Internals of NGINX and Native Self-Hosted Wallarm Nodes¶

The Wallarm Node is the core component of the Wallarm platform, responsible for filtering and analyzing traffic. You can deploy it in your environment (self-hosted) or on Wallarm's Security Edge. When deploying a self-hosted node, you have two options: the NGINX Node or the Native Node.

These two nodes differ architecturally and are designed for specific deployment use cases.

NGINX Node¶

The NGINX Node integrates seamlessly with NGINX, making it perfect for infrastructures that already rely on NGINX for traffic management. It leverages NGINX's capabilities while adding Wallarm's security and traffic filtering features.

The following artifacts are available for deploying the NGINX Node:

• All-in-one installer

• Docker image

• AWS AMI

• GCP Machine Image

• Helm chart for NGINX Ingress Controller, Sidecar Controller, eBPF deployments

Find your use case below and deploy the NGINX Node in the appropriate form-factor.

Kubernetes¶

Find an NGINX Node deployment solution for your Kubernetes environment:

NGINX Ingress Controller

Deploy the NGINX Ingress Controller with integrated Wallarm services

Sidecar

Deploy Wallarm Sidecar controller for pod security

eBPF

Out-of-band deployment on Kubernetes using the eBPF technology

Connectors¶

API deployment can be done in various ways, including utilizing external tools such as Azion Edge, Akamai Edge, Mulesoft, Apigee, and CloudFront. If you are looking for a way to secure these APIs with Wallarm, we offer a solution in the form of "connectors" specifically designed for such cases.

The NGINX Node is used for the platforms listed below, however the analysis is limited to incoming requests.

Apigee

Secure APIs running on Apigee

Akamai EdgeWorkers

Secure APIs running on Akamai EdgeWorkers

Azion Edge

Secure APIs running on Azion Edge

In-line¶

Traffic to protected APIs passes through Wallarm NGINX Node instances before it reaches the API. There is no chance of an attacker bypassing Wallarm nodes as long as they are inline and are the only path available to end users. Read more

All-in-one installer

Run the node on a machine with a Linux OS

Amazon Web Services

Artifacts for deployment on AWS

Google Cloud

Artifacts for deployment on GCP

Microsoft Azure

Artifacts for deployment on Microsoft Azure

Alibaba Cloud

Artifacts for deployment on Alibaba Cloud

Docker image

Run the node in the containerized environment

Amazon Web Services

Artifacts for deployment on AWS

AMI

Use the official Amazon Machine Image to deploy Wallarm

ECS

Use the Docker image to deploy Wallarm with Elastic Container Service

Terraform module

Use the Terraform module for in-line Wallarm deployment

Terraform module

Use the Terraform module for in-line Wallarm deployment on AWS

Proxy in AWS VPC

Wallarm as proxy in AWS Virtual Private Cloud

Proxy for Amazon API Gateway

Wallarm as proxy for Amazon API Gateway protection

Google Cloud

Artifacts for deployment on GCP

Machine Image

Use the official Google Cloud Machine Image to deploy Wallarm

GCE

Use the Docker image to deploy Wallarm with Google Compute Engine

Microsoft Azure

Artifacts for deployment on Microsoft Azure

Azure Container Instances

Use the Docker image to deploy Wallarm with Azure Container Instances

Alibaba Cloud

Artifacts for deployment on Alibaba Cloud

ECS

Use the Docker image to deploy Wallarm with Elastic Compute Service

Native Node¶

The Native Node does not rely on NGINX. It was developed for environments where NGINX is not required or where a more lightweight and platform-agnostic solution is preferred.

The following artifacts are available for deploying the Native Node:

• All-in-one installer

• Docker image

• Helm chart

Find your use case below and deploy the Native Node in the appropriate form-factor.

Connectors¶

API deployment can be done in various ways, including utilizing external tools such as Azion Edge, Akamai Edge, Mulesoft, Apigee, and CloudFront. If you are looking for a way to secure these APIs with Wallarm, we offer a solution in the form of "connectors" specifically designed for such cases.

The Native Node works with the following platforms with no limitations:

Mulesoft

Deploy Wallarm to secure APIs deployed on the MuleSoft Anypoint platform

CloudFront

Deploy Wallarm to secure traffic delivered through Amazon CloudFront

Cloudflare

Deploy Wallarm to secure traffic running via Cloudflare

Kong API Gateway

Deploy Wallarm to secure APIs managed by Kong Ingress Controller

Istio

Deploy Wallarm to secure APIs managed by Istio

Broadcom Layer7 API Gateways

Secure APIs managed with Layer7 API Gateways

Fastly

Deploy Wallarm to secure APIs running on Fastly

Out-of-band¶

TCP Traffic Mirror Analysis

Out-of-band deployment for TCP traffic mirror analysis

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send