Install AquilaX

The AquilaX solution consists of several key components, each responsible for specific tasks. These components work together seamlessly to deliver comprehensive security scanning and intelligence.

1. AquilaX Server: Manages the API and User Interface (UI) of the service, acting as the central control point for all operations.

2. AquilaX Worker: Responsible for executing the actual security scans, performing the analysis and reporting vulnerabilities.

3. AquilaX GenAI Services: Specialized AI-powered modules designed to assist with decision-making and emulate human logic in engineering tasks. These models enhance the solution’s ability to reason, automate processes, and build intelligent responses.

Below is a diagram illustrating the relationship between these components. Following the diagram, you’ll find instructions on how to set up the solution in a dedicated environment.

Prerequisite

1. To prepare for the installation of various AquilaX components, you can structure the deployment using four (4) dedicated Virtual Machines

2. Install on all of them Docker and Docker Compose: https://docs.docker.com/engine/install/

3. Execute and follow the instruction of the command docker login registry.gitlab.com

Setup AquilaX Server

Sign-in into one of the machines dedicated for the Server and Create a folder and inside a new file named docker-compose.yml and paste the following:

services:
  haproxy:
    image: haproxy:2.9.2-alpine
    restart: always
    depends_on:
      - aquilax-server
    ports:
      - 443:443
    volumes:
      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
      - ./haproxy/certs:/certs/:ro
    
  aquilax-server:
    image: registry.gitlab.com/aquila-x/aquilax-server:binary
    restart: always
    deploy:
      mode: replicated
      replicas: 4
      endpoint_mode: dnsrr
    depends_on:
      - mongo
    env_file:
      - .env
    entrypoint: ["./aquilax-server"]

  aquilax-jobs:
    image: registry.gitlab.com/aquila-x/aquilax-server
    restart: always
    depends_on:
      - mongo
    env_file:
      - .env
    entrypoint: ["python3","jobs.py"]

  mongo:
    image: mongo:8.0.0
    volumes:
      - ./data:/data/db

In the same folder create a new file in the same directory, and named .env where we going to store some configuration needed for the application to start properly, paste the below content

Setup HTTPS interface

Now, you create a certificate (self-signed) for the HAProxy that is used to expose the service over https. Obviously you can use your own certificate signed by your CA for not using self-signed, however for demo purposes here is a command to generate the needed files and folders for the HAProxy.

mkdir -p haproxy
mkdir -p haproxy/certs
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout haproxy/certs/haproxy.key -out haproxy/certs/haproxy.crt \
    -subj "/C=US/ST=State/L=City/O=Organization/OU=Unit/CN=yourdomain.com" && \
cat haproxy/certs/haproxy.key haproxy/certs/haproxy.crt > haproxy/certs/haproxy.pem && chmod 600 haproxy/certs/haproxy.pem

within the new created haproxy proxy folder, create a file named haproxy.cfg and paste the below content

global
  log 127.0.0.1	local0
  log 127.0.0.1	local1 notice
  maxconn 4096
  daemon
defaults
  log	global
  mode	http
  option	httplog
  option	dontlognull
  retries	3
  option redispatch
  maxconn	2000
  timeout connect	5000
  timeout client	50000
  timeout server	50000
frontend balancer
  #bind 0.0.0.0:80
  bind *:443 ssl crt /certs/haproxy.pem
  mode http

  default_backend aquilax-server

backend aquilax-server
  option forwardfor
  balance roundrobin
  server aquilax-1 aquilax-server:8000 
  server aquilax-2 aquilax-server:8000 
  server aquilax-3 aquilax-server:8000 
  server aquilax-4 aquilax-server:8000

Start the service

Finally when you have these everything done, just start everything up by executing:

docker compose pull
docker compose up -d

Go

Now you can signing into the service just by navigating at https://<your own ip>