open-appsec
WebsiteManagement PortalPlaygroundGitHub
  • open-appsec Documentation
  • What is open-appsec?
  • open-appsec Video Tutorials
  • Release Notes
  • Getting started
    • Getting Started
    • Start With Kubernetes
      • Install Using Interactive CLI Tool (Ingress NGINX)
      • Configuration Using Interactive CLI Tool
      • Install Using Helm
      • Install Using Helm - new flow (beta)
      • Configuration Using CRDs
      • Configuration Using CRDs - v1beta2
      • Configuration using CRDs - special options for Large Scale Deployments
        • Using appsec class for assigning separate custom resources to specific deployments
        • Using namespace-scoped custom resources
      • Monitor Events
    • Start With Linux
      • Install open-appsec for Linux
      • Using the open-appsec-ctl Tool
      • Configuration Using Local Policy File (Linux)
      • Local Policy File (Advanced)
      • Local Policy File v1beta2 (beta)
      • Monitor Events
    • Start with Docker
      • Install With Docker (Centrally Managed)
      • Install With Docker (Locally Managed)
      • Deploy With Docker-Compose (Beta)
      • Configuration Using Local Policy File (Docker)
      • Local Policy File (Advanced)
    • Using the Web UI (SaaS)
      • Sign-Up and Login to Portal
      • Agents Deployment
      • Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux)
      • Connect Deployed Agents to SaaS Management Using Helm (K8s)
      • Connect Deployed Agents to SaaS Management (Docker)
      • Create a Profile
      • Protect Additional Assets
      • Monitor Events
    • Using the Advanced Machine Learning Model
  • Concepts
    • Agents
    • Management & Automation
    • Security Practices
    • Contextual Machine Learning
  • SETUP INSTRUCTIONS
    • Setup Web Application Settings
    • Setup Custom Rules and Exceptions
    • Setup Web User Response Pages
    • Setup Log Triggers
    • Setup Behavior Upon Failure
    • Setup Agent Upgrade Schedule
  • Additional Security Engines
    • Anti-Bot
    • API Schema Enforcement
    • Data Loss Prevention (DLP) Rules
    • File Security
    • Intrusion Prevention System (IPS)
    • Rate Limit
  • Snort Rules
    • Import Snort Rules
    • Write Snort Signatures
  • HOW TO
    • Configuration and Learning
      • Track Learning and Move From Learn/Detect to Prevent
      • Configure Contextual Machine Learning for Best Accuracy
      • Track Learning and Local Tuning in Standalone Deployments
      • Move From Detect to Prevent in K8s With Many Ingress Rules
  • Deployment and Upgrade
    • Load the Attachment in Proxy Configuration
    • Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed
    • Integration in GitOps CD (K8s)
    • Build open-appsec Based on Source Code
  • Management Web UI
    • Track Agent Status
    • Delete or Reset Management Tenant (SaaS)
    • Disconnect an open-appsec agent from Central Management
  • Integrations
    • About Integrations With 3rd Party Solutions
    • CrowdSec
      • CrowdSec Bouncer Support
      • CrowdSec Intelligence Sharing Using open-appsec Parser/Scenario
    • NGINX Proxy Manager
      • Install NGINX Proxy Manager with open-appsec managed from NPM WebUI
      • Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)
      • Frequently Asked Questions
      • How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep Configuration
    • NPMplus
    • Docker SWAG
      • Install Docker SWAG with open-appsec (locally managed)
      • How to connect locally managed Docker SWAG with open-appsec to WebUI
      • Install Docker SWAG with open-appsec (centrally managed)
      • Deploy Docker SWAG with docker-compose (beta)
      • Frequently Asked Questions
  • Troubleshooting
    • Troubleshooting
    • Troubleshooting Guides
      • Configuration contains ingress/asset with URL which already has asset attached to it in your tenant
      • HTTP Request to Port 80 Not Returning as Expected
      • Agent Fails to Recognize HTTP Transactions with NGINX
      • Agent Not Recognizing Initial HTTP Requests
      • Handling Large Requests (413 Responses)
      • open-appsec on Docker HTTP Transaction Handler Is Set To Ready
      • Traffic Recognition Issue on Single-Core Machine/Connection Timed Out
      • Installing open-appsec on CentOS 7
      • SELinux: checking status and disabling
      • Deploy open-appsec directly on the web server hosting the application to protect
      • object is locked or remote, and therefore cannot be modified
      • Failed to Register to Fog
  • references
    • Agent CLI
    • Event Query Language
    • Events/Logs Schema
    • WAF Comparison Project
Powered by GitBook
On this page
  • About NGINX Proxy Manager:
  • Integration of open-appsec WAF with NGINX Proxy Manager:
  • How does this integration work?
  • Contribution

Was this helpful?

  1. Integrations

NGINX Proxy Manager

Deploy and configure open-appsec ML-based WAF integrated with NGINX Proxy Manager to preemptively protect your web apps and APIs against zero-day attacks and OWASP Top 10 attacks.

PreviousCrowdSec Intelligence Sharing Using open-appsec Parser/ScenarioNextInstall NGINX Proxy Manager with open-appsec managed from NPM WebUI

Last updated 5 months ago

Was this helpful?

This integration enables users of the NGINX Proxy Manager (NPM) to protect their web applications and web APIs by easily activating and configuring open-appsec protection for each of the configured Proxy Host objects in NPM directly from the NPM Web UI and monitor security events. Alternatively open-appsec, when integrated with NPM, can also be managed by central WebUI (SaaS).

About NGINX Proxy Manager:

Integration of open-appsec WAF with NGINX Proxy Manager:

With this integration, we are focusing on maximum simplicity for the user to maintain the low entry barrier as a key design principle of the NGINX proxy manager (NPM) project, which we want in the same way to apply also to the addition of open-appsec.

The resulting architecture with the open-appsec Agent container and the NGINX Proxy Manager container then looks like this:

Alternatively to managing open-appsec directly from the local Nginx Proxy Manager WebUI it is also possible to manage and monitor open-appsec centrally from the open-appsec central WebUI, which provides advanced configuration options and allows to manage and monitor multiple open-appsec installations. This uses a different docker-compose and container image for NGINX Proxy Manager (based on regular NPM image with open-appsec attachment added). Details here:

Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)

How does this integration work?

open-appsec was developed from the start in a way that would allow two alternative main ways of managing the open-appsec configuration:

  • a local declarative configuration which is especially suitable for GitOps CD processes, Dev(Sec)Ops flows, etc.

With the new open-appsec NGINX Proxy Manager (NPM) integration now it is possible to manage open-appsec directly from within the NPM WebUI (in addition to the option to manage open-appsec from central open-appsec WebUI (SaaS) or locally with declarative configuration).

When managing open-appsec from the NGINX Proxy Manager UI, any changes to the open-appsec configuration are saved in the /ext/appsec folder in the local_policy.yaml file. This configuration file is volume-mounted (see docker compose) to both, the open-appsec agent container “appsec-agent” as well as the NPM container “appsec-npm”. This allows the open-appsec agent to automatically apply any changes observed in that file within a short time.

In order to allow the open-appsec agent to inspect traffic arriving at the NPM (NGINX) container an open-appsec “attachment” was added to the original NPM container, which technically is an NGINX module which is loaded based on a load_module directive added to the nginx.conf. This “attachment” is responsible for sending the content of incoming http as well as https requests to the open-appsec “agent” container, which will perform the inspection using machine learning and then notify the attachment about the decision, if traffic should be blocked or if it can pass.


Contribution

Nginx Proxy Manager is a popular open-source project that simplifies the management of NGINX reverse proxy configurations, offering a user-friendly web-based interface for easy setup and maintenance. It was created by “jc21” (). This project is particularly useful for individuals and organizations looking to streamline the deployment of web applications and services by efficiently managing multiple domains and subdomains through a centralized interface. With NGINX Proxy Manager, users can effortlessly create and manage SSL certificates, enabling secure HTTPS connections for their applications, while also providing advanced features such as Let's Encrypt integration for automated certificate renewal. NGINX Proxy Manager (NPM) is based on NGINX and provided as a container image that can be easily deployed in containerized environments like Docker (typically using Docker Compose) or others. NPM itself does not include any WAF solution for effective Threat Prevention against modern attacks or Zero day attacks. Website and Docs: Github:

The actual deployment of NPM with open-appsec is performed using a slightly enhanced docker-compose file (see below) which also adds the open-appsec agent container to it, which will perform the actual security inspection. The NGINX proxy manager container deployed as part of the docker-compose is using the “nginx-proxy-manager-attachment” or the "nginx-proxy-manager-centrally-managed-attachment" images, provided by the open-appsec team, which are based on the regular NPM code but also add the open-appsec attachment to it as an NGINX module. This attachment enables the connection between the NGINX and the open-appsec agent and provides the HTTP data for inspection to the agent. The “nginx-proxy-manager-attachment” image also contains various NPM WebUI enhancements and the integration logic allowing the configuration, administration and monitoring of open-appsec directly from the NPM WebUI. You can read more about open-appsec’s technology here:

a user-friendly WebUI for central management (available at as a SaaS service)

We are looking forward to receiving your contributions via the . Please also let us know via if you intend to contribute in some way so we can provide you some initial feedback and perhaps align with some improvements we might be already working on on our side.

If you have any questions, feedback or need assistance with some technical issue please contact us at or alternatively use the chat on our project website available at .

https://www.jc21.com/
nginxproxymanager.com
www.github.com/NginxProxyManager
https://www.openappsec.io/tech
my.openappsec.io
project’s GitHub repo
info@openappsec.io
info@openappsec.io
www.openappsec.io