Installing the agent

  Last updated 2025-04-15

IMPORTANT

This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.

This guide explains how to install the Next-Gen WAF agent by adding the package repository, installing and configuring the agent package, and then starting the agent.

Prerequisites

Before installing the agent, you need to:

  1. Alpine Linux
  2. Amazon Linux
  3. Debian
  4. Red Hat/CentOS
  5. Ubuntu
  6. Windows
  • If Alpine is being run in a Docker container, you must start the container.
  • Copy the agent keys for the site that you want the agent to be able to access. You will use the agent keys when configuring the Next-Gen WAF agent package.

Add the package repository

Begin the agent installation process by adding the appropriate package repository for your operating system.

NOTE

If you're installing the agent on Windows, you can skip this step and start installing the agent package.

Alpine Linux

To add the Alpine package repository, complete the steps from the relevant tab.

  1. Docker container
  2. VM or bare-metal server

If you are running Alpine in a Docker container, complete the following steps:

  1. Add the following to your Dockerfile:

    FROM alpine:3.20
    ENV ALPINE_VERSION=3.20
    RUN wget https://apk.signalsciences.net/sigsci_apk.pub && \
    apk add --repository https://apk.signalsciences.net/${ALPINE_VERSION}/main --no-cache && \
    apk update

  2. Verify the downloaded key contains the proper key by running the following command:

    $ openssl rsa -pubin -in /etc/apk/keys/sigsci_apk.pub -text -noout

    If the downloaded key contains the proper key, the expected output looks like the following:

    Public-Key: (2048 bit)
    Modulus:
       00:bb:23:1a:ef:0d:61:8f:8d:55:aa:ad:01:84:43:
       6c:46:42:42:ab:5b:ec:4e:4b:e2:e6:b6:e7:3d:45:
       b7:96:70:fe:16:95:aa:09:f1:90:82:40:e4:30:2b:
       9e:2a:03:e9:74:63:55:66:f0:db:8c:b9:5b:f8:45:
       5f:ad:4e:7a:14:da:02:83:c2:36:a0:84:74:a0:bb:
       f9:3f:03:c8:fe:80:6a:95:0c:17:22:55:40:30:18:
       51:d9:30:db:7c:1b:d0:06:4e:a9:51:1a:31:0e:33:
       f0:6e:ad:53:98:31:a5:ac:a3:a1:44:83:72:a1:ca:
       78:e3:24:70:ab:7a:0e:66:32:3b:f6:c9:90:16:dc:
       89:d0:52:7a:50:a8:f8:59:0a:34:12:2e:85:11:f5:
       80:0d:d4:7d:a7:7b:3b:d7:d9:1e:28:ed:bb:f7:08:
       2e:9f:73:a5:23:d8:53:b4:7e:21:dd:ae:92:4a:d0:
       5b:86:21:9c:82:05:21:29:eb:c1:ab:91:cd:1a:7b:
       95:6d:43:d3:1a:a9:62:2b:b0:95:9e:cf:18:82:64:
       02:f9:38:7e:7f:47:9f:d9:f3:ac:fd:2c:30:ff:75:
       b1:11:27:1c:7a:d6:ca:04:19:f8:31:80:42:e9:4a:
       0d:ab:d5:b8:ad:f2:35:31:a5:3f:98:19:99:fc:29:
       e8:4f
    Exponent: 65537 (0x10001)

Amazon Linux

Add the version of the Amazon Linux package repository that you want to use.

  1. Amazon Linux 2023
  2. Amazon Linux 2
  3. Amazon Linux 1

To add the Amazon Linux 2023 package, run the following script:

$ sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/amazon/2023/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Debian

Add the version of the Debian package repository that you want to use.

  1. V11 - Bullseye
  2. V10 - Buster
  3. V9 - Stretch
  4. V8 - Jessie
  5. V7 - Wheezy

To add the Debian 11 - Bullseye package, run the following script:

$ sudo apt-get update
$ sudo apt-get install -y apt-transport-https wget gnupg
$ wget -qO - https://apt.signalsciences.net/release/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/sigsci.gpg
$ sudo echo "deb [signed-by=/usr/share/keyrings/sigsci.gpg] https://apt.signalsciences.net/release/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/sigsci-release.list
$ sudo apt-get update

Red Hat/CentOS

Add the version of the Red Hat/CentOS package repository that you want to use.

  1. Red Hat/CentOS 9
  2. Red Hat/CentOS 8
  3. Red Hat/CentOS 7

To add the Red Hat/CentOS 9 package, run the following script:

$ sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/9/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Ubuntu

Add the version of the Ubuntu package repository that you want to use.

  1. V24.04
  2. V22.04
  3. V20.04
  4. V18.04
  5. V16.04
  6. V14.04
  7. V12.04

To add the Ubuntu 24.04 - Noble package, run the following script:

$ sudo apt-get update
$ sudo apt-get install -y apt-transport-https wget gnupg
$ wget -qO - https://apt.signalsciences.net/release/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/sigsci.gpg
$ sudo echo "deb [signed-by=/usr/share/keyrings/sigsci.gpg] https://apt.signalsciences.net/release/ubuntu/ noble main" | sudo tee /etc/apt/sources.list.d/sigsci-release.list
$ sudo apt-get update

Install and configure the agent package

After adding the package repository, install and configure the Next-Gen WAF agent.

  1. Alpine Linux
  2. Amazon Linux
  3. Debian
  4. Red Hat/CentOS
  5. Ubuntu
  6. Windows
  1. Run the following command to install the Next-Gen WAF agent package:
    $ sudo apk add sigsci-agent
  2. Create an empty agent configuration file in the following directory: /etc/sigsci/agent.conf.
  3. Add the agent keys for your site to the agent configuration file.
    accesskeyid = "AGENTACCESSKEYHERE"
    secretaccesskey = "AGENTSECRETACCESSKEYHERE"
  4. Save the agent configuration file.

Start the agent

Next, start the Next-Gen WAF agent that you installed.

NOTE

If you installed the agent on Windows, you can skip this step. The last step of the installation process started the agent.

  1. Alpine Linux
  2. Amazon Linux
  3. Debian
  4. Red Hat/CentOS
  5. Ubuntu

If you are running Alpine in a Docker container, run the following command to start the Next-Gen WAF agent:

$ /usr/sbin/sigsci-agent

If you are running Alpine in a VM or on a bare-metal server, run the following command to allow the agent to start on reboot:

$ sudo rc-update add sigsci-agent default

Then, start the agent by running any of the following commands:

$ sudo service sigsci-agent start
$ sudo rc-service sigsci-agent start
$ sudo /etc/init.d/sigsci-agent start

Next steps

Continue setting up your Next-Gen WAF deployment by installing the Next-Gen WAF module or configuring the agent to run without a module (e.g., reverse proxy).

If your agent is on Debian, Red Hat/CentOS, or Ubuntu, consider enabling the agent auto-update service. This service checks our package downloads site for a new version of the agent and updates the agent when a new version is available.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2025