Skip to content

Commit 55cd165

Browse files
ohad-peretsohad-perets
authored
Update install.md
adding check for ipi running & refernce to apreload
1 parent 820bfd5 commit 55cd165

File tree

1 file changed

+28
-12
lines changed

1 file changed

+28
-12
lines changed

content/nap-waf/v4/admin-guide/install.md

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,12 @@ If a user other than **nginx** is to be used, note the following:
228228
/opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 &
229229
```
230230

231+
Verify the client is populating the database:
232+
233+
```shell
234+
tail -f iprepd.log
235+
```
236+
231237
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
232238

233239
---
@@ -356,11 +362,14 @@ If a user other than **nginx** is to be used, note the following:
356362
/opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 &
357363
```
358364

359-
Update your policy to include the new configuration, then restart the nginx service:
365+
Verify the client is populating the database:
366+
360367
```shell
361-
service nginx restart
368+
tail -f iprepd.log
362369
```
363370

371+
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
372+
364373
## Debian Installation
365374

366375
1. If you already have NGINX packages in your system, back up your configs and logs:
@@ -512,12 +521,14 @@ If a user other than **nginx** is to be used, note the following:
512521
/opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 &
513522
```
514523
515-
Update your policy to include the new configuration, then restart the nginx service:
516-
524+
Verify the client is populating the database:
525+
517526
```shell
518-
service nginx restart
527+
tail -f iprepd.log
519528
```
520529
530+
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
531+
521532
{{< warning >}} Debian enables **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
522533
{{< /warning >}}
523534
@@ -651,12 +662,14 @@ If a user other than **nginx** is to be used, note the following:
651662
/opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 &
652663
```
653664

654-
Update your policy to include the new configuration, then restart the nginx service:
655-
665+
Verify the client is populating the database:
666+
656667
```shell
657-
service nginx restart
668+
tail -f iprepd.log
658669
```
659670

671+
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
672+
660673
---
661674

662675
## RHEL 9+ Installation
@@ -777,7 +790,7 @@ If a user other than **nginx** is to be used, note the following:
777790
sudo systemctl start nginx
778791
```
779792

780-
1. (Optional) A new feature feature `IP Intelligence` is available (version 4.15.0 and above). The feature requires the installation of an additional package to function properly:
793+
1. (Optional) A new feature `IP Intelligence` is available (version 4.15.0 and above). The feature requires the installation of an additional package to function properly:
781794

782795
```shell
783796
sudo dnf install -y app-protect-ip-intelligence
@@ -789,11 +802,14 @@ If a user other than **nginx** is to be used, note the following:
789802
/opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 &
790803
```
791804

792-
Update your policy to include the new configuration, then restart the nginx service:
805+
Verify the client is populating the database:
806+
793807
```shell
794-
service nginx restart
808+
tail -f iprepd.log
795809
```
796810

811+
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
812+
797813
---
798814

799815
## Ubuntu Installation
@@ -947,7 +963,7 @@ If a user other than **nginx** is to be used, note the following:
947963
tail -f iprepd.log
948964
```
949965
950-
Update your policy to include the new configuration for IP Intelligence, then reload the policy or restart the nginx service.
966+
Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect
951967
952968
{{< note >}} Ubuntu 20.04 / Ubuntu 22.04 / Ubuntu 24.04 activates **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment.
953969
{{< /note >}}

0 commit comments

Comments
 (0)