NGINX App Protect WAF + DoS AMIs on Amazon EC2

NGINX, Inc. participates in the Amazon Web Services (AWS) Partner Network as a Standard Technology Partner. We offer Amazon Machine Images (AMIs) for use in the Amazon Elastic Compute Cloud (EC2), available at the AWS Marketplace for several operating systems, including Amazon Linux, Red Hat Enterprise Linux, and Ubuntu.

The AMIs contain combination of the following components:

Latest version of F5 NGINX Plus, optimized for use on Amazon EC2
Latest version of NGINX App Protect DoS, optimized for use on Amazon EC2
Latest version of NGINX App Protect WAF, optimized for use on Amazon EC2
Pre-packaged software for building highly available (HA) NGINX Plus configurations

Installing the NGINX Plus NGINX App Protect WAF + DoS

To quickly set up an environment with NGINX Plus, NGINX App Protect WAF and NGINX App Protect DoS on AWS:

Follow the instructions in Getting Started with Amazon EC2 Linux Instances to sign up on AWS and get more information about EC2 itself.
Proceed to the product page for the appropriate AMI at the AWS Marketplace, and launch the AMI.
Click the Continue to Subscribe button to proceed to the Launch on EC2 page.
Select the type of launch by clicking the appropriate tab (1‑Click Launch, Manual Launch, or Service Catalog). Choose the desired options for billing, instance size, and so on, and click the Accept Software Terms… button.
When configuring the firewall rules, add a rule to accept web traffic on TCP ports 80 and 443 (this happens automatically if you launch from the 1-Click Launch tab).
As soon as the new EC2 instance launches, NGINX Plus starts automatically and serves a default index.html page. To view the page, use a web browser to access the public DNS name of the new instance. You can also check the status of the NGINX Plus server by logging into the EC2 instance and running this command:
```
/etc/init.d/nginx status
```

See NGINX Plus on the AWS Cloud deployment guide for details.

Verify latest NGINX PLUS / NGINX App Protect DoS / NGINX App Protect WAF packages are installed on EC2 after its first start:

Verify NGINX App Protect WAF latest release from https://docs.nginx.com/nginx-app-protect-waf/releases/ is

installed by comparing with installed version from following command on the EC2 machine
```
cat /opt/app_protect/VERSION /opt/app_protect/RELEASE
```
Verify NGINX DoS latest release from https://docs.nginx.com/nginx-app-protect-dos/releases/ is

installed by comparing with installed version from following command on the EC2 machine
```
admd -v
```
Verify NGINX Plus latest release from https://docs.nginx.com/nginx/releases/ is installed by comparing with installed version from following command on the EC2 machine
```
nginx -v
```
In case NGINX PLUS / NGINX App Protect DoS / NGINX App Protect WAF packages are not latest release then upgrade the following with these commands:

For App Protect DoS solution based on RedHat / CentOS
```
sudo service nginx stop
sudo yum install app-protect-dos
sudo systemctl start nginx
```
For App Protect DoS solution based on Debian / Ubuntu
```
sudo service nginx stop
sudo apt-get update
sudo apt-get install app-protect-dos
sudo service nginx start
```
For App Protect WAF solution based on RedHat / CentOS
```
sudo service nginx stop
sudo yum install app-protect
sudo systemctl start nginx
```
For App Protect WAF solution based on Debian / Ubuntu
```
sudo service nginx stop
sudo apt-get update
sudo apt-get install app-protect
sudo service nginx start
```
If AMI includes NGINX App Protect WAF

To enable NGINX App Protect WAF use the following steps:

a. Load the NGINX App Protect WAF module on the main context in the nginx.conf file:
```
load_module modules/ngx_http_app_protect_module.so;
```
b. Enable NGINX App Protect WAF on an http/server/location context in the nginx.conf file:
```
app_protect_enable on;
```
c. Restart the NGINX service:
```
sudo systemctl restart nginx
```
For more configuration information follow NGINX App Protect WAF Configuration Guide.
If AMI includes NGINX App Protect DoS

To enable NGINX App Protect DoS use the following steps:

a. Load the NGINX App Protect DoS module on the main context in the nginx.conf file:
```
load_module modules/ngx_http_app_protect_dos_module.so;
```
b. Enable NGINX App Protect DoS on an http/server/location context in the nginx.conf file:
```
app_protect_dos_enable on;
app_protect_dos_name "App1";
app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json";
app_protect_dos_monitor uri=serv:80/; # Assuming server_name "serv" on port 80, with the root path "/"
```
c. Enable the L4 accelerated mitigation feature (for Debian11/Ubuntu20.04/RHEL8) in the http context of the nginx.conf file:
```
app_protect_dos_accelerated_mitigation on;
```
d. Restart the NGINX service:
```
sudo systemctl restart nginx
```

For more configuration information follow NGINX App Protect DoS Directives and Policy.

What If I Need Help?

If you encounter any problems with NGINX Plus configuration, documentation is available at nginx.org and in the NGINX Plus Admin Guide.

If you encounter any problems with NGINX App Protect DoS configuration, documentation is available at the NGINX App Protect DoS Troubleshooting Guide.

If you encounter any problems with NGINX App Protect WAF configuration, documentation is available at the NGINX App Protect WAF Troubleshooting Guide.

Customers who purchase an NGINX Plus AMI at the AWS Marketplace are eligible for the AWS support provided by the NGINX, Inc. engineering team. To activate support, submit the AMI Support Activation form (you need your AWS account number). When you request support, we’ll ask you to provide the AWS account number that you registered, along with the IDs of your EC2 instances in some cases.

Last modified September 30, 2024