Installing NGINX App Protect on an existing NGINX Plus instanceΒΆ


NGINX Plus and NGINX App Protect repositories are accessed using a cert/key pair that enables access for customers who have purchased licenses. In this lab, NGINX Plus repo keys are already copied to the Ubuntu VM.


This section of the lab covers installation of NGINX App Protect. General instructions for installation can be found at

  1. Connect to the jump host via RDP if not already.
  2. Installation of NGINX App Protect is performed on the CLI of the host. Click on the Applications menu, select SSH Shortcuts and select nginx-plus-2.


This host has NGINX Plus installed and serving the Arcadia Finance app, but NGINX App Protect is not installed.

  1. Update the repository and install the NGINX App Protect WAF package:
sudo apt-get update
sudo apt-get install -y app-protect

If you are prompted for a password, enter AppWorld2024!.


  1. Load the NGINX App Protect WAF module on the main context in the nginx.conf file:

Open the file in an editor:

sudo nano /etc/nginx/nginx.conf

Add the following line to the top of the file:

load_module modules/;

Your configuration file should look similar to below:


Press CTRL + X to save the file, followed by Y when asked to save the buffer, then enter when asked for the filename.

  1. Start the NGINX App Protect service and set it to start at boot:
sudo systemctl enable --now nginx-app-protect
  1. Restart the NGINX service:
sudo nginx -s reload

Providing that no errors have occurred during these steps, you now have NGINX App Protect installed. Continue to the next section of the lab.