Dual Docker: NGINX/Kong/Envoy + Security Agent
Last updated
Was this helpful?
Last updated
Was this helpful?
In this option you will deploy two docker images:
NGINX/Kong/Envoy - managed locally by you
CloudGuard WAF Agent - centrally managed via WebUI or API
The benefit of this mode is that you can upgrade each docker separately.
As part of your CI, use the checkpoint/infinity-next-nano-agent registry to pull the Nano-Agent image.
Run the agent with this command:
Replace the NGINX container using the following registry to pull the image for this deployment: checkpoint/infinity-next-nginx
As part of creating your reverse proxy for this environment, make sure that the reverse proxy is deployed with the correct downstream and upstream routing.
Change your existing NGINX/Kong docker run command and add the --ipc=host
parameter.
Deploy the two containers.
To make sure that it is running, run: docker ps
.
To configure SSL certificates in NGINX follow these guides:
Following the steps above, the agent will install and connect automatically. CloudGuard WAF web portal should display a successful connection message: