Download and Installation

Downloading and Installing the Collector

The following are the prerequisites for the HTTPS Collector:

TLS settings should be enabled.
The server should be accessible by Fully Qualified Domain Name (FQDN).
TLS certificate for the FQDN of the server where the collector is installed must be provided in config.yaml (See below)
It is highly recommended to install the HTTPS collector in the same network/VPC as the agents
Multiple collectors can be installed behind a load balancer for high availability and fault tolerance

Using existing docker container

The Sealights Collector can be found at the following DockerHub link: https://hub.docker.com/r/sealights/on-prem-collector

docker pull sealights/on-prem-collector

Create your own Collector Image

Download the Collector Binaries and Unzip :

wget -nv https://agents.sealights.co/collector/0.59.0/collector.zip
unzip -oq collector.zip

#curl tool can also be used
#curl -L "https://agents.sealights.co/collector/0.59.0/collector.zip" --output collector.zip

If you have a limitation accessing the endpoint agents.sealights.co and are limited to your specific server DNS, then you can also get the agent from https://{company}.sealights.co/agents/collector/{version}/collector.zip

Replace {company} with your company DNS prefix and {version} with the specific version you want to use.

Create a Dockerfile:

FROM alpine:latest
WORKDIR /collector
COPY collector collector
CMD ["./collector","serve"]

Build the Image:

docker build -t sealights/on-prem-collector .

Configuration

The following is a sample configuration that can be used to run the HTTPS Collector using Docker:

Create a file called config.yaml with the following sample content (See Configuration File Reference below for all available parameters)

collector:
  serverUrl: https://mycompany.sealights.co
  token: eyJh...
  port: 16500
  logLevel: info
  enableNYCCollector: true
  nycCollectorUploadInterval: 5

tls:
  enabled: true
  certFile: "path/to/certificate.pem"
  keyFile: "path/to/key.pem"

web:
  disable: false
  maxCalls: 0
  maxCallSize: -1

The config.yaml file should be placed in the collector's folder, or in a subfolder called config
Run the HTTPS collector in your container orchestration platform with the configuration file you set up For instancem, running it using Docker:

docker run -it --rm -v $(pwd)/config.yaml:/collector/config.yaml -v $(pwd)/<certFileName>:/collector/<certFileName> -v $(pwd)/<certKeyFileName>:/collector/<certKeyFileName> -p 80:80 -p 8080:8080 -p 16500:16500 sealights/on-prem-collector:latest

Open https://<ServerFQDN>:16500 in your browser and if everything worked as expected you should be redirected to your Sealights Dashboard.
You should see the Collector entry in the Cockpit > Live Agents Monitor

Enabling Proxy functionality (Optional)

When the collector needs to serve other agents' functionalities like config and scan commands (besides coverage collection), you must enable its proxy service according to the additional settings below. Please notice the port must be different from the collector service. For example below, port 16501 for proxy versus port 16500 for collector.

proxy:
  port: 16501
  logLevel: info

Configuration File Reference

# Collector Configuration
collector:
#  Required Configurations
# 1. serverUrl: The URL of Sealights Backend. (e.g. https://your-name.sealights.co)
# Environment Variables: SL_SERVER
  serverUrl: <Server Host>
# 2. token: The Sealights Authentication token.
# Environment Variables: SL_TOKEN
  token: <Token>

#  Optional Configurations
# 3. host: The host name of the collector. Default is 0.0.0.0
# Environment Variables: SL_HOST
  host: "0.0.0.0"
# 4. port: The port number of the collector. Default is 16500
# Environment Variables: SL_PORT
  port: 16500
# 5. proxyUrl: The URL of the proxy server (for both http and https). Default is empty
# Environment Variables: SL_PROXY
  proxyUrl: ""
# 6. prefix: The prefix of the collector path. Default is empty
# Environment Variables: SL_PREFIX
  prefix: ""
# 7. logLevel: The log level of the collector. Default is info,
# Available options: debug, info, warn, error
# Environment Variables: SL_LOG_LEVEL
  logLevel: info
# 8. InsecureSkipVerify: Skip SSL certificate verification. Default is false
# Environment Variables: SL_INSECURE
  insecureSkipVerify: true
# 9. enableNYCCollector: Enable the NYC collector. Default is false
# Environment Variables: SL_NYC_COLLECTOR
  enableNYCCollector: false
# 10. nycCollectorUploadInterval: The interval in seconds to upload the NYC data. Default is 60
# Environment Variables: SL_NYC_COLLECTOR_UPLOAD_INTERVAL
  nycCollectorUploadInterval: 5
# 11. disableTokenValidation: Disable the auth token validation. Default is false
# Environment Variables: SL_DISABLE_TOKEN_VALIDATION
  disableTokenValidation: false
# 12. Collector OTEL configuration
  otel:
#   12.1. Enable OTEL metrics export. Default is false
#   Environment Variables: SL_OTEL_ENABLED
    enabled: false
#   12.2. Service name for metrics. Default is "sl-collector"
#   Environment Variables: SL_OTEL_SERVICE_NAME
    serviceName: "sl-collector"
#   12.3. OTLP gRPC endpoint (e.g., otel-collector.prod.mycompany.net:4317). Required if enabled
#   Environment Variables: SL_OTEL_ENDPOINT
    endpoint: ""
#   12.4. Metrics export interval (e.g., 30s, 1m). Default is 60s
#   Environment Variables: SL_OTEL_EXPORT_INTERVAL
    exportInterval: 60s
  
# TLS Configuration 
tls:
# 1. enable: Enable the TLS configuration. Default is false
# Environment Variables: SL_TLS_ENABLE
  enabled: false
# Note: If the TLS is enabled, the following configurations are required.
# 2. cert: the cert data. Default is empty
# Environment Variables: SL_TLS_CERT
  cert: ""
# 3. or, certFile: the cert file path. Default is empty
# Environment Variables: SL_TLS_CERT_FILE
  certFile: ""
# 4. key: the key data. Default is empty
# Environment Variables: SL_TLS_KEY
  key: ""
# 5. or, keyFile: the key file path. Default is empty
# Environment Variables: SL_TLS_KEY_FILE
  keyFile: ""
# 6. ca: the ca data. Default is empty
# Environment Variables: SL_TLS_CA_CERT
  caCert: ""
# 7. or, caCertFile: the ca file path. Default is empty
# Environment Variables: SL_TLS_CA_CERT_FILE
  caCertFile: ""
# 8. p12File: the p12 file. Default is empty
# Environment Variables: SL_TLS_P12_FILE
  p12File: ""
# 9. p12Password: the p12 password. Default is empty
# Environment Variables: SL_TLS_P12_PASSWORD
  p12Password: ""

# Web Interface Configuration
web:
  # 1. disable: Disable the web interface. Default is false
  disable: false
  # 2. maxCalls: The maximum number of calls to store in the memory. Default is 1000
  maxCalls: 0
  # 3. maxCallSize: The maximum size of the call to store in the memory. Default is 200000
  maxCallSize: -1
  #4. web prefix: The prefix of the web interface. Default is empty
  prefix: ""

# Proxy Configuration (Optional)
proxy:
# 1. host: The host name of the proxy server. Default is empty
# Environment Variables: SL_PROXY_HOST  
  host: ""
# 2. port: The port number of the proxy server. Default is 8080
# Environment Variables: SL_PROXY_PORT
  port: 16501
# 3. logLevel: The log level of the proxy server. Default is info
# Available options: debug, info, warn, error
# Environment Variables: SL_PROXY_LOG_LEVEL
  logLevel: info
# 4. prefix: The prefix of the proxy server path. Default is empty
# Environment Variables: SL_PROXY_PREFIX
  prefix: ""
# 5. Proxy OTEL configuration
  otel:
#   5.1. Enable OTEL metrics export. Default is false
    enabled: false
#   5.2. Service name for metrics. Default is "sl-collector"
    serviceName: "sl-proxy"
#   5.3. OTLP gRPC endpoint (e.g., otel-collector.prod.mycompany.net:4317). Required if enabled
    endpoint: ""
#   5.4. Metrics export interval (e.g., 30s, 1m). Default is 60s
    exportInterval: 60s

PreviousHTTPS Collector NextUsage with other agents

Last updated 2 months ago

Was this helpful?