Updates to move to R34

Plus/labs/lab0/prerequisites.md

@@ -12,12 +12,9 @@ By the end of this Prerequisite instructions, you will be ready to do the Worksh
 
 1. You must have an NGINX Plus Commercial license/subscription for this Workshop.
 2. You must download the `nginx-repo.crt` and `nginx-repo.key` and `nginx-repo.jwt` files from your MyF5 account.
-3. If you do not have a current license, you can request a 30-Day Trial License for free, here: https://www.f5.com/trials/free-trial-nginx-plus-and-nginx-app-protect . It takes several minutes for the F5 Licensing system to send you an email, with a `one-time download link` to the License files.  `Save the nginx-repo.* files to your local storage`, you will need them before you start the Workshop.  (NOTE: the nginx-repo.jwt file is not needed for this workshop, but download it for the Nginx Plus Ingress Workshop if you are interested in learning about Nginx Plus Ingress Controller for Kubernetes - your next NGINXperts Workshop!).
+3. If you do not have a current license, you can request a 30-Day Trial License for free, here: https://www.f5.com/trials/nginx-one . It takes several minutes for the F5 Licensing system to send you an email, with a `one-time download link` to the License files.  `Save the nginx-repo.* files to your local storage`, you will need them before you start the Workshop.  (NOTE: the nginx-repo.jwt file will be used to validate your subscription and automatically send usage reports to F5 licensing endpoint to be compliant with subscription agreement.).
 4. If you do not have access to Nginx Plus, you can still take the NGINX OSS Basics Workshop, and get familiar with NGINX Open Source.
 
-## F5 Distributed Cloud Accout
-
-You will need an F5 Distributed Cloud account to complete the Nginx ONE Console lab exercises.  If you do not have an Account, please contact your F5 Sales Representative for more information.
 
 ## Hardware Requirments
 

Plus/labs/lab1/docker-compose.yml

@@ -9,11 +9,11 @@ services:
     build: ./nginx-plus          # Build new container, using /nginx-plus/Dockerfile
     image: nginx-plus:workshop
     volumes:                     # Copy these files/folders to container
-        - ./nginx-plus/etc/nginx/license.jwt:/etc/nginx/license.jwt
         - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d        
         - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
         - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
         - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ../nginx-repo.jwt:/etc/nginx/license.jwt      # Copy JWT Token from parent folder to container to fulfill licensing requirement
     ports:
         - 80:80       # Open for HTTP
         - 443:443     # Open for HTTPS

Plus/labs/lab1/docker-compose.yml.works → Plus/labs/lab1/docker-compose.yml.foragent

@@ -1,20 +1,26 @@
 # NGINX Plus with tools build
 # NGINX Plus Basics, Nov 2024
 # Chris Akker, Shouvik Dutta, Adam Currier
-#
+# 
 services:
   nginx-plus:                  # NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+      NGINX_AGENT_SERVER_GRPCPORT: '443'
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN # Dataplane key From Nginx One Console
+      NGINX_AGENT_TLS_ENABLE: 'true'
+      NGINX_LICENSE_JWT: $JWT
     hostname: nginx-plus
     container_name: nginx-plus
     build: ./nginx-plus          # Build new container, using /nginx-plus/Dockerfile
     image: nginx-plus:workshop
-    volumes:
-        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d        # Copy these folders to container
+    volumes:                     # Copy these files/folders to container
+        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d        
         - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
         - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
         - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
     ports:
         - 80:80       # Open for HTTP
         - 443:443     # Open for HTTPS
         - 9000:9000   # Open for Plus Dashboard page / API
-    restart: always     
+    restart: always   

Plus/labs/lab1/nginx-plus/Dockerfile

@@ -1,55 +1,15 @@
-# For Ubuntu 20.04:
-FROM ubuntu:focal
+# Use the multi-stage build to add necessary dynamic modules from F5 NGINX private registry (Optional)
+FROM private-registry.nginx.com/nginx-plus/modules:r34-prometheus-debian AS prometheus-base
+# FROM private-registry.nginx.com/nginx-plus/modules:r34-headers_more-debian as headers_more-base
+# FROM private-registry.nginx.com/nginx-plus/modules:r34-otel-debian as otel-base
 
-## Install Nginx Plus
-# Download certificate and key from the MyF5 customer portal (https://account.f5.com/myf5)
-# and copy to the build context and set correct permissions
-RUN mkdir -p /etc/ssl/nginx
-COPY etc/ssl/nginx/nginx-repo.* /etc/ssl/nginx/
-RUN chmod 644 /etc/ssl/nginx/* 
+# Use the NGINX base image from F5 NGINX private registry 
+FROM private-registry.nginx.com/nginx-plus/base:r34-debian-bookworm
 
-# Install prerequisite packages:
-RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-certificates curl wget gnupg2 net-tools vim tree openssl jq
+# Use this section to COPY the dynamic modules to the base image (Optional)
+COPY --from=prometheus-base / /
+# COPY --from=headers_more-base / /
+# COPY --from=otel-base / /
 
-# Download and add the NGINX signing key:
-RUN wget https://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key 
-
-# Add NGINX Plus repository:
-RUN printf "deb https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
-
-# Download the apt configuration to `/etc/apt/apt.conf.d`:
-RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
-
-# Update the repository and install version R32P1 of NGINX Plus:
-RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y nginx-plus=32-2* nginx-plus-module-njs=32* nginx-plus-module-prometheus=32*
-
-# Remove nginx repository key/cert from docker
-RUN rm -rf /etc/ssl/nginx \
-# Remove default nginx config
-# && rm /etc/nginx/conf.d/default.conf \
-# Required for this demo: Create State file folder and set permissions
-&& mkdir -p /var/lib/nginx/state \
-&& chown -R nginx /var/lib/nginx/state \
-# COPY var/lib/nginx/state/upstreams.state /var/lib/nginx/state/upstreams.state
-&& touch /var/lib/nginx/state/upstreams.state
-
-# Copy certificate files and dhparams
-COPY etc/ssl /etc/ssl
-
-# COPY /etc/nginx (Nginx configuration) directory
-COPY etc/nginx /etc/nginx
-RUN chown -R nginx:nginx /etc/nginx \
-# # Forward request logs to Docker log collector:
-# && ln -sf /dev/stdout /var/log/nginx/access.log \
-# && ln -sf /dev/stderr /var/log/nginx/error.log \
-    # Remove the cert/keys from the image
-&& rm /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key
-
-# COPY /usr/share/nginx/html (Nginx files) directory
-COPY usr/share/nginx/html /usr/share/nginx/html
-RUN chown -R nginx:nginx /usr/share/nginx/html
-
-# EXPOSE ports, HTTP 80, HTTP 8080, HTTPS 443, Nginx API / status page 9000, Prometheus Exporter page 9113
-EXPOSE 80 443 8080 9000 9113
-STOPSIGNAL SIGTERM
-CMD ["nginx", "-g", "daemon off;"]
+# Use this section to  install additional tools/packages
+RUN apt-get update && apt-get install -y curl wget procps net-tools vim tree openssl jq

Plus/labs/lab1/nginx-plus/Dockerfile.withagent

@@ -0,0 +1,23 @@
+# Use the multi-stage build to add necessary dynamic modules from F5 NGINX private registry (Optional)
+# FROM private-registry.nginx.com/nginx-plus/modules:r34-headers_more-debian as headers_more-base
+# FROM private-registry.nginx.com/nginx-plus/modules:r34-otel-debian as otel-base
+
+# Use the NGINX agent image from F5 NGINX private registry 
+FROM private-registry.nginx.com/nginx-plus/rootless-agent:r34-debian-bookworm
+
+# Use this section to COPY the dynamic modules to the base image (Optional)
+# COPY --from=headers_more-base / /
+# COPY --from=otel-base / /
+
+# Set some default environment variables (can be overridden at runtime)
+ENV NGINX_LICENSE_JWT=""
+ENV NGINX_AGENT_SERVER_GRPCPORT=443
+ENV NGINX_AGENT_SERVER_HOST=agent.connect.nginx.com
+ENV NGINX_AGENT_SERVER_TOKEN=""
+ENV NGINX_AGENT_TLS_ENABLE=true
+
+# Copy NGINX Configs as it is not being mounted
+COPY --chown=nginx:nginx ./etc/nginx/conf.d /etc/nginx/conf.d
+COPY --chown=nginx:nginx ./etc/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY --chown=nginx:nginx ./etc/nginx/includes /etc/nginx/includes
+COPY --chown=nginx:nginx ./etc/ssl/nginx/nginx-repo.* /etc/ssl/nginx/