If your API calls are being routed through NGINX, you can use Akto's NGINX module to send traffic to Akto dashboard. Below guide will help you do this:
Creating AWS Policy
1. Go to Quick Start on your Akto dashboard and expand the Connect traffic data section.
2. Scroll down to Data processors setup section.
3. Copy the policy json and click on the Akto Dashboard role link.
4. Click on the JSON tab and paste the policy
5. Click on Review policy button.
6. Enter AktoDashboardPolicy as the policy name and click on Create Policy button
8. Once the policy is created, go back to the dashboard.
Setting up Data processors
1. Click on Setup traffic processors button.
2. This will bring up infra that will process your traffic.
3. Check that you have AKTO_NLB and AKTO_MONGO_IP vars once setup is complete.
Add NGINX module
This methods is recommended when you have end to end TLS and SSL termination happens at NGINX.
The Akto nginx module uses the dynamic module functionality supported by nginx. This requires nginx to be build from source for which the exact steps can be slightly varied depending on the linux flavour, the core process though, remains the same.
Ubuntu / Debian based
Record all API calls using nginx-module-njs. (njs is a standard NGINX module built and shipped in every release of NGINX). You can install it by running apt install nginx-module-njs
The data is sent to Akto installed in your VPC using nginx-kafka-log-module. You can install it by using nginx dynamic modules functionality as described here
Download the js file and save as /etc/nginx/njs/api_log.js
In your NGINX conf file - /etc/nginx/nginx.conf , add the following:
6. Restart NGINX by nginx -s reload. This will start logging all the request-response logs to akto.
Amazon linux 2
sudo su -
To set up the yum repository for Amazon Linux 2 for nginx, create the file named /etc/yum.repos.d/nginx.repo with the following content. This is needed to install nginx (if not present) and nginx-module-njs.
We will send data to Akto traffic processor using nginx-kafka-log-module. To clone it run: git clone https://github.com/kaltura/nginx-kafka-log-module.git
We can install nginx-kafka-log-module using the steps below. For the official nginx docs to install nginx dynamic modules refer this.
# Enable EPEL repository if not already enabledamazon-linux-extrasinstallepel-y# Install librdkafka and its development packageyuminstalllibrdkafkalibrdkafka-devel-yyuminstallpcrepcre-devel-yyumgroupinstall"Development Tools"-y# go to nginx directory, which we downloaded in step 3cdnginx-1.26.0/./configure --with-compat --add-dynamic-module=../nginx-kafka-log-module --with-cc-opt="-I/usr/include" --with-ld-opt="-L/usr/lib"
makemodulescpobjs/ngx_http_kafka_log_module.so/etc/nginx/modules/
Add the Akto njs code to nginx njs directory using the following commands.
Add this to .conf [ You can get the path of this file in the include section of /etc/nginx/nginx.conf file ]. Make sure that the traffic here is being proxied/sent to your actual application.
nginx -s reload [ Use this command if nginx is already running, else use : systemctl start nginx ]
Amazon linux 2023
sudo su -
To set up the yum repository for Amazon Linux 2023 for nginx, create the file named /etc/yum.repos.d/nginx.repo with the following content. This is needed to install nginx (if not present) and nginx-module-njs.
We will send data to Akto traffic processor using nginx-kafka-log-module. To clone it run: git clone https://github.com/kaltura/nginx-kafka-log-module.git
We can install nginx-kafka-log-module using the steps below. For the official nginx docs to install nginx dynamic modules refer this.
i. To set up the yum repository for Amazon Linux 2023 for confluent, create the file named /etc/yum.repos.d/confluent.repo with the following content.
yuminstalllibrdkafka1librdkafka-devel-yyuminstallpcrepcre-devel-yyumgroupinstall"Development Tools"-y# go to nginx directory, which we downloaded in step 3cdnginx-1.26.0/./configure --with-compat --add-dynamic-module=../nginx-kafka-log-module --with-cc-opt="-I/usr/include" --with-ld-opt="-L/usr/lib"
makemodulescpobjs/ngx_http_kafka_log_module.so/etc/nginx/modules/
Add the Akto njs code to nginx njs directory using the following commands.
Add this to .conf [ You can get the path of this file in the include section of /etc/nginx/nginx.conf file ]. Make sure that the traffic here is being proxied/sent to your actual application.
nginx -s reload [ Use this command if nginx is already running, else use : systemctl start nginx ]
Note: We have benchmarked an nginx server with and without akto nginx traffic module. The results for the same are as follows:
metrics
vanilla nginx
nginx with akto module
avg. cpu usage
upto 36%
upto 38%
avg. memory usage
0.5%
0.5%
The server setup being used is an AWS EC2 (t3a.small: 2CPU + 2GB RAM), with around 1600-1800 requests being fired per second to the server continuously for over a minute (~110k requests per minute). Here nginx is configured as a reverse proxy to a node.js backend server.