Diagnose


Deployment


Operating System

Operating System should be x86_64 and one of the following:

  • Debian 9/10/11+ (Debian 10+ is preferred)
  • CentOS 7/8+
  • RHEL 7/8+

Time

Please make sure the time is correct, time zone may be any.

Service Management

systemd is used for Service Management , check :

command -v systemctl

(Expect result: /usr/bin/systemctl)

PostgreSQL

Use psql to check PostgreSQL Connection:

psql -h 127.0.0.1 -U janusec -W janusec

If not OK, refer to Operation Management , PostgreSQL part.

Check version within PSQL Shell:

select version();

The version shall be greater than 10.

show SERVER_ENCODING;

Server encoding should be UTF8 .

Ports

netstat -anp | grep LISTEN | grep ':\(80\|443\)\s'

Janusec will use 80/443 , if other program occupied thest ports, you shoud change it before installation of Janusec.

If listen=true in config.json, Janusec will use 9080/9443 also, used for internal management.

netstat -anp | grep LISTEN | grep ':\(9080\|9443\)\s'

When enabling GSLB and DNS servers, the gateway also needs to use TCP/UDP 53 port. Please confirm whether the port is occupied and whether the firewall policy is permitted:

netstat -anp | grep ':53\s'

DNS

Domain should point to the IP address of the application gateway.
When the application is to be migrated, you can first use the hosts method to point the domain name to the gateway, and then modify the DNS point after the debugging is passed.

Certificate

If the ACME automatic certificate is used, the corresponding domain name is required to be accessible by Internet users (test domain name in the hosts will not work), which is used for the callback verification of the certificate authority.
And, single node is required, replica nodes will not support ACME automatic certificates.

Nodes Sync

In order to sync correctly, requires:

  • Replica node use the correct time, error less than 60 seconds.
  • The node_key in /usr/local/janusec/config.json is the same with Node Management.

Log

Log file is under /usr/local/janusec/log/

nftables

Please make sure nftables works well and there are no redundant rules that affect JANUSEC. Refer to Installation.

After JANUSEC started, the rules is like this:

[root@CentOS8]# nft list table inet janusec -a
table inet janusec { # handle 20
	set blocklist { # handle 2
		type ipv4_addr
		flags timeout
	}

	chain input { # handle 1
		type filter hook input priority 0; policy accept;
		@nh,96,32 @blocklist drop # handle 3
	}
}

If your IP was blocked during the test, the firewall rules can be cleared (the follow-up will still be triggered normally):

nft flush ruleset

Or reduce the block time on the WAF/CC configuration.

More Information

If all above are OK, you can stop the janusec service, and switch to run it under console, to view more output:

#systemctl stop janusec
#cd /usr/local/janusec
#./janusec

如果发现有错误输出,可通过QQ群(776900157)反馈。
If error found, you can sent to the bottom email, or submit an issue on https://github.com/Janusec/janusec/issues

Development


Operating System

Linux is preferred.
Console debug only for other operating systems.
The release script (release.sh) support Linux only.

PostgreSQL

Different configuration files used, ./config.json for development , and /usr/local/janusec/config.json for deployment .

Golang

At least Go 1.16+ .

Code

git clone https://github.com/Janusec/janusec.git

©JANUSEC All Rights Reserved.      Contact: support#janusec.com    QQ Group: 776900157