NGINX agent configuration
Manage the PingAccess agent for NGINX configuration through the $NGINX/paa/http.conf
and agent.properties
configuration files.
The $NGINX/paa/http.conf
file contains the configuration options defined in the following table.
$NGINX/paa/http.conf
configuration options
Parameter | Definition | Default Value | ||
---|---|---|---|---|
|
Properties file that stores configuration data used to connect the agent to the PingAccess engine nodes. |
|
||
|
Determines whether the agent is enabled or disabled for a specific server configuration. Valid values are To control which blocks that the agent protects, you can set the
For example, if you want to set up an unprotected passthrough resource that PingAccess should always allow access to, you can set
|
|
||
|
Defines the upstream that the PingAccess agent uses to route policy decision requests to PingAccess policy servers. |
|
||
|
Defines the maximum size of the response header, in bytes, that the PingAccess agent can receive from a PingAccess policy server. |
|
||
|
Defines the thread pool to use for blocking operations performed by the agent.
|
|
|
agent.properties
The configured agent.properties
files can contain the following properties:
Property | Definition | Default Value | ||
---|---|---|---|---|
|
The Uniform Resource Identifier (URI) scheme used to connect to the engine node. Acceptable values are:
|
|
||
|
The PingAccess host name. |
The value in the agent node’s |
||
|
The port that the agent connects to on the PingAccess host.
|
Defined in the PingAccess admin console |
||
|
The unique agent name that identifies the agent in PingAccess. |
Defined in the PingAccess admin console |
||
|
The password which is used to authenticate the agent to the engine. |
Defined in the PingAccess admin console |
||
|
The base64-encoded public certificate which is used to establish HTTPS trust by the agent to the PingAccess engine.
|
Generated by PingAccess |
||
|
The number of connections that a single web server worker process maintains to the PingAccess engine defined in the |
|
||
|
The maximum amount of time, in milliseconds, that an agent request made to PingAccess can take. If this time is exceeded, the client receives a generic |
|
||
|
The maximum amount of time, in milliseconds, that the agent can take to connect to the PingAccess engine. If this time is exceeded, the client receives a generic |
|
||
|
The maximum amount of time (in milliseconds) that a web server worker process waits for a response to a policy cache request sent to other web server worker processes. |
|
||
|
The network port that web server processes use to publish policy cache requests to other web server worker processes. This port is bound to the localhost network only. |
|
||
|
The network port that web server processes use to receive policy cache requests from other web server worker processes. This port is bound to the localhost network only. |
|
||
|
The maximum number of tokens that are stored in the policy cache for a single web server worker process. A value of |
|
||
|
Determines whether policy decision caching is enabled or disabled. A value of You might want to use this option for custom rules created using the PingAccess SDK that involve data that changes with every request within a resource and session.
|
|
||
|
The host name and port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess host.
|
Defined in the PingAccess admin console |
||
|
The number of seconds to wait before the agent should retry connecting to a failed PingAccess server. |
|
||
|
The number of times to retry a connection to a PingAccess server after an unsuccessful attempt. If all retries fail, the agent marks the PingAccess server as failed for the duration of the |
|
||
|
Controls the type of policy cache used by the agent. There are three acceptable values for this property:
|
|
||
|
Determines whether the This header contains the following fields:
Learn more in Agent inventory logging. |
|
||
|
Specifies additional values to include in the This property uses the following syntax: agent.inventory=exampleheader=TEST;exampleheader2=TEST2;
|
This property isn’t present by default. |
You can add comments to the |
If you make changes to the |
Learn more about improving agent performance in the Performance tuning guide. |