# ThreatZone OnPremise Installation Guide ## ThreatZone On-Premise Installation Manual ### Prerequisites * Ubuntu 22.04 LTS server * Root or sudo access * Internet connectivity to * - for Docker & Kubernetes images * - for Threat.Zones necessary files for OS Images & Snapshots. * APT Repositories - need some packages for installation - E.g rpcsvc-proto, libunbound8 etc. - from official Ubuntu mirrors. * Pip repositories - need some packages for installation - E.g fastapi uvicorn python-multipart etc. ### Installation Steps #### 1. Run Installation Script ```bash sudo ./start.sh ``` #### 2. User Inputs Required **Proxy Configuration (Optional)** ``` Do you want to configure proxy settings? (y/n): ``` * **y**: Continue to proxy setup * **n**: Skip proxy configuration If **y** selected: ``` Enter proxy host/IP: [IP_ADDRESS] Enter proxy port: [PORT_NUMBER] Is this correct? (y/n): ``` * Enter proxy server IP/hostname (e.g., `192.168.1.100` or `proxy.company.com`) * Enter proxy port (1-65535, e.g., `3128`, `8080`) * Confirm configuration **Example:** ``` Enter proxy host/IP: 116.203.244.19 Enter proxy port: 3128 Is this correct? (y/n): y ``` **File Replacement Confirmations** During proxy configuration, the script may find existing configuration files. You'll see prompts like: ``` File /etc/apt/apt.conf.d/99proxy already exists! Current content: ---------------------------------------- Acquire::http::Proxy "http://old.proxy.com:8080/"; Acquire::https::Proxy "http://old.proxy.com:8080/"; ---------------------------------------- New content to be replaced: ---------------------------------------- Acquire::http::Proxy "http://proxy.company.com:3128/"; Acquire::https::Proxy "http://proxy.company.com:3128/"; ---------------------------------------- Do you want to replace this file? (y/n): ``` **Recommendations:** * **y**: Replace with new proxy settings (recommended for new installations) * **n**: Keep existing configuration (use if you have custom settings) **Note:** Original files are automatically backed up with timestamps (e.g., `99proxy.backup.20250804_143022`) **Server IP Address** ``` IP Address you want to server Threat.Zone: [EXTERNAL_IP] ``` * Enter the external IP address where ThreatZone will be accessible * This IP will be used for SSL certificates and service configuration **Examples:** * Public IP: `203.0.113.45` * Private network IP: `192.168.1.100` * Domain name: `threatzone.company.com` (if DNS is configured) **Important:** Use the IP/domain that users will access ThreatZone from **SSL Certificate Configuration** ``` Do you want to use your own certificate? (y/n): ``` If **y** selected: ``` TLS key file path: [PATH_TO_KEY] TLS crt file path: [PATH_TO_CRT] ``` * Provide full path to your private key file * Provide full path to your certificate file **Examples:** ``` TLS key file path: /home/admin/ssl/server.key TLS crt file path: /home/admin/ssl/server.crt ``` **Requirements:** * Files must exist and be readable * Key file should be unencrypted * Certificate should match the server IP/domain entered earlier If **n** selected: * Self-signed certificate will be generated automatically using the provided IP address * Certificate will be valid for 365 days * Browser will show security warnings (normal for self-signed certificates) ### Installation Process After user inputs, the script will: 1. Configure system proxy settings (if enabled) 2. Install Docker and configure proxy 3. Install K3s Kubernetes 4. Deploy all ThreatZone services 5. Configure networking and certificates 6. Start all required components ### Post-Installation * Reboot server when installation completes * Access ThreatZone via: `https://[EXTERNAL_IP]` ### Notes * Installation takes 30-60 minutes depending on network speed * All services will auto-start after reboot * Proxy settings apply system-wide if configured ### Troubleshooting #### Common Issues **Invalid Proxy Port** ``` [ERROR] Invalid port number. Please enter a valid port (1-65535). ``` **Solution:** Enter a numeric port between 1-65535 (common ports: 3128, 8080, 1080) **Missing Certificate Files** ``` cp: cannot stat '/path/to/cert.crt': No such file or directory ``` **Solution:** Verify certificate file paths exist and are accessible **File Permission Errors** **Solution:** Ensure running script with `sudo` for system file modifications #### Configuration File Locations After installation, proxy settings are stored in: * `/etc/apt/apt.conf.d/99proxy` - APT package manager * `/etc/profile.d/proxy.sh` - Shell environment * `/etc/systemd/system/docker.service.d/http-proxy.conf` - Docker daemon * `/etc/systemd/system/containerd.service.d/http-proxy.conf` - Containerd daemon * `/etc/systemd/system/k3s.service.env` - Kubernetes * `/etc/environment` - System-wide environment variables * `/threatzone/threatzone_proxy_config` - Passed proxy host & port is stored here #### Backup Files All replaced configuration files are backed up with timestamps: * Format: `filename.backup.YYYYMMDD_HHMMSS` * Location: Same directory as original file * Use these to restore previous settings if needed --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.malwation.com/threatzone/threatzone-onpremise-installation-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.