-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f97eeb86" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f97eeb86">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f98c8915" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f98c8915">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f99aeda4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f99aeda4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f97eeb86" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f97eeb86">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f98c8915" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f98c8915">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f99aeda4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f99aeda4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9640016" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9640016">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo yum install ca-certificates wget
sudo yum install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
For NGINX Open Source
-
Set up the apk repository for mainline nginx packages:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa1a0239" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa1a0239">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"%s%s%s\n"</span> <span class="se">\
"http://nginx.org/packages/mainline/alpine/v"
</span>egrep -o <span class="s1">'^[0-9]+\.[0-9]+'</span> /etc/alpine-release<span class="sb">
"/main"
| sudo tee -a /etc/apk/repositories
printf "%s%s%s\n" \
"http://nginx.org/packages/mainline/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
Add the NGINX App Protect WAF v5 apk repository:
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Install the NGINX App Protect WAF v5 package:
sudo apk add app-protect-module-oss
sudo apk add app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo yum install app-protect-module-oss
sudo yum install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa3fee29" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa3fee29">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create the NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa451126" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa451126">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package.
sudo dnf install app-protect-module-oss
sudo dnf install app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa582cba" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa582cba">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa5d8f78" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa5d8f78">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
Install the NGINX App Protect WAF v5 package.
sudo yum install app-protect-module-oss
sudo yum install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7223cd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7223cd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa76de57" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa76de57">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7c1aec" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7c1aec">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7223cd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7223cd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa76de57" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa76de57">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7c1aec" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7c1aec">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa1995c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa1995c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa6f387" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa6f387">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-oss
sudo dnf install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa582cba" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa582cba">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa5d8f78" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa5d8f78">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
Install the NGINX App Protect WAF v5 package.
sudo yum install app-protect-module-oss
sudo yum install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa1995c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa1995c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa6f387" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa6f387">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-oss
sudo dnf install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fad0c8fb" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fad0c8fb">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fad6b552" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fad6b552">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-oss
sudo dnf install app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo apt-get update
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
For NGINX Plus
-
Add the NGINX Plus apk repository to /etc/apk/repositories file:
printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Add the NGINX App Protect WAF v5 repository:
printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Install the NGINX App Protect WAF v5 package:
sudo apk add app-protect-module-plus
sudo apk add app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-amazon2.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo yum install app-protect-module-plus
sudo yum install app-protect-module-plus
-
Download the NGINX Plus repository file plus-amazonlinux2023.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb7309bd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb7309bd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-plus
sudo dnf install app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-amazon2.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb90352c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb90352c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
Install the NGINX App Protect WAF v5 package.
sudo yum install app-protect-module-plus
sudo yum install app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fba73876" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fba73876">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbae4eaa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbae4eaa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fba73876" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fba73876">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbae4eaa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbae4eaa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-8.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbe25686" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbe25686">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-plus
sudo dnf install app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-amazon2.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb90352c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb90352c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
Install the NGINX App Protect WAF v5 package.
sudo yum install app-protect-module-plus
sudo yum install app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-8.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbe25686" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbe25686">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-plus
sudo dnf install app-protect-module-plus
-
Download the NGINX Plus repository file plus-9.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd4c7291" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd4c7291">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo dnf install app-protect-module-plus
sudo dnf install app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package:
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
NGINX Configuration
In your nginx configuration:
-
Load the NGINX App Protect WAF v5 module at the main context:
load_module modules/ngx_http_app_protect_module.so;
load_module modules/ngx_http_app_protect_module.so;
-
Configure the Enforcer address at the http context:
app_protect_enforcer_address 127.0.0.1:50000;
app_protect_enforcer_address 127.0.0.1:50000;
-
Enable NGINX App Protect WAF on an http/server/location context (make sure you only enable NGINX App Protect WAF with proxy_pass/grpc_pass locations):
In this guide, the following files are used:
/etc/nginx/nginx.conf
<div class="code-header">
<span class="code-type">nginx</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb237cfa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb237cfa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">user</span> <span class="s">nginx</span><span class="p">;</span>
worker_processes auto;
# NGINX App Protect WAF
load_module modules/ngx_http_app_protect_module.so;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# NGINX App Protect WAF
app_protect_enforcer_address 127.0.0.1:50000;
include /etc/nginx/conf.d/*.conf;
}
user nginx;
worker_processes auto;
# NGINX App Protect WAF
load_module modules/ngx_http_app_protect_module.so;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# NGINX App Protect WAF
app_protect_enforcer_address 127.0.0.1:50000;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/default.conf
<div class="code-header">
<span class="code-type">nginx</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb51f8c5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb51f8c5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">server</span> <span class="p">{</span>
listen 80;
server_name domain.com;
proxy_http_version 1.1;
location / {
# NGINX App Protect WAF
app_protect_enable on;
client_max_body_size 0;
default_type text/html;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
server_name domain.com;
proxy_http_version 1.1;
location / {
# NGINX App Protect WAF
app_protect_enable on;
client_max_body_size 0;
default_type text/html;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
WAF Services Configuration
Permissions
Set up the directories with the correct ownership for NGINX App Protect WAF v5 services, where 101:101 are the default UID/GID.
Create Directories:
sudo mkdir -p /opt/app_protect/config /opt/app_protect/bd_config
sudo mkdir -p /opt/app_protect/config /opt/app_protect/bd_config
Set Ownership:
sudo chown -R 101:101 /opt/app_protect/
sudo chown -R 101:101 /opt/app_protect/
Set up Docker for F5 Container Registry
Configure Docker to interact with the F5 Container Registry at private-registry.nginx.com:
sudo mkdir -p /etc/docker/certs.d/private-registry.nginx.com
sudo cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
sudo cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
sudo mkdir -p /etc/docker/certs.d/private-registry.nginx.com
sudo cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
sudo cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
Please note that the file extension for the certificate file has changed from .crt to .cert
Docker Compose File
Create a docker-compose.yml with the following configuration:
Replace waf-enforcer and waf-config-mgr tag with the actual release version tag you are deploying. We are using version 5.2.0 for this example deployment.
services:
waf-enforcer:
container_name: waf-enforcer
image: private-registry.nginx.com/nap/waf-enforcer:5.2.0
environment:
- ENFORCER_PORT=50000
ports:
- "50000:50000"
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
networks:
- waf_network
restart: always
waf-config-mgr:
container_name: waf-config-mgr
image: private-registry.nginx.com/nap/waf-config-mgr:5.2.0
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
- /opt/app_protect/config:/opt/app_protect/config
- /etc/app_protect/conf:/etc/app_protect/conf
restart: always
network_mode: none
depends_on:
waf-enforcer:
condition: service_started
networks:
waf_network:
driver: bridge
services:
waf-enforcer:
container_name: waf-enforcer
image: private-registry.nginx.com/nap/waf-enforcer:5.2.0
environment:
- ENFORCER_PORT=50000
ports:
- "50000:50000"
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
networks:
- waf_network
restart: always
waf-config-mgr:
container_name: waf-config-mgr
image: private-registry.nginx.com/nap/waf-config-mgr:5.2.0
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
- /opt/app_protect/config:/opt/app_protect/config
- /etc/app_protect/conf:/etc/app_protect/conf
restart: always
network_mode: none
depends_on:
waf-enforcer:
condition: service_started
networks:
waf_network:
driver: bridge
In some operating systems, security mechanisms like SELinux or AppArmor are enabled by default, potentially blocking necessary file access for the nginx process and waf-config-mgr and waf-enforcer containers. To ensure NGINX App Protect WAF v5 operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile. For short-term troubleshooting, you may use permissive (SELinux) or complain (AppArmor) mode to avoid these restrictions, but keep in mind that this lowers security and isn’t advised for prolonged use.
Start the Deployment
-
To start the WAF services, navigate to the directory that contains the docker-compose.yml file and run:
sudo docker compose up -d
sudo docker compose up -d
-
To start the NGINX, run:
-
To verify the enforcement functionality, ensure the following request is rejected:
curl "localhost/<script>"
curl "localhost/<script>"
Using Policy and Logging Profile Bundles
To work with custom policy and logging profile bundles, these files must be accessible to the waf-config-mgr container.
- Assumption: Your bundle files are in
/bundles on the host machine.
- Docker Compose Configuration: In your
docker-compose.yml, add a volume mount under the waf-config-mgr service to link the host directory /bundles to the same path inside the container.
...
waf-config-mgr:
container_name: waf-config-mgr
image: "private-registry.nginx.com/nap/waf-config-mgr:1.0.0"
volumes:
- /bundles:/bundles # Mounting the host directory to the container
- ... #existing volume mounts
...
waf-config-mgr:
container_name: waf-config-mgr
image: "private-registry.nginx.com/nap/waf-config-mgr:1.0.0"
volumes:
- /bundles:/bundles # Mounting the host directory to the container
- ... #existing volume mounts
By setting up this volume mount, the bundle files can be referenced within your NGINX configuration using the /bundles directory.
For instance:
app_protect_policy_file /bundles/custom_policy.tgz;
app_protect_security_log /bundles/custom_logging_profile.tgz syslog:server=localhost:5514;
app_protect_policy_file /bundles/custom_policy.tgz;
app_protect_security_log /bundles/custom_logging_profile.tgz syslog:server=localhost:5514;
After deploying NGINX App Protect WAF, learn how to utilize the NGINX App Protect WAF Compiler for applying your custom policies and logging profiles.
Air-Gap Install: Secure Offline Installation
Install NGINX and NGINX App Protect WAF module
-
Log in to MyF5 Customer Portal and download your nginx-repo.crt and nginx-repo.key files on your online machine.
-
If any old NGINX App Protect packages are installed, make sure to remove them.
-
Follow the steps below for the operating system you are working with.
If not already installed, nginx or nginx-plus will be installed automatically as a dependency.
Common Steps for NGINX Open Source and NGINX Plus
Please follow these steps before you install either NGINX Open Source or NGINX Plus.
-
Upload nginx-repo.key to /etc/apk/cert.key and nginx-repo.crt to /etc/apk/cert.pem. Make sure that files do not contain other certificates and keys: Alpine Linux does not support mixing client certificates for different repositories.
-
Install prerequisite packages:
sudo apk add openssl ca-certificates
sudo apk add openssl ca-certificates
-
Put NGINX signing public key to directory /etc/apk/keys:
sudo wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub
sudo wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload the nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f94a485f" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f94a485f">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install the required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.amazonlinux2023.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.amazonlinux2023.repo
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f97eeb86" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f97eeb86">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f98c8915" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f98c8915">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f99aeda4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f99aeda4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f97eeb86" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f97eeb86">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f98c8915" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f98c8915">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f99aeda4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f99aeda4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previously downloaded NGINX repository files from /etc/yum.repos.d:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9b765e0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9b765e0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/app-protect.repo
sudo rm /etc/yum.repos.d/nginx*.repo
sudo rm /etc/yum.repos.d/*app-protect*.repo
Install required dependencies:
sudo dnf install ca-certificates wget
sudo dnf install ca-certificates wget
Download the dependencies.repo file to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
-
Create the /etc/ssl/nginx/ directory:
sudo mkdir -p /etc/ssl/nginx
sudo mkdir -p /etc/ssl/nginx
-
Upload nginx-repo.crt and nginx-repo.key files to the /etc/ssl/nginx/ directory.
-
Remove any previous NGINX repository and apt configuration files:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9df70c6" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9df70c6">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/app-protect.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
sudo rm /etc/apt/sources.list.d/nginx*.list
sudo rm /etc/apt/sources.list.d/*app-protect*.list
sudo rm /etc/apt/apt.conf.d/90pkgs-nginx
Install prerequisite packages:
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
sudo apt-get update && sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring
Download and add the NGINX signing key:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9eaf2d0" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9eaf2d0">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl">wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key <span class="p">|</span> gpg --dearmor <span class="p">|</span> <span class="se">\
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | \
sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Download the apt configuration to /etc/apt/apt.conf.d:
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
Verify that the downloaded file contains the proper key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658f9f75a1b" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658f9f75a1b">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
If the fingerprint is different, remove the file.
For NGINX Open Source
-
Set up the apk repository for mainline nginx packages:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa1a0239" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa1a0239">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"%s%s%s\n"</span> <span class="se">\
"http://nginx.org/packages/mainline/alpine/v"
</span>egrep -o <span class="s1">'^[0-9]+\.[0-9]+'</span> /etc/alpine-release<span class="sb">
"/main"
| sudo tee -a /etc/apk/repositories
printf "%s%s%s\n" \
"http://nginx.org/packages/mainline/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
Add the NGINX App Protect WAF v5 apk repository:
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
-
Set up the apk repository for mainline nginx packages:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa1a0239" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa1a0239">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"%s%s%s\n"</span> <span class="se">\
"http://nginx.org/packages/mainline/alpine/v"
</span>egrep -o <span class="s1">'^[0-9]+\.[0-9]+'</span> /etc/alpine-release<span class="sb">
"/main"
| sudo tee -a /etc/apk/repositories
printf "%s%s%s\n" \
"http://nginx.org/packages/mainline/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
Add the NGINX App Protect WAF v5 apk repository:
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
-
Set up the apk repository for mainline nginx packages:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa1a0239" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa1a0239">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"%s%s%s\n"</span> <span class="se">\
"http://nginx.org/packages/mainline/alpine/v"
</span>egrep -o <span class="s1">'^[0-9]+\.[0-9]+'</span> /etc/alpine-release<span class="sb">
"/main"
| sudo tee -a /etc/apk/repositories
printf "%s%s%s\n" \
"http://nginx.org/packages/mainline/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
Add the NGINX App Protect WAF v5 apk repository:
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-oss/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/7/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Install the NGINX App Protect WAF v5 package:
sudo yum install app-protect-module-oss
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo yum install app-protect-module-oss
sudo apt-get install nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
When prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa3fee29" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa3fee29">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create the NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa451126" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa451126">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Open Source packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7223cd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7223cd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa76de57" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa76de57">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7c1aec" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7c1aec">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7223cd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7223cd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa76de57" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa76de57">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fa7c1aec" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fa7c1aec">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa1995c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa1995c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa6f387" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa6f387">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Open Source packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa1995c" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa1995c">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faa6f387" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faa6f387">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Open Source packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
-
Create the file named /etc/yum.repos.d/nginx.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fad0c8fb" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fad0c8fb">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-oss.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fad6b552" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fad6b552">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-oss]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-oss/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Open Source packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-oss
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Open Source repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faed3958" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faed3958">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu lsb_release -cs nginx" |
sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list
Set up repository pinning to prefer our packages over distribution-provided ones:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf2a3d5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf2a3d5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">echo</span> -e <span class="s2">"Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n"</span> <span class="p">|</span> <span class="se">\
sudo tee /etc/apt/preferences.d/99nginx
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | \
sudo tee /etc/apt/preferences.d/99nginx
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658faf7f3d4" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658faf7f3d4">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-oss/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
For NGINX Plus
-
Add the NGINX Plus apk repository to /etc/apk/repositories file:
printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Add the NGINX App Protect WAF v5 repository:
printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | sudo tee -a /etc/apk/repositories
-
Download all NGINX Plus packages, including all dependencies:
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-plus
sudo mkdir /etc/packages/
sudo apk update
sudo apk fetch --recursive --output /etc/packages app-protect-module-plus
-
Download the NGINX Plus repository file plus-amazonlinux2023.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb7309bd" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb7309bd">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fba73876" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fba73876">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbae4eaa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbae4eaa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fba73876" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fba73876">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbae4eaa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbae4eaa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Download the NGINX Plus repository file nginx-plus-8.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbe25686" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbe25686">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
-
Download the NGINX Plus repository file nginx-plus-8.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fbe25686" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fbe25686">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
-
Download the NGINX Plus repository file plus-9.repo to /etc/yum.repos.d:
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo
-
Create NGINX App Protect WAF v5 repository file, named /etc/yum.repos.d/app-protect-x-plus.repo with the following contents:
<div class="code-header no-lang">
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd4c7291" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd4c7291">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
[app-protect-x-plus]
name=nginx-app-protect repo
baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/9/$basearch/
sslclientcert=/etc/ssl/nginx/nginx-repo.crt
sslclientkey=/etc/ssl/nginx/nginx-repo.key
gpgcheck=0
enabled=1
-
Download all NGINX Plus packages, including all dependencies: We used repotrack for example:
Install yum-utils
sudo dnf install yum-utils
sudo dnf install yum-utils
For this test deployment we download the packages inside /etc/packages/
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
sudo mkdir /etc/packages/
cd /etc/packages/
sudo repotrack --forcearch x86_64 app-protect-module-plus
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo bash -c 'for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect-module-plus | grep "^\w" | sort -u); do apt-get download $i; done 2>>/etc/packages/errors.txt'
-
Add the NGINX Plus repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6438de" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6438de">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-plus.list
Add the NGINX App Protect WAF v5 repository:
<div class="code-header">
<span class="code-type">shell</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fd6ba77a" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fd6ba77a">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="nb">printf</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu lsb_release -cs nginx-plus\n" |
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \
sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Download all NGINX Open Source packages, including all dependencies:
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo apt-get install nginx app-protect-module-oss
sudo mkdir -p /etc/packages/
cd /etc/packages/
sudo apt-get update
sudo apt-get install nginx app-protect-module-oss
For NGINX Plus
-
Add the NGINX Plus repository:
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
-
Add the NGINX App Protect WAF v5 repository:
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-app-protect.list
-
Install the NGINX App Protect WAF v5 package.
sudo apt-get update
sudo apt-get install app-protect-module-plus
sudo apt-get update
sudo apt-get install app-protect-module-plus
NGINX Configuration
In your NGINX configuration:
-
Load the NGINX App Protect WAF v5 module at the main context:
load_module modules/ngx_http_app_protect_module.so;
load_module modules/ngx_http_app_protect_module.so;
-
Configure the Enforcer address at the http context:
app_protect_enforcer_address 127.0.0.1:50000;
app_protect_enforcer_address 127.0.0.1:50000;
-
Enable NGINX App Protect WAF on an http/server/location context (make sure you only enable NGINX App Protect WAF with proxy_pass/grpc_pass locations):
In this guide, the following files are used on the offline/air-gap machine:
/etc/nginx/nginx.conf
<div class="code-header">
<span class="code-type">nginx</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb237cfa" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb237cfa">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">user</span> <span class="s">nginx</span><span class="p">;</span>
worker_processes auto;
# NGINX App Protect WAF
load_module modules/ngx_http_app_protect_module.so;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# NGINX App Protect WAF
app_protect_enforcer_address 127.0.0.1:50000;
include /etc/nginx/conf.d/*.conf;
}
user nginx;
worker_processes auto;
# NGINX App Protect WAF
load_module modules/ngx_http_app_protect_module.so;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# NGINX App Protect WAF
app_protect_enforcer_address 127.0.0.1:50000;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/default.conf
<div class="code-header">
<span class="code-type">nginx</span>
<button onclick="copyToClipBoard(this)" data-id-codeblock="id-182df658fb51f8c5" class="code-copy-button" type="button">Copy</button>
</div>
<div class="highlight-v2" id="id-182df658fb51f8c5">
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">server</span> <span class="p">{</span>
listen 80;
server_name domain.com;
proxy_http_version 1.1;
location / {
# NGINX App Protect WAF
app_protect_enable on;
client_max_body_size 0;
default_type text/html;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
server_name domain.com;
proxy_http_version 1.1;
location / {
# NGINX App Protect WAF
app_protect_enable on;
client_max_body_size 0;
default_type text/html;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
WAF Services Configuration
Permissions
Set up the directories with the correct ownership for NGINX App Protect WAF v5 services, where 101:101 are the default UID/GID.
Create Directories:
sudo mkdir -p /opt/app_protect/config /opt/app_protect/bd_config
sudo mkdir -p /opt/app_protect/config /opt/app_protect/bd_config
Set Ownership:
sudo chown -R 101:101 /opt/app_protect/
sudo chown -R 101:101 /opt/app_protect/
Set up Docker for F5 Container Registry
Configure Docker to interact with the F5 Container Registry at private-registry.nginx.com:
sudo mkdir -p /etc/docker/certs.d/private-registry.nginx.com
sudo cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
sudo cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
sudo mkdir -p /etc/docker/certs.d/private-registry.nginx.com
sudo cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
sudo cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
Please note that the file extension for the certificate file has changed from .crt to .cert
Download waf-enforcer and waf-config-mgr Images
Pull the waf-enforcer and waf-config-mgr images. Replace 5.2.0 with the actual release version you are deploying.
docker pull private-registry.nginx.com/nap/waf-enforcer:5.2.0
docker pull private-registry.nginx.com/nap/waf-config-mgr:5.2.0
docker pull private-registry.nginx.com/nap/waf-enforcer:5.2.0
docker pull private-registry.nginx.com/nap/waf-config-mgr:5.2.0
Saving and Transferring Images
-
Save the waf-enforcer docker image:
docker save -o waf-enforcer.tar waf-enforcer:5.2.0
docker save -o waf-enforcer.tar waf-enforcer:5.2.0
-
Save the waf-config-mgr docker image:
docker save -o waf-config-mgr.tar waf-config-mgr:5.2.0
docker save -o waf-config-mgr.tar waf-config-mgr:5.2.0
-
Transfer the tar files from the online machine to the offline/air-gapped machine:
-
On the offline machine load the docker images:
docker load -i waf-enforcer.tar
docker load -i waf-config-mgr.tar
docker load -i waf-enforcer.tar
docker load -i waf-config-mgr.tar
Docker Compose File
Create a docker-compose.yml with the following configuration on the offline machine:
Replace waf-enforcer and waf-config-mgr tag with the actual release version tag you are deploying. We are using version 5.2.0 for this example deployment.
services:
waf-enforcer:
container_name: waf-enforcer
image: waf-enforcer:5.2.0
environment:
- ENFORCER_PORT=50000
ports:
- "50000:50000"
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
networks:
- waf_network
restart: always
waf-config-mgr:
container_name: waf-config-mgr
image: waf-config-mgr:5.2.0
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
- /opt/app_protect/config:/opt/app_protect/config
- /etc/app_protect/conf:/etc/app_protect/conf
restart: always
network_mode: none
depends_on:
waf-enforcer:
condition: service_started
networks:
waf_network:
driver: bridge
services:
waf-enforcer:
container_name: waf-enforcer
image: waf-enforcer:5.2.0
environment:
- ENFORCER_PORT=50000
ports:
- "50000:50000"
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
networks:
- waf_network
restart: always
waf-config-mgr:
container_name: waf-config-mgr
image: waf-config-mgr:5.2.0
volumes:
- /opt/app_protect/bd_config:/opt/app_protect/bd_config
- /opt/app_protect/config:/opt/app_protect/config
- /etc/app_protect/conf:/etc/app_protect/conf
restart: always
network_mode: none
depends_on:
waf-enforcer:
condition: service_started
networks:
waf_network:
driver: bridge
In some operating systems, security mechanisms like SELinux or AppArmor are enabled by default, potentially blocking necessary file access for the nginx process and waf-config-mgr and waf-enforcer containers. To ensure NGINX App Protect WAF v5 operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile. For short-term troubleshooting, you may use permissive (SELinux) or complain (AppArmor) mode to avoid these restrictions, but keep in mind that this lowers security and isn’t advised for prolonged use.
Start the Deployment
-
To start the WAF services, navigate to the directory that contains the docker-compose.yml file and run:
sudo docker compose up -d
sudo docker compose up -d
-
To start the NGINX, run:
-
To verify the enforcement functionality, ensure the following request is rejected:
curl "localhost/<script>"
curl "localhost/<script>"
Uninstall NGINX and NGINX App Protect WAF module
Stop the docker deployment and uninstall the NGINX packages.
Stop the Docker Deployment
To stop the WAF services, navigate to the directory that contains the docker-compose.yml file and run:
Uninstall the NGINX App Protect WAF v5 Package
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apk del app-protect-module-oss
sudo apk del app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apk del app-protect-module-plus
sudo apk del app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-oss
sudo apt-get remove nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
sudo yum remove app-protect-module-oss
sudo apt-get remove nginx=1.25.5-1~`lsb_release -cs` app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-plus
sudo yum remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-oss
sudo yum remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-plus
sudo yum remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-oss
sudo apt-get remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-plus
sudo apt-get remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-oss
sudo apt-get remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-plus
sudo apt-get remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-oss
sudo dnf remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-plus
sudo dnf remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-oss
sudo yum remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo yum remove app-protect-module-plus
sudo yum remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-oss
sudo dnf remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-plus
sudo dnf remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-oss
sudo dnf remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo dnf remove app-protect-module-plus
sudo dnf remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-oss
sudo apt-get remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-plus
sudo apt-get remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-oss
sudo apt-get remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-plus
sudo apt-get remove app-protect-module-plus
For NGINX Open Source
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-oss
sudo apt-get remove app-protect-module-oss
For NGINX Plus
Uninstall the NGINX App Protect WAF v5 package:
sudo apt-get remove app-protect-module-plus
sudo apt-get remove app-protect-module-plus
Last modified January 30, 2025
