Forum Discussion
Ajdin_Herić
Nimbostratus
NimbostratusNGINX Management Suite and NGINX Ingress controller with App protect
Hello everyone,
I am new to NGINX Plus and currently I have trial license for NGINX Ingress controler with NGINX AppProtect and DoS, and also for NGINS Management Suite Instance Manager.
I have successfully installed both components, and now I am trying to connect Management Suite and NGINX ingress controller so I can manage WAF from Management Suite.
As I understand I have to install NGINX agent in NGINX Ingress Controller containter so it connects to Management Suite. So far, I didn't have luck on completing this.
Did anyone had a chance to configure this and can you send please some instructions?
Thank you very much,
Ajdin
- AubreyKingF5
Moderator
Here's the agent install instructions for the management suite:
https://docs.nginx.com/nginx-management-suite/nim/previous-versions/v1/getting-started/agent/
Ajdin_HerićThank you for the response. I have seen this guide and this guide does not help me to install agent on NGINX Ingress Controller. My goal is to install agent on NGINX Ingress controller container on Kubernetes cluster.
Here is guide for installation in container environment:
https://docs.nginx.com/nginx-management-suite/nginx-agent/nginx-agent-in-container/
I manage to install it using base image of ingress controller, but I need to run it in unprivileged mode. Here is Dokerfile I created for creating image with agent installed on it:
FROM nginx-plus-repository.bhtelecom.ba/nginx-ic-nap-dos/nginx-plus-ingress:3.2.0
USER 0
RUN apt-get update \
&& apt-get install curl \
&& apt-get install -y gpg \
&& curl --insecure https://172.30.20.70/install/nginx-agent | sh
RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \
&& sed -i 's,/var/lib/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \
&& sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/ngi>
&& chown -R nginx:nginx /var/cache/nginx \
&& chmod -R go+rw /var/cache/nginx \
&& chown -R nginx:nginx /etc/nginx \
&& chmod -R go+rw /etc/nginx \
&& chown -R nginx:nginx /var/log/nginx \
&& chmod -R go+rw /var/log/nginx \
&& chown -R nginx:nginx /var/run/nginx-agent \
&& chmod -R go+w /var/run/nginx-agent \
&& ln -sf /dev/stdout /var/log/nginx-agent/agent.log
RUN mkdir scripts
COPY commands.sh /scripts/commands.sh
RUN ["chmod", "+x", "/scripts/commands.sh"]
ENTRYPOINT ["/scripts/commands.sh"]Here is command.sh:
#!/bin/bash
nginx-agent &
/nginx-ingress -nginx-plus -nginx-configmaps=$POD_NAMESPACE/nginx-plus-config --ingress-class=nginx-plus-ic -default-server-tls-secret=$POD_NAMESPACE/nginx-plus-default-server-cert -enable-cert-manager -enable-app-protect -enable-app-pr>Nginx agent is not starting because nginx user with ID 101 and I get following error:
"Unable to load properties from config files (/etc/nginx-agent/nginx-agent.conf, /var/lib/nginx-agent/agent-dynamic.conf) - error loading config file /etc/nginx-agent/nginx-agent.conf: open /etc/nginx-agent/nginx-agent.conf: permission denied"
It looks like chown command is not taking effect in Dockerfile.
Did anyone have any experience installing agent on NGINX Ingress controller to manage AppProtect WAF from Management Suite Instance Manager?
Thank you and kind regards,
Ajdin
- AubreyKingF5
Looking to see if I can find someone internal.
Also..
"Unable to load properties from config files (/etc/nginx-agent/nginx-agent.conf, /var/lib/nginx-agent/agent-dynamic.conf) - error loading config file /etc/nginx-agent/nginx-agent.conf: open /etc/nginx-agent/nginx-agent.conf: permission denied"
There was nowhere that you set permissions for /etc/nginx-agent, etc., in the error. Did you add nxinx-agent to a group that has access? Are you sure dir perms are right for the nginx-agent user to read?
