Linux / NGINX / Kong



CloudGuard AppSec can be deployed as an add-on for NGINX, thus providing protection to any applications and APIs served by NGINX Reverse Proxy.
In this scenario the admin have the flexibility to manage all aspects of NGINX on their own. For more details:

Additional reverse proxy or API servers support

As time passes CloudGuard adds support for additional reverse proxy servers and API servers running similarly to the NGINX example depicted above. The basic installation command is the same for all of them as the agent automatically recognizes the environment in which it is installed.
Installation of SSL certificates may differ between different servers.
Currently supported:
  • Kong


  • An existing deployment of NGINX or Kong for Linux running over a variety of platforms.
  • Specific versions numbers are updated under Support->Platforms


Step 1: Download the Installer to the linux machine

Run the following commands from the linux server shell:
sudo su
wget -O nanoegg

Step 2: Install the Agent

Run the following commands from the linux server shell, from the same location as previous step:
chmod +x nanoegg
./nanoegg --install --token <token>
Make sure you obtain the <token> from the Enforcement Profile page, Authentication section. you will need it during agent deployment.
The installer creates an initial registration with the CloudGuard AppSec cloud and downloads the latest version of the agent installation.
It will also add to your nginx.conf the following line:
load_module /usr/lib/nginx/modules/;

Step 3: Configure SSL certificates (optional if the servers do not use HTTPS)

To configure SSL certificates in NGINX follow these guides:
To configure SSL certificates in Kong follow the guide in the following link.

Step 4: Verify installation

The agent will automatically install, connect and should display a successful connection message within the CloudGuard AppSec web portal:
To check agent status after the installation from the Linux server shell, you can run:
cpnano -s