Visualize NAP logs in mock collector grafana

nginx · dhurley · Nov 13, 2024 · Nov 13, 2024 · Nov 18, 2024 · Nov 18, 2024
commit f3b063685f27ca6b906b1539f745306c0a8b161c
@@ -15,14 +15,15 @@ trap 'handle_term' TERM
 
 # Launch nginx
 echo "starting nginx ..."
+/bin/su -s /bin/sh -c "/usr/share/ts/bin/bd-socket-plugin tmm_count 4 proc_cpuinfo_cpu_mhz 2000000 total_xml_memory 307200000 total_umu_max_size 3129344 sys_max_account_id 1024 no_static_config 2>&1 >> /var/log/app_protect/bd-socket-plugin.log &" nginx
 /usr/sbin/nginx -g "daemon off;" &
 
 nginx_pid=$!
 
 SECONDS=0
 
 while ! ps -ef | grep "nginx: master process" | grep -v grep; do 
-    if (( SECONDS > 5 )); then 
+    if (( SECONDS > 15 )); then
         echo "couldn't find nginx master process"
         exit 1
     fi

@@ -19,14 +19,19 @@ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \
 # Create nginx user/group first, to be consistent throughout Docker variants
     && groupadd --system --gid 101 nginx \
     && useradd --system --gid nginx --no-create-home --home-dir /nonexistent --uid 101 nginx \
-    && apt-get update \
+    && apt-get update --allow-releaseinfo-change \
     && apt-get install --no-install-recommends --no-install-suggests -y \
                         ca-certificates \
                         gnupg1 \
                         lsb-release \
+                        apt-transport-https \
                         git \
                         wget \
                         make \
+                        gnupg2 \
+                        ubuntu-keyring \
+    && wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | tee /usr/share/keyrings/app-protect-security-updates.gpg >/dev/null \
+    && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \
     && \
     NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
     found=''; \
@@ -43,13 +48,15 @@ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \
 # Uncomment individual modules if necessary
 # Use versioned packages over defaults to specify a release
     && nginxPackages=" \
-        nginx-plus \
+        app-protect \
     " \
     && echo "Acquire::https::pkgs.nginx.com::Verify-Peer \"true\";" > /etc/apt/apt.conf.d/90nginx \
     && echo "Acquire::https::pkgs.nginx.com::Verify-Host \"true\";" >> /etc/apt/apt.conf.d/90nginx \
     && echo "Acquire::https::pkgs.nginx.com::SslCert     \"/etc/ssl/nginx/nginx-repo.crt\";" >> /etc/apt/apt.conf.d/90nginx \
     && echo "Acquire::https::pkgs.nginx.com::SslKey      \"/etc/ssl/nginx/nginx-repo.key\";" >> /etc/apt/apt.conf.d/90nginx \
     && printf "deb https://pkgs.nginx.com/plus/${PLUS_VERSION}/ubuntu/ `lsb_release -cs` nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/${PLUS_VERSION}/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list \
+    && printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] https://pkgs.nginx.com/app-protect-security-updates/ubuntu `lsb_release -cs` nginx-plus\n" | tee -a /etc/apt/sources.list.d/nginx-app-protect.list \
     && mkdir -p /etc/ssl/nginx \
     && cat nginx-repo.crt > /etc/ssl/nginx/nginx-repo.crt \
     && cat nginx-repo.key > /etc/ssl/nginx/nginx-repo.key \
@@ -59,9 +66,8 @@ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \
                         curl \
                         gettext-base \
                         jq \
-                        gnupg2 \
     && apt-get remove --purge -y lsb-release \
-    && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list \
+    && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect.list \
     && rm -rf /etc/apt/apt.conf.d/90nginx /etc/ssl/nginx
 
 EXPOSE 80

@@ -12,7 +12,8 @@ services:
     container_name: mock-collector-agent-with-nginx-plus
     volumes:
       - ./nginx-agent.conf:/etc/nginx-agent/nginx-agent.conf
-      - ./nginx-plus:/etc/nginx/
+      - ./nginx-plus/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx-plus/conf.d/default.conf:/etc/nginx/conf.d/default.conf
     networks:
       - metrics
 
@@ -59,6 +60,19 @@ services:
       - grafana-storage:/var/lib/grafana
       - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
       - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
+      - ./grafana/provisioning/plugins:/etc/grafana/provisioning/plugins
       - ./grafana/provisioning/dashboards:/var/lib/grafana/dashboards
     networks:
       - metrics
+
+  loki:
+    image: grafana/loki:latest
+    container_name: mock-collector-loki
+    restart: unless-stopped
+    ports:
+      - "3100:3100"
+    volumes:
+      - ./loki-config.yaml:/etc/loki/local-config.yaml
+    command: -config.file=/etc/loki/local-config.yaml
+    networks:
+      - metrics
@@ -7,3 +7,8 @@ datasources:
     access: proxy
     url: http://prometheus:9090
     isDefault: true
+  - name: Loki
+    type: loki
+    uid: otel-loki-scraper
+    access: proxy
+    url: http://loki:3100
@@ -16,10 +16,12 @@ import (
 
 	"github.com/nginx/agent/v3/test/mock/collector/mock-collector/auth"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusexporter"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor"
 	"go.opentelemetry.io/collector/connector"
 	"go.opentelemetry.io/collector/exporter"
 	"go.opentelemetry.io/collector/exporter/debugexporter"
 	"go.opentelemetry.io/collector/exporter/otlpexporter"
+	"go.opentelemetry.io/collector/exporter/otlphttpexporter"
 	"go.opentelemetry.io/collector/extension"
 	"go.opentelemetry.io/collector/processor"
 	"go.opentelemetry.io/collector/processor/batchprocessor"
@@ -85,13 +87,15 @@ func components() (otelcol.Factories, error) {
 		debugexporter.NewFactory(),
 		otlpexporter.NewFactory(),
 		prometheusexporter.NewFactory(),
+		otlphttpexporter.NewFactory(),
 	)
 	if err != nil {
 		return otelcol.Factories{}, err
 	}
 
 	factories.Processors, err = processor.MakeFactoryMap(
 		batchprocessor.NewFactory(),
+		resourceprocessor.NewFactory(),
 	)
 	if err != nil {
 		return otelcol.Factories{}, err

@@ -1,6 +1,8 @@
 user  nginx;
 worker_processes  auto;
-
+
+load_module modules/ngx_http_app_protect_module.so;
+
 error_log  /var/log/nginx/error.log notice;
 pid        /var/run/nginx.pid;
 
@@ -80,6 +82,23 @@ http {
             status_zone my_location_zone2;
        }
     }
+
+     server {
+         listen       8099;
+         server_name  localhost;
+         proxy_http_version 1.1;
+
+         app_protect_enable on;
+         app_protect_policy_file "/etc/app_protect/conf/NginxDefaultPolicy.json";
+         app_protect_security_log_enable on;
+         app_protect_security_log "/etc/app_protect/conf/log_default.json" syslog:server=127.0.0.1:5141; 
+
+         location / {
+             client_max_body_size 0;
+             default_type text/html;
+             proxy_pass http://172.29.38.211/;
+         }
+     }
 
    include /etc/nginx/conf.d/*.conf;
 }

@@ -15,9 +15,16 @@ exporters:
     verbosity: detailed
     sampling_initial: 5
     sampling_thereafter: 200
+  otlphttp:
+    endpoint: http://loki:3100/otlp
 
 processors:
   batch:
+  resource:
+    attributes:
+      - key: service.name
+        value: "nginx.app.protect"
+        action: insert
 
 extensions:
   headers_check:
@@ -34,5 +41,5 @@ service:
       exporters: [prometheus]
     logs:
       receivers: [otlp]
-      processors: [batch]
-      exporters: [debug]
+      processors: [resource, batch]
+      exporters: [otlphttp]