Set up App and API Protection for Ruby in Docker

문서 > Datadog 보안 > 애플리케이션 보안 관리 > Enabling App and API Protection > Enabling AAP for Ruby > Set up App and API Protection for Ruby in Docker

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

You can enable App and API Protection for Ruby services with the following setup options:

If your Ruby service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation
Otherwise, keep reading the following manual setup instructions

Overview

App and API Protection works by leveraging the Datadog Ruby library to monitor and secure your Ruby service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported Ruby versions, frameworks, and deployment environments, see Ruby Compatibility Requirements.

This guide explains how to set up App and API Protection (AAP) for Ruby applications. The setup involves:

Installing the Datadog Agent
Enabling App and API Protection monitoring
Run Your Application
Verifying the setup

Prerequisites

Docker installed on your host
Ruby application containerized with Docker
Your Datadog API key
Datadog Ruby tracing library (see version requirements)

1. Installing the Datadog Agent

Install the Datadog Agent by following the setup instructions for Docker.

2. Enabling App and API Protection monitoring

Install and configure the datadog gem in your Ruby application.

APM Tracing Enabled

Add the datadog gem to your Gemfile:

gem 'datadog', '~> 2.0'

Configure Datadog library by adding an initializer:

Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env

  c.tracing.enabled = true

  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails

  c.appsec.enabled = true
  c.appsec.api_security.enabled = true

  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end

Add the datadog gem to your Gemfile and require auto-instrumentation:

gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'

Set environment variables for your application. Add these to your Dockerfile:

# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_API_SECURITY_ENABLED=true
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_AGENT_HOST=<YOUR_AGENT_HOST>
ENV DD_ENV=<YOUR_ENVIRONMENT>

APM Tracing Disabled

To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing configuration to false.

Add the datadog gem to your Gemfile:

gem 'datadog', '~> 2.0'

Configure Datadog library by adding an initializer:

Datadog.configure do |c|
  c.service = 'your_service_name'
  c.env = Rails.env

  c.agent.host = 'your_agent_host'

  # Disable APM Tracing
  c.tracing.enabled = false

  # Tracing instrumentation for Rails has to be explicitly enabled
  c.tracing.instrument :rails

  c.appsec.enabled = true
  c.appsec.api_security.enabled = true

  # Rails instrumentation is required for App and API Protection
  c.appsec.instrument :rails
end

Add the datadog gem to your Gemfile and require auto-instrumentation:

gem 'datadog', '~> 2.0', require: 'datadog/auto_instrument'

Set environment variables for your application. Add these to your Dockerfile:

ENV DD_APPSEC_ENABLED=true
ENV DD_API_SECURITY_ENABLED=true
ENV DD_APM_TRACING_ENABLED=false
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_AGENT_HOST=<YOUR_AGENT_HOST>
ENV DD_ENV=<YOUR_ENVIRONMENT>

3. Run your application

Build your image and then run your container.

When running your container, make sure to connect it to the same Docker network as the Datadog Agent and set the correct agent host in your application.

4. Verify setup

To verify that App and API Protection is working correctly:

Send some traffic to your application.
Check the App and API Protection Service Inventory in Datadog.
Find your service and check that App and API protection is enabled in the Coverage column.