ZUS In the Cloud deployment on a VM

Overview

This guide provides a step-by-step walkthrough on how to deploy ZUS in the Cloud using Docker including setting up the environment, configuring necessary fields, and launching the service successfully.

This article covers the following topics:

1 Overview
2 Prerequisites
3 Steps to Deploy the ZINC Docker Image
- 3.1 Connect to the Virtual Machine
- 3.2 Create a Directory for Storing Secrets
- 3.3 Authentication
  - 3.3.1 Option 1: Use Zilla Token
  - 3.3.2 Option 2: Use Client ID and Secret (Recommended)
- 3.4 Configure docker-compose.yml
- 3.5 Start the Container

Prerequisites

Docker and Docker Compose are installed on the VM
- Get started and install Docker
  - If necessary, refer to this post for additional guidance on setting up Docker
- Get started and install Docker Compose
Customer Support team has assisted pulling the zus_in_cloud docker image on the VM
- Reach out to the Support team for assistance

Steps to Deploy the ZINC Docker Image

Connect to the Virtual Machine

Create a working directory
Run the commands below to set up the project directory.
mkdir zus_in_the_cloud cd zus_in_the_cloud
Download the docker-compose.yml file
https://zus-in-the-cloud-deployment.s3.amazonaws.com/prod/docker-compose.yml
Run the command below to download the docker compose configuration.
wget https://zus-in-the-cloud-deployment.s3.amazonaws.com/prod/docker-compose.yml

Create a Directory for Storing Secrets

Before running Docker, create a secure directory to store Zilla secrets. We recommend using the /opt/ location.

sudo mkdir /opt/zilla && \
sudo chown 1000:1000 /opt/zilla && \
sudo chmod 700 /opt/zilla && \
mkdir /opt/zilla/zinc-config /opt/zilla/zinc-output

Authentication

ZUS in the Cloud supports two authentication methods. Choose one based on your setup:

Option 1: Use Zilla Token

Reach out to the Support team to request the Zilla Token.

Save the Zilla Tokens in that secret directory /opt/zilla/zinc-config with file-name Zilla_API_Key.

Enter the command below.
cat > /opt/zilla/zinc-config/Zilla_API_Key
Enter the Zilla Tokens in JSON format and press enter. Note: This Token JSON will be provided by the Customer Support Personnel. Example
{"access_token": "JWT string", "refresh_token": "JWT string"}
Press Ctrl+d to save the file.

Option 2: Use Client ID and Secret (Recommended)

If you're using Client ID and Secret for authentication, see this guide for steps to retrieve the credentials.

Configure `docker-compose.yml`

Open the docker-compose.yml file and update the following fields:

version: '3.8'

services:
  zinc:
    container_name: zilla_pobox

    image: 508384223771.dkr.ecr.us-east-1.amazonaws.com/zinc:latest
    
    # Change this value with current user and group IDs from host machine.
    # $(id -u) gets the current user's UID.
    # $(id -g) gets the current user's GID.
    # And use those values as UID:GID below.
    user: 1000:1000
    
    volumes:
      - /opt/zilla:/opt/zilla

    environment:
      # Zilla backend URL.
      - ZILLA_URL=https://app.zillasecurity.com

      # Tenants domain
      - TENANT_DOMAIN=

      # Enable this flag to get the Configs from File System on Host machine.
      - USE_FILE_SYSTEM=true

      # Enable this flag to get the Configs from AWS secrets manager and store browser state on S3.
      - USE_AWS=false

      # S3 Bucket to save storage state.
      # - S3_BUCKET_NAME=zinc-data
      # - S3_BUCKET_REGION=us-east-1
      
      # AWS secrets manager.
      # - AWS_SECRETS_MANAGER_REGION=us-east-1

      # Polling Interval.
      - POLLING_INTERVAL=20

      # Enable/Disable the headless mode for the browser.
      - BROWSER_HEADLESS_MODE=true

      # Playwrite motion in miliseconds.
      - SLOW_MOTION=0

      # Number of syncs to process in parallel.
      - CONCURRENCY=2

      # Enable this flag to send the logs to Zilla Server.
      - SEND_LOGS_TO_BACKEND=true

      # When no external secrets management service is provided then
      # Use Directory to store secrets in the files.
      - SECRETS_DIRECTORY_PATH=/opt/zilla/zinc-config

      # When no external storage service is provided then
      # Use Directory to store the files.
      - STORAGE_DIRECTORY_PATH=/opt/zilla/zinc-output

      # When there is a Proxy server in the corporate network, we can use this vars.
      # We are using this npm package internal - https://www.npmjs.com/package/proxy-agent
      # - HTTP_PROXY = 'http://proxy-server-over-tcp.com:3128'
      # - HTTPS_PROXY= 'https://proxy-server-over-tls.com:3129'

      - ZILLA_CLIENT_ID=
      - ZILLA_CLIENT_SECRET=

TENANT_DOMAIN:
Set this to your customer Zilla tenant domain.
ZILLA_URL:
Specify the Zilla host URL corresponding to your tenant. The list below provides some examples of different URLs Zilla uses for different regions or tenants.
https://app.zillasecurity.com https://app2.zillasecurity.com https://anz.zillasecurity.com https://eu.zillasecurity.com https://uk.zillasecurity.com
ZILLA_CLIENT_ID and ZILLA_CLIENT_SECRET:
Provide the client id and secret configured in Zilla in the Authentication step. For additional details on retrieving these values, see https://zilla.atlassian.net/wiki/spaces/ZILLA/pages/3651141644.

Start the Container

After completing the configuration, run the following command to start the zus-in-the-cloud container.

docker-compose up -d