# Upgrade your Reverse Proxy when a Linux/NGINX agent is installed

One of the possible deployments for CloudGuard WAF is a Linux agent installed on top over a [supported Reverse Proxy](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point/linux).

If you wish to upgrade the Reverse Proxy while the agent is installed, follow the steps described in this documentation page.

## NGINX

#### Step 1: **Delete the agent module's load\_module line**

* Locate your nginx *modules* folder path by running:\
  nginx -V\
  and look for the value of the "--modules-path" parameter.\
  It is usually /usr/share/nginx/modules or /usr/lib/nginx/modules
* Via command line access to the machine with the NGINX server and the agent, edit the following file:\
  \&#xNAN;*/etc/nginx/nginx.conf*
* **Delete** the following line (look for the path located previously):\
  \&#xNAN;*load\_module /\<modules folder path>/ngx\_cp\_attachment\_module.so;*

#### Step 2: Comment out the agent module's configuration lines

* Edit all files in the paths */etc/nginx/conf.d/\** or */etc/nginx/sites\_enabled/\**
  * Comment out (add '#' in the beginning of the line) all the lines, if exist, that begin with:\
    \&#xNAN;*cp-nano-nginx-attachment*
* If you added manually additional lines in other server configuration files - comment them out as well.

#### Step 3: Run a test command

Run the command '*nginx -t*'. You should see it print out "*test is successful*".

#### Step 4: Upgrade the NGINX's software version

Run any commands you intended to run in order to upgrade the NGINX's software version

#### Step 5: Stop and start the agent, while triggering deployment of a new attachment

Run the following commands:\
\&#xNAN;*cpnano -q*\
*rm -rf /etc/cp/packages*\
*rm /etc/cp/conf/manifest.json*\
*cpnano -r*

#### Step 6: Verify the agent has restarted

After one minute that the agent has restarted successfully using the following command:\
\&#xNAN;*cpnano -s*

Last update status should state “Succeeded” and Last update should show a time in the scope of the last few minutes.

#### Step 7: Undo the changes done in step 2

Remove the "comment out" character ('#') from all the lines it was added to in step 2 (In the paths */etc/nginx/conf.d/\** or */etc/nginx/sites\_enabled/\** )

#### Step 8: NGINX reload

Run the following commands:\
\&#xNAN;*nginx -s reload*\
*systemctl restart nginx*