Skip to content
Klutch.sh Docs

How to Deploy Wazuh

Introduction

Wazuh is an open-source security platform for threat detection, integrity monitoring, incident response, and compliance. Deploying Wazuh on Klutch.sh provides scalable, secure infrastructure for your security operations, with support for persistent storage and automated CI/CD.

This guide covers deploying Wazuh on Klutch.sh using a Dockerfile, configuring persistent storage, and best practices for production deployments.

Prerequisites

  • A Klutch.sh account (sign up here)
  • A GitHub repository for your Wazuh deployment (or fork of the Wazuh repo)
  • Basic knowledge of Docker and security concepts

1. Prepare your Wazuh repository

  • Fork or clone the Wazuh repository, or create a wrapper repo for your customizations.
  • Store large assets (such as configuration files, logs, or database files) outside the Git repo; use persistent volumes or object storage and mount or fetch them at runtime.

Refer to the Klutch.sh Quick Start Guide for repository setup and GitHub integration.

2. Sample non-Docker deployment (Klutch.sh build)

You can deploy Wazuh from your repo without a Dockerfile using Klutch.sh’s build system:

  1. Push your repo to GitHub. Include a start script (for example: start.sh) that installs dependencies and runs Wazuh.
  2. In Klutch.sh, create a new project and app, and connect your repository.
  3. Set the start command to the script or Wazuh’s start command (example: wazuh-manager start).
  4. Attach persistent volumes for configuration, logs, or database files (see Volumes Guide).
  5. Set the app port to 55000 (or your configured port).
  6. Click “Create” to build and deploy.

Notes:

  • Configure runtime secrets (database credentials, API keys) as environment variables in Klutch.sh.
  • For advanced use, customize the start script to load assets from mounted volumes or object storage.

A Dockerfile ensures reproducible builds and full control over dependencies. Example:

FROM wazuh/wazuh:latest


# Optional: Add custom configuration or plugins
# COPY ./config /var/ossec/config


EXPOSE 55000

For custom assets, mount persistent volumes or fetch from object storage at startup.

4. Persistent storage & volumes

Wazuh requires persistent storage for configuration, logs, and database files:

  • Create a persistent volume in Klutch.sh and mount it to /var/ossec/config or your chosen path.
  • Configure Wazuh (or your startup script) to read/write from the mounted path.

Example mount mapping in Klutch.sh app settings:

/var/ossec/config  <- my-wazuh-storage

If using object storage (S3-compatible), store credentials in environment variables and fetch assets at startup.

5. Environment variables and secrets

  • Store database credentials, API keys, and other secrets in Klutch.sh environment variables (never in the repo).
  • Use the Klutch.sh UI to mark secrets and prevent them from being logged.

6. Scaling, monitoring, and best practices

  • Use health checks and readiness probes if supported by Wazuh.
  • Monitor CPU, memory, and latency; scale instances as needed.
  • Pin dependency versions and use multi-stage Docker builds for smaller images.
  • Use CI to build and publish images, or let Klutch.sh build from your repo and tag releases.
  • Restrict public access to endpoints; require authentication or place behind an API gateway.

Resources

Deploying Wazuh on Klutch.sh gives you a reproducible, scalable path to serve modern security operations applications. For advanced setups, you can add a startup script to fetch assets from S3, a multi-stage Dockerfile for smaller images, or CI/CD integration to automate builds and deployments.