Upgrade NGINX App Protect WAF on Managed Instances

How to Upgrade NGINX App Protect WAF on managed NGINX instances

Overview

Learn how to upgrade NGINX App Protect on your managed NGINX instances using NGINX Instance Manager. This guide covers the steps to update both the NGINX Management Suite server and NGINX App Protect on the data plane, ensuring your security policies and configurations are up-to-date.

Before starting, confirm that your data plane has the latest NGINX Agent compatible with NGINX App Protect. Also, verify that your NGINX Management Suite server has the WAF compiler installed. If you’re updating the WAF compiler, simply upload the NGINX App Protect WAF certificate and key to NGINX Management Suite following the instructions to Automatically Download and Install New WAF Compiler.

Upgrade WAF Compiler on NGINX Management Suite

Upgrade NGINX App Protect by installing the new version of nms-nap-compiler on the NGINX Management Suite server. Keep the current version installed to maintain support for ongoing policy updates during the upgrade.

Ensure the nms-integrations service recognizes both the new and existing nms-nap-compiler versions. Complete this step before upgrading NGINX App Protect on your data planes.

For details on matching NGINX App Protect WAF releases with their WAF compiler versions, refer to the the WAF Compiler and Supported App Protect Versions topic.

Upgrade NGINX App Protect on the Data Plane

Before you start, make sure you’re using NGINX Management Suite for your policy management. Your NGINX configuration should be set up to use WAF policies with a .tgz extension.

To update NGINX App Protect on an NGINX data plane instance, follow these steps:

  1. Stop the NGINX Agent: Begin the upgrade process by stopping the NGINX Agent. This action prevents any ongoing processes from interfering with the upgrade.

  2. Upgrade NGINX App Protect: Proceed to upgrade your NGINX App Protect. For detailed instructions on deployment and upgrading, refer to the NGINX App Protect WAF Administration Guide. This guide provides information essential for a successful upgrade.

  3. Restart NGINX App Protect: After upgrading, restart NGINX App Protect to implement the new updates.

  4. Restart NGINX Agent: Concluding the upgrade, restart the NGINX Agent.

Refer to the NGINX App Protect WAF Release Notes to determine the correct package version for installation. It’s important to adjust the version string in the provided commands to match your specific operating system version.

Verify the Upgrade

Here’s how you can verify if the upgrade was successful:

  • Check NGINX App Protect version: Confirm the upgrade by checking the ‘build’ version of NGINX App Protect in Instance Manager. Ensure the details reflect the latest deployment and status. Use the command:

    sudo more /etc/nms/app_protect_metadata.json

  • Check NGINX status: To confirm NGINX is running, use this command:

    sudo systemctl status nginx