Agents without Internet access

Even if an agent does not have Internet access, Wazuh provides different approaches to securely connect your private network to your environment:

Using a forwarding proxy

It is possible to access your environment using an NGINX forwarding proxy.

To achieve this configuration, follow these steps:

  1. Deploy a new instance in a public subnet with internet access.

  2. Install NGINX on your instance following the NGINX documentation.

  3. Configure NGINX.

    1. Add the following lines to the HTTP section in your NGINX configuration, located in /etc/nginx/nginx.conf.

      http{
      ...
      real_ip_header X-Forwarded-For;
      set_real_ip_from nginx_ip;
         }
      
    2. Add the following block to the end of the NGINX configuration.

      stream {
        upstream master {
          server <cloud_id>.cloud.wazuh.com:1515;
        }
        upstream mycluster {
          server <cloud_id>.cloud.wazuh.com:1514;
          }
        server {
          listen nginx_ip:1515;
          proxy_pass master;
        }
        server {
          listen nginx_ip:1514;
          proxy_pass mycluster;
        }
      }
      

      Make sure to replace <cloud_id> with the Cloud ID of your environment.

    3. Restart NGINX with systemctl restart nginx.

    4. Register your agent but replace the WAZUH_MANAGER_IP value (nginx_ip) with the NGINX instance IP. To learn more on how to register agents, see the Register agents section.

      Example:

      WAZUH_MANAGER_IP=nginx_ip WAZUH_PROTOCOL="tcp" \
      WAZUH_PASSWORD="xxxx" \
      yum install wazuh-agent
      

      In this example, make sure to replace <xxxx> with your actual password.