Templarbit

Templarbit Resources

Welcome to the Templarbit developer resources. You'll find comprehensive guides and documentation to help you start securing your applications and websites with Templarbit as quickly as possible. Let's jump right in!

Get Started

Basic Configuration

Please configure the Templarbit Agent after you have installed it. A successful configuration allows the Templarbit Agent to communicate with our Templarbit Cloud Engine and receive relevant Security Module configurations.

Minimal configuration

This is an example that starts the Templarbit Agent with minimal configuration. Ingress traffic is expected on port 80 and the application we want to protect listens on port 9000.

templarbit-agent \
  --property-id xxx \
  --secret-key xxx \
  --listen 0.0.0.0:80 \
  --upstream http://localhost:9000

You will need to replace xxx for the Property ID and Secret Key with the actual values from app.templarbit.com.

All configuration options

-c, --config string

Read config from file

-p, --property-id string

Property ID from app.templarbit.com

-s, --secret-key string

Secret Key from app.templarbit.com

-l, --listen string

Listen on address

--listen-public-key string

Path to public key certificate (PEM format) to enable https

--listen-private-key string

Path to private key to enable https

-u, --upstream string

Upstream URL to serve

--upstream-insecure-skip-verify

Skip upstream certificate validation (for self-signed certificates)

--rewrite-host

Act as transparent proxy and rewrite Host header (default true)

--trust-proxy-ips string

Comma separated list of trusted proxy IP addresses

--trust-x-real-ip-header

Trust contents of X-Real-IP header

--trust-forwarded-header

Trust contents of Forwarded header

--trust-x-forwarded-for-header

Trust contents of X-Forwarded-For header

--trust-tcp-proxy-protocol

Trust TCP PROXY protocol

--disable-benchmarks

Disable agent performance benchmarks

--debug-client-ips

Log client IPs (debug only)

--debug-config

Print configuration and exit (debug only)

Configuration from file

The Templarbit Agent will look for a configuration file in the following directories, in this order:

  • ./templarbit-agent.json (current directory)
  • $HOME/.templarbit/templarbit-agent.json
  • /usr/local/etc/templarbit/templarbit-agent.json
  • /etc/templarbit/templarbit-agent.json

You can manually specify the location of a configuration file:

templarbit-agent --config /etc/templarbit-config.yaml

Here is an example temparbit-config.json configuration file. All configuration flags from above can be used in the JSON configuration file as well.

{
  "property-id":     "xxx",
  "secret-key":      "xxx",
  "listen":          "0.0.0.0:80",
  "upstream":        "http://localhost:9000",
  "trust-proxy-ips": "10.0.0.5, 10.0.0.6",
  "rewrite-host":    false
}

Configuration from ENV

It is possible to configure the Templarbit Agent with Environment variables. All configuration flags from above can be used when prefixed with TB. Examples:

TB_PROPERTY_ID="xxx"
TB_SECRET_KEY="xxx"
TB_LISTEN="0.0.0.0:80"
TB_UPSTREAM="http://localhost:9000"
TB_TRUST_PROXY_IPS="10.0.0.5, 10.0.0.6"
TB_REWRITE_HOST="false"

Combining Configuration

Verify configuration

templarbit-agent --debug-config prints the used configuration.

You can use a combination of CLI flags (i.e. --listen), configuration from file and environment variables.

The Templarbit Agent uses the following precedence order. Each item takes precedence over the item below it:

  • CLI flags (i.e. --listen)
  • ENV variable (i.e. TB_LISTEN)
  • Configuration file, specified with --config or discovered configuration file.