# Deploy open-appsec directly on the web server hosting the application to protect

### open-appsec instaltion&#x20;

Follow the steps described below to deploy open-appsec:

{% content-ref url="../../getting-started/start-with-linux/install-open-appsec-for-linux" %}
[install-open-appsec-for-linux](https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux)
{% endcontent-ref %}

### **Adjustments for NGINX Hosting the Protected Website:**

If NGINX hosts the protected website on the same Linux host or container, follow these additional steps to change the port and configure the reverse proxy:

1. **Open NGINX Configuration File:** Using a text editor of your choice, open the NGINX configuration file. Typically, this file is located at `/etc/nginx/nginx.conf` or in a directory included by the main configuration file.

   ```bash
   sudo nano /etc/nginx/nginx.conf
   ```
2. **Locate the `listen` Directive:** Within the NGINX configuration file, locate the `listen` directive associated with the HTTP (port 80) and HTTPS (port 443) server blocks. These directives specify the ports on which NGINX listens for incoming connections.

   ```nginx
   server {
       listen 81;  # Change this line to listen on port 81
       ...
   }
   ```

   ```nginx
   server {
       listen 444 ssl;  # Change this line to listen on port 444
       ...
   }
   ```
3. **Update `listen` Directives:** Modify the `listen` directives to use the desired ports (e.g., 81 for HTTP and 444 for HTTPS).
4. **Configure Reverse Proxy:** After updating the `listen` directives, configure NGINX to act as a reverse proxy by directing traffic from ports 80 and 443 to ports 81 and 444 respectively.

   ```nginx
   server {
       listen 80;
       server_name your_domain.com;

       location / {
           proxy_pass http://localhost:81;  # Forward traffic to port 81
           ...
       }
   }
   server {
   ```

   ```nginx
       listen 443 ssl;
       server_name your_domain.com;

       location / {
           proxy_pass https://localhost:444;  # Forward traffic to port 444
           ...
       }
   }
   ```

   Replace `your_domain.com` with your actual domain name.
5. **Save and Close the File:** After making the changes, save the NGINX configuration file and exit the text editor.
6. **Test NGINX Configuration:** Before restarting NGINX, it's recommended to test the configuration for syntax errors:

   ```bash
   sudo nginx -t
   ```

   If the test is successful, you should see a message indicating that the configuration file syntax is okay.
7. **Restart NGINX:** Finally, restart NGINX to apply the changes:

   ```bash
   sudo systemctl restart nginx
   ```

   NGINX will now listen on the new ports (81 for HTTP and 444 for HTTPS) and forward incoming traffic to the appropriate ports for the protected application.