How to upgrade Reblaze BYOL
The Reblaze team will set up a new 2.x console for you. Once this is done, proceed to Step 2.
Redis settings: If you already have a Redis server installed (which is usually true for Reblaze installations of v2.14 and later), you do not need to create a new one. If you do not have a Redis server setup, you will need to create one.
Step 2: Create New Deployment
Go to EC2 > Auto Scaling groups, see Launch template configuration ( zone , capacity, type, etc.)
Now go to EC2 > Launch Template Select your template. To create a new launch template version with a new image, click Actions > Modify template
On the screen that appears (below), provide a description of the image (version 2.18.0 was used as an example below):
Scroll further down the page and see the AMI details listed in the AMI from catalog tab:
Next, Reblaze deployment in the AWS marketplace must be set up.
Search for Reblaze and click on the first option.
Scroll down the page and click View CloudFormation Template.
Now click View Template in CloudFormation Designer.
In this template (below) you can see each region and its AMI.
Copy the AMI compatible with your region. (In our example we used the “us-east-1” AMI.)
Now, return to the Modify template window. Under AMI from catalog, select Browse more AMIs.
Paste the AMI in the search box. Choose the Reblaze image from among the search results.
Find and select the Reblaze image. Click Select.
In the Modify template window, add the new version to your catalog.
Click Create template version on the bottom right of the screen.
Your new version now appears under Launch template details.
Go to EC2 > Launch template and change the Default to the new version (2) Click Update.
Go to your AutoScaling group. In the Details tab, find Group details and click Edit.
Desired capacity must be increased by 100% . For example, if you have 2 servers, Desired capacity must be set to 4. Ensure that this amount does not exceed the Maximum capacity or it too will need to be increased.
Click Update (below).
On the EC2 > Auto Scaling groups screen, check the Instance management tab for the number of servers. Alternatively, you can check the number of servers on your console.
You should be able to see new servers being added with the new version.
Go to your Reblaze dashboard and confirm that you see the new instances and that traffic is routing through them and your sites are working as expected.
Once we verify the new servers are receiving traffic, the old version and its servers must be terminated.
Under the Auto Scaling group, Details tab, there is an Advanced configurations window.
Make sure Termination policies is set to Oldest Launch Template; if not, click Edit and change the policy.
Under the Details tab on the EC2 > Auto Scaling groups screen, locate the Group size options. Reduce the number of desired servers in group to the original amount.
Click Update. The servers attached to the older version will terminate.
#
Step
Executed by
Comments
Estimated duration
1.
Console creation
Reblaze
Configuration migration
1 day
2.
Create new deployment
Customer
Creating a new instance group
30 minutes
3.
Setup canary instance
Reblaze & Customer
Adding a new template
15 minutes
4.
Verify traffic monitoring
Reblaze & Customer
Verifying there are no issues with site performance, and making changes to security profiles, if necessary.
1 hour
5.
Rеmove old template
Customer
Replace all instances
15 minutes
During initial deployment, an autoscale group for Reblaze was created. In this section, you will attach this group to an AWS Application Load Balancer.
Go to the AWS Management console at https://console.aws.amazon.com/.
In AWS Services, go to EC2 > Load Balancers and click Create Load Balancer.
3. Click Create for Application Load Balancer.
4. Set the Load Balancer parameters:
Enter a name for the Load Balancer.
Under Load Balancer Protocol, select HTTP and HTTPS.
Under Availability Zones, select at least 2 zones. These should be the same zones as you selected when specifying CloudFormation parameters in Specify Stack Details.
5. Click Next: Configure Security Settings.
On the HTTPS listener, attach the correct certificate and select the Security policy.
Click Next: Configure Security Settings.
Select a certificate name.
Select a security policy.
Click Next: Configure Security Groups.
Allow access to the Load Balancer. Typically you will add a new security group for this, or you can select an existing one.
Select Create a new security group.
Enter a name for the security group.
For TYPE, click and select HTTP for the first row and HTTPS for the second row.
Click Next: Configure Routing.
For Target Group, select Existing target group.
For Target type, select Reblaze-80. This is already available from the Marketplace deployment.
Click Next: Register Targets.
Click Next: Review.
Click Create.
Once the load balancer is created, click Close.
The Load Balancer has been created and will appear on the Load Balancer page. Since you created an HTTPS listener earlier, the target group will require an update.
Select the Listeners tab for the load balancer.
You can see that both Listeners are being forwarded to Reblaze-80. Click View/edit rules for HTTPS 443. The Rules page for HTTPS:443 appears.
Click the edit icon (the pencil icon) on the Rules toolbar to edit the rules, then click the edit icon for HTTP:443. The Edit Rule box appears.
Click the edit icon under THEN.
For Target group, select Reblaze-443.
Click Update on the Rules toolbar. A message that "Default rule was successfully updated" appears.
Click the back arrow on the Rules toolbar to return to the Load Balancer page.
To confirm that the load balancer is configured correctly:
Select the Description tab for the load balancer.
Highlight the DNS name and click the copy icon next to it.
Paste the DNS into a browser window. The browser should return a "403 Forbidden" page from "rhino-core-shield".
Now, return to AWS for the final steps needed to get Reblaze running on your website.
Log into Reblaze to configure the Reblaze platform for your environment.
Once you have completed the deployment process, this section will guide you through the process to complete the site setup and link your web applications to Reblaze.
Log into Reblaze. Enter your email address and password, and click the envelope icon to receive a one-time password (OTP). The OTP will go to the telephone number you gave when you created your login account.
Enter the OTP and click Log In. Your Reblaze dashboard appears.
From the navigation panel, go to Settings > Planet Overview. This shows all the sites and web applications defined within Reblaze. Note: Since the initial setup of a site or application is prone to error, Reblaze lets you create a new application only by copying an existing application and then editing the results. A new Reblaze deployment includes a default application for this purpose.
4. Click Duplicate on the row of the default application.
5. Enter the name of the new site or application.
6. Click Duplicate. The new site/application is created and opened for editing.
We will use the default Reblaze settings when appropriate.
A note on load balancing: Please note that the load balancing parameters shown here are separate from the load balancer that you will set up in Set Up a Load Balancer. The load balancing within Reblaze (which is defined here) is done to distribute scrubbed traffic across the servers within your network. The load balancing outside of Reblaze will dynamically create new instances of Reblaze as needed, in response to spikes of incoming traffic which has not yet been scrubbed. For more details about Reblaze settings, see Reblaze Deployment Terminology in the Reblaze user manual at https://gb.docs.reblaze.com/
7. Under Host, enter the IP address for the upstream server. This is the server that Reblaze will sent the traffic after the traffic is scrubbed.
8. To add additional servers, click Add and enter the IP address for each one.
9. In the Domain Names box, enter the domain aliases for this site or application. Wild cards can be used.
10. (optional) To redirect all HTTP traffic to HTTPS, copy the return 301 https... command as described on the page into the HTTP Redirect Line box.
11. Click Save Changes.
12. You will be prompted to publish your changes to the cloud. Close the popup box and click Publish Changes. Important: After publishing, there will be a message at the bottom that the changes are being published to the cloud. Do not refresh or leave this page until the publishing process is finished.
13. By default, a new application is set to report only mode. In this mode, Reblaze does not filter any traffic. It only reports on traffic that would have been filtered if it were in active mode. This is useful if you want to test or fine-tune an application or new deployment. To move an application to active mode, click the REPORT button to toggle it to ACTIVE mode, and then publish the change.
The initial configuration of Reblaze is now complete. For the full set of configuration parameters, see the Reblaze user manual at https://gb.docs.reblaze.com/.
Continue to Set Up a Load Balancer.
Deploying Reblaze via AWS is done by selecting the deployment, subscribing to Reblaze, configuring the deployment version and region, and then launching the application.
Go to the AWS Marketplace at https://aws.amazon.com/marketplace.
If you already have an AWS account, sign in to your account. Otherwise, you will have to create an account at https://aws.amazon.com/.
Search for Reblaze.
4. There are two Reblaze deployments available:
Select the result for a SAAS contract (in above screen, the second result)
Review the pricing information, if you wish
Go to the top of the page and select Continue to Subscribe
Now, select the Reblaze contract and time period which best fits your needs. Then click on Create contract at the top of the page.
5. AWS will ask you to confirm your contract. To continue, click Pay now.
AWS will inform you that you have subscribed. Now click Setup your account.
Following your account setup, the Reblaze License Manager window appears. Click Sign Up and then enter the details requested, ensuring your email and phone number are valid. They will be needed later on.
Note that your phone number must be entered using the international format: the "+" sign followed by the country code, area code and number (no spaces or hyphens; for example, a US number: +17891234567). The phone number must be able to receive text messages.
When you have finished, select Sign up.
In the next window of the Reblaze License Manager, specify a password and select Set password.
Now, sign into the Reblaze License Manager with the credentials you just created. This is where you will create your licenses for Reblaze.
Note that a separate license is needed for each Reblaze console. If you have multiple environments but wish to use only one Reblaze console, you will need just one license. But if you wish to have multiple consoles you will require multiple licenses.
For each license needed, select the Generate new license button (see below).
After you generate a license, you will receive a Welcome email containing your License ID and an AWS Marketplace link which leads to the Product Overview page in the Marketplace.
If you do not wish to wait for the email and link from AWS, you may reach the same page directly from the AWS Marketplace.
If you do this by returning to the previous tab used, be sure to close the pop-up, shown below, without clicking the orange Setup button since you have already setup your account.
Now, go to the search field at the top of the page and once again, enter: Reblaze.
Select the link that has a version number (which does not say SAAS contract). This will take you to the Product Overview page. On the upper right hand of the page, click the Continue to Subscribe button.
Next, click Continue to Configuration in the upper right part of the page.
After selecting "Continue to Configuration," the Configure this software screen will appear. Confirm that the AWS region is correct. Then click the Continue to Launch button on the upper right.
The Launch this software screen will appear.
In the Choose Action section, select Launch CloudFormation from the dropdown box. Click Launch and begin the Launch process.
Accept the default template and then enter the Stack details: define a name for the Stack and specify the Vpcid.
Choose the Subnets in your AWS environment.
In the RBZAllowAccess field, enter the IP from your VPC, as appears in the Vpcid field.
In the Notification Email field, enter an email address.
In the Reblaze License ID field, enter the ID you generated in the Reblaze License Manager.
Click Next.
Clicking "Next" (above) brings you to the Advanced options screen where stack options are configured. Many users will not need to enter any information on this screen, so you can click Next.
At this point, AWS will display a summary of the stack you are about to create. Review it and then click Create stack. AWS now creates the stack. Once created, you will be able to see the stack in the awstraining box in the Stacks section on the left, as shown in the screen in the next section (immediately below).
Now, go to the Outputs tab and click the link circled below.
The link will take you to the Reblaze Management Console. You can now deploy Reblaze.
Enter the Login credentials you defined earlier.
The Welcome to Reblaze screen will be displayed with the account details automatically completed. At the bottom of the screen, click Complete Deployment. The remaining deployment steps and console creation now take place automatically in Reblaze.
Once you have received notification on your screen that the process is complete, you will be brought to the Reset My Password page.
Enter your email address and click Reset My Password.
This will bring you to the Log In screen.
Do not fill in the fields on the Log In screen.
Wait for the email Reblaze will have sent you containing a link to the Reset Your Password screen.
Create a new password and click Reset My Password.
You will be returned to the Log In screen. From here you may begin setting up your sites and web applications within Reblaze.
Continue to Configure the Reblaze Platform.
This section describes how to onboard and deploy Reblaze via the Amazon AWS Marketplace.
This guide will walk you through the process from the first access of the marketplace until Reblaze is successfully deployed and protecting your website. We offer our help at any step of the process at support@reblaze.com.
Before doing your first deployment, we suggest that you watch these videos to better understand the onboarding and deployment process.
You must have an AWS account in order to use Amazon Web Services. If you do not have an Amazon account, sign up for one at: https://aws.amazon.com/
The process for onboarding Reblaze in AWS includes the following steps:
The process for onboarding Reblaze in AWS includes the following steps:
At this point, your deployment and setup are complete. Now you should test if your website works correctly when routing traffic to the Reblaze deployment. Perform offline testing by modifying your hosts file to point your website to the new load balancer. If you see that you are returned to your website, routing via Reblaze is working correctly.
The last remaining step is to route your traffic to the load balancer, which will send it to your Reblaze instance(s). Reblaze will scrub the traffic and forward it on to your servers. To setup this routing, set your DNS record to the IP address that is resolved from the load balancer DNS Name.
Initially, Reblaze is setup for report-only mode. Assuming that this option was not changed, then Reblaze is not yet filtering your traffic; it is merely reporting on what it would have filtered had it been set up in active mode. This gives you an opportunity to fine-tune Reblaze’s configuration before any of your traffic is actually affected. When you are comfortable with the reporting results, move the application to Active mode and publish the change, as described in Configure the Reblaze Platform.
As you might notice from looking through the interface, the Reblaze web security platform is both powerful and highly customizable, with the ability to be fine-tuned for your specific needs. However, it is beyond the scope of this document to describe this customization process. Furthermore, a full and correct customization is often rather daunting for new users.
For more information on using Reblaze, see the user manual at https://gb.docs.reblaze.com/.
We at Reblaze Technologies want you to have the best experience possible with the platform, so that you will enjoy the full benefits of comprehensive, intelligent, and effortless web security. Therefore, please feel free to contact support at support@reblaze.com, for further one- on-one assistance in setting up your deployment. We’re available 24 hours per day to assist you.