Assign tCell App IDs to NGINX File

If your organization uses multiple applications with an NGINX server, you can assign multiple tCell application IDs (App IDs) to the NGINX Agent. For example, if an NGINX server is configured as a reverse proxy to multiple backend applications, a tCell App ID can be assigned to each reverse-proxied application to help manage application security. Assigning a tCell App ID to a location will help you pinpoint a potential vulnerability on application requests.

Before starting, it’s important to note that the NGINX configuration file has nested blocks. Here’s an example:

Nested Blocks Example
1
http { # http servicer
2
server { # port and stuff
3
location { # reverse proxy level
4

If NGINX is front-ending several applications, you can consolidate multiple App IDs into a single configuration file. This differs from an application server agent, where each application server has its own configuration file.

Let’s start:

  1. First, determine if your NGINX file has a single or multiple applications. If there is only one application, skip to the next step. If multiple applications exist in your NGINX file, you will need to consolidate their tCell configurations into a single file. To do this, open tCell and download a tcell_agent.configuration file for each application. Note that only one tcell_agent.configuration can be downloaded per application at a time. After you have downloaded all the individual application files, you will need to consolidate them into a single tcell_agent configuration file.

    Copy Application Entries Individually in Configuration File

    The application section is a json array, so each application entry needs to be copied into the array in the target tcell_agent.config.

  2. In the NGINX configuration file, place tcell_app_id _APP_ID_; at any level, like http, server, or location.

    Use the Deepest Level App_ID

    Typically you could have a default App ID at the http level and then different App IDs at the location level, to specify where app requests for different reverse proxy declarations go. The default App ID sweeps up any request whose location doesn't have an App ID associated with it.

In the following example, you’ll see nested tCell App IDs, highlighted in green. The first App ID is located in the “http” level, while the second and third App IDs are located under the “location” attribute.

NGINX example