Install open-appsec for Linux
Last updated
Was this helpful?
Last updated
Was this helpful?
The fastest and easiest way to deploy and configure open-appsec is using an interactive CLI tool which will guide you through the most commonly required customizations.
Linux machine with:
A supported OS and NGINX, Kong, or APISIX version. Here you find lists of all supported/pre-compiled attachments per supported OS versions for each available integration: - - - In case your versions are not supported yet, you can also build the code yourself, see .
Root permissions
wget command-line tool installed on your linux machine
Execution permissions on the /tmp directory.
Download the installer for Linux using these commands:
You can show the installer version and available options by running the following command to show the help info:
This interactive installer provides 2 alternative modes for automatic vs. manual installation:
This is the recommended deployment mode for deploying open-appsec on Linux for most deployments, as this is fully automatic and compatible with most, typically used environments.
In this mode open-appsec will automatically installed with all required components and the attachment will be added and activated in the existing configuration for NGINX/Kong/APISIX.
The resulting configuration will be locally, declaratively managed using local_policy.yaml configuration file.
Run this command to start the installation:
As part of the installation, a default configuration file for local, declarative management of open-appsec will be created in the following path:
--prevent will set the default rule in the default policy file to prevent-learn instead of detect-learn, but the recommendation is to keep detect-learn as the default rule.
In this mode all required components based on your NGINX, Kong or APISIX version, OS version, Platform will be downloaded to your machine and instructions are presented for manual installation.
Optionally you can add a --tmpdir <path> option to specify an alternative path for the downloaded software components (default path is /tmp/openappsec/ )
Once the download has finished, follow these steps for manual installation:
Copy the associated libraries as shown in the output of the script
Copy the nginx attachment file as shown in the output for Step 1
Load the attachment on your NGINX by adding the following line to your nginx.conf
Run the following commands:
Run the following command to validate the nginx configuration:
You should see an output confirming that the syntax is "ok" similar to this:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the NGINX service so that the updated nginx configuration is applied and the open-appsec attachment module is loaded:
Now you might want to have a look at our interactive CLI tool:
This default local configuration file created by the open-appsec installer uses configuration file schema version . You can also replace it with a newer version of the configuration file schema, e.g. to use .
--token allows connecting directly to SaaS management, to get the token please follow the instructions .
