NGINX App Protect WAF + DoS AMIs on Amazon EC2

Install NGINX Plus, NGINX App Protect WAF + DoS on Amazon Web Services (AWS), to provide sophisticated Layer 7 load balancing, Modern app security solution, behavioral DoS detection and mitigation that works seamlessly in DevOps environments for your apps running on CentOS, RHEL, Debian and Ubuntu Linux OS.

NGINX, Inc. participates in the Amazon Web Services (AWS) Partner Network as a Standard Technology Partner. We offer Amazon Machine Images (AMIs) for use in the Amazon Elastic Compute Cloud (EC2), available at the AWS Marketplace for several operating systems, including Amazon Linux, Red Hat Enterprise Linux, and Ubuntu.

The AMIs contain combination of the following components:

• Latest version of NGINX Plus, optimized for use on Amazon EC2

• Latest version of NGINX App Protect DoS, optimized for use on Amazon EC2

• Latest version of NGINX App Protect WAF, optimized for use on Amazon EC2

• Pre-packaged software for building highly available (HA) NGINX Plus configurations

Installing the NGINX Plus NGINX App Protect WAF + DoS

To quickly set up an environment with NGINX Plus, NGINX App Protect WAF and NGINX App Protect DoS on AWS:

1. Follow the instructions in Getting Started with Amazon EC2 Linux Instances to sign up on AWS and get more information about EC2 itself.

2. Proceed to the product page for the appropriate AMI at the AWS Marketplace, and launch the AMI.

   • NGINX Plus with NGINX App Protect WAF + DoS – CentOS 7 Linux AMI HVM

   • NGINX Plus with NGINX App Protect WAF + DoS – Red Hat 7, 8 Enterprise Linux AMI HVM

   • NGINX Plus with NGINX App Protect WAF + DoS – Debian 11 Linux AMI HVM

   • NGINX Plus with NGINX App Protect WAF + DoS – Ubuntu 18.04, 20.04 Linux AMI HVM

   Click the Continue to Subscribe button to proceed to the Launch on EC2 page.

3. Select the type of launch by clicking the appropriate tab (1‑Click Launch, Manual Launch, or Service Catalog). Choose the desired options for billing, instance size, and so on, and click the Accept Software Terms… button.

4. When configuring the firewall rules, add a rule to accept web traffic on TCP ports 80 and 443 (this happens automatically if you launch from the 1-Click Launch tab).

5. As soon as the new EC2 instance launches, NGINX Plus starts automatically and serves a default index.html page. To view the page, use a web browser to access the public DNS name of the new instance. You can also check the status of the NGINX Plus server by logging into the EC2 instance and running this command:

   /etc/init.d/nginx status
   

See NGINX Plus on the AWS Cloud Quick Start deployment guide for details.

6. If AMI includes NGINX App Protect WAF

   To enable NGINX App Protect WAF use the following steps:

   a. Load the NGINX App Protect WAF module on the main context in the nginx.conf file:

   load_module modules/ngx_http_app_protect_module.so;
   

   b. Enable NGINX App Protect WAF on an http/server/location context in the nginx.conf file:

   app_protect_enable on;
   

   c. Restart the NGINX service:

   sudo systemctl restart nginx
   

   For more configuration information follow NGINX App Protect WAF Configuration Guide.

7. If AMI includes NGINX App Protect DoS

   To enable NGINX App Protect DoS use the following steps:

   a. Load the NGINX App Protect DoS module on the main context in the nginx.conf file:

   load_module modules/ngx_http_app_protect_dos_module.so;
   

   b. Enable NGINX App Protect DoS on an http/server/location context in the nginx.conf file:

   app_protect_dos_enable on;
   app_protect_dos_name "vs-example";
   app_protect_dos_policy_file "/etc/app_protect_dos/BADOSDefaultPolicy.json";
   app_protect_dos_monitor "example.com/";
   

   c. Enable L4 accelerated mitigation feature (for Debian11/Ubuntu20.04/RHEL8) on an http context in the nginx.conf file:

   app_protect_dos_accelerated_mitigation on;
   

   d. Restart the NGINX service:

   sudo systemctl restart nginx
   

For more configuration information follow NGINX App Protect DoS Directives and Policy.

What If I Need Help?

If you encounter any problems with NGINX Plus configuration, documentation is available at nginx.org and in the NGINX Plus Admin Guide.

If you encounter any problems with NGINX App Protect DoS configuration, documentation is available at the NGINX App Protect DoS Troubleshooting Guide.

If you encounter any problems with NGINX App Protect WAF configuration, documentation is available at the NGINX App Protect WAF Troubleshooting Guide.

Customers who purchase an NGINX Plus AMI at the AWS Marketplace are eligible for the AWS support provided by the NGINX, Inc. engineering team. To activate support, submit the AMI Support Activation form (you need your AWS account number). When you request support, we’ll ask you to provide the AWS account number that you registered, along with the IDs of your EC2 instances in some cases.