# Upgrading the Docker NGINX-based image These instructions describe the steps to upgrade the running Docker NGINX-based image to the latest version 6.x. !!! warning "Using credentials of already existing Wallarm node" We do not recommend using the already existing Wallarm node of the previous version. Please follow these instructions to create a new filtering node of the version 6.x and deploy it as the Docker container. To upgrade the end‑of‑life node (3.6 or lower), please use the [different instructions](https://docs.wallarm.com/updating-migrating/older-versions/docker-container.md). ## Requirements * [Docker](https://docs.docker.com/engine/install/) installed on your host system * Access to `https://hub.docker.com/r/wallarm/node` to download the Docker image. Please ensure the access is not blocked by a firewall * Access to the account with the **Administrator** role in Wallarm Console in the [US Cloud](https://us1.my.wallarm.com/) or [EU Cloud](https://my.wallarm.com/), or [ME Cloud](https://me1.my.wallarm.com/) * Access to `https://us1.api.wallarm.com` if working with US Wallarm Cloud or to `https://api.wallarm.com` if working with EU Wallarm Cloud, to `https://me1.api.wallarm.com` if working with ME Wallarm Cloud. Please ensure the access is not blocked by a firewall * Access to the IP addresses and their corresponding hostnames (if any) listed below. This is needed for downloading updates to attack detection rules and [API specifications](https://docs.wallarm.com/api-specification-enforcement/overview.md), as well as retrieving precise IPs for your [allowlisted, denylisted, or graylisted](https://docs.wallarm.com/user-guides/ip-lists/overview.md) countries, regions, or data centers **US Cloud:** ``` node-data0.us1.wallarm.com - 34.96.64.17 node-data1.us1.wallarm.com - 34.110.183.149 us1.api.wallarm.com - 35.235.66.155 34.102.90.100 34.94.156.115 35.235.115.105 ``` **EU Cloud:** ``` node-data1.eu1.wallarm.com - 34.160.38.183 node-data0.eu1.wallarm.com - 34.144.227.90 api.wallarm.com - 34.90.110.226 ``` **ME Cloud:** ``` node-data0.me1.wallarm.com - 34.166.82.208 node-data1.me1.wallarm.com - 34.166.82.208 me1.api.wallarm.com - 34.166.82.208 ``` ## Step 1: Download the updated filtering node image ``` bash docker pull wallarm/node:6.12.2 ``` ## Step 2: Stop the running container ```bash docker stop ``` ## Step 3: Run the container using the new image 1. If upgrading from version 5.x or earlier, please note the following important changes: * If you previously configured the postanalytics memory via the `TARANTOOL_MEMORY_GB` environment variable, rename it to `SLAB_ALLOC_ARENA`. * If you are running the Docker container with mounted custom NGINX configuration files: * The `include` paths in `/etc/nginx/nginx.conf` have changed to align with Alpine Linux directory conventions: ```diff ... - include /etc/nginx/modules-enabled/*.conf; + include /etc/nginx/modules/*.conf; ... http { - include /etc/nginx/sites-enabled/*; + include /etc/nginx/http.d/*; } ``` * In `/etc/nginx/conf.d/wallarm-status.conf`, the default value of the `allow` directive (used to define permitted IP addresses) has changed: ```diff ... - allow 127.0.0.8/8; + allow 127.0.0.0/8; ... ``` * The path for mounting virtual host configuration files has changed from `/etc/nginx/sites-enabled/default` to `/etc/nginx/http.d`. 1. Proceed to Wallarm Console → **Settings** → **API Tokens** and generate a token with the **Node deployment/Deployment** usage type. 1. Copy the generated token. 1. Run the container using the new image and apply the updated configuration. There are two options for running the container using the updated image: * [With the environment variables](https://docs.wallarm.com/admin-en/installation-docker-en.md#run-the-container-passing-the-environment-variables) * [In the mounted configuration file](https://docs.wallarm.com/admin-en/installation-docker-en.md#run-the-container-mounting-the-configuration-file) ## Step 4: Test the filtering node operation 1. Send the request with test [Path Traversal](https://docs.wallarm.com/attacks-vulns-list.md#path-traversal) attack to a protected resource address: ``` curl http://localhost/etc/passwd ``` If traffic is configured to be proxied to `example.com`, include the `-H "Host: example.com"` header in the request. 1. Open Wallarm Console → **Attacks** section in the [US Cloud](https://us1.my.wallarm.com/attacks) or [EU Cloud](https://my.wallarm.com/attacks), or [ME Cloud](https://me1.my.wallarm.com/attacks) and make sure the attack is displayed in the list. ![Attacks in the interface](https://docs.wallarm.com/images/admin-guides/test-attacks-quickstart.png) 1. Optionally, [test](https://docs.wallarm.com/admin-en/uat-checklist-en.md) other aspects of the node functioning. ## Step 5: Delete the filtering node of the previous version If the deployed image of the version 6.x operates correctly, you can delete the filtering node of the previous version in Wallarm Console → **Nodes**.