Installing and Running the Webhook Agent
The Webhook Agent is an additional module of the Operavix system designed to handle incoming HTTP Webhook requests and JS tracker requests. This module can be deployed on a separate server, allowing you to isolate system functionality across different network zones—an important consideration for information security.
The Operavix server and the Webhook Agent communicate via the gRPC protocol.
All Webhook Agent distributions are provided as Docker images.
Running the Webhook Agent
Preparing Hosts and Configuration Parameters
Before launching the Webhook Agent, you must define network addresses and configuration parameters.
The following hostnames are used as examples:
Operavix.domain.local— the host running the Operavix systemagent.domain.local— the host where the Webhook Agent will run
When launching the Webhook Agent, you must set environment variables that define its operational parameters.
| Environment Variable | Description |
|---|---|
CL_NAME | Unique node name within the Operavix system |
CL_PORT | Port used by the node within the Docker network for incoming gRPC connections |
CL_REMOTE_NODES | List of addresses (including port) of all nodes for gRPC communication |
FE_GRAPHQL_DISABLE | Disables GraphQL on the Webhook Agent's web server (true) |
FE_CORS_POLICY | Trusted domains for CORS (comma-separated list of domains from which HTTP requests will be sent to the agent) |
FE_URL | URL of the Webhook Agent node |
Preparing the Image and Certificates
First, download the Webhook Agent distribution package to the server where it will be deployed. Then, load the image into the local Docker registry:
$ gunzip operavix_docker_webhook_241201.tar.gz
# docker load < operavix_docker_webhook_241201.tar
The version in the filename is for example purposes only. Replace it with the file corresponding to the version you are installing.
Prepare an X.509 certificate for HTTPS operation. The certificate (.crt) should contain the public key in PEM format, and the key file (.key) should contain the private key in PKCS8 format.
Place the certificates in a convenient directory on the host, for example /opt/agent/. Also copy the Operavix server certificate into this directory.
If Docker Swarm has not been initialized on the server, run the initialization command:
# docker swarm init --advertise-addr 127.0.0.1:2377 --listen-addr 127.0.0.1:2377
Create Docker secrets to securely store certificates and keys:
- Secrets for the Webhook Agent's SSL certificate and private key used for gRPC:
# docker secret create cluster_current.crt ${PATH_FILE}
# docker secret create cluster_current.key ${PATH_FILE}
Where ${PATH_FILE} is the path to the public (.crt) and private (.key) key files for the Webhook Agent.
- Secret for the public key required to trust the Operavix server. You can use either the CA certificate that signed the Operavix server certificate or the Operavix node's own certificate. Supported formats are PEM or DER (.crt):
# docker secret create cluster_remote_node_main.crt ${PATH_FILE}
Where ${PATH_FILE} is the path to this file.
- Secrets for the Webhook Agent's HTTPS certificate (a PFX file containing both the X.509 public and private keys, along with its password):
# docker secret create operavix_app_https_certificate ${PATH_FILE}
# echo -n "pfx_password" | docker secret create operavix_app_https_certificate_password -
Where ${PATH_FILE} is the path to the PFX file.
Create a Docker volume to store the Webhook Agent logs. Example command:
# docker volume create operavix-agent-log
Launching the Webhook Agent Container
Run the Webhook Agent service using the following command:
# docker service create --name operavix-automation-agent \
-e CL_NAME='agent' -e CL_PORT='7000' \
-e CL_REMOTE_NODES='Operavix.domain.local:7000' \
-e FE_GRAPHQL_DISABLE='true' \
-e FE_CORS_POLICY='site1.example.ru,site2.example.ru' \
-e FE_URL='https://agent.domain.local' \
--secret cluster_current.crt \
--secret cluster_current.key \
--secret cluster_remote_node_main.crt \
--secret operavix_app_https_certificate \
--secret operavix_app_https_certificate_password \
--mount type=volume,src=operavix-agent-log,target=/var/log/operavix/ \
--publish published=7000,target=7000,mode=host \
--publish published=443,target=8010,mode=host \
--restart-max-attempts 5 \
--restart-condition "on-failure" \
operavix/operavix_webhook:241201
The image name with version is provided as an example. Replace it with the version you are installing.
If the Webhook Agent container starts successfully, restart the Operavix server with the updated configuration.
This section describes how to configure communication between the Webhook Agent and the Operavix server running on a Linux-based operating system.
To enable Operavix to communicate with the Webhook Agent, prepare an X.509 certificate for gRPC in PEM format (if you have a PFX file, convert it to PEM), and also obtain the Webhook Agent node's certificate.
Place the certificates in the /opt/agent/ directory, then create Docker secrets from them:
# docker secret create cluster_current.crt ${PATH_FILE}
# docker secret create cluster_current.key ${PATH_FILE}
# docker secret create cluster_remote_node_agent.crt ${PATH_FILE}
Where ${PATH_FILE} is the path to the corresponding file.
Before starting with the new configuration, stop the Operavix service:
# docker service rm operavix-app
Then, launch the service with updated parameters:
docker service create --name operavix-app \
-e CL_NAME='Operavix' \
-e CL_PORT='7000' \
-e CL_REMOTE_NODES='agent.domain.local:7000' \
--secret operavix_app_https_certificate \
--secret operavix_app_https_certificate_password \
--secret cluster_current.crt \
--secret cluster_current.key \
--secret cluster_remote_node_agent.crt \
--mount type=volume,src=operavix-app-data,target=/var/lib/operavix/data/ \
--mount type=volume,src=operavix-app-log,target=/var/log/operavix/ \
--publish published=443,target=8010,mode=host \
--publish published=7000,target=7000,mode=host \
--restart-max-attempts 5 \
--restart-condition "on-failure" \
-e JVM_MAX_MEMORY='4G' \
-e FE_URL="https://Operavix.domain.local" \
dockerhub.office.operavix.com/operavix/operavix_app:d241201
The image name with version is for example purposes only. Replace it with the version you are installing.
Verifying Successful Startup
If the container or service starts successfully, open the web interface and confirm that the Webhook Agent has been added.
Was the article helpful?