Install With Docker (Locally Managed)
Last updated
Was this helpful?
Last updated
Was this helpful?
Linux machine with:
Docker installed (or similar, compatible container runtime)
Root permissions
The following prerequisites are optional and only relevant if you want to connect your open-appsec agent directly to a WebUI (SaaS) management tenant:
Access to a SaaS tenant on my.openappsec.io (WebUI for SaaS management) Follow the instructions available here:
Agent profile created for open-appsec Docker deployment in SaaS tenant Follow the instructions available here, make sure to choose the "Declarative configuration" management mode. Once done, don't forget to copy the profile token after policy installation as this is needed in the installation steps further below:
Follow these steps to deploy open-appsec and NGINX reverse proxy (including open-appsec attachment) with separate containers (e.g. on Docker) or implement this using your deployment CI pipeline: (This is the standard deployment, an alternative option to deploy with a single, unified container is available as well, see "NGINX - Unified" tab.)
Step 1: Pull the open-appsec agent image or add/use it as part of the deployment CI’s container management system:
Step 2: Create a valid local_policy.yaml
file which contains the desired declarative configuration for the agent container and put it in a local directory of your choice to be used in the docker run command for the agent as <path-to-persistent-location-for-local-configuration-file>
(see also Step 4 for the docker run command).
You can also download and use the example default local_policy.yaml
from the .
Full details regarding the declarative local policy file structure are available here:
Step 3: Create the following empty directories to be used later for volume mounts in the docker run command for the agent.
Step 4: Run the open-appsec agent container with this command:
Step 5: Create (or replace) the NGINX container by first pulling the open-appsec NGINX container, which already contains the open-appsec attachment. Alternatively, add/use it as part of the deployment CI’s container management system:
Step 6: Run the open-appsec NGINX container, make sure to add the --ipc=host
parameter, here’s an example command:
Step 7: Make sure both containers are running, use docker ps
to verify.
If you've connected to SaaS Management Tenant in Step 4:
Step 8: Navigate to the Agents tab in the WebUI and ensure the new Agent is successfully connected.
Now your open-appsec installation on Docker is completed and your configured web app or API assets are protected!
For general NGINX configuration please check the relevant .
You can also download and use the example default local_policy.yaml
from the .
For general NGINX configuration please check the relevant .
You can also download and use the example local_policy.yaml
file from the .
For general Kong configuration details please check the
Step 4: Replace <apisix-conf-path>
with the path for declarative configuration file for APISIX, an example file can be found , for general APISIX configuration details please check the .