######
Nginx
######

Does AED work with Nginx?
=========================

   * Yes. Nginx is protected through the AED T-WAF module.

   .. note:: Do not use the embedded modsecurity module for nginx. The opensource modsecurity module for nginx, although advertised as "stable" by the modsecurity.org website, is very unstable and unreliable and should not be used at this time. Please see the github website for details on bugs in the nginx modsecurity module: https://github.com/SpiderLabs/ModSecurity/issues

-------

How to install the T-WAF
========================

   * Run the following command as root:
   
      .. code-block:: console
	  
         yum install asl-waf-module
		 
--------

How to configure the T-WAF for Nginx
====================================

Step 1) Log into AED.

Step 2) Click on the "Configuration" tab.

Step 3) Click on the "WAF" tab and select "WAF configuration".

Step 4) Click the "Add" button.

Step 5) Select "Local Web Server" from the "Add protection for" drop down.

Step 6) Select the port that Nginx runs on. Normally this is port 80.

Optional Step 7) Check the SSL box (if you want to protect the SSL service(s) provided by Nginx)

Enter the file system path to your SSL certificate, and SSL key in the "Path to SSL Certificate" and "Path to SSL Key file" boxes.

Step 8) Click Save

.. note:: Nginx does not support the WAF in embedded mode.


---------

NGINX with Libmodsecurity 3.0
=============================

   .. note:: This requires nginx-plus from nginx.com, libmodsecurity 3.0 is not feature complete at this time.
   
   Step 1) Install nginx-plus-module-modsecurity from the nginx-plus repo by running the following command:
   
      .. code-block:: console

         yum install nginx nginx-module-modsecurity

		 
   Step 2) Enable modsecurity in /etc/nginx/nginx.conf by adding the following line:
   
      .. code-block:: console
	  
         load_module modules/ngx_http_modsecurity_module.so;

		 
   Step 3) Extract the archive and copy the contents to the rule and config directories by running the following commands:
   
      .. code-block:: console

         tar xvf nginx-waf-201709121114.tar.gz
         mkdir -p /etc/httpd/modsecurity.d/
         cp rules/* /etc/httpd/modsecurity.d/
         cp rules/conf/tortix_waf.conf /etc/httpd/modsecurity.d/	  
		 
		 
   Step 4) Configure rule classes to activate in 00_mod_security.conf, and copy to nginx by running the following commands:
   
      .. code-block:: console
	  
         cp rules/conf/00_mod_security.conf /etc/nginx/conf.d/

		 
   Step 5) Restart Nginx by running the following command:
   
      .. code-block:: console
	  
         service nginx restart