Plus lab6 final draft

Plus/labs/lab1/nginx-plus/Dockerfile

@@ -20,10 +20,8 @@ RUN printf "deb https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\
 # Download the apt configuration to `/etc/apt/apt.conf.d`:
 RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
 
-# <TODO:  modify apt-get install command to pull R32 ( no R33 allowed ):
-# HELP:  https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/#creating-custom-nginx-plus-docker-image
 # Update the repository and install version R32P1 of NGINX Plus:
-RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y nginx-plus=32-2*
+RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y nginx-plus=32-2* nginx-plus-module-njs nginx-plus-module-prometheus
 
 # Remove nginx repository key/cert from docker
 RUN rm -rf /etc/ssl/nginx \

Plus/labs/lab6/docker-compose.yml

@@ -1,17 +1,18 @@
 # NGINX Plus Proxy with tools build
 # NGINX webservers with ingress-demo pages
-# NGINX Basics, Jan 2024
-# Chris Akker, Shouvik Dutta
-version: '3.3'
+# NGINX Basics, Nov 2024
+# Chris Akker, Shouvik Dutta, Adam Currier
+#
 services:
   nginx-plus:                  # NGINX Plus Web / Load Balancer
     hostname: nginx-plus
     container_name: nginx-plus
-    build: nginx-plus          # Build new container, using /nginx-plus/Dockerfile
-    volumes:
-        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d        # Copy these folders to container
-        - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+    image: nginx-plus:workshop  # From Lab1
+    volumes:                    # Sync these folders to container
         - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
     ports:
         - 80:80       # Open for HTTP
         - 443:443     # Open for HTTPS

Plus/labs/lab6/nginx-plus/etc/nginx/conf.d/cafe.example.com.conf

@@ -3,7 +3,7 @@ server {
     # Listening on port 80 on all IP addresses on this machine
     listen 80 default_server;
 
-    server_name cafe.example.com "";
+    server_name cafe.example.com;
 
     status_zone cafe-VirtualServer;
 

Plus/labs/lab6/nginx-plus/etc/nginx/conf.d/dashboard.conf

@@ -1,94 +1,16 @@
-# This sample NGINX Plus configuration enables the NGINX Plus API, for live 
-# activity monitoring and the built-in dashboard, dynamic configuration of 
-# upstream groups, and key-value stores. Keep in mind that any features 
-# added to the API in future NGINX Plus releases will be enabled 
-# automatically by this file.
-# Created in May 2018 by NGINX, Inc. for NGINX Plus R14 and later.
-
-# Documentation: 
-# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/
-# https://www.nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps
-
-# To conform with the conventional configuration scheme, place this file in 
-# the /etc/nginx/conf.d directory and add an 'include' directive that 
-# references it in the main configuration file, /etc/nginx/nginx.conf, 
-# either by name or with a wildcard expression. Then validate and reload
-# the configuration, for example with this command:
-#
-#     nginx -t && nginx -s reload
-
-# Note that additional directives are required in other parts of the 
-# configuration:
-#
-# For metrics to be gathered for an HTTP or TCP/UDP virtual server, you must 
-# include the 'status_zone' directive in its 'server' block. See: 
-# http://nginx.org/r/status_zone
-#
-# Similarly, for metrics to be gathered for an upstream server group, you 
-# must include the 'zone' directive in the 'upstream' block. See:
-# http://nginx.org/r/zone
-#
-# For more information and instructions, see:
-# https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring#status_data
-
-# We strongly recommend that you restrict access to the NGINX Plus API so 
-# that only authorized users can view metrics and configuration, change 
-# configuration, or both. Here are a few options:
-#
-# (1) Configure your firewall to limit access to port 8080.
+# NGINX Plus Basics, Nov 2024
+# Chris Akker, Shouvik Dutta, Adam Currier
+# dashboard.conf
 #
-# (2) Use SSL/TLS client certificates. See:
-#    https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
-#
-# (3) Enable HTTP Basic authentication (RFC 7617) by uncommenting the 
-#    'auth_basic*' directives in the 'server' block below. You can add users 
-#    with an htpasswd generator, which is readily available, or reuse an 
-#    existing htpasswd file (from an Apache HTTP Server, for example).  See: 
-#    http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
-#
-# (4) Enable access from a defined network and disable it from all others, 
-#    by uncommenting the 'allow' and 'deny' directives in the 'server' block
-#    below and specifying the appropriate network ranges. See: 
-#    http://nginx.org/en/docs/http/ngx_http_access_module.html
-#
-# You can create further restrictions on write operations, to distinguish
-# between users with read permission and those who can change configuration.
-# Uncomment the sample 'limit_except' directive in the 'location api' 
-# block below. In addition to the HTTP Basic authentication shown, other 
-# authentication schemes are supported. See: 
-# http://nginx.org/r/limit_except
-
 server {
-    # Conventional port for the NGINX Plus API is 9000
+    # Conventional port for the NGINX Plus API is 8080
     listen 9000;
-    access_log off; # reduce noise in access logs
+    access_log off;    # reduce noise in access logs
 
-    # Restrict at server level
-    # Uncomment to use HTTP Basic authentication; see (3) above
-    #auth_basic "NGINX Plus API";
-    #auth_basic_user_file /etc/nginx/users;
-
-    # Uncomment to use permissions based on IP address; see (4) above
-    #allow 10.0.0.0/8;
-    #deny all;
-
-    # Conventional location for accessing the NGINX Plus API 
     location /api/ {
-        # Enable in read-write mode
-        api write=on;
-
-        # Restrict at /api level
-        # Uncomment to further restrict write permissions; see note above
-        #limit_except GET {
-            #auth_basic "NGINX Plus API";
-            #auth_basic_user_file /etc/nginx/admins;
-        #}
-        # Uncomment to use permissions based on IP address; see (4) above
-        # allow 10.0.0.0/8;
-        # allow 127.0.0.1;
-        # deny all;
+    # Enable in read-write mode
+    api write=on;
     }
-
     # Conventional location of the NGINX Plus dashboard
     location = /dashboard.html {
         root /usr/share/nginx/html;
@@ -98,4 +20,5 @@ server {
     location / {
         return 301 /dashboard.html;
     }
-}
+}
+

Plus/labs/lab6/nginx-plus/etc/nginx/conf.d/prometheus.conf

@@ -1,17 +1,17 @@
 # NGINX Plus Prometheus configuration, for HTTP scraper page
-# Chris Akker, Feb 2024
-# https://www.nginx.com/blog/how-to-visualize-nginx-plus-with-prometheus-and-grafana/
+# Chris Akker, Nov 2024
+# Based on: https://www.f5.com/company/blog/nginx/how-to-visualize-nginx-plus-with-prometheus-and-grafana
 # Nginx Basics
 #
 # Uncomment all lines below
 # js_import /usr/share/nginx-plus-module-prometheus/prometheus.js;
 
 # server {
 
-#    listen 9113;               # This is the default port for Prometheus scraper page
+#   listen 9113;           # This is the default port for Prometheus scraper page
 
 #       location = /metrics {
-#         js_content prometheus.metrics;
+#       js_content prometheus.metrics;
 #       }
 
 #       location /api {

Plus/labs/lab6/nginx-plus/etc/nginx/conf.d/upstreams.conf

@@ -1,19 +1,34 @@
-# DNS resolution using Docker DNS server (DOCKER ONLY)
-# Docker-compose:
-resolver 127.0.0.11 ipv6=off; # Docker DNS
+# NGINX Basics, Plus Proxy to three upstream NGINX containers
+# Nov 2024 - Chris Akker, Shouvik Dutta, Adam Currier
+# nginx_cafe servers
+#
+upstream nginx_cafe {         # Upstream block, the name is "nginx_cafe"
 
+    # Uncomment the zone directive below to add metrics to the Dashboard
+    zone nginx_cafe 256k;
 
-# nginx-cafe servers 
-upstream nginx_cafe {
+    # Load Balancing Algorithms supported by NGINX
+    # - Round Robin (Default if nothing specified)
+    # - Least Connections
+    # - IP Hash
+    # - Hash (Any generic Hash)
 
-    zone nginx_cafe 256k;
+    # Load Balancing Algorithms supported by NGINX Plus
+    # - Least Time Last Byte / Header
+    # - Random Two     
 
-    # Docker-compose:
+    # Uncomment for Least-Time Last-Byte algorithm      
+    least_time last_byte;
+
+    # From Docker-Compose:
     server web1:80;
     server web2:80;
     server web3:80;
 
-    # Including keep alive connections are bonus points
+    # Uncomment for Cookie persistence
+    # sticky cookie srv_id expires=1m domain=.example.com path=/;
+
+    # Uncomment for keepalive TCP connections to upstreams
     keepalive 16;
 
 }

Plus/labs/lab6/nginx-plus/usr/share/nginx/html/gtr.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx GTR !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx GTR !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="gtr.jpg" alt="GTR" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>

Plus/labs/lab6/nginx-plus/usr/share/nginx/html/index.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+html { color-scheme: light dark; }
+    body { width: 35em; margin: 0 auto;
+    font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>

Plus/labs/lab6/nginx-plus/usr/share/nginx/html/nsx.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx NSX !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx NSX !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="nsx.jpg" alt="NSX" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>

Plus/labs/lab6/nginx-plus/usr/share/nginx/html/rcf.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx RCF !</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx RCF !</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working.</p>
+
+<img src="rcf.jpg" alt="RCF" height="480" width="640"></img>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>