diff --git a/labs/lab0/media/2factorAuthentication.png b/labs/lab0/media/2factorAuthentication.png
new file mode 100644
index 0000000..d5523d7
Binary files /dev/null and b/labs/lab0/media/2factorAuthentication.png differ
diff --git a/labs/lab0/media/2factorConfirmation.png b/labs/lab0/media/2factorConfirmation.png
new file mode 100644
index 0000000..74e679b
Binary files /dev/null and b/labs/lab0/media/2factorConfirmation.png differ
diff --git a/labs/lab0/media/F5accountactivationemail.png b/labs/lab0/media/F5accountactivationemail.png
new file mode 100644
index 0000000..4879916
Binary files /dev/null and b/labs/lab0/media/F5accountactivationemail.png differ
diff --git a/labs/lab0/media/F5signup.png b/labs/lab0/media/F5signup.png
new file mode 100644
index 0000000..25d7130
Binary files /dev/null and b/labs/lab0/media/F5signup.png differ
diff --git a/labs/lab0/media/almostthere.png b/labs/lab0/media/almostthere.png
new file mode 100644
index 0000000..094a92d
Binary files /dev/null and b/labs/lab0/media/almostthere.png differ
diff --git a/labs/lab0/media/courselist.png b/labs/lab0/media/courselist.png
new file mode 100644
index 0000000..cb630ef
Binary files /dev/null and b/labs/lab0/media/courselist.png differ
diff --git a/labs/lab0/media/domaincreds.png b/labs/lab0/media/domaincreds.png
new file mode 100644
index 0000000..99591ca
Binary files /dev/null and b/labs/lab0/media/domaincreds.png differ
diff --git a/labs/lab0/media/domaincredsannotated.png b/labs/lab0/media/domaincredsannotated.png
new file mode 100644
index 0000000..73bcb38
Binary files /dev/null and b/labs/lab0/media/domaincredsannotated.png differ
diff --git a/labs/lab0/media/joinbutton.png b/labs/lab0/media/joinbutton.png
new file mode 100644
index 0000000..c13862b
Binary files /dev/null and b/labs/lab0/media/joinbutton.png differ
diff --git a/labs/lab0/media/launchrdp.png b/labs/lab0/media/launchrdp.png
new file mode 100644
index 0000000..2bc23b2
Binary files /dev/null and b/labs/lab0/media/launchrdp.png differ
diff --git a/labs/lab0/media/megasuperimportantemail.png b/labs/lab0/media/megasuperimportantemail.png
new file mode 100644
index 0000000..efd30a0
Binary files /dev/null and b/labs/lab0/media/megasuperimportantemail.png differ
diff --git a/labs/lab0/media/udfloginnonf5.png b/labs/lab0/media/udfloginnonf5.png
new file mode 100644
index 0000000..a19cbcb
Binary files /dev/null and b/labs/lab0/media/udfloginnonf5.png differ
diff --git a/labs/lab0/media/udfloginreset.png b/labs/lab0/media/udfloginreset.png
new file mode 100644
index 0000000..edb7a41
Binary files /dev/null and b/labs/lab0/media/udfloginreset.png differ
diff --git a/labs/lab0/media/useruser.png b/labs/lab0/media/useruser.png
new file mode 100644
index 0000000..20f89b2
Binary files /dev/null and b/labs/lab0/media/useruser.png differ
diff --git a/labs/lab0/media/waitforboot.png b/labs/lab0/media/waitforboot.png
new file mode 100644
index 0000000..27da273
Binary files /dev/null and b/labs/lab0/media/waitforboot.png differ
diff --git a/labs/lab0/prerequisites.md b/labs/lab0/prerequisites.md
new file mode 100644
index 0000000..6673c52
--- /dev/null
+++ b/labs/lab0/prerequisites.md
@@ -0,0 +1,87 @@
+# Preparing your Computer for the NGINX One Console Workshop
+
+## Introduction
+
+In order to complete the Lab exercises in this Workshop on your own computer and not use the F5 provided workshop environment, your computer should meet with the following license, hardware, software, and access requirements. If you are unable to meet these basic requirements, you will likely not be able to complete the Labs as written. It is highly recommended that you have the minimum requirements.
+
+## Learning Objectives
+
+By the end of this Prerequisite instructions, you will be ready to do the Workshop lab exercises in your own system.
+
+## NGINX Plus License Requirements
+
+1. You must have an NGINX Plus Commercial license/subscription for this Workshop.
+2. You must download the `nginx-repo.crt` and `nginx-repo.key` and `nginx-repo.jwt` files from your MyF5 account.
+3. If you do not have a current license, you can request a 30-Day Trial License for free, here: https://www.f5.com/trials/nginx-one . It takes several minutes for the F5 Licensing system to send you an email, with a `one-time download link` to the License files. `Save the nginx-repo.* files to your local storage`, you will need them before you start the Workshop.
+
+## F5 Distributed Cloud Account
+
+You will need an F5 Distributed Cloud account to complete the Nginx One Console lab exercises. If you do not have an Account, please contact your F5 Sales Representative for more information. Know more about F5 Distributed Cloud by navigating to the following link: https://www.f5.com/products/distributed-cloud-services/distributed-cloud-console.
+
+You must also have enabled NGINX One service within F5 Distributed Cloud(XC) for this workshop.
+
+## Hardware Requirments
+
+1. 8GB available RAM
+2. 50GB available disk space
+3. Recommended - second monitor
+
+## Software Requirements
+
+1. Git
+1. Docker Engine
+1. Docker Compose
+1. Chrome or other modern browser
+1. Visual Studio Code, or other test/code editor
+1. Thunder Client VSCode extension or any other API platform that helps running API requests.
+
+## Administrative Requirements
+
+1. Network connection to the Internet
+1. Admin access to install software, Copy and Edit local files
+1. Admin access to control Network Firewalls and VPN settings
+1. Admin access to configure local DNS hosts file
+
+## Install Docker Engine
+
+- [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
+
+## Install Docker Compose
+
+- [https://docs.docker.com/compose/install/](https://docs.docker.com/compose/install/)
+
+## Optional - Install Visual Studio Code
+
+- [https://code.visualstudio.com/download](https://code.visualstudio.com/download)
+
+## Cloning the Workshop Repository locally
+
+Once you have setup your system make sure to clone this repository locally in your system.
+
+```bash
+git clone https://github.com/nginxinc/nginx-one-workshops.git
+
+```
+
+
+You are now prepared to start with the workshop labs.
+
+
+## References:
+
+- [NGINX Plus](https://docs.nginx.com/nginx/)
+- [NGINX Free 30-Day Trial](https://www.f5.com/trials/nginx-one)
+- [NGINX Admin Guide](https://docs.nginx.com/nginx/admin-guide/)
+- [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/)
+
+
+
+### Authors
+
+- Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc.
+- Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc.
+- Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc.
+
+-------------
+
+Navigate to ([Lab1](../lab1/readme.md) | [Main Menu](../readme.md))
\ No newline at end of file
diff --git a/labs/lab0/readme.md b/labs/lab0/readme.md
index 8a78ecc..d99c5d6 100644
--- a/labs/lab0/readme.md
+++ b/labs/lab0/readme.md
@@ -1,91 +1,94 @@
-# Setup your Computer for NGINX Workshops
+# Workshop pre-work
-## `under construction`
+## Prep for your upcoming F5/NGINX Workshop
-## Introduction
+If you're here that probably means you are currently in, or registered for, an upcoming NGINXperts Workshop. By taking the time to run through this exercise you are helping us save time during the workshop and ensure that you meet the prerequisites to access the workshop. We appreciate you taking time to check your system and your access.
-In this Workshop, you will build a working Lab environment in Azure, and use Nginx for Azure to control traffic to these Azure Resources. The architecture you will build will look like this diagram:
+
-
-
-In order to build this environment, your computer hardware, software, and applications must be properly installed and functional. This is the list of Prerequisite needed to successfully complete this Workshop as a Student.
+## Step 0: If this is your first time in an F5 Hosted Workshop
->It is `highly recommended` for Students attending this Workshop to be proficient with NGINX and Azure and have some experience with Kubernetes and Docker administration, networking tools, and Load Balancing concepts. An `Azure Subscription` and Admin level access to Azure Portal is required. Previous experience with Visual Studio Code and Redis Tools is also recommended.
+Look for an email from **`courses@notify.udf.f5.com`**. This will have instructions on how you can login into UDF (F5 workshop environment).
-
+
-## Prerequisites
+### If you cannot find your invite email ("UDF Course Registration:NGINXperts Lab ...") STOP
-In this Lab0, the requirements for both the Student and the Azure environment will be described.
+- These commonly get caught by spam/junk filters. *Make sure to check your spam folder **and** your system's email Quarantine.*
-> **IMPORTANT!** It is imperative that you have the appropriate computer, tools, and Azure Subscription privileges to successfully complete the Workshop.
+- If you still cannot find your invite email, you either have not been invited to a workshop or we have an incorrect email. Please get help from whoever sent you to this page.
-
+## Step 1: Get yourself to UDF
-NGINXaaS for Azure | NGINX Plus | Kubernetes | Docker | Redis
-:-------------------------:|:-------------------------:|:-------------------------:|:-------------------------:|:-------------------------:
- |  |  |  | 
+- Navigate to [https://udf.f5.com/](https://udf.f5.com/) and select `Invited Users`
+ 
-
+- If this is your first time using UDF, use the `Sign Up` link which would take your to F5 registration page.
+
+ **NOTE:** this will *not be the password to the Ubuntu Desktop or other VMs in the class!*
+ 
-## Student Azure Subscription Requirements
+- Once you have filled in your registration details, you should be receiving an `Account Activation` email as shown below
+ 
-**IMPORTANT:** Students taking this Workshop will require `Owner` level privileges to complete the Lab Exercises. In addition, Students will also require the following Subscription privileges. Consult with your IT Cloud Team to ensure you have the necessary privileges for the following items, *prior* to attempting the Workshop Exercises:
+- When you click on the `Activate Account` button within the activation email, you would be redirected to setup 2 factor authentication as shown below. Select your preferred authentication method.
+ 
-1. Multiple `Public Ip Addresses` used in this lab.
+- Once you have set up 2 factor authentication successfully, you will see a `green` checkmark on your preferred method. Click on `Finish`.
+ 
- - Public IP Address for the Nginx for Azure instance
- - Public IP Address for the UbuntuVM
- - Public IP Address for the Kubernetes Cluster API Server for the AKS instance(s)
+- If you already have an account but you can't remember your password, simply reset your password by clicking on `Forgot Password?` link.
+
-2. `Azure Key Vault` used in this lab, to create TLS certificates and keys.
+## Step 2: Start the course
-3. `Entra ID` used in this lab, to create Applications and Settings for the OIDC/JWT integration with Nginx.
+- Once logged into UDF, click `Launch` (This will open a new tab.)
+ 
-
+- And then click on `Join`
+ 
-### Student Hardware/Software/Azure Requirements
+- Click the `DEPLOYMENT` tab at the top
+
-Verify you have the proper computer requirements - hardware and software.
-- Hardware: Laptop, Admin rights, Internet connection
-- Software: Visual Studio, Terminal, Chrome, Docker, AKS and Azure CLI.
- - You will need the Azure Command Line Interface tool (version 2.61.0 or higher) installed on your client machine to manage your Azure services. See [Azure CLI Installation](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) for instructions.
- - You will also need the Azure CLI `NGINX` extension added. See [Azure CLI Extensions](https://learn.microsoft.com/en-us/cli/azure/azure-cli-extensions-overview) for instructions.
-- Verify you have proper computer skills: Linux CLI, files, SSH/Terminal, Docker/Compose, Azure Portal, Load Balancing concepts, Linux tools, Azure CLI
-- Verify you have the proper access to Azure resources: Azure Subscription with Admin/Owner level access
+## Step 3: RDP to the Ubuntu Jumpbox
-
+- username: `ubuntu`
+- password: `Nginx123`
-### Required Skills
+THIS REQUIRES AN RDP CLIENT! If you have a Mac *and* haven't downloaded an RDP client before, here is the first-party version:
-- Nginx for Azure NGINXperts Workshop has minimum REQUIRED Nginx Skills: Students must be familiar with Nginx operation, configurations, and concepts for HTTP traffic.
-- The NGINXperts Basics Workshop is HIGHLY recommended, students should have taken this workshop prior.
-- The NGINXperts Plus Ingress Controller workshop is also HIGHLY recommended, students should have taken this workshop prior.
-- Azure admin skills, previous training from Microsoft Learn is HIGHLY recommended.
-- Recommended: TLS, DNS, HTTP caching, Grafana, Redis
+[Microsoft's RDP client on the Apple Apps Store](https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12)
-
+- Now you just have to wait for the Ubuntu Desktop to finish booting. . .
-[NGINXperts Basics Workshop](https://github.com/nginxinc/nginx-basics-workshops)
+
-
+- Make sure to select a small enough resolution to see the whole screen.
-**This completes Lab0.**
+
-
+- Once you select the resolution, your browser will download an rdp file. Open this file to connect to Ubuntu Desktop.
-## References:
+- Accept the self-signed cert, the Ubuntu Desktop username and password will be `ubuntu` and `Nginx123`.
+
+ (**NOTE:** This is *not* your UDF login username & password.)
-- [NGINX As A Service for Azure](https://docs.nginx.com/nginxaas/azure/)
-- [NGINX Plus Product Page](https://docs.nginx.com/nginx/)
-- [NGINX Ingress Controller](https://docs.nginx.com//nginx-ingress-controller/)
-- [NGINX on Docker](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/)
-- [NGINX Directives Index](https://nginx.org/en/docs/dirindex.html)
-- [NGINX Variables Index](https://nginx.org/en/docs/varindex.html)
-- [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/)
-- [NGINX - Join Community Slack](https://community.nginx.org/joinslack)
+ 
-
+-------------
+> **If you can't connect to the Ubuntu Desktop, *remember to shut off your VPN*, or join a non-proxied network (sometimes a guest network in the office will work)**
+-------------
+
+**For machines running Windows and attached to a domain, Windows will helpfully attempt to use your domain creds to log in, and you'll see:**
+
+
+
+### Click "More choices" to enter both a username and a password
+
+
+
+That wraps the pre-requisites.
### Authors
@@ -95,4 +98,4 @@ Verify you have the proper computer requirements - hardware and software.
-------------
-Navigate to ([Lab1](../lab1/readme.md) | [LabGuide](../readme.md))
+Navigate to ([Lab1](../lab1/readme.md) | [Main Menu](../readme.md))
diff --git a/labs/lab2/docker-compose.yml b/labs/lab2/docker-compose.yml
index bbe3679..90e3fcd 100644
--- a/labs/lab2/docker-compose.yml
+++ b/labs/lab2/docker-compose.yml
@@ -5,160 +5,160 @@
# Chris Akker, Shouvik Dutta, Adam Currier
#
services:
- basics-plus1: # Alpine NGINX Plus Web / Load Balancer
+ basics-plus1: # Alpine NGINX Plus Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron basics- One Console
-# NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
- hostname: basics-plus1
- container_name: basics-plus1
- image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613 # CVE - From Nginx Private Registry
- volumes: # Sync these folders to container
- - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey From One Console
+ # NGINX_AGENT_INSTANCE_GROUP: one-workshop-plus
+ hostname: one-workshop-plus1
+ container_name: one-workshop-plus1
+ image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613 # CVE - From Nginx Private Registry
+ volumes: # Sync these folders to container
+ - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - 80:80 # Open for HTTP
- - 443:443 # Open for HTTPS
- - 9000:9000 # Open for stub status page
- - 9113:9113 # Open for Prometheus Scraper page
+ - 80:80 # Open for HTTP
+ - 443:443 # Open for HTTPS
+ - 9000:9000 # Open for stub status page
+ - 9113:9113 # Open for Prometheus Scraper page
restart: always
#
- basics-plus2: # Alpine NGINX Plus Web / Load Balancer
+ basics-plus2: # Alpine NGINX Plus Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
-# NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
- hostname: basics-plus2
- container_name: basics-plus2
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
+ # NGINX_AGENT_INSTANCE_GROUP: one-workshop-plus
+ hostname: one-workshop-plus2
+ container_name: one-workshop-plus2
image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 # CVE - From Nginx Private Registry
- volumes: # Sync these folders to container
- - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+ volumes: # Sync these folders to container
+ - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
- - "9000" # Open for API / Dashboard page
- - "9113" # Open for Prometheus Scraper page
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
+ - '9000' # Open for API / Dashboard page
+ - '9113' # Open for Prometheus Scraper page
restart: always
#
- basics-plus3: # RHEL UBI NGINX Plus Web / Load Balancer
+ basics-plus3: # RHEL UBI NGINX Plus Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
-# NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
- hostname: basics-plus3
- container_name: basics-plus3
- image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522 # From Nginx Private Registry
- volumes: # Sync these folders to container
- - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
+ # NGINX_AGENT_INSTANCE_GROUP: one-workshop-plus
+ hostname: one-workshop-plus3
+ container_name: one-workshop-plus3
+ image: private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522 # From Nginx Private Registry
+ volumes: # Sync these folders to container
+ - ./nginx-plus/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-plus/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-plus/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-plus/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
- - "9000" # Open for API / Dashboard page
- - "9113" # Open for Prometheus Scraper page
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
+ - '9000' # Open for API / Dashboard page
+ - '9113' # Open for Prometheus Scraper page
restart: always
#
- basics-oss1: # Debian NGINX OSS Web / Load Balancer
+ basics-oss1: # Debian NGINX OSS Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
- hostname: basics-oss1
- container_name: basics-oss1
- image: docker-registry.nginx.com/nginx/agent:mainline # From Docker Public Registry
- volumes: # Sync these folders to container
- - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
- - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
+ hostname: one-workshop-oss1
+ container_name: one-workshop-oss1
+ image: docker-registry.nginx.com/nginx/agent:mainline # From Docker Public Registry
+ volumes: # Sync these folders to container
+ - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+ - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
- - "9000" # Open for stub status page
- - "9113" # Open for Prometheus Scraper page
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
+ - '9000' # Open for stub status page
+ - '9113' # Open for Prometheus Scraper page
restart: always
#
- basics-oss2: # Alpine NGINX OSS Web / Load Balancer
+ basics-oss2: # Alpine NGINX OSS Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
- hostname: basics-oss2
- container_name: basics-oss2
- image: docker-registry.nginx.com/nginx/agent:alpine # From Docker Public Registry
- volumes: # Sync these folders to container
- - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
- - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
+ hostname: one-workshop-oss2
+ container_name: one-workshop-oss2
+ image: docker-registry.nginx.com/nginx/agent:alpine # From Docker Public Registry
+ volumes: # Sync these folders to container
+ - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+ - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
- - "9000" # Open for stub status page
- - "9113" # Open for Prometheus Scraper page
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
+ - '9000' # Open for stub status page
+ - '9113' # Open for Prometheus Scraper page
restart: always
#
- basics-oss3: # Older Alpine NGINX OSS Web / Load Balancer
+ basics-oss3: # Older Alpine NGINX OSS Web / Load Balancer
environment:
- NGINX_AGENT_SERVER_HOST: "agent.connect.nginx.com"
- NGINX_AGENT_SERVER_GRPCPORT: "443"
- NGINX_AGENT_TLS_ENABLE: "true"
- NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
- hostname: basics-oss3
- container_name: basics-oss3
- image: docker-registry.nginx.com/nginx/agent:1.26-alpine # From Docker Public Registry
- volumes: # Sync these folders to container
- - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
- - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
- - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
- - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
- - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
+ NGINX_AGENT_SERVER_HOST: 'agent.connect.nginx.com'
+ NGINX_AGENT_SERVER_GRPCPORT: '443'
+ NGINX_AGENT_TLS_ENABLE: 'true'
+ NGINX_AGENT_SERVER_TOKEN: $TOKEN # Datakey Fron Nginx One Console
+ hostname: one-workshop-oss3
+ container_name: one-workshop-oss3
+ image: docker-registry.nginx.com/nginx/agent:1.26-alpine # From Docker Public Registry
+ volumes: # Sync these folders to container
+ - ./nginx-oss/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx-oss/etc/nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx-oss/etc/nginx/includes:/etc/nginx/includes
+ - ./nginx-oss/etc/ssl/nginx:/etc/ssl/nginx
+ - ./nginx-oss/usr/share/nginx/html:/usr/share/nginx/html
ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
- - "9000" # Open for stub status page
- - "9113" # Open for Prometheus Scraper page
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
+ - '9000' # Open for stub status page
+ - '9113' # Open for Prometheus Scraper page
restart: always
#
web1:
- hostname: web1
- container_name: web1
- platform: linux/amd64
- image: nginxinc/ingress-demo # Image from Docker Hub
- ports:
- - "80" # Open for HTTP
- - "443" # Open for HTTPS
+ hostname: web1
+ container_name: web1
+ platform: linux/amd64
+ image: nginxinc/ingress-demo # Image from Docker Hub
+ ports:
+ - '80' # Open for HTTP
+ - '443' # Open for HTTPS
web2:
- hostname: web2
- container_name: web2
- platform: linux/amd64
- image: nginxinc/ingress-demo
- ports:
- - "80"
- - "433"
+ hostname: web2
+ container_name: web2
+ platform: linux/amd64
+ image: nginxinc/ingress-demo
+ ports:
+ - '80'
+ - '433'
web3:
- hostname: web3
- container_name: web3
- platform: linux/amd64
- image: nginxinc/ingress-demo
- ports:
- - "80"
- - "443"
+ hostname: web3
+ container_name: web3
+ platform: linux/amd64
+ image: nginxinc/ingress-demo
+ ports:
+ - '80'
+ - '443'
diff --git a/labs/lab2/nginx-plus/etc/nginx/conf.d/default.conf b/labs/lab2/nginx-plus/etc/nginx/conf.d/default.conf
new file mode 100644
index 0000000..5a96b73
--- /dev/null
+++ b/labs/lab2/nginx-plus/etc/nginx/conf.d/default.conf
@@ -0,0 +1,64 @@
+server {
+ listen 80 default_server;
+ server_name localhost;
+
+ #access_log /var/log/nginx/host.access.log main;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ location /test_header {
+ add_header X-Test-App true;
+ return 200 'HTTP/1.1 200 OK\nContent-Type: text/html\n\nWelcome to Lab 4 of the NGINX One Workshop!';
+ }
+
+ # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+ #
+ #location ~ \.php$ {
+ # proxy_pass http://127.0.0.1;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # root html;
+ # fastcgi_pass 127.0.0.1:9000;
+ # fastcgi_index index.php;
+ # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+
+ # enable /api/ location with appropriate access control in order
+ # to make use of NGINX Plus API
+ #
+ #location /api/ {
+ # api write=on;
+ # allow 127.0.0.1;
+ # deny all;
+ #}
+
+ # enable NGINX Plus Dashboard; requires /api/ location to be
+ # enabled and appropriate access control for remote access
+ #
+ #location = /dashboard.html {
+ # root /usr/share/nginx/html;
+ #}
+}
diff --git a/labs/lab2/nginx-plus/etc/nginx/nginx.conf b/labs/lab2/nginx-plus/etc/nginx/nginx.conf
index be988da..a9cc6b0 100644
--- a/labs/lab2/nginx-plus/etc/nginx/nginx.conf
+++ b/labs/lab2/nginx-plus/etc/nginx/nginx.conf
@@ -1,9 +1,11 @@
+
user nginx;
-worker_processes 1;
+worker_processes 1;
-error_log /var/log/nginx/error.log info;
+error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
+
events {
worker_connections 1024;
}
@@ -17,8 +19,6 @@ http {
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
- include /etc/nginx/includes/log_formats/*.conf; # Custom Access logs formats found here
-
access_log /var/log/nginx/access.log main;
sendfile on;
@@ -29,5 +29,47 @@ http {
#gzip on;
include /etc/nginx/conf.d/*.conf;
-
}
+
+
+# TCP/UDP proxy and load balancing block
+#
+#stream {
+ # Example configuration for TCP load balancing
+
+ #upstream stream_backend {
+ # zone tcp_servers 64k;
+ # server backend1.example.com:12345;
+ # server backend2.example.com:12345;
+ #}
+
+ #server {
+ # listen 12345;
+ # status_zone tcp_server;
+ # proxy_pass stream_backend;
+ #}
+#}
+
+# NGINX Plus Usage Reporting
+#
+# By default, every 30 minutes, NGINX Plus will send usage information
+# to NGINX Instance Manager, resolved by a "nginx-mgmt.local" DNS entry.
+# Alternate settings can be configured by uncommenting the "mgmt" block
+# and optional directives.
+#
+#mgmt {
+ #usage_report endpoint=nginx-mgmt.local interval=30m;
+ #resolver DNS_IP;
+
+ #uuid_file /var/lib/nginx/nginx.id;
+
+ #ssl_protocols TLSv1.2 TLSv1.3;
+ #ssl_ciphers DEFAULT;
+
+ #ssl_certificate client.pem;
+ #ssl_certificate_key client.key;
+
+ #ssl_trusted_certificate trusted_ca_cert.crt;
+ #ssl_verify on;
+ #ssl_verify_depth 2;
+#}
diff --git a/labs/lab2/readme.md b/labs/lab2/readme.md
index 1f0f843..e47d11d 100644
--- a/labs/lab2/readme.md
+++ b/labs/lab2/readme.md
@@ -20,129 +20,129 @@ In this lab, you will be running the backend application and several NGINX OSS a
### Run NGINX Containers with Docker
-NGINX Plus | Docker| NGINX OSS
-:-------------------------:|:-------------------------:|:---------------:
- | |
+| NGINX Plus | Docker | NGINX OSS |
+| :--------------------------------------: | :------------------------------: | :--------------------------------: |
+|  |  |  |
-You will run some Docker containers to build out various workshop components, using the provided `docker-compose.yml` file. This Docker Compose will pull and run 9 different Docker Containers, as follows:
+You will run some Docker containers to build out various workshop components, using the provided `docker-compose.yml` file. This Docker Compose will pull and run 9 different Docker Containers, as follows:
- 3 NGINX OSS Containers, with different OS and NGINX versions, connecting to the NGINX One Console
- 3 NGINX Plus Containers, with different OS and NGINX versions, connecting to the NGINX One Console
- 3 nginxinc/ingress-demo Containers, used for the backend web servers, but NOT connected to the NGINX One Console
-1. Inspect the `lab2/docker-compose.yml` file. You will see the details of each container being pulled and run.
+1. Inspect the `lab2/docker-compose.yml` file. You will see the details of each container being pulled and run.
- >Before you can pull and run these containers, you must set several Environment variables correctly, *before running docker compose*.
+ > Before you can pull and run these containers, you must set several Environment variables correctly, _before running docker compose_.
1. Using the Visual Studio Terminal, set the `TOKEN` environment variable with the Dataplane Key from the One Console, as follows:
- ```bash
- export TOKEN=paste-your-dataplane-key-from-clipboard-here
- ```
+ ```bash
+ export TOKEN=paste-your-dataplane-key-from-clipboard-here
+ ```
- And verify it was set:
+ And verify it was set:
- ```bash
- #check it
- echo $TOKEN
- ```
+ ```bash
+ #check it
+ echo $TOKEN
+ ```
- ```bash
- ## Sample output ##
- vJ+ADwlFXKf58bX0Qk/...6N38Al4fdxXDefT6J2iiM=
- ```
+ ```bash
+ ## Sample output ##
+ vJ+ADwlFXKf58bX0Qk/...6N38Al4fdxXDefT6J2iiM=
+ ```
-1. Using the same Terminal, set the `JWT` environment variable from your `nginx-repo.jwt` license file. This is required to pull the NGINX Plus container images from the NGINX Private Registry. If you do not have an NGINX Plus license, you can request a free 30-Day Trial license from here: https://www.f5.com/trials/nginx-one
+1. Using the same Terminal, set the `JWT` environment variable from your `nginx-repo.jwt` license file. This is required to pull the NGINX Plus container images from the NGINX Private Registry. If you do not have an NGINX Plus license, you can request a free 30-Day Trial license from here:
- ```bash
- export JWT=$(cat nginx-repo.jwt)
- ```
+ ```bash
+ export JWT=$(cat nginx-repo.jwt)
+ ```
- And verify it was set:
+ And verify it was set:
- ```bash
- #check it
- echo $JWT
- ```
+ ```bash
+ #check it
+ echo $JWT
+ ```
-1. Using Docker, Login to to the NGINX Private Registry, using the $JWT ENV variable for the username, as follows. (Your system may require sudo):
+1. Using Docker, Login to to the NGINX Private Registry, using the $JWT ENV variable for the username, as follows. (Your system may require sudo):
- ```bash
- docker login private-registry.nginx.com --username=$JWT --password=none
- ```
+ ```bash
+ docker login private-registry.nginx.com --username=$JWT --password=none
+ ```
- You should see a `Login Suceeded` message, like this:
+ You should see a `Login Suceeded` message, like this:
- ```bash
- ##Sample output##
- WARNING! Using --password via the CLI is insecure. Use --password-stdin.
- WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
- Configure a credential helper to remove this warning. See
- https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+ ```bash
+ ##Sample output##
+ WARNING! Using --password via the CLI is insecure. Use --password-stdin.
+ WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
+ Configure a credential helper to remove this warning. See
+ https://docs.docker.com/engine/reference/commandline/login/#credentials-store
- Login Succeeded
- ```
+ Login Succeeded
+ ```
1. Run below script to generate temporary self-signed certificates that would be used by NGINX OSS instances.Ensure you are in the `/lab2` folder:
- ```bash
- bash generate_certs.sh
- ```
+ ```bash
+ bash generate_certs.sh
+ ```
-1. If both ENV variables are set correctly && you are logged into the NGINX Private Registry, you can now run Docker Compose to pull and run the images. Ensure you are in the `/lab2` folder:
+1. If both ENV variables are set correctly && you are logged into the NGINX Private Registry, you can now run Docker Compose to pull and run the images. Ensure you are in the `/lab2` folder:
- ```bash
- docker compose up --force-recreate -d
- ```
+ ```bash
+ docker compose up --force-recreate -d
+ ```
- You will see Docker pulling the images, and then starting the containers.
+ You will see Docker pulling the images, and then starting the containers.
- 
+ 
- ```bash
- ## Sample output ##
- [+] Running 9/10
- ⠙ Network lab7_default Created 2.1s
- ✔ Container basics-plus3 Started 0.9s
- ✔ Container web1 Started 1.4s
- ✔ Container basics-plus1 Started 2.1s
- ✔ Container web2 Started 1.8s
- ✔ Container basics-oss3 Started 2.0s
- ✔ Container basics-oss1 Started 1.9s
- ✔ Container basics-oss2 Started 1.6s
- ✔ Container basics-plus2 Started 1.2s
- ✔ Container web3 Started 1.2s
- ```
+ ```bash
+ ## Sample output ##
+ [+] Running 10/10
+ ✔ Network lab2_default Created 0.0s
+ ✔ Container one-workshop-plus3 Started 0.4s
+ ✔ Container one-workshop-plus1 Started 0.4s
+ ✔ Container web3 Started 0.3s
+ ✔ Container one-workshop-oss1 Started 0.4s
+ ✔ Container web1 Started 0.3s
+ ✔ Container one-workshop-oss2 Started 0.4s
+ ✔ Container one-workshop-oss3 Started 0.4s
+ ✔ Container web2 Started 0.3s
+ ✔ Container one-workshop-plus2 Started 0.4s
+ ```
1. Verify that all 9 containers started:
- ```bash
- docker ps
- ```
+ ```bash
+ docker ps
+ ```
- ```bash
- ##Sample output##
+ ```bash
+ ##Sample output##
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- # NGINX OSS containers
- 00ee8c9e4326 docker-registry.nginx.com/nginx/agent:mainline "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33396->80/tcp, :::33395->80/tcp, 0.0.0.0:33393->443/tcp, :::33392->443/tcp, 0.0.0.0:33388->9000/tcp, :::33387->9000/tcp, 0.0.0.0:33381->9113/tcp, :::33380->9113/tcp basics-oss1
- 34b871d50d1b docker-registry.nginx.com/nginx/agent:alpine "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33391->80/tcp, :::33390->80/tcp, 0.0.0.0:33385->443/tcp, :::33384->443/tcp, 0.0.0.0:33378->9000/tcp, :::33377->9000/tcp, 0.0.0.0:33375->9113/tcp, :::33374->9113/tcp basics-oss2
- 022d79ce886c docker-registry.nginx.com/nginx/agent:1.26-alpine "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33398->80/tcp, :::33397->80/tcp, 0.0.0.0:33395->443/tcp, :::33394->443/tcp, 0.0.0.0:33392->9000/tcp, :::33391->9000/tcp, 0.0.0.0:33386->9113/tcp, :::33385->9113/tcp basics-oss3
+ CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+ # NGINX OSS containers
+ 00ee8c9e4326 docker-registry.nginx.com/nginx/agent:mainline "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33396->80/tcp, :::33395->80/tcp, 0.0.0.0:33393->443/tcp, :::33392->443/tcp, 0.0.0.0:33388->9000/tcp, :::33387->9000/tcp, 0.0.0.0:33381->9113/tcp, :::33380->9113/tcp one-workshop-oss1
+ 34b871d50d1b docker-registry.nginx.com/nginx/agent:alpine "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33391->80/tcp, :::33390->80/tcp, 0.0.0.0:33385->443/tcp, :::33384->443/tcp, 0.0.0.0:33378->9000/tcp, :::33377->9000/tcp, 0.0.0.0:33375->9113/tcp, :::33374->9113/tcp one-workshop-oss2
+ 022d79ce886c docker-registry.nginx.com/nginx/agent:1.26-alpine "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33398->80/tcp, :::33397->80/tcp, 0.0.0.0:33395->443/tcp, :::33394->443/tcp, 0.0.0.0:33392->9000/tcp, :::33391->9000/tcp, 0.0.0.0:33386->9113/tcp, :::33385->9113/tcp one-workshop-oss3
- # NGINX Plus containers
- 9770a4169e19 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33397->80/tcp, :::33396->80/tcp, 0.0.0.0:33394->443/tcp, :::33393->443/tcp, 0.0.0.0:33389->9000/tcp, :::33388->9000/tcp, 0.0.0.0:33383->9113/tcp, :::33382->9113/tcp basics-plus1
- 852667e29280 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33382->80/tcp, :::33381->80/tcp, 0.0.0.0:33377->443/tcp, :::33376->443/tcp, 0.0.0.0:33374->9000/tcp, :::33373->9000/tcp, 0.0.0.0:33372->9113/tcp, :::33371->9113/tcp basics-plus2
- ffa65b04e03b private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33373->80/tcp, :::33372->80/tcp, 0.0.0.0:33371->443/tcp, :::33370->443/tcp, 0.0.0.0:33370->9000/tcp, :::33369->9000/tcp, 0.0.0.0:33369->9113/tcp, :::33368->9113/tcp basics-plus3
+ # NGINX Plus containers
+ 9770a4169e19 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r32-alpine-3.20-20240613 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33397->80/tcp, :::33396->80/tcp, 0.0.0.0:33394->443/tcp, :::33393->443/tcp, 0.0.0.0:33389->9000/tcp, :::33388->9000/tcp, 0.0.0.0:33383->9113/tcp, :::33382->9113/tcp one-workshop-plus1
+ 852667e29280 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33382->80/tcp, :::33381->80/tcp, 0.0.0.0:33377->443/tcp, :::33376->443/tcp, 0.0.0.0:33374->9000/tcp, :::33373->9000/tcp, 0.0.0.0:33372->9113/tcp, :::33371->9113/tcp one-workshop-plus2
+ ffa65b04e03b private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-ubi-9-20240522 "/usr/bin/supervisor…" 44 minutes ago Up 44 minutes 0.0.0.0:33373->80/tcp, :::33372->80/tcp, 0.0.0.0:33371->443/tcp, :::33370->443/tcp, 0.0.0.0:33370->9000/tcp, :::33369->9000/tcp, 0.0.0.0:33369->9113/tcp, :::33368->9113/tcp one-workshop-plus3
- # NGINX Ingress Demo containers (not Registered with One Console)
- 37c2777c8598 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33387->80/tcp, :::33386->80/tcp, 0.0.0.0:33379->443/tcp, :::33378->443/tcp web1
- dba569e76e36 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 443/tcp, 0.0.0.0:33390->80/tcp, :::33389->80/tcp, 0.0.0.0:33384->433/tcp, :::33383->433/tcp web2
- 5cde3c462a27 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33380->80/tcp, :::33379->80/tcp, 0.0.0.0:33376->443/tcp, :::33375->443/tcp web3
- ```
+ # NGINX Ingress Demo containers (not Registered with One Console)
+ 37c2777c8598 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33387->80/tcp, :::33386->80/tcp, 0.0.0.0:33379->443/tcp, :::33378->443/tcp web1
+ dba569e76e36 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 443/tcp, 0.0.0.0:33390->80/tcp, :::33389->80/tcp, 0.0.0.0:33384->433/tcp, :::33383->433/tcp web2
+ 5cde3c462a27 nginxinc/ingress-demo "/docker-entrypoint.…" 44 minutes ago Up 44 minutes 0.0.0.0:33380->80/tcp, :::33379->80/tcp, 0.0.0.0:33376->443/tcp, :::33375->443/tcp web3
+ ```
- Go back to your One Console Instance page, and click `Refresh`. You should see all 6 of your `basics-` instances appear in the list, and the Online icon should be `green`. If they did not Register with the One Console, it is likely you have an issue with the $TOKEN used, create a new Dataplane Key and try again. It should look similar to this:
+ Go back to your One Console Instance page, and click `Refresh`. You should see all 6 of your `basics-` instances appear in the list, and the Online icon should be `green`. If they did not Register with the One Console, it is likely you have an issue with the $TOKEN used, create a new Dataplane Key and try again. It should look similar to this:
- 
+ 
Now that the NGINX OSS and Plus containers are running and Registered with the NGINX One Console, in subsequent sections you will explore the various features of NGINX One Console, and manage your NGINX Instances!
@@ -152,7 +152,7 @@ This ends lab2.
-## References:
+## References
- [NGINX One Console](https://docs.nginx.com/nginx-one/)
- [NGINX Agent](https://docs.nginx.com/nginx-agent/overview/)
@@ -165,6 +165,7 @@ This ends lab2.
- Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc.
- Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc.
--------------
+---
Navigate to ([Lab3](../lab3/readme.md) | [LabGuide](../readme.md))
+
diff --git a/labs/lab4/media/lab3_csg_add_instance.png b/labs/lab4/media/lab3_csg_add_instance.png
deleted file mode 100644
index 93a7dba..0000000
Binary files a/labs/lab4/media/lab3_csg_add_instance.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_basics-plus-2.png b/labs/lab4/media/lab3_csg_basics-plus-2.png
deleted file mode 100644
index b098090..0000000
Binary files a/labs/lab4/media/lab3_csg_basics-plus-2.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_config_change.png b/labs/lab4/media/lab3_csg_config_change.png
deleted file mode 100644
index fc8ad21..0000000
Binary files a/labs/lab4/media/lab3_csg_config_change.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_edit_success.png b/labs/lab4/media/lab3_csg_edit_success.png
deleted file mode 100644
index 01c0b39..0000000
Binary files a/labs/lab4/media/lab3_csg_edit_success.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_in_sync.png b/labs/lab4/media/lab3_csg_in_sync.png
deleted file mode 100644
index 391514f..0000000
Binary files a/labs/lab4/media/lab3_csg_in_sync.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_name.png b/labs/lab4/media/lab3_csg_name.png
deleted file mode 100644
index 2c175a5..0000000
Binary files a/labs/lab4/media/lab3_csg_name.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_save_publish.png b/labs/lab4/media/lab3_csg_save_publish.png
deleted file mode 100644
index 2a84f25..0000000
Binary files a/labs/lab4/media/lab3_csg_save_publish.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg_three_auto_instances.png b/labs/lab4/media/lab3_csg_three_auto_instances.png
deleted file mode 100644
index aad484f..0000000
Binary files a/labs/lab4/media/lab3_csg_three_auto_instances.png and /dev/null differ
diff --git a/labs/lab4/media/lab3_csg.png b/labs/lab4/media/lab4_csg.png
similarity index 100%
rename from labs/lab4/media/lab3_csg.png
rename to labs/lab4/media/lab4_csg.png
diff --git a/labs/lab4/media/lab3_csg_add.png b/labs/lab4/media/lab4_csg_add.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_add.png
rename to labs/lab4/media/lab4_csg_add.png
diff --git a/labs/lab4/media/lab4_csg_add_instance.png b/labs/lab4/media/lab4_csg_add_instance.png
new file mode 100644
index 0000000..3b5adc6
Binary files /dev/null and b/labs/lab4/media/lab4_csg_add_instance.png differ
diff --git a/labs/lab4/media/lab4_csg_config_change.png b/labs/lab4/media/lab4_csg_config_change.png
new file mode 100644
index 0000000..08ae7aa
Binary files /dev/null and b/labs/lab4/media/lab4_csg_config_change.png differ
diff --git a/labs/lab4/media/lab4_csg_config_error.png b/labs/lab4/media/lab4_csg_config_error.png
new file mode 100644
index 0000000..6b72b5f
Binary files /dev/null and b/labs/lab4/media/lab4_csg_config_error.png differ
diff --git a/labs/lab4/media/lab4_csg_configuration.png b/labs/lab4/media/lab4_csg_configuration.png
new file mode 100644
index 0000000..1d8bb42
Binary files /dev/null and b/labs/lab4/media/lab4_csg_configuration.png differ
diff --git a/labs/lab4/media/lab4_csg_configuration2.png b/labs/lab4/media/lab4_csg_configuration2.png
new file mode 100644
index 0000000..fb03c0f
Binary files /dev/null and b/labs/lab4/media/lab4_csg_configuration2.png differ
diff --git a/labs/lab4/media/lab4_csg_details-auto.png b/labs/lab4/media/lab4_csg_details-auto.png
new file mode 100644
index 0000000..5225b5d
Binary files /dev/null and b/labs/lab4/media/lab4_csg_details-auto.png differ
diff --git a/labs/lab4/media/lab4_csg_details.png b/labs/lab4/media/lab4_csg_details.png
new file mode 100644
index 0000000..154f167
Binary files /dev/null and b/labs/lab4/media/lab4_csg_details.png differ
diff --git a/labs/lab4/media/lab3_csg_docker_instructions.png b/labs/lab4/media/lab4_csg_docker_instructions.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_docker_instructions.png
rename to labs/lab4/media/lab4_csg_docker_instructions.png
diff --git a/labs/lab4/media/lab3_csg_edit_config.png b/labs/lab4/media/lab4_csg_edit_config.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_edit_config.png
rename to labs/lab4/media/lab4_csg_edit_config.png
diff --git a/labs/lab4/media/lab4_csg_edit_success.png b/labs/lab4/media/lab4_csg_edit_success.png
new file mode 100644
index 0000000..36a0359
Binary files /dev/null and b/labs/lab4/media/lab4_csg_edit_success.png differ
diff --git a/labs/lab4/media/lab4_csg_in_sync.png b/labs/lab4/media/lab4_csg_in_sync.png
new file mode 100644
index 0000000..8618cc2
Binary files /dev/null and b/labs/lab4/media/lab4_csg_in_sync.png differ
diff --git a/labs/lab4/media/lab4_csg_name.png b/labs/lab4/media/lab4_csg_name.png
new file mode 100644
index 0000000..a57681f
Binary files /dev/null and b/labs/lab4/media/lab4_csg_name.png differ
diff --git a/labs/lab4/media/lab4_csg_one-plus-2.png b/labs/lab4/media/lab4_csg_one-plus-2.png
new file mode 100644
index 0000000..6651761
Binary files /dev/null and b/labs/lab4/media/lab4_csg_one-plus-2.png differ
diff --git a/labs/lab4/media/lab3_csg_one_manual_instance.png b/labs/lab4/media/lab4_csg_one_manual_instance.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_one_manual_instance.png
rename to labs/lab4/media/lab4_csg_one_manual_instance.png
diff --git a/labs/lab4/media/lab3_csg_register_new.png b/labs/lab4/media/lab4_csg_register_new.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_register_new.png
rename to labs/lab4/media/lab4_csg_register_new.png
diff --git a/labs/lab4/media/lab4_csg_save_publish.png b/labs/lab4/media/lab4_csg_save_publish.png
new file mode 100644
index 0000000..f6a41f2
Binary files /dev/null and b/labs/lab4/media/lab4_csg_save_publish.png differ
diff --git a/labs/lab4/media/lab4_csg_three_auto_instances.png b/labs/lab4/media/lab4_csg_three_auto_instances.png
new file mode 100644
index 0000000..b23023c
Binary files /dev/null and b/labs/lab4/media/lab4_csg_three_auto_instances.png differ
diff --git a/labs/lab4/media/lab3_csg_use_existing_key.png b/labs/lab4/media/lab4_csg_use_existing_key.png
similarity index 100%
rename from labs/lab4/media/lab3_csg_use_existing_key.png
rename to labs/lab4/media/lab4_csg_use_existing_key.png
diff --git a/labs/lab4/readme.md b/labs/lab4/readme.md
index 2700eab..3366ce1 100644
--- a/labs/lab4/readme.md
+++ b/labs/lab4/readme.md
@@ -20,28 +20,47 @@ By the end of the lab you will be able to:
- You must have an F5 Distributed Cloud(XC) Account
- You must have enabled NGINX One service on F5 Distributed Cloud(XC)
- See `Lab0` for instructions on setting up your system for this Workshop
+- You must have a dataplane key - you can use the one created from the earlier labs
- Familiarity with basic Linux concepts and commands
- Familiarity with basic Nginx concepts and commands
### Create a Config Sync Group
-- Under the `Manage` heading in the left hand column, click on `Config Sync Groups`.
- 
+Config Sync Groups allow you to group multiple NGINX instances and leverage an identical configuration across all instances. This feature is extremely helpful in ephemeral environments, such as Docker and Kubernetes, as the NGINX instance can pull its configuration versus needing to rebuild the NGINX container every time the configuration changes. This section will go through using this feature.
+
+- Under the `Manage` heading in the left hand column, click on the `Config Sync Groups` link.
+ 
- In the resulting panel at the top, click on the `Add Config Sync Group` button.
- 
+ 
+
+- A modal window will pop up and ask you to give a name for the Config Sync Group. Here you will use the name: `one-workshop-plus`
+ 
+
+Click the create button. Your newly created Config Sync Group `one-workshop-plus` should be in the list.
+
+You can now explore your Config Sync Group by selecting `one-workshop-plus`. When you select it, there are two tabs named _Details_ and _Configuration_.
+
+On the _Details_ tab, there are two views: _Details_ represents additional details of this group and _Instances_ represents the NGINX instances that are in this group.
+
+
-- A modal window will pop up and ask you to give a name for the Config Sync Group. Here we will use the name:
- `basics-workshop-plus`
- 
+On the _Configuration_ tab, there is a view that defines the NGINX configurations to use for all NGINX instances in this Config Sync Group.
-### Create and add an instance to the group
+
-On this page is a button that says `Add Instance to Config Sync Group`
+Notice that the configuration is empty when you first create a Config Sync Group. There are two ways to handle the initial configuration.
+
+- Option 1: Auto-generate the Config Sync Group's configuration by adding the first NGINX instance. The existing config from the NGINX instance will be used as the config for your Config Sync Group.
+- Option 2: Manually define the NGINX configurations before adding any NGINX instances using the UI text editor.
+
+### Option 1 - Create and add an instance to the group
+
+On this page is a button that says `Add Instance to Config Sync Group`. Click on this.
-
+
@@ -49,7 +68,7 @@ This will pop up another modal window on the right. We will choose the second op
-
+
@@ -57,7 +76,7 @@ The next option is to generate a dataplane key or use an existing one. We will c
-
+
@@ -65,7 +84,7 @@ If you are testing on bare metal, there is a curl command listed to register thi
-
+
@@ -93,83 +112,104 @@ Start the container. We are going to modify the command shown in the console to
```bash
docker run \
---hostname=basics-manual \
---name=basics-manual \
+--hostname=one-workshop-manual \
+--name=one-manual \
--env=NGINX_LICENSE_JWT="$JWT" \
--env=NGINX_AGENT_SERVER_GRPCPORT=443 \
--env=NGINX_AGENT_SERVER_HOST=agent.connect.nginx.com \
--env=NGINX_AGENT_SERVER_TOKEN="$TOKEN" \
---env=NGINX_AGENT_INSTANCE_GROUP=basics-workshop-plus \
+--env=NGINX_AGENT_INSTANCE_GROUP=one-workshop-plus \
--env=NGINX_AGENT_TLS_ENABLE=true \
--restart=always \
--runtime=runc \
-d private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522
```
-You can see that the container starts up. With a refresh on the Config Sync Groups page, you will see that the basics-workshop-plus Config Sync Group now has 1 instance in it.
+You can see that the container starts up. With a refresh on the Config Sync Groups page, you will see that the `one-workshop-plus` Config Sync Group now has 1 instance in it.
-
+
-Hey, didn't we use docker compose to start our containers before? We can add instances to this `Config Sync Group` even easier than what we did above - automatically!
+You can also notice that it says you are out of sync! You did not populate the configuration manually, so the first container added will download the configuration and become the new default config. You will change this a bit later. Hey, didn't you use docker compose to start our containers in the previous labs? We can add those instances to this `Config Sync Group` even easier than what you did above - automatically!
-Let's stop our running containers by running:
+Let's stop your running containers by running:
```bash
+cd ../lab2
docker compose down
```
-Now open up the docker-compose.yml. You can uncomment the lines numbered 14, 36, & 58. This NGINX variable is all you need to add these to the instance group:
+Now open up the _**docker-compose.yml**_ file. You can uncomment the lines numbered **14, 36, & 58**. This NGINX variable is all you need to add these to the Config Sync Group:
```bash
-NGINX_AGENT_INSTANCE_GROUP: basics-workshop-plus
+NGINX_AGENT_INSTANCE_GROUP: one-workshop-plus
```
Let's launch the containers again and then watch the Nginx One console to see the instances added to the Config Sync Group.
```bash
-docker compose up
+docker compose up --force-recreate -d
```
-Use the refresh button and you should see the three original instances added to our config group. These will only be the Plus instances as they were the instances to which we added the variable line.
+Use the refresh button and you should see the three new instances added to our config group. These will only be the Plus instances as they were the instances to which we added the variable line.
-
+
-Upon being added to the Config Instance group, NGINX One will attempt to apply the configuration of the group to the instances in it. Here we can see the config was immediately applied to **basics-plus-2**:
+Upon being added to the Config Instance group, NGINX One will attempt to apply the configuration of the group to the instances in it. Here you can see the config was immediately applied to **one-plus-2** and **one-plus-3**. **one-plus-1** is the synch still in progress instance here. This shows it takes a moment as the Config Sync Group applies the configuration to each new instance. You will need to refresh the UI to make sure the configs all get applied, but give it a minute.
-
+
-Before this finishes, let's show we can push a change to the whole group! Click on the `Configuration` button next to the `Details`. Then click the `Edit Config` button:
+### Option 2 - Let's manually change the config file and apply it to the group
+
+Let's show you can push a change to the whole group! Click on the `Configuration` button next to the `Details`.
+
+1. When you select the _Configuration_ tab, notice the configuration here is identical to the first NGINX instance you just added. You could have pre-populated this area before any instances were added and the first instance would have pulled the config instead of pushing it's config as in the previous example. Now click the `Edit Configuration` button on the right hand side of the page:
+
+
+
+
-
+You are going to add to the contents (which were pulled from the first added instance) of the default config that will be used going forward. Click on and modify the /etc/nginx/conf.d/default.conf file. You are going to add this snippet at lines 21-25
+
+```nginx
+ location /test_header {
+ add_header X-Test-App true;
+ return 200 'HTTP/1.1 200 OK\nContent-Type: text/html\n\nWelcome to Lab 4 of the NGINX One Workshop!';
+ }
+```
+
+
+You will notice it now says (modified) in braces next to the file we changed. At the bottom left you can see that the configuration checker thinks our changes look good.
-On line 76, Let's simply add a comment, a trivial change. Then click the `Next` button.
+
-
+What would it look like if there was a problem when ONE Console checked the config? Something like this:
+
+
-The next screen allows you to see a diff between the two configs. After reviewing you can click `Save and Publish`.
+Ok, you don't have any errors, so click on the green **Next** button. The following screen allows you to see a diff between the two configs. After reviewing you can click `Save and Publish`.
-
+
@@ -177,59 +217,60 @@ NGINX One will indicate the change was a success and push it to all of our insta
-
+
-We can now see all the instances are in sync!
+You can now see all the instances are in sync!
-
+
+All new instances that you add to the Config Sync Group will inherit this configuration. If you spin up another new nginx-plus container, you can verify that it has the same configuration.
+
---
**NOTE**
-A final note... you can `mix OSS and Plus instances` in the same group! The important caveat is that the config features must be available to all instances. If you are going to be working with NGINX Plus specific configurations, you are better off putting those into their own Config Sync Group.
+A final note... you can _**mix OSS and Plus instances**_ in the same group! The important caveat is that the config features must be available to all instances. If you are going to be working with NGINX Plus specific configurations, you are better off putting those into their own **Config Sync Group**.
---
-## Wrap UP
+## Wrap Up
-> If you are finished with this lab, you can use Docker Compose to shut down your test environment. Make sure you are in the `lab7` folder:
+> If you are finished with this lab, you can use Docker Compose to shut down your test environment. Make sure you are in the `lab2` folder:
```bash
+cd ../lab2
docker compose down
-
```
```bash
##Sample output##
[+] Running 10/10
- ✔ Container basics-oss3 Removed 6.4s
- ✔ Container basics-plus2 Removed 10.7s
- ✔ Container web1 Removed 0.5s
- ✔ Container basics-oss1 Removed 5.5s
- ✔ Container web2 Removed 0.4s
- ✔ Container basics-plus1 Removed 10.7s
- ✔ Container web3 Removed 0.5s
- ✔ Container basics-oss2 Removed 6.2s
- ✔ Container basics-plus3 Removed 10.6s
- ✔ Network lab7_default Removed 0.1s
-
+ ✔ Container one-workshop-oss1 Removed 6.1s
+ ✔ Container web3 Removed 0.3s
+ ✔ Container web2 Removed 0.2s
+ ✔ Container one-workshop-plus2 Removed 6.0s
+ ✔ Container web1 Removed 0.2s
+ ✔ Container one-workshop-oss2 Removed 6.9s
+ ✔ Container one-workshop-plus1 Removed 6.0s
+ ✔ Container one-workshop-plus3 Removed 5.2s
+ ✔ Container one-workshop-oss3 Removed 7.0s
+ ✔ Network lab2_default Removed 0.1s
```
To clean up the manual container we added:
```bash
docker ps | grep manual
-f8a5fb797615 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 "/usr/bin/supervisor…" About an hour ago Up About an hour 80/tcp basics-manual
+f8a5fb797615 private-registry.nginx.com/nginx-plus/agent:nginx-plus-r31-alpine-3.19-20240522 "/usr/bin/supervisor…" About an hour ago Up About an hour 80/tcp one-auto
```
-Your container id will be different. You can stop it by using `docker stop `. Another tip, if you only have a few containers, docker will identify the container id with the first few characters (assuming they are unique). Here we use the first 3 characters and that's enough for docker to know which container we are talking about:
+**Your container id will be different.** You can stop it by using `docker stop `. Another tip, if you only have a few containers, docker will identify the container id with the first few characters (assuming they are unique). Here we use the first 3 characters and that's enough for docker to know which container we are talking about:
```bash
docker stop f8a
@@ -243,7 +284,7 @@ docker rm f8a
f8a
```
-Don't forget to stop all of the Nginx containers if you are finished with them, and Delete them from the Nginx One Instance inventory.
+Don't forget to stop all of the Nginx containers if you are finished with them, and **Delete them from the Nginx One Instance inventory**.
@@ -256,6 +297,7 @@ This ends lab4.
## References
- [Nginx One Console](https://docs.nginx.com/nginx-one/)
+- [Nginx One Console - Manage Config Sync Groups](https://docs.nginx.com/nginx-one/how-to/config-sync-groups/manage-config-sync-groups/)