. Registration will ask for password if kerberos not available
      ( ) 3 Disable Kerberos but registration require strong authentication
                                                         < OK >          < Cancel >
  • select OK to start WAPT Server;

    Press OK to start waptserver
           < OK >
  • select Yes to configure Nginx;

    Do you want to configure nginx?
       < Yes >        < No >
  • enter the FQDN of the WAPT Server;

    FQDN for the WAPT server (eg.
          < OK >          < Cancel >
  • select OK and a self-signed certificate will be generated, this step may take a long time …

    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time

Nginx is now configured, select OK to restart Nginx:

The Nginx config is done.
We need to restart Nginx?

       < OK >

The post-configuration is now finished.

Postconfiguration completed.
Please connect to https://wapt.mydomain.lan/ to access the server.

                 < OK >

Listing of post-configuration script options:

Flag Definition
–force-https Configures Nginx so that port 80 is permanently redirected to 443


It is advisable to activate Kerberos authentication if your network requires a high level of security (see Enable Kerberos Configuration). The Kerberos authentication answers security problems addressed in this section of the documentation. If you are just testing WAPT, you may pass this step of the documentation.

The post-configuration script generates a self-signed certificate. If you prefer, you may replace it with a commercial certificate or a certificate issued by a Trusted internal Certificate Authority.

The WAPT Server is now ready.

You may go to the documentation on installing the WAPT console!!