Linux / NGINX

Overview
CloudGuard AppSec can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy. 
In this scenario the admin have the flexibility to manage all aspects of NGINX on their own. For more details:
 NGINX Documentation​
 Configuring HTTP Servers 
Prerequisites
An existing deployment of NGINX for Linux on Ubuntu, CentOS, Red Hat, Debian, openSUSE, Fedora, Alpine.
Specific versions numbers are updated under Support->Platforms
Installation
Step 1: Download the Installer to the linux machine
Run the following command from the linux command line:
wget https://checkpoint.com/nanoegg -O nanoegg
Step 2: Install the Agent
sudo su
./nanoegg --install --token <token>
Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. you will need it during agent deployment.
​
​
The installer creates an initial registration with the CloudGuard AppSec cloud and downloads the latest version of the agent installation.
It will also add to your nginx.conf the following line:
load_module /usr/lib/nginx/modules/ngx_cp_attachment_module.so;
Step 3: Configure SSL certificates (optional if the servers do not use HTTPS)
To configure SSL certificates in NGINX follow these guides:
​NGINX​
​NGINX PLUS​
Step 4: Verify installation
The agent will automatically install, connect and should display a successful connection message within the CloudGuard AppSec web portal:
To check agent status after the installation, you can run:
cpnano -s
​
Last modified 4mo ago