# Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed

One of the possible deployments for open-appsec is a Linux agent installed on top of a [supported Reverse Proxy](/getting-started/start-with-linux.md).

If you wish to upgrade the Reverse Proxy while the agent is installed, follow the steps described in this documentation page.

{% tabs %}
{% tab title="NGINX" %}

#### Step 1: **Delete the agent module's load\_module line**

* Locate your nginx *modules* folder path by running:\
  nginx -V\
  and look for the value of the "--modules-path" parameter.\
  It is usually /usr/share/nginx/modules or /usr/lib/nginx/modules
* Via command line access to the machine with the NGINX server and the agent, edit the following file:\
  \&#xNAN;*/etc/nginx/nginx.conf*
* **Delete** the following line (look for the path located previously):\
  \&#xNAN;*load\_module /\<modules folder path>/ngx\_cp\_attachment\_module.so;*

#### Step 2: Comment out the agent module's configuration lines

* Edit all files in the paths */etc/nginx/conf.d/\** or */etc/nginx/sites\_enabled/\**
  * Comment out (add '#' in the beginning of the line) all the lines, if exist, that begin with:\
    \&#xNAN;*cp-nano-nginx-attachment*
* If you added manually additional lines in other server configuration files - comment them out as well.

#### Step 3: Run a test command

Run the command '*nginx -t*'. You should see it print out "*test is successful*".

#### Step 4: Upgrade the NGINX's software version

Run any commands you intended to run in order to upgrade the NGINX's software version

#### Step 5: Stop and start the agent, while triggering deployment of a new attachment

Run the following commands:\
\&#xNAN;*cpnano -q*\
*rm -rf /etc/cp/packages*\
*rm /etc/cp/conf/manifest.json*\
*cpnano -r*

#### Step 6: Verify the agent has restarted

After one minute that the agent has restarted successfully using the following command:\
\&#xNAN;*cpnano -s*

Last update status should state “Succeeded” and Last update should show a time in the scope of the last few minutes.

#### Step 7: Undo the changes done in step 2

Remove the "comment out" character ('#') from all the lines it was added to in step 2 (In the paths */etc/nginx/conf.d/\** or */etc/nginx/sites\_enabled/\** )

#### Step 8: NGINX reload

Run the following commands:\
\&#xNAN;*nginx -s reload*\
*systemctl restart nginx*
{% endtab %}

{% tab title="Kong Gateway" %}
**Step 1: Delete the agent module's load\_module line**

* Locate your nginx *modules* folder path by running:\
  /usr/local/openresty/nginx/sbin/nginx -V\
  and look for the value of the "--modules-path" parameter.\
  It is usually /usr/share/nginx/modules or /usr/lib/nginx/modules
* Via command line access to the machine with the NGINX server and the agent, edit the following file:\
  /usr/local/kong/nginx.conf
* **Delete** the following lines (look for the path located previously):\
  \&#xNAN;*load\_module /\<modules folder path>/open\_appsec\_ngx\_module.so;*\
  *cp\_worker\_processes auto;*

**Step 2: Run a test command**

Run the command '*/usr/local/openresty/nginx/sbin/nginx -p /usr/local/kong -c nginx.conf -t*'. You should see it print out "*test is successful*".

**Step 3: Upgrade the Kong Gateway's software version**

Run any commands you intended to run in order to upgrade the Kong Gateway's software version

**Step 4: Backup your declarative policy (optional)**

If you are using a declarative policy, copy your local configuration to a new folder by running:

open-appsec-ctl --list-policies\
cp \<output of list-policies-command> \<your backup folder>

**Step 5: Stop the agent and re-deploy attachment**

Run the following commands:\
\&#xNAN;*open-appsec-ctl -q*\
*rm /etc/cp/conf/manifest.json*

Run the open-appsec install command:\
\&#xNAN;*wget <https://downloads.openappsec.io/open-appsec-install> && chmod +x open-appsec-install*\
./open-appsec-install --auto

**Step 6: Restore you declarative policy (optional)**

Copy your backed up declarative policy to the original folder:\
cp \<your backed up declarative policy file> \<output of list-policies-command>

**Step 7: Verify the agent has restarted**

After one minute that the agent has restarted successfully use the following command:\
\&#xNAN;*open-appsec-ctl -s*\
Last update status should state “Succeeded” and Last update should show a time in the scope of the last few minutes.
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openappsec.io/deployment-and-upgrade/upgrade-your-reverse-proxy-api-gateway-when-an-agent-is-installed.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.