This procedure makes the following assumptions:

  • The PingAccess NGINX agent zip content is extracted to the $PINGACCESS_AGENT_NGINX folder.
    Note: Amazon Linux 2 systems use the Red Hat Enterprise Linux 7 download bundles.
  • The NGINX installation is assumed to live at $NGINX. In the steps in this procedure, modify the paths specified based on where your NGINX installation and configuration files are located.
  • You have downloaded the installation package from the PingAccess Downloads page.

To install the PingAccess agent for NGINX, perform the following steps:

Note:

The agent RPM has required dependencies that might be available through standard repositories. If these dependencies are not available in your Linux version, you can install them using the included libpgm-5_2-0-5.2.122-32.1.x86_64.rpm, libsodium18-1.0.11-1.1.x86_64.rpm and libzmq5-4.3.1-23.6.x86_64.rpm packages.

  1. Install the NGINX module:
    yum install pingaccess-agent-nginx-*.rpm lib*.rpm
  2. In the PingAccess console, go to Applications > Agents.
  3. Edit a configured agent.

    If the agent has not yet been created, see the Agents section of the PingAccess User Interface Reference Guide.

  4. In the shared secret, click the Download icon to download the agent properties file.
  5. Copy the agent properties file to $NGINX/paa/agent.properties.
  6. If you are installing on NGINX OSS, edit the agent.properties file and set the agent.engine.configuration.maxConnections property value to 0.
  7. To load the PingAccess agent for NGINX module, add the following directive to the NGINX configuration file, $NGINX/nginx.conf.
    load_module modules/ngx_http_paa_module.so;
  8. To configure the PingAccess Agent for NGINX module, add the following directive to the NGINX configuration file, $NGINX/nginx.conf, within the http {} block.
    include $NGINX/paa/http.conf;
    Important:

    In PingAccess Manage Agents, PingAccess Host must match the certificate CN or Subject Alternative Name (SAN).

  9. To enable the PingAccess Agent, modify the following property in the file $NGINX/paa/http.conf.
    paa_enabled on;
    Important:

    If agent.engine.configuration.failover.hosts in agent.properties is set, the paa_upstream and upstream blocks in the provided http.conf file will need to be updated to a value consistent with a CN or SAN of the certificate associated with the PingAccess Agent HTTPS Listener. Otherwise, you will not be able to establish an HTTPS connection to either the primary or the backup server.

  10. If you are installing on NGINX OSS, edit the $NGINX/paa/http.conf file and comment out the line containing the queue directive. For example:
    # queue 65536;
  11. Restart the NGINX server:
    1. To stop the NGINX server, run the following command.
      sudo systemctl stop nginx
    2. To start the NGINX server, run the following command.
      sudo systemctl start nginx