Forum Discussion
NGINX Management Suite and NGINX Ingress controller with App protect
Here's the agent install instructions for the management suite:
https://docs.nginx.com/nginx-management-suite/nim/previous-versions/v1/getting-started/agent/
Thank you for the response. I have seen this guide and this guide does not help me to install agent on NGINX Ingress Controller. My goal is to install agent on NGINX Ingress controller container on Kubernetes cluster.
Here is guide for installation in container environment:
https://docs.nginx.com/nginx-management-suite/nginx-agent/nginx-agent-in-container/
I manage to install it using base image of ingress controller, but I need to run it in unprivileged mode. Here is Dokerfile I created for creating image with agent installed on it:
FROM nginx-plus-repository.bhtelecom.ba/nginx-ic-nap-dos/nginx-plus-ingress:3.2.0
USER 0
RUN apt-get update \
&& apt-get install curl \
&& apt-get install -y gpg \
&& curl --insecure https://172.30.20.70/install/nginx-agent | sh
RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \
&& sed -i 's,/var/lib/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \
&& sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/ngi>
&& chown -R nginx:nginx /var/cache/nginx \
&& chmod -R go+rw /var/cache/nginx \
&& chown -R nginx:nginx /etc/nginx \
&& chmod -R go+rw /etc/nginx \
&& chown -R nginx:nginx /var/log/nginx \
&& chmod -R go+rw /var/log/nginx \
&& chown -R nginx:nginx /var/run/nginx-agent \
&& chmod -R go+w /var/run/nginx-agent \
&& ln -sf /dev/stdout /var/log/nginx-agent/agent.log
RUN mkdir scripts
COPY commands.sh /scripts/commands.sh
RUN ["chmod", "+x", "/scripts/commands.sh"]
ENTRYPOINT ["/scripts/commands.sh"]
Here is command.sh:
#!/bin/bash
nginx-agent &
/nginx-ingress -nginx-plus -nginx-configmaps=$POD_NAMESPACE/nginx-plus-config --ingress-class=nginx-plus-ic -default-server-tls-secret=$POD_NAMESPACE/nginx-plus-default-server-cert -enable-cert-manager -enable-app-protect -enable-app-pr>
Nginx agent is not starting because nginx user with ID 101 and I get following error:
"Unable to load properties from config files (/etc/nginx-agent/nginx-agent.conf, /var/lib/nginx-agent/agent-dynamic.conf) - error loading config file /etc/nginx-agent/nginx-agent.conf: open /etc/nginx-agent/nginx-agent.conf: permission denied"
It looks like chown command is not taking effect in Dockerfile.
Did anyone have any experience installing agent on NGINX Ingress controller to manage AppProtect WAF from Management Suite Instance Manager?
Thank you and kind regards,
Ajdin
- AubreyKingF5Aug 11, 2023Moderator
Looking to see if I can find someone internal.
Also..
"Unable to load properties from config files (/etc/nginx-agent/nginx-agent.conf, /var/lib/nginx-agent/agent-dynamic.conf) - error loading config file /etc/nginx-agent/nginx-agent.conf: open /etc/nginx-agent/nginx-agent.conf: permission denied"
There was nowhere that you set permissions for /etc/nginx-agent, etc., in the error. Did you add nxinx-agent to a group that has access? Are you sure dir perms are right for the nginx-agent user to read?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com