Upgrading the NGINX module
This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.
We update our NGINX dynamic module within three weeks of a stable or mainline NGINX release or a NGINX Plus release occurs. We will expedite a release when there are exceptions (e.g., critical vulnerability). Our Compatibility and requirements guide lists the distributions our NGINX module has packages available for.
Upgrading the module on Alpine Linux systems
To upgrade the Next-Gen WAF NGINX module on Alpine Linux systems, follow these steps for the appropriate package:
- Stable
- Mainline
- Distribution-provided
- NGINX Plus
Upgrade the NGINX Alpine Linux module package.
$ apk update$ apk add nginx-module-fastly-nxsRestart your NGINX service.
Upgrading the module on RHEL, CentOS, Amazon Linux and other RHEL-derived distributions
Amazon Linux 2 customers should ensure that the baseurl
in sigsci.repo
is set to https://yum.signalsciences.net/release/amazon/2/$basearch
:
[sigsci_release]name=sigsci_releasebaseurl=https://yum.signalsciences.net/release/amazon/2/$basearchgpgcheck=1repo_gpgcheck=1enabled=1gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.keysslverify=1sslcacert=/etc/pki/tls/certs/ca-bundle.crt
To upgrade the Next-Gen WAF NGINX module for the NGINX on Red Hat Enterprise Linux (RHEL) and its derivative (e.g., CentOS) systems for a version of NGINX, follow the steps for the appropriate package:
- Stable
- Mainline
- Distribution-provided
- NGINX Plus
Upgrade the NGINX module package.
$ sudo yum update$ sudo yum install nginx-module-fastly-nxsRestart your NGINX service.
Upgrading the module on Ubuntu and Debian systems
To upgrade the Next-Gen WAF NGINX module for the NGINX version on Ubuntu and Debian systems, follow the steps for the appropriate package:
- Stable
- Mainline
- Distribution-provided
- NGINX Plus
Upgrade the NGINX module package.
$ sudo apt-get update$ sudo apt-get install nginx-module-fastly-nxsRestart your NGINX service.
Switching to a nginx-module-fastly
package
If your existing installation uses one of the nginx-module-sigsci
packages, you can switch to one of our nginx-module-fastly
packages by completing the following steps:
Prerequisites
Before switching to an nginx-module-fastly
package, ensure the following steps have been completed.
- Debian / Ubuntu
- RHEL / CentOS / Amazon
- Alpine Linux
Run the following command to ensure you have access to the latest packages. You will be prompted to provide your root password.
$ sudo apt-get updateDetermine the NGINX version and package source. Refer to our section on determining the NGINX version.
Check the Next-Gen WAF module you are using by running the following command. Be sure to record the version and whether it is a
-nxo
or-nxp
module. You'll need this information in a future step.$ apt list --installed | grep module-sigsci
Replacing the package
Run the following command according to your distribution of Linux. Substitute
<sigsci-module>
for eithernginx-module-sigsci-nxo
ornginx-module-sigsci-nxp
as you determined in the previous step.- Debian / Ubuntu
- RHEL / CentOS / Amazon
- Alpine Linux
$ sudo apt-get remove <sigsci-module>Remove the
load_module
command for the oldsigsci_module.so
in/etc/nginx/nginx.conf
. Look for the following line and remove it. The Fastly packages have renamed the shared object tongx_http_fastly_module.so
.load_module /etc/nginx/modules/ngx_http_sigsci_module.so;Install the variation of the NGINX dynamic module that is appropriate for your version of NGINX using the version of NGINX and the Fastly module that you noted in previous steps. For information about our module variations, check out Choosing an NGINX module variation.
If you are using SELinux, update your SELinux policy.
Determining the NGINX version
Determining the NGINX version as well as the source of NGINX is necessary to ensure that you install the correct version of the NGINX native module. Follow these steps to determine the NGINX version.
- Debian / Ubuntu
- RHEL / CentOS / Amazon
- Alpine Linux
Run the following command to determine which version you have installed.
$ apt list --installed | grep nginx
On Debian and Ubuntu, the package name nginx
will be followed by a /
character and then the name of the repository it comes from. If it says nginx/nginx
it means you are using a version of NGINX provided by Nginx.org
. If it says nginx/stable
or nginx/noble-updates
or something else, then you are using a distribution-provided version of NGINX. Following the package and repository information, you will see the version of NGINX, for example 1.24.0
. For example, the following shows NGINX version 1.24.0 installed from an Ubuntu repository.
$ apt list --installed | grep nginx
nginx/noble-updates,noble-security,now 1.24.0-2ubuntu7.3 arm64 [installed]
Determining the module version
The version in the package file name is the version of NGINX that the module package is built to work with. To determine the module version, you must query the package using the package tools appropriate to your distribution. The module version will be listed in the Description:
field.
- Alpine Linux
- Debian / Ubuntu
- RHEL / CentOS / Amazon
To query the description for an installed package on Alpine Linux systems, use apk info -d <package name>
. For example:
$ apk info -d nginx-module-fastly-nxs
The output will look something like this:
nginx-module-fastly-nxs-1.24.0-r1201 description:Fastly module v1.2.0 for Nginx 1.24.0
Alpine Linux does not support querying the metadata for packages that have been downloaded but not installed.