Lab1, 2 and 3 changes (#12)

* lab1 added
* lab2 added
* topic updates
* gitignore updated
* lab3 updates
* Edits to push expired certs
* lab3 final edits
* lab1 edits based on PR comments
* lab2 and 3 edits based on PR comments

Author: sdutta9

.gitignore

@@ -1,7 +1,8 @@
 # Any private crt and keys #
 ############################
-*.crt
-*.key
+*-day.crt
+*-day.key
+nginx-repo.*
 *~
 \#*
 

labs/lab1/media/lab1_none-dataplane-key-delete1.png

@@ -0,0 +1,132 @@
+# NGINX One Console Introduction & Access
+
+## Introduction
+
+In this lab, you will be logging into NGINX One Console and exploring various components within it. This lab requires that you have access to F5 Distributed Cloud to work with the One Console. As part of this lab, you will explore the NGINX One console product, as a quick Overview of what it is and how to access it.
+
+<br/>
+
+## Learning Objectives
+
+By the end of the lab you will be able to:
+
+- [Understand NGINX One Console product](#nginx-one-console-introduction)
+- [Access and navigate NGINX One Console](#access-and-navigate-nginx-one-console)
+- [Create and manage data plane keys that would be used to manage NGINX instances](#create-and-manage-data-plane-keys-that-would-be-used-to-manage-nginx-instances)
+
+## Prerequisites
+
+- You must have an F5 Distributed Cloud(XC) Account
+- You must have enabled NGINX One service on F5 Distributed Cloud(XC)
+- See `Lab0` for instructions on setting up your system for this Workshop
+- Familiarity with basic Linux concepts and commands
+- Familiarity with basic NGINX concepts and commands
+
+<br/>
+
+### NGINX One Console Introduction
+
+![NGINX One](media/nginx-one-icon.png)
+
+The F5 NGINX One Console is a service which is part of the F5 Distributed Cloud, gives all NGINX users access to a SaaS experience for managing NGINX instances. The console lets you monitor and control your NGINX fleet from one place. You can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more.
+
+The NGINX One Console is valuable because it simplifies the complexities of modern application delivery by integrating multiple functionalities into a single platform. This reduces the need for disparate tools, lowers operational overhead and costs, and ensures robust security for your applications. You will be able to accelerate application delivery and time-to-value like never before with SaaS capabilities.
+
+NGINX One Console offers the following key benefits:
+
+- **Centralized control:** Manage all your NGINX instances from a single console.
+- **Enhanced monitoring and risk detection:** Automatically detect critical vulnerabilities (CVEs), verify SSL certificate statuses, and identify security issues in NGINX configurations.
+- **Performance optimization:** Track your NGINX versions and receive recommendations for tuning your configurations for better performance.
+- **Graphical Metrics Display:** Access a dashboard that shows key metrics for your NGINX instances, including instance availability, version distribution, system health, and utilization trends.
+- **Real-time alerts:** Receive alerts about critical issues.
+
+### How it works
+
+![NGINX Agent](media/nginx-agent-icon.png)
+
+The NGINX One Console requires `NGINX Agent`, an open source software module written by NGINX that connects and communicates with NGINX One.  This NGINX Agent must be installed and running on every NGINX instance that you wish to manage with NGINX One.  You will use the publicly available NGINX with Agent images from Docker Hub for your NGINX OSS containers.  In addition, as part of your Docker Compose file, your NGINX Plus containers already have the required `NGINX Agent` installed for you.  NGINX Agent can also be installed using regular Linux package managers like `apt` and `yum`.  Refer to the References Section for links to the NGINX Agent installation guides.
+
+### Access and navigate NGINX One console
+
+1. Login into the F5 Distributed Cloud console using your account credentials. The login page can be found at: https://console.ves.volterra.io/login/start
+
+    ![XC Login](media/lab1_xc-login.png)
+
+1. Once logged in, the "home" screen shows you various tiles which represent F5 Distributed Cloud console features. In this lab, we'll focus on the `NGINX One` console tile as highlighted in the below screenshot.
+
+    ![XC HomeScreen](media/lab1_none-tile.png)
+
+1. Click on the `NGINX One` tile from the home screen. The NGINX One "welcome" screen will appear. Make sure the NGINX One Console status shows `green - Enabled` as highlighted in below screenshot.  Click on `Visit Service`.  If it is not enabled, you must request access from your F5 Distributed Cloud admin.
+
+    ![N One Visit Service](media/lab1_none-service.png)
+
+1. By default, this will bring you to the NGINX One Console `Overview Dashboard` page. As no NGINX Instances are being managed by NGINX One you are seeing the blank dashboard as shown in below screenshot.
+
+    ![Empty Dashboard](media/lab1_none-empty-overview-dashboard.png)
+
+    Once you add different NGINX Instance in the next section, this Dashboard would get populated by useful insights as depicted in below sample dashboard screenshot.
+
+    ![Sample Overview Dashboard](media/lab1_none-overview-dashboard.png)
+
+<br/>
+
+### Create and manage data plane keys that would be used to manage NGINX instances
+
+1. Within the NGINX One Console, click on `Manage > Data Plane Keys`. This would show all the Data Plane keys that you currently have.
+
+    ![Dataplane key](media/lab1_none-dataplane-key-overview.png)
+
+1. Click on `Add Data Plane Key` to create a new Dataplane key. This should open an `Add Data Plane Key` window. Provide a name of your choice for the new key. By default, the expiration date is set for a year. You can modify the expiration data as per your preference or keep the defaults for this workshop. Click on `Generate` to create your new key.
+
+    ![New Dataplane key](media/lab1_none-dataplane-key-new.png)
+
+    Once the key is generated, copy the value of this key to the clipboard using the `Copy` icon on the right side.  **NOTE:**  This Dataplane Key is only shown here and NGINX One doesn't save this value. Save this value locally as you would be using it to register new NGINX Instances.  You can Register as many NGINX Instances as you like with the same Dataplane Key.  If you lose the value of the key then you need to generate a new one again.
+
+    ![New Dataplane key save](media/lab1_none-dataplane-key-save.png)
+
+1. Once you have saved the key locally for future use, click the `Close` button to finish the Data plane key creation process.
+
+<br/>
+
+### (Optional Exercise): Revoke a data plane key
+
+1. To revoke the data plane key, search the key that you would like to revoke within the Data Plane Keys Page and then click on the key. This should open a new overlay window on the right side as shown in below screenshot. Click on `Revoke` button. In the next confirmation window, again click on `Revoke` button to disable the data plane key.
+
+    ![Revoke Dataplane Key](media/lab1_none-dataplane-key-revoke1.png)
+    ![Confirm Revoke](media/lab1_none-dataplane-key-revoke2.png)
+
+### (Optional Exercise): Delete a data plane key
+
+1. Active keys cannot be directly deleted. The key must first be revoked and then can be deleted.
+
+1. You can delete a revoked data plane key by opening the Data Plane Keys Page and then navigating to the `Revoked Keys` tab. This view should list all the revoked keys.
+
+    ![Revoke key list](media/lab1_none-dataplane-key-revoke-list.png)
+
+    To delete a particular revoked key, select the key and then click on `Delete Selected` button. In the next confirmation window, again click on `Delete` button to delete the data plane key.
+
+    ![Delete key](media/lab1_none-dataplane-key-delete1.png)
+    ![Delete key confirmation](media/lab1_none-dataplane-key-delete2.png)
+
+<br/>
+
+This ends lab1.
+
+<br/>
+
+## References:
+
+- [NGINX One Console](https://docs.nginx.com/nginx-one/)
+- [NGINX Agent](https://docs.nginx.com/nginx-agent/overview/)
+
+<br/>
+
+### Authors
+
+- Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc.
+- Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc.
+- Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc.
+
+-------------
+
+Navigate to ([Lab2](../lab2/readme.md) | [LabGuide](../readme.md))

labs/lab1/media/lab1_none-dataplane-key-delete2.png

@@ -0,0 +1,164 @@
+# NGINX Plus / OSS with NGINX Agent
+# NGINX webservers with ingress-demo pages
+# NGINX One Console Instance Registration
+# NGINX Basics, Dec 2024
+# Chris Akker, Shouvik Dutta, Adam Currier
+#
+services:
+  basics-plus1:                  # Alpine NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron basics- One Console
+#      NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
+    hostname: basics-plus1
+    container_name: basics-plus1
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613  # CVE - From Nginx Private Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - 80:80       # Open for HTTP
+        - 443:443     # Open for HTTPS
+        - 9000:9000   # Open for stub status page
+        - 9113:9113   # Open for Prometheus Scraper page
+    restart: always
+  #
+  basics-plus2:                  # Alpine NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron Nginx One Console
+#      NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
+    hostname: basics-plus2
+    container_name: basics-plus2
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 # CVE - From Nginx Private Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - "80"      # Open for HTTP
+        - "443"     # Open for HTTPS
+        - "9000"    # Open for API / Dashboard page
+        - "9113"    # Open for Prometheus Scraper page
+    restart: always
+  #
+  basics-plus3:                  # RHEL UBI NGINX Plus Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron Nginx One Console
+#      NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
+    hostname: basics-plus3
+    container_name: basics-plus3
+    image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522    # From Nginx Private Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - "80"      # Open for HTTP
+        - "443"     # Open for HTTPS
+        - "9000"    # Open for API / Dashboard page
+        - "9113"    # Open for Prometheus Scraper page
+    restart: always
+  #
+  basics-oss1:                  # Debian NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron Nginx One Console
+    hostname: basics-oss1
+    container_name: basics-oss1
+    image: docker-registry.nginx.com/nginx/agent:mainline  # From Docker Public Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+        - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - "80"      # Open for HTTP
+        - "443"     # Open for HTTPS
+        - "9000"    # Open for stub status page
+        - "9113"    # Open for Prometheus Scraper page
+    restart: always
+  #
+  basics-oss2:                  # Alpine NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron Nginx One Console
+    hostname: basics-oss2
+    container_name: basics-oss2
+    image: docker-registry.nginx.com/nginx/agent:alpine  # From Docker Public Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+        - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - "80"      # Open for HTTP
+        - "443"     # Open for HTTPS
+        - "9000"    # Open for stub status page
+        - "9113"    # Open for Prometheus Scraper page
+    restart: always
+    #
+  basics-oss3:                  # Older Alpine NGINX OSS Web / Load Balancer
+    environment:
+      NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
+      NGINX_AGENT_SERVER_GRPCPORT: "443"
+      NGINX_AGENT_TLS_ENABLE: "true"
+      NGINX_AGENT_SERVER_TOKEN: $TOKEN  # Datakey Fron Nginx One Console
+    hostname: basics-oss3
+    container_name: basics-oss3
+    image: docker-registry.nginx.com/nginx/agent:1.26-alpine  # From Docker Public Registry
+    volumes:                    # Sync these folders to container
+        - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+        - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+        - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+        - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+        - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+    ports:
+        - "80"      # Open for HTTP
+        - "443"     # Open for HTTPS
+        - "9000"    # Open for stub status page
+        - "9113"    # Open for Prometheus Scraper page
+    restart: always
+  #
+  web1:
+      hostname: web1
+      container_name: web1
+      platform: linux/amd64
+      image: nginxinc/ingress-demo            # Image from Docker Hub
+      ports:
+        - "80"                                # Open for HTTP
+        - "443"                               # Open for HTTPS
+  web2:
+      hostname: web2
+      container_name: web2
+      platform: linux/amd64
+      image: nginxinc/ingress-demo
+      ports:
+        - "80"
+        - "433"
+  web3:
+      hostname: web3
+      container_name: web3
+      platform: linux/amd64
+      image: nginxinc/ingress-demo
+      ports:
+        - "80"
+        - "443"
+

labs/lab1/media/lab1_none-dataplane-key-new.png

@@ -0,0 +1,4 @@
+echo "Generate 1-day cert."
+openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout nginx-oss/etc/ssl/nginx/1-day.key -out nginx-oss/etc/ssl/nginx/1-day.crt -subj "/CN=NginxPlusBasics"
+echo "Generate 30-day cert."
+openssl req -x509 -nodes -days 30 -newkey rsa:2048 -keyout nginx-oss/etc/ssl/nginx/30-day.key -out nginx-oss/etc/ssl/nginx/30-day.crt -subj "/CN=NginxPlusBasics"

labs/lab1/media/lab1_none-dataplane-key-overview.png

@@ -0,0 +1,27 @@
+# cafe.example.com HTTP
+server {
+    # Listening on port 80 on all IP addresses on this machine
+    listen 80;
+
+    server_name cafe.example.com;
+
+    # status_zone cafe-VirtualServer;
+
+    # Server specific logging
+    access_log  /var/log/nginx/cafe.example.com.log main_ext; 
+    error_log   /var/log/nginx/cafe.example.com_error.log info; 
+
+    location / {
+
+        proxy_buffering off;
+        
+        # Including best-practice headers are bonus points
+        include includes/proxy_headers.conf;
+        include includes/keepalive.conf;
+        
+        # status_zone /;
+
+        proxy_pass http://nginx_cafe;
+    }
+
+}

labs/lab1/media/lab1_none-dataplane-key-revoke-list.png

@@ -0,0 +1,19 @@
+# ngx_http_stub_status_module (Available in NGINX OSS)
+# provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html
+
+server {
+	listen 9000 ssl;              # Listener for Stub Status
+
+	ssl_certificate /etc/ssl/nginx/30-day.crt;
+    ssl_certificate_key /etc/ssl/nginx/30-day.key;
+	
+	location /basic_status {
+		stub_status;
+	}
+
+	   # Redirect requests for "/" to "/basic_status"
+   location / {
+       return 301 /basic_status;
+   }
+
+}