Installing and Updating Oplon Secure Access

Already have Oplon Secure Access installed? Run the update command below — no configuration needed. Installing for the first time? See First Installation and check the minimum requirements first.

Update

Before every update, make sure you have a complete backup of the system.

Environment variables are not required for updates. The script automatically detects the existing configuration. Run the command with sudo or as root.


wget -N "https://www.oplon.net/OPLON_INSTALL_LASTUPDATE.sh" && \
bash OPLON_INSTALL_LASTUPDATE.sh

First Installation

Run the commands with sudo or as root.

The following environment variables are required for the first installation:

Variable	Description
`USERNAME`	Primary administrator user
`PASSWORD`	Administrator user password
`WORKSPACE_ADDRESS`	Workspace IP address or hostname


wget -N "https://www.oplon.net/OPLON_INSTALL_LASTUPDATE.sh" && \
USERNAME="root" \
PASSWORD='!1AdminAdmin' \
WORKSPACE_ADDRESS="0.0.0.0" \
bash OPLON_INSTALL_LASTUPDATE.sh

Optional environment variables (click to expand)

Variable	Description	Default
`DELEGATED_USERNAME`	Delegated user	falls back to `USERNAME`
`DELEGATED_PASSWORD`	Delegated user password	falls back to `PASSWORD`
`ZTNA_MODE`	Enable ZTNA mode (`y` / `n`)	`y`
`LICENSE`	Path to the license file	—


wget -N "https://www.oplon.net/OPLON_INSTALL_LASTUPDATE.sh" && \
USERNAME="root" \
PASSWORD='!1AdminAdmin' \
WORKSPACE_ADDRESS="0.0.0.0" \
ZTNA_MODE="n" \
DELEGATED_USERNAME="root" \
DELEGATED_PASSWORD='!1AdminAdmin' \
LICENSE="/path/to/license" \
bash OPLON_INSTALL_LASTUPDATE.sh

Offline Installation/Update or Specific Version

Show offline / specific version procedure

Use this method if:

The system has no Internet access
You need to install a specific version (not the latest)
You must comply with corporate software distribution policies

Phase 1: Download the required files

Perform these steps from a machine with Internet access:

Go to the download page and download the .zip package for the desired version.
First installation only: Also download the instscratch bootstrap files:

The instscratch files are required only for a first installation on a new system. For updates to existing systems, you can skip this step.
Transfer all downloaded files to the target server (use scp, USB, or any other available method).

Phase 2: Install on the server

Log in as root or use sudo for all of the following commands.
Create the /share directory (if it does not exist) and set the correct permissions:
```
mkdir -p /share && chmod 777 /share
```
Transfer all downloaded files to the /share directory.
Navigate to the /share directory:
```
cd /share
```

Extract the package (replace ${VERSION} with the downloaded version):


# Example: unzip OPLON_011_003_000_OPLON_NETWORKS_SUITE.zip
unzip ${VERSION}_OPLON_NETWORKS_SUITE.zip

First installation only: Run the bootstrap files:
```
bash instscratch.sh && bash instscratchDocker.sh
```
This step initialises the Docker environment and required dependencies. It is needed only for new installations.
Run the update script:
```
bash OPLON_INSTALL_UPDATE.sh
```
For updates, environment variables are not required.

Advanced Container Configuration

Show advanced configuration details

There are cases where you may want to customise the configuration of the Docker containers used by Oplon Secure Access — for example, to change allocated resources, networks, or recording paths.

Download OPLON_INSTALL_CONTAINERS.sh

Available parameters

The OPLON_INSTALL_CONTAINERS.sh script accepts the following optional parameters:

Parameter	Description	Default
`-n`	Docker bridge network used by the containers	`192.168.252.0/24` or `172.18.0.0/16`
`-bi`	Listening IP address for Browser Isolation	`127.0.0.1`
`-bim`	Memory limit in MB for Browser Isolation (`0` = no limit)	Calculated from available RAM
`-rdlogpath`	Host path for RDP recordings	`/opl-recording`
`-sshlogpath`	Host path for SSH recordings	`/opl-recording-ssh`

Examples

Change the Docker network


bash OPLON_INSTALL_CONTAINERS.sh --changenet 172.18.0.0/16

Configure the Browser Isolation listening address


# Listen on localhost (default for single-node installation)
bash OPLON_INSTALL_CONTAINERS.sh --bilistner 127.0.0.1
 
# Listen on a specific IP (dedicated Browser Isolation multi-node setup)
bash OPLON_INSTALL_CONTAINERS.sh --bilistner 192.168.1.100

Set a memory limit for Browser Isolation


# 4 GB limit (4096 MB)
bash OPLON_INSTALL_CONTAINERS.sh --bimemory 4096
 
# No memory limit
bash OPLON_INSTALL_CONTAINERS.sh --bimemory 0

Change recording paths


# Change only the RDP path
bash OPLON_INSTALL_CONTAINERS.sh --changerdlogpath /mnt/recordings/rdp
 
# Change only the SSH path
bash OPLON_INSTALL_CONTAINERS.sh --changesshlogpath /mnt/recordings/ssh
 
# Change both paths
bash OPLON_INSTALL_CONTAINERS.sh \
  --changerdlogpath /mnt/recordings/rdp \
  --changesshlogpath /mnt/recordings/ssh

Changing these parameters may affect system behaviour. Make sure you understand the implications before proceeding and that you have a backup of the system.