# Download and Installation
## Downloading and Installing the Collector
The following are the prerequisites for the HTTPS Collector:
1. TLS settings should be enabled.
2. The server should be accessible by Fully Qualified Domain Name (FQDN).
3. TLS certificate for the FQDN of the server where the collector is installed must be provided in `config.yaml` (See below)
4. It is highly recommended to install the HTTPS collector in the same network/VPC as the agents
5. Multiple collectors can be installed behind a load balancer for high availability and fault tolerance
### Using existing docker container
The Sealights Collector can be found at the following DockerHub link:
{% code overflow="wrap" lineNumbers="true" %}
```
docker pull sealights/on-prem-collector
```
{% endcode %}
### Create your own Collector Image
1. Download the Collector Binaries and Unzip :
{% code overflow="wrap" lineNumbers="true" %}
```sh
wget -nv https://agents.sealights.co/collector/0.59.0/collector.zip
unzip -oq collector.zip
#curl tool can also be used
#curl -L "https://agents.sealights.co/collector/0.59.0/collector.zip" --output collector.zip
```
{% endcode %}
{% hint style="warning" %}
If you have a limitation accessing the endpoint [agents.sealights.co](http://agents.sealights.co/) and are limited to your specific server DNS, then you can also get the agent from `https://{company}.sealights.co/agents/collector/{version}/collector.zip`
Replace `{company}` with your company DNS prefix and `{version}` with the specific version you want to use.
{% endhint %}
2. Create a Dockerfile:
{% code overflow="wrap" %}
```
FROM alpine:latest
WORKDIR /collector
COPY collector collector
CMD ["./collector","serve"]
```
{% endcode %}
2. Build the Image:
```
docker build -t sealights/on-prem-collector .
```
### Configuration
The following is a sample configuration that can be used to run the HTTPS Collector using Docker:
1. Create a file called `config.yaml` with the following sample content (See [Configuration File Reference](#configuration-file-reference) below for all available parameters)
{% code overflow="wrap" %}
```yaml
collector:
serverUrl: https://mycompany.sealights.co
token: eyJh...
port: 16500
logLevel: info
enableNYCCollector: true
nycCollectorUploadInterval: 5
tls:
enabled: true
certFile: "path/to/certificate.pem"
keyFile: "path/to/key.pem"
web:
disable: false
maxCalls: 0
maxCallSize: -1
```
{% endcode %}
2. The `config.yaml` file should be placed in the collector's folder, or in a subfolder called `config`
3. Run the HTTPS collector in your container orchestration platform with the configuration file you set up\
For instancem, running it using Docker:
{% code overflow="wrap" %}
```
docker run -it --rm -v $(pwd)/config.yaml:/collector/config.yaml -v $(pwd)/:/collector/ -v $(pwd)/:/collector/ -p 80:80 -p 8080:8080 -p 16500:16500 sealights/on-prem-collector:latest
```
{% endcode %}
{% hint style="success" %}
* Open `https://:16500` in your browser and if everything worked as expected you should be redirected to your Sealights Dashboard.
* You should see the `Collector` entry in the ***Cockpit > Live Agents Monitor***
{% endhint %}
## Enabling Proxy functionality (Optional)
When the collector needs to serve other agents' functionalities like `config` and `scan` commands (besides coverage collection), you must enable its `proxy` service according to the additional settings below.\
Please notice the port must be different from the collector service. For example below, port 16501 for proxy versus port 16500 for collector.
```yaml
proxy:
port: 16501
logLevel: info
```
## Configuration File Reference
{% code overflow="wrap" %}
```yaml
# Collector Configuration
collector:
# Required Configurations
# 1. serverUrl: The URL of Sealights Backend. (e.g. https://your-name.sealights.co)
# Environment Variables: SL_SERVER
serverUrl:
# 2. token: The Sealights Authentication token.
# Environment Variables: SL_TOKEN
token:
# Optional Configurations
# 3. host: The host name of the collector. Default is 0.0.0.0
# Environment Variables: SL_HOST
host: "0.0.0.0"
# 4. port: The port number of the collector. Default is 16500
# Environment Variables: SL_PORT
port: 16500
# 5. proxyUrl: The URL of the proxy server (for both http and https). Default is empty
# Environment Variables: SL_PROXY
proxyUrl: ""
# 6. prefix: The prefix of the collector path. Default is empty
# Environment Variables: SL_PREFIX
prefix: ""
# 7. logLevel: The log level of the collector. Default is info,
# Available options: debug, info, warn, error
# Environment Variables: SL_LOG_LEVEL
logLevel: info
# 8. InsecureSkipVerify: Skip SSL certificate verification. Default is false
# Environment Variables: SL_INSECURE
insecureSkipVerify: true
# 9. enableNYCCollector: Enable the NYC collector. Default is false
# Environment Variables: SL_NYC_COLLECTOR
enableNYCCollector: false
# 10. nycCollectorUploadInterval: The interval in seconds to upload the NYC data. Default is 60
# Environment Variables: SL_NYC_COLLECTOR_UPLOAD_INTERVAL
nycCollectorUploadInterval: 5
# 11. disableTokenValidation: Disable the auth token validation. Default is false
# Environment Variables: SL_DISABLE_TOKEN_VALIDATION
disableTokenValidation: false
# 12. Collector OTEL configuration
otel:
# 12.1. Enable OTEL metrics export. Default is false
# Environment Variables: SL_OTEL_ENABLED
enabled: false
# 12.2. Service name for metrics. Default is "sl-collector"
# Environment Variables: SL_OTEL_SERVICE_NAME
serviceName: "sl-collector"
# 12.3. OTLP gRPC endpoint (e.g., otel-collector.prod.mycompany.net:4317). Required if enabled
# Environment Variables: SL_OTEL_ENDPOINT
endpoint: ""
# 12.4. Metrics export interval (e.g., 30s, 1m). Default is 60s
# Environment Variables: SL_OTEL_EXPORT_INTERVAL
exportInterval: 60s
# TLS Configuration
tls:
# 1. enable: Enable the TLS configuration. Default is false
# Environment Variables: SL_TLS_ENABLE
enabled: false
# Note: If the TLS is enabled, the following configurations are required.
# 2. cert: the cert data. Default is empty
# Environment Variables: SL_TLS_CERT
cert: ""
# 3. or, certFile: the cert file path. Default is empty
# Environment Variables: SL_TLS_CERT_FILE
certFile: ""
# 4. key: the key data. Default is empty
# Environment Variables: SL_TLS_KEY
key: ""
# 5. or, keyFile: the key file path. Default is empty
# Environment Variables: SL_TLS_KEY_FILE
keyFile: ""
# 6. ca: the ca data. Default is empty
# Environment Variables: SL_TLS_CA_CERT
caCert: ""
# 7. or, caCertFile: the ca file path. Default is empty
# Environment Variables: SL_TLS_CA_CERT_FILE
caCertFile: ""
# 8. p12File: the p12 file. Default is empty
# Environment Variables: SL_TLS_P12_FILE
p12File: ""
# 9. p12Password: the p12 password. Default is empty
# Environment Variables: SL_TLS_P12_PASSWORD
p12Password: ""
# Web Interface Configuration
web:
# 1. disable: Disable the web interface. Default is false
disable: false
# 2. maxCalls: The maximum number of calls to store in the memory. Default is 1000
maxCalls: 0
# 3. maxCallSize: The maximum size of the call to store in the memory. Default is 200000
maxCallSize: -1
#4. web prefix: The prefix of the web interface. Default is empty
prefix: ""
# Proxy Configuration (Optional)
proxy:
# 1. host: The host name of the proxy server. Default is empty
# Environment Variables: SL_PROXY_HOST
host: ""
# 2. port: The port number of the proxy server. Default is 8080
# Environment Variables: SL_PROXY_PORT
port: 16501
# 3. logLevel: The log level of the proxy server. Default is info
# Available options: debug, info, warn, error
# Environment Variables: SL_PROXY_LOG_LEVEL
logLevel: info
# 4. prefix: The prefix of the proxy server path. Default is empty
# Environment Variables: SL_PROXY_PREFIX
prefix: ""
# 5. Proxy OTEL configuration
otel:
# 5.1. Enable OTEL metrics export. Default is false
enabled: false
# 5.2. Service name for metrics. Default is "sl-collector"
serviceName: "sl-proxy"
# 5.3. OTLP gRPC endpoint (e.g., otel-collector.prod.mycompany.net:4317). Required if enabled
endpoint: ""
# 5.4. Metrics export interval (e.g., 30s, 1m). Default is 60s
exportInterval: 60s
```
{% endcode %}