Linux / NGINX / Kong
CloudGuard AppSec can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy.
In this scenario the admin have the flexibility to manage all aspects of NGINX on their own. For more details:
As time passes CloudGuard adds support for additional reverse proxy servers and API servers running similarly to the NGINX example depicted above. The basic installation command is the same for all of them as the agent automatically recognizes the environment in which it is installed.
Installation of SSL certificates may differ between different servers.
Currently supported:
- Kong
- An existing deployment of NGINX or Kong for Linux running over a variety of platforms.
- Specific versions numbers are updated under Support->Platforms
Run the following commands from the linux server shell:
sudo suwget https://sc1.checkpoint.com/nanoagent/nanoegg -O nanoeggRun the following commands from the linux server shell, from the same location as previous step:
chmod +x nanoegg./nanoegg --install --token <token>Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. you will need it during agent deployment.
The installer creates an initial registration with the CloudGuard AppSec cloud and downloads the latest version of the agent installation.
It will also add to your nginx.conf the following line:
load_module /usr/lib/nginx/modules/ngx_cp_attachment_module.so;To configure SSL certificates in NGINX follow these guides:
The agent will automatically install, connect and should display a successful connection message within the CloudGuard AppSec web portal:
To check agent status after the installation from the Linux server shell, you can run:
cpnano -s
Last modified 1mo ago