AquilaX Docs
Service StatusFeature RequestLogin
  • Documentation
  • Products and Services
    • Demo
      • Security Engineer - Assistant
      • Security Engineer - Chat
      • Scan code Snippet
    • Products
    • Services
      • Vulnerability Triaging
      • AppSec Training
      • DevSecOps Consultation
      • Deployment Options
      • Security Consultation
      • Integrations
    • Company Principles
      • Engineering Principles
      • AI Principles
      • AquilaX Mission
    • Proof of Value (PoV)
    • SLO/SLA/SLI
    • Security Scanners
    • Supported Languages
    • What is AquilaX
    • Success Cases
      • RemoteEngine
    • AquilaX License Model
  • User Manual
    • Access Tokens
    • Scanners
      • Secret Scanning
      • PII Scanner
      • SAST
      • SCA
      • Container Scanning
      • IaC Scanning
      • API Security
      • Malware Scanning
      • AI Generated Code
      • License Scanning
    • DevTools
      • AquilaX CLI
      • CI/CD
        • GitHub Integration
        • GitLab Integration
      • Vulnerability Tickets
        • GitHub Issues
        • GitLab Issues
        • JIRA Tickets
      • IDE
        • VS Code
    • Frameworks
    • Roles
    • Security Policy
    • Comparison
      • ArmorCode vs AquilaX
      • Black Duck vs AquilaX
      • AquilaX vs other Vendors
    • Press and Logo
    • Install AquilaX
    • Public Scan
    • Scanning Setup Guide
    • AI Chat Prompts
  • API Docs
  • Tech Articles
    • Proprietary AI Models
    • AquilaX Securitron
    • Securitron AI Service
    • Secure SDLC (DevSecOps)
    • Bending the technology
    • SecuriTron In Action
    • Future
      • The Future of Code Review
      • Building Superhumans
    • Blog
      • Breaking the Code: AquilaX
      • Rethinking Authentication in 2024
      • Software Supply Chain Security
      • OneFirewall - Network Security
      • The Art of Doing Source Code Review
      • Our Cloud Infrastracture
    • AppSec
      • 10 ‘must’ controls
      • OWASP Top 10
      • MITRE ATT&CK Framework
      • SQL Injection
      • DevSecOps
      • Insider Threats in Application Security
      • Secure API Development
      • RBAC in Applications
      • Security in CI/CD Pipelines
      • Audits in DevSecOps
      • Security Policies
      • S SDLC
      • Multi-Factor Authentication (MFA)
      • API Gateway Security
      • RESTful APIs
      • Microservices
      • Secure API Development
      • API Security Best Practices
    • AI
      • AI part of AppSec
      • NL-JSON Model
      • Findings Review (AquilaX AI)
      • AI-Driven Vulnerability Triage
    • Tech Events
      • Web Summit 2024
    • ASPM
    • State of Art Secure SDLC
      • Validating Runtime Security
    • Announcements
      • 10 Billion
      • AquilaX Joins NVIDIA Inception
    • Webinars
      • Unlock the Future of Code Security with AI
  • AI Models
    • AI Scanner
    • Query
    • QnA
    • Security Assistant
    • Review
Powered by GitBook
On this page
  • Prerequisite
  • Setup AquilaX Server
  • Setup HTTPS interface
  • Start the service
  • Initiate the DB
  • Go
  • License Application
  • Setup AquilaX Worker
  • Start the service
  • Setup AquilaX AI
  • Start the service
  • Auto-Train (optional)

Was this helpful?

  1. User Manual

Install AquilaX

How to prepare and install AquilaX On-Prem / Cloud or your VM

PreviousPress and LogoNextPublic Scan

Last updated 22 days ago

Was this helpful?

The AquilaX solution consists of several key components, each responsible for specific tasks. These components work together seamlessly to deliver comprehensive security scanning and intelligence.

  1. AquilaX Server: Manages the API and User Interface (UI) of the service, acting as the central control point for all operations.

  2. AquilaX Worker: Responsible for executing the actual security scans, performing the analysis and reporting vulnerabilities.

  3. AquilaX GenAI Services: Specialized AI-powered modules designed to assist with decision-making and emulate human logic in engineering tasks. These models enhance the solution’s ability to reason, automate processes, and build intelligent responses.

Below is a diagram illustrating the relationship between these components. Following the diagram, you’ll find instructions on how to set up the solution in a dedicated environment.

Prerequisite

  1. To prepare for the installation of various AquilaX components, you can structure the deployment using four (3) dedicated Virtual Machines

  2. Execute and follow the instruction of the command docker login registry.gitlab.com

The required dedicated VMs must have at least the below capacities to be able to work correctly

VM
CPU/GPU (min)
RAM (min)
Storage
Network

Server

8 vCPU

16 GB

50 GB SSD

SSH / HTTPs

Worker

16 vCPU

64 GB

40 GB SSD

SSH

AI

32 vCPU or 4 GPU

32 GB

120 GB SSD

SSH

In addition, all the VMs must be within the same network and must be able to communicate in different ports.

To install Docker on Ubuntu/Debian machine, you can follow the below instructions

Step 1 - Add Docker Repo

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Step 2 - Installation

sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Step 3 - User Access

After you executing the below command, you have to sign-out and sign-in again (for the config to be loaded to your account)

sudo usermod -aG docker $USER

Step 4 - Test

Before you test, logout and login again and run the this command

docker run hello-world

Setup AquilaX Server

Sign-in into one of the machines dedicated for the Server and Create a folder and inside a new file named docker-compose.yml and paste the following:

docker-compose.yml
services:
  haproxy:
    image: haproxy:lts-alpine3.21
    restart: always
    depends_on:
      - aquilax-server
    ports:
      - 443:443
    volumes:
      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
      - ./haproxy/certs:/certs/:ro
    
  aquilax-server:
    image: registry.gitlab.com/aquila-x/aquilax-server
    restart: always
    deploy:
      mode: replicated
      replicas: 4
      endpoint_mode: dnsrr
    depends_on:
      - mongo
      - postgres
    env_file:
      - .env
    entrypoint: ["python3","app.py"]
    
  aquilax-ui:
    image: registry.gitlab.com/aquila-x/frontend
    restart: always
    environment:
      - REACT_APP_REDIRECT_URI=https://<your-/app/callback
      - REACT_APP_API_BASE_URL=https://aquilax.ai/api/v1
      - REACT_APP_API_URL=https://aquilax.ai/api/v1
      - REACT_APP_API_BASE=https://aquilax.ai/app
    deploy:
      mode: replicated
      replicas: 4
      endpoint_mode: dnsrr
    entrypoint: ["npm","run","serve"]
    
  aquilax-jobs:
    image: registry.gitlab.com/aquila-x/aquilax-server
    restart: always
    depends_on:
      - mongo
      - postgres
    env_file:
      - .env
    entrypoint: ["python3","jobs.py"]

  postgres:
    image: postgres:15   
    environment:
      POSTGRES_USER: aquilax_user      
      POSTGRES_PASSWORD: aquilax_pass  
      POSTGRES_DB: aquilax
    ports:
      - 5432:5432        
    volumes:
      - ./postgres_data:/var/lib/postgresql/data  # Persistent data storage
  
  mongo:
    image: mongo:8.0.0
    volumes:
      - ./data:/data/db

In the same folder create a new file in the same directory, and named .env where we going to store some configuration needed for the application to start properly, paste the below content

.env
MONGODB_URI=mongodb://mongo:27017/
KL_SERVER=https://auth.aquilax.io/
KL_CLIENT_ID=aquilax
KL_REALM=aquilax
KC_CLIENT_SECRET=
=https://<your-own-ip>/callback

=********

MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_FROM=
MAIL_PORT=
MAIL_SERVER=
MAIL_FROM_NAME='AquilaX AI'

=*********

GENAI_ENDPOINT=http://aquilax-genai-scan:9000
GENAI_ENDPOINT_QUERY=http://aquilax-genai-ask:9001
GENAI_ENDPOINT_CLASSIFICATION=http://aquilax-genai-classification:9002
GENAI_ENDPOINT_QNA=http://aquilax-genai-qna:9003
GENAI_ENDPOINT_REVIEW=http://aquilax-genai-review:9004
GENAI_REASONING_ENDPOINT=http://aquilax-genai-reasoning:9005
GENAI_AGENT=http://aquilax-genai-agent:9006

POSTGRES_USER=aquilax_user
POSTGRES_PASSWORD=aquilax_pass
POSTGRES_HOST=postgres
POSTGRES_PORT=5432
POSTGRES_DB=aquilax

SCHEDULER_ENDPOINT=http://aquilax-jobs:8001

GENAI_AX_KEY=

AQUILAX_SERVER=http://aquilax-server:8000/api/v1
HEARBEAT_CODE=

DATABASE_URL="postgresql://aquilax_user:aquilax_pass@postgres:5432/aquilax"

DEPLOY=ONPREM
=*******

GITHUB_APP_ID=none
GITHUB_CLIENTID=none
GITHUB_SECRET=none
GITHUB_PEM=none

Setup HTTPS interface

Now, you create a certificate (self-signed) for the HAProxy that is used to expose the service over https. Obviously you can use your own certificate signed by your CA for not using self-signed, however for demo purposes here is a command to generate the needed files and folders for the HAProxy.

mkdir -p haproxy
mkdir -p postgres_data
mkdir -p haproxy/certs
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout haproxy/certs/haproxy.key -out haproxy/certs/haproxy.crt \
    -subj "/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=yourdomain.com" && \
cat haproxy/certs/haproxy.key haproxy/certs/haproxy.crt > haproxy/certs/haproxy.pem && chmod 600 haproxy/certs/haproxy.pem
chmod a+r haproxy/certs/haproxy.pem

within the new created haproxy proxy folder, create a file named haproxy.cfg and paste the below content

global
  log 127.0.0.1	local0
  log 127.0.0.1	local1 notice
  maxconn 4096
  daemon
defaults
  log	global
  mode	http
  option	httplog
  option	dontlognull
  retries	3
  option redispatch
  maxconn	2000
  timeout connect	5000
  timeout client	50000
  timeout server	50000
frontend balancer
  #bind 0.0.0.0:80
  bind *:443 ssl crt /certs/haproxy.pem
  mode http

  default_backend aquilax-server

backend aquilax-server
  option forwardfor
  balance roundrobin
  server aquilax-1 aquilax-server:8000 
  server aquilax-2 aquilax-server:8000 
  server aquilax-3 aquilax-server:8000 
  server aquilax-4 aquilax-server:8000

Start the service

Finally when you have these everything done, just start everything up by executing:

docker compose pull
docker compose up -d

Initiate the DB

Now the application is up and running, we need to setup the Postgres for the datasets, this will be used from the AI models to write and read data

Go

Now you can signing into the service just by navigating at https://<your own ip>

License Application

Login into the new application (use magic-link) and create a new organization for your usage, and also set up a group name, don't worry to much about the names, you can always change them later. Once you are inside the application, create a personal access token, you will need this for the worker. In addition go into the settings of your new organization and apply a license key, the license key will be provided to you by the the AquilaX team.

Setup AquilaX Worker

Now that the server is up and running, we enable the AquilaX workers, that will actually are the main engines to consume the request and execute the scans.

Sign into the AquilaX worker machine and create a folder where you want the configuration files to be hosted, inside the folder create a new file named docker-compose.yml file with the below content:

docker-compose.yml
services:
  aquilax-worker:
    image: registry.gitlab.com/aquila-x/aquilax-worker
    deploy:
      mode: replicated
      replicas: 6
    restart: always
    env_file:
      - .env
    entrypoint: ["python3","app.py"]

within the same folder, create a new file named .env and paste the below enviroments

.env
=
=https://aquilax.ai/api/v1
=
=

(repeat the same exact process into the other AquilaX workers VMs)

Start the service

Finally when you have these everything done, just start everything up by executing:

docker compose pull
docker compose up -d

Setup AquilaX AI

Similar with the Server and the Worker part of the solution, create a new folder on a dedicated machine, and create a docker-compose.yml file with the below content

docker-compose.yml
services:
  aquilax-genai-classification:
    image: registry.gitlab.com/aquila-x/aquilax-genai:classification
    restart: always
    ports:
      - 9002:9000
    env_file:
      - .env
    entrypoint: ["python3","app.py"]

  aquilax-genai-scan:
    image: registry.gitlab.com/aquila-x/aquilax-genai:scan
    restart: always
    ports:
      - 9000:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]


  aquilax-genai-ask:
    image: registry.gitlab.com/aquila-x/aquilax-genai:ask
    restart: always
    ports:
      - 9001:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]

  aquilax-genai-qna:
    image: registry.gitlab.com/aquila-x/aquilax-genai:qna
    restart: always
    ports:
      - 9003:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]

  aquilax-genai-review:
    image: registry.gitlab.com/aquila-x/aquilax-genai:review
    restart: always
    ports:
      - 9004:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]

  aquilax-genai-agent:
    image: registry.gitlab.com/aquila-x/aquilax-genai:agent
    restart: always
    ports:
      - 9006:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]

  aquilax-genai-reasoning:
    image: registry.gitlab.com/aquila-x/aquilax-genai:data-reasoning
    restart: always
    ports:
      - 9005:9000
    env_file:
      - .env
    entrypoint: ["python","app.py"]

In the same way, we need an .env file with the below information:

DATABASE_URL="postgresql://aquilax_user:aquilax_pass@postgres:5432/aquilax"

Start the service

Finally when you have these everything done, just start everything up by executing:

docker compose pull
docker compose up -d

Auto-Train (optional)

Optionally you can have the training of the review model locally in order to learn from the usage of the system.

Speak with AquilaX for seting up the enviroment

Contact a member of AquilaX if you need help for the installation or configuration

Install on all of them Docker and Docker Compose:

Follow the instruction as from this repo:

https://docs.docker.com/engine/install/
https://github.com/AquilaX-AI/aquilax-postgres-setup
Landing Page AquilaX On-Prem
Drawing