Amazon Linux NGINX 1.10-1.14

Last updated 2023-03-29

Our distribution release depends on the EPEL repository. You will need to ensure your system also has it installed.

For Red Hat CentOS 6, we currently only support Amazon Linux 2018.03 or earlier.

Add the package repositories

Add the version of the Red Hat CentOS package repository that you want to use.

Red Hat CentOS 7

$ sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Red Hat CentOS 6

NOTE

After Q2 2017, RHEL6 and CentOS 6 will exit Production Phase 2 according to the Red Hat Enterprise Linux Life Cycle. Only limited critical security fixes will be issued. You will need to review the lifecycle document for details and plan appropriately.

$ sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/6/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Enable Lua for NGINX

Some older versions of NGINX don't support native loading of Lua modules. Therefore, we require NGINX to be built with Lua and LuaJIT support. You must first ensure that Lua is installed and enabled for NGINX before enabling the Next-Gen WAF NGINX module.

Install the Lua NGINX Module

Install the dynamic Lua NGINX Module appropriate for your NGINX distribution:

NGINX.org distribution

NGINX 1.12.1 or higher

$ sudo yum install nginx-module-lua-`rpm -q --qf "%{VERSION}" nginx`

NGINX 1.11
```
$ sudo yum install nginx111-lua-module
```
NGINX 1.10
```
$ sudo yum install nginx110-lua-module
```

Amazon distribution

NGINX 1.12.1 or higher

$ sudo yum install nginx-module-lua-amzn-`rpm -q --qf "%{VERSION}" nginx`

NGINX 1.11
```
$ sudo yum install nginx111-lua-module
```

NGINX 1.10

$ sudo yum install nginx110-lua-module-amzn

Enable the Lua NGINX Module

In your NGINX config file (located by default at /etc/nginx/nginx.conf) add the following lines to the global section after the line that starts with pid:
```
load_module /usr/lib64/nginx/modules/ndk_http_module.so;
load_module /usr/lib64/nginx/modules/ngx_http_lua_module.so;
```
Restart the NGINX service to initialize the new module:
- Amazon Linux 2
```
$ systemctl restart nginx
```
- Amazon Linux 2015.09.01
```
$ restart nginx
```

Check that Lua is loaded correctly

Load the following config (e.g., sigsci_check_lua.conf) with NGINX to verify that Lua has been loaded properly:

1# Config just to test for lua jit support
2#
3# Test from commandline as follows:
4# nginx -t -c <explicit path>/sigsci_check_lua.conf
5#
6
7# The following load_module directives are required if you have installed
8# any of: nginx110-lua-module, nginx111-lua-module, or nginx-lua-module
9# for your nginx.org installation.
10# Also, for some nginx-1.10.nn installed from nginx-extras package, you may
11# need to specify the load directives.
12# Given the above uncomment the following:
13#
14# load_module modules/ndk_http_module.so;
15# load_module modules/ngx_http_lua_module.so;
16
17events {
18    worker_connections 768;
19    # multi_accept on;
20}
21http {
22init_by_lua '
23
24local m = {}
25local ngx_lua_version = "dev"
26
27if ngx then
28  -- if not in testing environment
29  ngx_lua_version = tostring(ngx.config.ngx_lua_version)
30  ngx.log(ngx.STDERR, "INFO:", " Check for jit: lua version: ", ngx_lua_version)
31end
32
33local r, jit = pcall(require, "jit")
34if not r then
35  error("ERROR: No lua jit support: No support for SigSci Lua module")
36else
37
38  if jit then
39    m._SERVER_FLAVOR = ngx_lua_version .. ", lua=" .. jit.version
40    if os.getenv("SIGSCI_NGINX_DISABLE_JIT") == "true" then
41      nginx.log(ngx.STDERR, "WARNING:", "Disabling lua jit because env var: SIGSCI_NGINX_DISABLE_JIT=", "true")
42    end
43    ngx.log(ngx.STDERR, "INFO:", " Bravo! You have lua jit support=", m._SERVER_FLAVOR)
44  else
45    error("ERROR: No luajit support: No support for SigSci")
46  end
47
48end
49
50';
51
52}

You can load the script by running the following command:

$ nginx -t -c <your explicit path>/sigsci_check_lua.conf

If the config is successfully loaded, the above script will create the following output:

nginx: [] [lua] init_by_lua:9: INFO: Check for jit: lua version: 10000
nginx: [] [lua] init_by_lua:22: INFO: Bravo! You have lua jit support=10000, lua=LuaJIT 2.0.4
nginx: the configuration file <your explicit path>/sigsci_check_lua.conf syntax is ok
nginx: configuration file <your explicit path>/sigsci_check_lua.conf test is successful

Install the NGINX module

Install the module.
```
$ sudo yum install sigsci-module-nginx
```
Add the following to your NGINX configuration file (located by default at /etc/nginx/nginx.conf) in the http context:
```
include "/opt/sigsci/nginx/sigsci.conf";
```
Restart the NGINX service to initialize the new module.
- Amazon Linux 2
```
$ systemctl restart nginx
```
- Amazon Linux 2015.09.01
```
$ restart nginx
```

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Network services

Security

Compute

Quick start

Building blocks