Linux / NGINX


CloudGuard AppSec can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy.
In this scenario the admin have the flexibility to manage all aspects of NGINX on their own. For more details:


  • An existing deployment of NGINX for Linux on Ubuntu, CentOS, Red Hat, Debian, openSUSE, Fedora, Alpine.
  • Specific versions numbers are updated under Support->Platforms


Step 1: Download the Installer to the linux machine

Run the following command from the linux command line:
wget -O nanoegg

Step 2: Install the Agent

sudo su
./nanoegg --install --token <token>
Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. you will need it during agent deployment.
The installer creates an initial registration with the CloudGuard AppSec cloud and downloads the latest version of the agent installation.
It will also add to your nginx.conf the following line:
load_module /usr/lib/nginx/modules/;

Step 3: Configure SSL certificates (optional if the servers do not use HTTPS)

To configure SSL certificates in NGINX follow these guides:

Step 4: Verify installation

The agent will automatically install, connect and should display a successful connection message within the CloudGuard AppSec web portal:
To check agent status after the installation, you can run:
cpnano -s