├── .gitignore ├── 0.Introduction ├── 0.Introduction.md └── media │ ├── image1.png │ ├── image2.png │ ├── image3.png │ ├── image4.png │ ├── image5.png │ └── image6.png ├── 1.0.creating-docker-images-for-nginx-plus ├── 1.0.creating-docker-images-for-nginx-plus.md └── media │ ├── image1.png │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image17.png │ ├── image18.png │ ├── image19.png │ ├── image2.png │ ├── image20.png │ ├── image21.png │ ├── image22.png │ ├── image23.png │ ├── image24.png │ ├── image25.png │ ├── image26.png │ ├── image27.png │ ├── image3.png │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ └── image9.png ├── 2.0.deploying-nginx-plus-web-server-with-cicd ├── 2.0.deploying-nginx-plus-web-server-with-cicd.md └── media │ ├── image1.png │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image17.png │ ├── image18.png │ ├── image19.png │ ├── image2.png │ ├── image20.png │ ├── image21.png │ ├── image22.png │ ├── image23.png │ ├── image24.png │ ├── image25.png │ ├── image26.png │ ├── image27.png │ ├── image3.png │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ └── image9.png ├── 3.0.continuous-deployment-for-nginx-plus-load-balancers ├── 3.0.continuous-deployment-for-nginx-plus-load-balancers.md └── media │ ├── image0.png │ ├── image1.png │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image17.png │ ├── image2.png │ ├── image3.png │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.tiff │ └── image9.png ├── files ├── end_state │ ├── appster-lb │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── README.md │ │ ├── cicd.png │ │ ├── etc │ │ │ ├── nginx │ │ │ │ ├── conf.d │ │ │ │ │ ├── health_checks.conf │ │ │ │ │ ├── status_api.conf │ │ │ │ │ ├── stub_status.conf │ │ │ │ │ ├── upstreams_prod.conf │ │ │ │ │ └── www.appster.com.conf │ │ │ │ ├── fastcgi_params │ │ │ │ ├── includes │ │ │ │ │ ├── add_headers │ │ │ │ │ │ └── security.conf │ │ │ │ │ ├── proxy_headers │ │ │ │ │ │ ├── keepalive.conf │ │ │ │ │ │ └── proxy_headers.conf │ │ │ │ │ └── ssl │ │ │ │ │ │ ├── ssl_ intermediate.conf │ │ │ │ │ │ ├── ssl_a+_strong.conf │ │ │ │ │ │ ├── ssl_modern.conf │ │ │ │ │ │ └── ssl_old.conf │ │ │ │ ├── koi-utf │ │ │ │ ├── koi-win │ │ │ │ ├── mime.types │ │ │ │ ├── nginx.conf │ │ │ │ ├── scgi_params │ │ │ │ ├── test_env │ │ │ │ │ ├── test_environments.md │ │ │ │ │ └── upstreams_test.conf │ │ │ │ ├── uwsgi_params │ │ │ │ └── win-utf │ │ │ └── ssl │ │ │ │ ├── PLACE_YOUR_CERT_KEY_DHPARAMS_HERE │ │ │ │ └── nginx │ │ │ │ └── PLACE_NGINX_CERT_AND_KEY_HERE │ │ └── usr │ │ │ └── share │ │ │ └── nginx │ │ │ └── html │ │ │ └── demo-index.html │ ├── gitlabappster │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── Dockerfile │ │ ├── README.md │ │ ├── etc │ │ │ ├── nginx │ │ │ │ ├── conf.d │ │ │ │ │ ├── appster.com.conf │ │ │ │ │ ├── status_api.conf │ │ │ │ │ └── stub_status.conf │ │ │ │ ├── fastcgi_params │ │ │ │ ├── html │ │ │ │ │ ├── css │ │ │ │ │ │ ├── _custom.scss │ │ │ │ │ │ ├── _variables.scss │ │ │ │ │ │ ├── bootstrap.css │ │ │ │ │ │ └── bootstrap.min.css │ │ │ │ │ ├── img │ │ │ │ │ │ ├── apple_store.png │ │ │ │ │ │ ├── gallery-1.jpg │ │ │ │ │ │ ├── gallery-2.jpg │ │ │ │ │ │ ├── google-play.png │ │ │ │ │ │ ├── iphone_7.png │ │ │ │ │ │ ├── iphone_x.png │ │ │ │ │ │ ├── team-1.jpg │ │ │ │ │ │ ├── team-2.jpg │ │ │ │ │ │ └── team-3.jpg │ │ │ │ │ ├── index.html │ │ │ │ │ └── js │ │ │ │ │ │ └── scripts.js │ │ │ │ ├── koi-utf │ │ │ │ ├── koi-win │ │ │ │ ├── mime.types │ │ │ │ ├── nginx.conf │ │ │ │ ├── scgi_params │ │ │ │ ├── uwsgi_params │ │ │ │ └── win-utf │ │ │ └── ssl │ │ │ │ └── nginx │ │ │ │ └── PLACE_NGINX_REPO_CRT_AND_KEY_HERE │ │ └── extra │ │ │ ├── appster_iphone7.png │ │ │ ├── appster_iphonex.png │ │ │ ├── appster_subheader_original.png │ │ │ ├── appster_subheader_updated.png │ │ │ ├── bg-purple-yellow.png │ │ │ ├── bg-yellow-purple.png │ │ │ ├── cron │ │ │ ├── docker-compose.yml │ │ │ ├── gitlab_cicd.png │ │ │ └── start.sh │ └── nginx-plus-dockerfiles │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── Dockerfiles │ │ ├── alpine3.10 │ │ │ └── Dockerfile │ │ ├── alpine3.11 │ │ │ └── Dockerfile │ │ ├── alpine3.8 │ │ │ └── Dockerfile │ │ ├── alpine3.9 │ │ │ └── Dockerfile │ │ ├── alpine3.9_tools │ │ │ └── Dockerfile │ │ ├── centos7.6 │ │ │ └── Dockerfile │ │ ├── centos7 │ │ │ └── Dockerfile │ │ ├── centos8 │ │ │ └── Dockerfile │ │ ├── debian10 │ │ │ └── Dockerfile │ │ ├── debian9 │ │ │ └── Dockerfile │ │ ├── ubuntu16.04 │ │ │ └── Dockerfile │ │ ├── ubuntu18.04 │ │ │ └── Dockerfile │ │ └── ubuntu18.04_crossplane │ │ │ └── Dockerfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── build-nginx-plus.sh │ │ ├── ci-build.sh │ │ ├── etc │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── ssl │ │ │ └── nginx │ │ │ └── PLACE_NGINX_REPO_KEY_AND_CRT_HERE │ │ └── test │ │ └── etc │ │ └── nginx │ │ ├── conf.d │ │ ├── status_api.conf │ │ └── stub_status.conf │ │ └── nginx.conf ├── orginal_state │ ├── appster-lb │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── README.md │ │ ├── cicd.png │ │ ├── etc │ │ │ ├── nginx │ │ │ │ ├── conf.d │ │ │ │ │ ├── health_checks.conf │ │ │ │ │ ├── status_api.conf │ │ │ │ │ ├── stub_status.conf │ │ │ │ │ ├── upstreams_prod.conf │ │ │ │ │ └── www.appster.com.conf │ │ │ │ ├── fastcgi_params │ │ │ │ ├── includes │ │ │ │ │ ├── add_headers │ │ │ │ │ │ └── security.conf │ │ │ │ │ ├── proxy_headers │ │ │ │ │ │ ├── keepalive.conf │ │ │ │ │ │ └── proxy_headers.conf │ │ │ │ │ └── ssl │ │ │ │ │ │ ├── ssl_ intermediate.conf │ │ │ │ │ │ ├── ssl_a+_strong.conf │ │ │ │ │ │ ├── ssl_modern.conf │ │ │ │ │ │ └── ssl_old.conf │ │ │ │ ├── koi-utf │ │ │ │ ├── koi-win │ │ │ │ ├── mime.types │ │ │ │ ├── nginx.conf │ │ │ │ ├── scgi_params │ │ │ │ ├── test_env │ │ │ │ │ ├── test_environments.md │ │ │ │ │ └── upstreams_test.conf │ │ │ │ ├── uwsgi_params │ │ │ │ └── win-utf │ │ │ └── ssl │ │ │ │ ├── PLACE_YOUR_CERT_KEY_DHPARAMS_HERE │ │ │ │ └── nginx │ │ │ │ └── PLACE_NGINX_CERT_AND_KEY_HERE │ │ └── usr │ │ │ └── share │ │ │ └── nginx │ │ │ └── html │ │ │ └── demo-index.html │ ├── gitlabappster │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── Dockerfile │ │ ├── README.md │ │ ├── etc │ │ │ ├── nginx │ │ │ │ ├── conf.d │ │ │ │ │ ├── appster.com.conf │ │ │ │ │ └── status_api.conf │ │ │ │ ├── fastcgi_params │ │ │ │ ├── html │ │ │ │ │ ├── css │ │ │ │ │ │ ├── _custom.scss │ │ │ │ │ │ ├── _variables.scss │ │ │ │ │ │ ├── bootstrap.css │ │ │ │ │ │ └── bootstrap.min.css │ │ │ │ │ ├── img │ │ │ │ │ │ ├── apple_store.png │ │ │ │ │ │ ├── gallery-1.jpg │ │ │ │ │ │ ├── gallery-2.jpg │ │ │ │ │ │ ├── google-play.png │ │ │ │ │ │ ├── iphone_7.png │ │ │ │ │ │ ├── iphone_x.png │ │ │ │ │ │ ├── team-1.jpg │ │ │ │ │ │ ├── team-2.jpg │ │ │ │ │ │ └── team-3.jpg │ │ │ │ │ ├── index.html │ │ │ │ │ └── js │ │ │ │ │ │ └── scripts.js │ │ │ │ ├── koi-utf │ │ │ │ ├── koi-win │ │ │ │ ├── mime.types │ │ │ │ ├── nginx.conf │ │ │ │ ├── scgi_params │ │ │ │ ├── uwsgi_params │ │ │ │ └── win-utf │ │ │ └── ssl │ │ │ │ └── nginx │ │ │ │ └── PLACE_NGINX_REPO_CRT_AND_KEY_HERE │ │ └── extra │ │ │ ├── appster_iphone7.png │ │ │ ├── appster_iphonex.png │ │ │ ├── appster_subheader_original.png │ │ │ ├── appster_subheader_updated.png │ │ │ ├── bg-purple-yellow.png │ │ │ ├── bg-yellow-purple.png │ │ │ ├── cron │ │ │ ├── docker-compose.yml │ │ │ ├── gitlab_cicd.png │ │ │ └── start.sh │ └── nginx-plus-dockerfiles │ │ ├── .gitignore │ │ ├── .gitlab-ci.yml │ │ ├── Dockerfiles │ │ ├── alpine3.10 │ │ │ └── Dockerfile │ │ ├── alpine3.8 │ │ │ └── Dockerfile │ │ ├── alpine3.9 │ │ │ └── Dockerfile │ │ ├── alpine3.9_tools │ │ │ └── Dockerfile │ │ ├── centos7.6 │ │ │ └── Dockerfile │ │ ├── centos7 │ │ │ └── Dockerfile │ │ ├── centos8 │ │ │ └── Dockerfile │ │ ├── debian10 │ │ │ └── Dockerfile │ │ ├── debian9 │ │ │ └── Dockerfile │ │ ├── ubuntu16.04 │ │ │ └── Dockerfile │ │ ├── ubuntu18.04 │ │ │ └── Dockerfile │ │ └── ubuntu18.04_crossplane │ │ │ └── Dockerfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── build-nginx-plus.sh │ │ ├── ci-build.sh │ │ ├── etc │ │ ├── nginx │ │ │ └── nginx.conf │ │ └── ssl │ │ │ └── nginx │ │ │ └── PLACE_NGINX_REPO_KEY_AND_CRT_HERE │ │ └── test │ │ └── etc │ │ └── nginx │ │ ├── conf.d │ │ ├── status_api.conf │ │ └── stub_status.conf │ │ └── nginx.conf └── readme.md └── readme.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled source # 2 | ################### 3 | *.com 4 | *.class 5 | *.dll 6 | *.exe 7 | *.o 8 | *.so 9 | 10 | # Packages # 11 | ############ 12 | # it's better to unpack these files and commit the raw source 13 | # git has its own built in compression methods 14 | *.7z 15 | *.dmg 16 | *.gz 17 | *.iso 18 | *.jar 19 | *.rar 20 | *.tar 21 | *.zip 22 | 23 | # Logs and databases # 24 | ###################### 25 | *.log 26 | *.sql 27 | *.sqlite 28 | 29 | # OS generated files # 30 | ###################### 31 | .DS_Store 32 | .DS_Store? 33 | ._* 34 | .Spotlight-V100 35 | .Trashes 36 | ehthumbs.db 37 | Thumbs.db -------------------------------------------------------------------------------- /0.Introduction/media/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image1.png -------------------------------------------------------------------------------- /0.Introduction/media/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image2.png -------------------------------------------------------------------------------- /0.Introduction/media/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image3.png -------------------------------------------------------------------------------- /0.Introduction/media/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image4.png -------------------------------------------------------------------------------- /0.Introduction/media/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image5.png -------------------------------------------------------------------------------- /0.Introduction/media/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/0.Introduction/media/image6.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image1.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image10.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image11.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image12.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image13.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image14.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image15.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image16.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image17.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image18.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image19.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image2.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image20.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image21.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image22.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image23.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image24.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image25.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image26.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image27.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image3.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image4.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image5.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image6.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image7.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image8.png -------------------------------------------------------------------------------- /1.0.creating-docker-images-for-nginx-plus/media/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/1.0.creating-docker-images-for-nginx-plus/media/image9.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image1.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image10.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image11.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image12.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image13.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image14.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image15.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image16.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image17.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image18.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image19.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image2.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image20.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image21.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image22.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image23.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image23.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image24.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image25.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image26.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image26.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image27.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image3.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image4.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image5.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image6.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image7.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image8.png -------------------------------------------------------------------------------- /2.0.deploying-nginx-plus-web-server-with-cicd/media/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/2.0.deploying-nginx-plus-web-server-with-cicd/media/image9.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image0.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image1.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image10.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image11.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image12.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image13.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image14.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image15.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image16.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image17.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image2.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image3.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image4.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image5.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image6.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image7.png -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image8.tiff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image8.tiff -------------------------------------------------------------------------------- /3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/3.0.continuous-deployment-for-nginx-plus-load-balancers/media/image9.png -------------------------------------------------------------------------------- /files/end_state/appster-lb/.gitignore: -------------------------------------------------------------------------------- 1 | # Don't track these files 2 | nginx-repo.crt 3 | nginx-repo.key 4 | .DS_Store 5 | .key 6 | .crt 7 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/cicd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/appster-lb/cicd.png -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/conf.d/health_checks.conf: -------------------------------------------------------------------------------- 1 | match status_text_ok { 2 | # Simple health check expecting http 200 and text/plain 3 | status 200; 4 | header Content-Type = text/plain; 5 | body ~ "healthy"; # Regex body check 6 | } 7 | 8 | match status_html_ok { 9 | # Simple health check expecting http 200 and text/html 10 | status 200; 11 | header Content-Type = text/html; 12 | } 13 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/conf.d/upstreams_prod.conf: -------------------------------------------------------------------------------- 1 | resolver 10.1.1.10:53 ipv6=off; 2 | 3 | upstream http_appster_prod { 4 | zone http_appster_prod 64k; 5 | 6 | # Production Servers ------- 7 | server nginx.f5demolab.com:81 resolve; 8 | server nginx.f5demolab.com:82 resolve; 9 | server nginx.f5demolab.com:83 resolve; 10 | server nginx.f5demolab.com:84 resolve; 11 | # end ---------------------- 12 | 13 | # Load Balancing 14 | # Round Robin - Default 15 | # ip_hash; 16 | # hash [key] [consistent]; 17 | # least_conn; 18 | # least_time header last_byte [inflight]; 19 | # random [two [method]]; 20 | 21 | # Activates the cache for connections to upstream servers 22 | keepalive 64; 23 | } 24 | 25 | # 26 | # Load Balancing 27 | # 28 | # Round Robin (the default) – Distributes requests in order across the list of 29 | # upstream servers. 30 | 31 | # Least Connections – Sends requests to the server with the lowest number of 32 | # active connections. 33 | 34 | #least_conn; 35 | 36 | # Least Time – Sends requests to the server selected by a formula that combines 37 | # the fastest response time and fewest active connections. 38 | # Exclusive to NGINX Plus. 39 | # e.g. least_time header | last_byte [inflight]; 40 | 41 | #least_time last_byte; 42 | 43 | # Hash – Distributes requests based on a key you define, such as the client IP 44 | # address or the request URL. NGINX Plus can optionally apply a consistent 45 | # hash to minimize redistribution of loads if the set of upstream servers 46 | # changes. 47 | # e.g. hash key [consistent]; 48 | 49 | #hash $request_uri consistent; 50 | 51 | # IP Hash (HTTP only) – Distributes requests based on the first three octets of 52 | # the client IP address. 53 | 54 | #ip_hash; 55 | 56 | # Random with Two Choices – Picks two servers at random and sends the request 57 | # to the one that is selected by then applying t 58 | # he Least Connections algorithm (or for NGINX Plus 59 | # the Least Time algorithm, if so configured). 60 | # e.g. random [two [method]] 61 | 62 | # random two; # Round Robin 63 | # random two least_conn; # Least connections 64 | # random two least_time=last_byte; # Least time: use header or last_byte -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/conf.d/www.appster.com.conf: -------------------------------------------------------------------------------- 1 | # Rate limit 2 | # Uncomment lines below to enable here 3 | limit_req_zone $binary_remote_addr zone=limit_me:1m rate=10000r/s; 4 | 5 | # www.appster.com HTTP 6 | server { 7 | listen 80 default_server; 8 | server_name www.appster.com appster.com ""; 9 | status_zone www.appster.com_http; 10 | 11 | # Separate logs 12 | access_log /var/log/nginx/www.appster.com.log main_ext; # access logs 13 | error_log /var/log/nginx/www.appster.com_errors.log info; # error logs 14 | 15 | location / { 16 | include includes/proxy_headers/proxy_headers.conf; 17 | include includes/proxy_headers/keepalive.conf; 18 | 19 | # Rate limiting 20 | # Uncomment below to enable here. 21 | limit_req zone=limit_me; 22 | limit_req_status 429; 23 | 24 | # Set Variable for dynamic templating (CICD) 25 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 26 | proxy_pass http://${appster_upstream}; 27 | } 28 | 29 | # Active Healthcheck 30 | location @health_check { 31 | proxy_set_header Host www.appster.com; 32 | 33 | # Set Variable for dynamic templating (CICD) 34 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 35 | proxy_pass http://${appster_upstream}; 36 | 37 | health_check interval=5s fails=2 passes=2 uri=/ match=status_html_ok; 38 | access_log /var/log/nginx/health_check.log main; 39 | 40 | internal; # Internal request only 41 | } 42 | } -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | fastcgi_param REQUEST_SCHEME $scheme; 13 | fastcgi_param HTTPS $https if_not_empty; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/add_headers/security.conf: -------------------------------------------------------------------------------- 1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ 2 | 3 | # via: https://gist.github.com/plentz/6737338 4 | 5 | # don't send the nginx version number in error pages and Server header 6 | server_tokens off; 7 | 8 | # config to don't allow the browser to render the page inside an frame or iframe 9 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking 10 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri 11 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options 12 | add_header X-Frame-Options SAMEORIGIN; 13 | 14 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, 15 | # to disable content-type sniffing on some browsers. 16 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 17 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx 18 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx 19 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 20 | add_header X-Content-Type-Options nosniff; 21 | 22 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. 23 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 24 | # this particular website if it was disabled by the user. 25 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 26 | add_header X-XSS-Protection "1; mode=block"; 27 | 28 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), 29 | # you can tell the browser that it can only download content from the domains you explicitly allow 30 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 31 | # https://www.owasp.org/index.php/Content_Security_Policy 32 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' 33 | # directives for css and js(if you have inline css or js, you will need to keep it too). 34 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful 35 | add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; 36 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/proxy_headers/keepalive.conf: -------------------------------------------------------------------------------- 1 | # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 2 | proxy_http_version 1.1; 3 | 4 | # Remove the Connection header if the client sends it, 5 | # it could be "close" to close a keepalive connection 6 | proxy_set_header Connection ""; 7 | 8 | # Host request header field, or the server name matching a request 9 | proxy_set_header Host $host; 10 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/proxy_headers/proxy_headers.conf: -------------------------------------------------------------------------------- 1 | ## Set Headers to the proxied servers ## 2 | 3 | # Host request header field, or the server name matching a request 4 | # proxy_set_header Host $host; # remove for UDF 5 | # client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses 6 | proxy_set_header X-Real-IP $remote_addr; 7 | # X-Forwarded-For client request header field with the $remote_addr variable appended to it, 8 | # separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, 9 | # the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable. 10 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 11 | # request scheme, “http” or “https” 12 | proxy_set_header X-Forwarded-Proto $scheme; 13 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/ssl/ssl_ intermediate.conf: -------------------------------------------------------------------------------- 1 | # SSL | intermediate configuration 2 | # nginx 1.14.0 | intermediate profile | OpenSSL 1.0.1e 3 | # Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=inte 7 | 8 | # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 9 | 10 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 11 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 12 | # ssl_certificate_key /etc/ssl/example.com.key; 13 | 14 | ssl_session_timeout 1d; 15 | ssl_session_cache shared:SSL:50m; 16 | ssl_session_tickets off; 17 | 18 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits 19 | ssl_dhparam /etc/ssl/dhparam_2048.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 2048 20 | 21 | # intermediate configuration. tweak to your needs. 22 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 23 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; 24 | ssl_prefer_server_ciphers on; 25 | 26 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 27 | add_header Strict-Transport-Security max-age=15768000; 28 | 29 | # OCSP Stapling --- 30 | # fetch OCSP records from URL in ssl_certificate and cache them 31 | ssl_stapling on; 32 | ssl_stapling_verify on; 33 | 34 | # Todo: 35 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 36 | # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 37 | 38 | # Make sure resolver is set in the server block, i.e.: 39 | # resolver valid=300s; 40 | # resolver_timeout 5s; 41 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/ssl/ssl_a+_strong.conf: -------------------------------------------------------------------------------- 1 | # Based on SSL Labs A+ (https://www.ssllabs.com/ssltest/) 2 | # See: https://cipherli.st and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 3 | 4 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 5 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 6 | # ssl_certificate_key /etc/ssl/example.com.key; 7 | 8 | ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2 9 | ssl_prefer_server_ciphers on; 10 | ssl_dhparam /etc/ssl/dhparam_4096.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 11 | ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; 12 | ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 13 | ssl_session_timeout 10m; 14 | ssl_session_cache shared:SSL:10m; 15 | ssl_session_tickets off; # Requires nginx >= 1.5.9 16 | ssl_stapling on; # Requires nginx >= 1.3.7 17 | ssl_stapling_verify on; # Requires nginx => 1.3.7 18 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 19 | add_header X-Frame-Options DENY; 20 | add_header X-Content-Type-Options nosniff; 21 | add_header X-XSS-Protection "1; mode=block"; 22 | 23 | # Make sure resolver is set in the server block, i.e.: 24 | # resolver valid=300s; 25 | # resolver_timeout 5s; 26 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/ssl/ssl_modern.conf: -------------------------------------------------------------------------------- 1 | # SSL | Modern configuration 2 | # nginx 1.14.0 | modern profile | OpenSSL 1.0.1e 3 | # Oldest compatible clients: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=modern 7 | 8 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 9 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 10 | # ssl_certificate_key /etc/ssl/example.com.key; 11 | 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:50m; 14 | ssl_session_tickets off; 15 | 16 | # modern configuration. tweak to your needs. 17 | ssl_protocols TLSv1.2; 18 | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; 19 | ssl_prefer_server_ciphers on; 20 | 21 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 22 | add_header Strict-Transport-Security max-age=15768000; 23 | 24 | # OCSP Stapling --- 25 | # fetch OCSP records from URL in ssl_certificate and cache them 26 | ssl_stapling on; 27 | ssl_stapling_verify on; 28 | 29 | # Todo: 30 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 31 | # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 32 | 33 | # Make sure resolver is set in the server block, i.e.: 34 | # resolver valid=300s; 35 | # resolver_timeout 5s; 36 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/includes/ssl/ssl_old.conf: -------------------------------------------------------------------------------- 1 | # SSL | Old configuration 2 | # nginx 1.14.0 | old profile | OpenSSL 1.0.1e | link 3 | # Oldest compatible clients: Windows XP IE6, Java 6 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=old 7 | 8 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 9 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 10 | # ssl_certificate_key /etc/ssl/example.com.key; 11 | 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:50m; 14 | ssl_session_tickets off; 15 | 16 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits 17 | ssl_dhparam /etc/ssl/dhparam_2048.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 2048 18 | 19 | # old configuration. tweak to your needs. 20 | ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; 21 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP'; 22 | ssl_prefer_server_ciphers on; 23 | 24 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 25 | add_header Strict-Transport-Security max-age=15768000; 26 | 27 | # OCSP Stapling --- 28 | # fetch OCSP records from URL in ssl_certificate and cache them 29 | ssl_stapling on; 30 | ssl_stapling_verify on; 31 | 32 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 33 | ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 34 | 35 | # Make sure resolver is set in the server block, i.e.: 36 | # resolver valid=300s; 37 | # resolver_timeout 5s; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/koi-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full koi8-r <> utf8 map: it does not contain 3 | # box-drawing and some other characters. Besides this map contains 4 | # several koi8-u and Byelorussian letters which are not in koi8-r. 5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 6 | # map instead. 7 | 8 | charset_map koi8-r utf-8 { 9 | 10 | 80 E282AC ; # euro 11 | 12 | 95 E280A2 ; # bullet 13 | 14 | 9A C2A0 ; #   15 | 16 | 9E C2B7 ; # · 17 | 18 | A3 D191 ; # small yo 19 | A4 D194 ; # small Ukrainian ye 20 | 21 | A6 D196 ; # small Ukrainian i 22 | A7 D197 ; # small Ukrainian yi 23 | 24 | AD D291 ; # small Ukrainian soft g 25 | AE D19E ; # small Byelorussian short u 26 | 27 | B0 C2B0 ; # ° 28 | 29 | B3 D081 ; # capital YO 30 | B4 D084 ; # capital Ukrainian YE 31 | 32 | B6 D086 ; # capital Ukrainian I 33 | B7 D087 ; # capital Ukrainian YI 34 | 35 | B9 E28496 ; # numero sign 36 | 37 | BD D290 ; # capital Ukrainian soft G 38 | BE D18E ; # capital Byelorussian short U 39 | 40 | BF C2A9 ; # (C) 41 | 42 | C0 D18E ; # small yu 43 | C1 D0B0 ; # small a 44 | C2 D0B1 ; # small b 45 | C3 D186 ; # small ts 46 | C4 D0B4 ; # small d 47 | C5 D0B5 ; # small ye 48 | C6 D184 ; # small f 49 | C7 D0B3 ; # small g 50 | C8 D185 ; # small kh 51 | C9 D0B8 ; # small i 52 | CA D0B9 ; # small j 53 | CB D0BA ; # small k 54 | CC D0BB ; # small l 55 | CD D0BC ; # small m 56 | CE D0BD ; # small n 57 | CF D0BE ; # small o 58 | 59 | D0 D0BF ; # small p 60 | D1 D18F ; # small ya 61 | D2 D180 ; # small r 62 | D3 D181 ; # small s 63 | D4 D182 ; # small t 64 | D5 D183 ; # small u 65 | D6 D0B6 ; # small zh 66 | D7 D0B2 ; # small v 67 | D8 D18C ; # small soft sign 68 | D9 D18B ; # small y 69 | DA D0B7 ; # small z 70 | DB D188 ; # small sh 71 | DC D18D ; # small e 72 | DD D189 ; # small shch 73 | DE D187 ; # small ch 74 | DF D18A ; # small hard sign 75 | 76 | E0 D0AE ; # capital YU 77 | E1 D090 ; # capital A 78 | E2 D091 ; # capital B 79 | E3 D0A6 ; # capital TS 80 | E4 D094 ; # capital D 81 | E5 D095 ; # capital YE 82 | E6 D0A4 ; # capital F 83 | E7 D093 ; # capital G 84 | E8 D0A5 ; # capital KH 85 | E9 D098 ; # capital I 86 | EA D099 ; # capital J 87 | EB D09A ; # capital K 88 | EC D09B ; # capital L 89 | ED D09C ; # capital M 90 | EE D09D ; # capital N 91 | EF D09E ; # capital O 92 | 93 | F0 D09F ; # capital P 94 | F1 D0AF ; # capital YA 95 | F2 D0A0 ; # capital R 96 | F3 D0A1 ; # capital S 97 | F4 D0A2 ; # capital T 98 | F5 D0A3 ; # capital U 99 | F6 D096 ; # capital ZH 100 | F7 D092 ; # capital V 101 | F8 D0AC ; # capital soft sign 102 | F9 D0AB ; # capital Y 103 | FA D097 ; # capital Z 104 | FB D0A8 ; # capital SH 105 | FC D0AD ; # capital E 106 | FD D0A9 ; # capital SHCH 107 | FE D0A7 ; # capital CH 108 | FF D0AA ; # capital hard sign 109 | } 110 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/koi-win: -------------------------------------------------------------------------------- 1 | 2 | charset_map koi8-r windows-1251 { 3 | 4 | 80 88 ; # euro 5 | 6 | 95 95 ; # bullet 7 | 8 | 9A A0 ; #   9 | 10 | 9E B7 ; # · 11 | 12 | A3 B8 ; # small yo 13 | A4 BA ; # small Ukrainian ye 14 | 15 | A6 B3 ; # small Ukrainian i 16 | A7 BF ; # small Ukrainian yi 17 | 18 | AD B4 ; # small Ukrainian soft g 19 | AE A2 ; # small Byelorussian short u 20 | 21 | B0 B0 ; # ° 22 | 23 | B3 A8 ; # capital YO 24 | B4 AA ; # capital Ukrainian YE 25 | 26 | B6 B2 ; # capital Ukrainian I 27 | B7 AF ; # capital Ukrainian YI 28 | 29 | B9 B9 ; # numero sign 30 | 31 | BD A5 ; # capital Ukrainian soft G 32 | BE A1 ; # capital Byelorussian short U 33 | 34 | BF A9 ; # (C) 35 | 36 | C0 FE ; # small yu 37 | C1 E0 ; # small a 38 | C2 E1 ; # small b 39 | C3 F6 ; # small ts 40 | C4 E4 ; # small d 41 | C5 E5 ; # small ye 42 | C6 F4 ; # small f 43 | C7 E3 ; # small g 44 | C8 F5 ; # small kh 45 | C9 E8 ; # small i 46 | CA E9 ; # small j 47 | CB EA ; # small k 48 | CC EB ; # small l 49 | CD EC ; # small m 50 | CE ED ; # small n 51 | CF EE ; # small o 52 | 53 | D0 EF ; # small p 54 | D1 FF ; # small ya 55 | D2 F0 ; # small r 56 | D3 F1 ; # small s 57 | D4 F2 ; # small t 58 | D5 F3 ; # small u 59 | D6 E6 ; # small zh 60 | D7 E2 ; # small v 61 | D8 FC ; # small soft sign 62 | D9 FB ; # small y 63 | DA E7 ; # small z 64 | DB F8 ; # small sh 65 | DC FD ; # small e 66 | DD F9 ; # small shch 67 | DE F7 ; # small ch 68 | DF FA ; # small hard sign 69 | 70 | E0 DE ; # capital YU 71 | E1 C0 ; # capital A 72 | E2 C1 ; # capital B 73 | E3 D6 ; # capital TS 74 | E4 C4 ; # capital D 75 | E5 C5 ; # capital YE 76 | E6 D4 ; # capital F 77 | E7 C3 ; # capital G 78 | E8 D5 ; # capital KH 79 | E9 C8 ; # capital I 80 | EA C9 ; # capital J 81 | EB CA ; # capital K 82 | EC CB ; # capital L 83 | ED CC ; # capital M 84 | EE CD ; # capital N 85 | EF CE ; # capital O 86 | 87 | F0 CF ; # capital P 88 | F1 DF ; # capital YA 89 | F2 D0 ; # capital R 90 | F3 D1 ; # capital S 91 | F4 D2 ; # capital T 92 | F5 D3 ; # capital U 93 | F6 C6 ; # capital ZH 94 | F7 C2 ; # capital V 95 | F8 DC ; # capital soft sign 96 | F9 DB ; # capital Y 97 | FA C7 ; # capital Z 98 | FB D8 ; # capital SH 99 | FC DD ; # capital E 100 | FD D9 ; # capital SHCH 101 | FE D7 ; # capital CH 102 | FF DA ; # capital hard sign 103 | } 104 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | # Load Modules 8 | # load_module modules/ngx_http_modsecurity_module.so; # Modsecurity WAF 9 | # load_module modules/ngx_http_js_module.so; # NGINX Javascript 10 | # load_module modules/ngx_http_geoip_module.so; # geoip 11 | # load_module modules/ngx_stream_geoip_module.so; # geoip 12 | 13 | events { 14 | worker_connections 1024; 15 | } 16 | 17 | http { 18 | include /etc/nginx/mime.types; 19 | default_type application/octet-stream; 20 | 21 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | '$status $body_bytes_sent "$http_referer" ' 23 | '"$http_user_agent" "$http_x_forwarded_for" "$request_id"'; 24 | 25 | # NGINX Plus Additional NGINX Metrics 26 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 27 | '$status $body_bytes_sent "$http_referer" "$http2" ' 28 | '"$http_user_agent" "$http_x_forwarded_for" ' 29 | '"$host" sn="$server_name" ' 30 | 'rt=$request_time ' 31 | 'ua="$upstream_addr" us="$upstream_status" ' 32 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 33 | 'cs=$upstream_cache_status $request_id' ; 34 | 35 | # access_log /var/log/nginx/access.log main; # Default 36 | access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 37 | 38 | sendfile on; 39 | #tcp_nopush on; 40 | 41 | keepalive_timeout 65; 42 | 43 | #gzip on; 44 | 45 | # Use relative path because we are going to use non-default nginx directory in prod 46 | include conf.d/*.conf; # HTTP/S configs 47 | #include /etc/nginx/test_env/*.conf; # test upstream groups. Uncomment in TEST only 48 | } 49 | 50 | 51 | # TCP/UDP proxy and load balancing block 52 | 53 | stream { 54 | include stream.conf.d/*.conf; # TCP/UDP traffic 55 | } 56 | 57 | # vim: syntax=nginx 58 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/scgi_params: -------------------------------------------------------------------------------- 1 | 2 | scgi_param REQUEST_METHOD $request_method; 3 | scgi_param REQUEST_URI $request_uri; 4 | scgi_param QUERY_STRING $query_string; 5 | scgi_param CONTENT_TYPE $content_type; 6 | 7 | scgi_param DOCUMENT_URI $document_uri; 8 | scgi_param DOCUMENT_ROOT $document_root; 9 | scgi_param SCGI 1; 10 | scgi_param SERVER_PROTOCOL $server_protocol; 11 | scgi_param REQUEST_SCHEME $scheme; 12 | scgi_param HTTPS $https if_not_empty; 13 | 14 | scgi_param REMOTE_ADDR $remote_addr; 15 | scgi_param REMOTE_PORT $remote_port; 16 | scgi_param SERVER_PORT $server_port; 17 | scgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/test_env/test_environments.md: -------------------------------------------------------------------------------- 1 | # Localhost testing 2 | 3 | Place test loopback virtual server here: `upstreams_prod.conf` 4 | 5 | We will enable this in NGINX.conf by uncommenting `#include /etc/nginx/test_env/*.conf;` and 6 | replacing the variable `_upstream_` to `http_appster_test` 7 | 8 | i.e. we replace `_upstream_` in `www.appster.com.conf` and `www2.appster.com.conf` using `sed`: 9 | 10 | ```bash 11 | find etc/nginx -type f -name "*.conf" -exec sed -i -e 's/\${appster_upstream}/http_appster_test/g' {} \; 12 | ``` 13 | 14 | ```ini 15 | # www.appster.com.conf and www2.appster.com.conf 16 | 17 | location { 18 | #... 19 | 20 | # Set Variable for dynamic templating (CICD) 21 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 22 | proxy_pass http://${appster_upstream}; 23 | } 24 | 25 | # becomes: 26 | 27 | location { 28 | #... 29 | 30 | # Set Variable for dynamic templating (CICD) 31 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 32 | proxy_pass http://${appster_upstream}; 33 | } 34 | 35 | ``` 36 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/test_env/upstreams_test.conf: -------------------------------------------------------------------------------- 1 | ## 2 | # Plain Webservers | HTTP | port 9096, 9097, 9098, 9099 3 | # Dummy loopback web servers reponds with text/html with $request_uri (the rewritten URL) 4 | # sub_filter is used to replace placeholder values 5 | # To add more variables see https://nginx.org/en/docs/varindex.html 6 | ## 7 | 8 | upstream http_appster_test { 9 | zone dummy_servers 64k; 10 | server 127.0.0.1:9096; 11 | server 127.0.0.1:9097; 12 | server 127.0.0.1:9098; 13 | server 127.0.0.1:9099; 14 | keepalive 64; 15 | 16 | } 17 | 18 | server { 19 | listen 9096; 20 | listen 9097; 21 | listen 9098; 22 | listen 9099; 23 | server_name www.appster.com ""; 24 | 25 | default_type text/html; 26 | 27 | error_log /var/log/nginx/localhost.log notice; 28 | 29 | # Don't cache me 30 | expires -1; 31 | 32 | # Return webpage 33 | location / { 34 | return 200 'Status code: $status\nServer address: $server_addr:$server_port\nServer name: $hostname\nDate: $time_local\nUser-Agent: $http_user_agent\nCookie: $http_cookie\nURI: $request_uri\nRequest ID: $request_id\n'; 35 | } 36 | 37 | # Health check page 38 | location /health { 39 | return 200 'healthy'; 40 | } 41 | } -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/uwsgi_params: -------------------------------------------------------------------------------- 1 | 2 | uwsgi_param QUERY_STRING $query_string; 3 | uwsgi_param REQUEST_METHOD $request_method; 4 | uwsgi_param CONTENT_TYPE $content_type; 5 | uwsgi_param CONTENT_LENGTH $content_length; 6 | 7 | uwsgi_param REQUEST_URI $request_uri; 8 | uwsgi_param PATH_INFO $document_uri; 9 | uwsgi_param DOCUMENT_ROOT $document_root; 10 | uwsgi_param SERVER_PROTOCOL $server_protocol; 11 | uwsgi_param REQUEST_SCHEME $scheme; 12 | uwsgi_param HTTPS $https if_not_empty; 13 | 14 | uwsgi_param REMOTE_ADDR $remote_addr; 15 | uwsgi_param REMOTE_PORT $remote_port; 16 | uwsgi_param SERVER_PORT $server_port; 17 | uwsgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/nginx/win-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full windows-1251 <> utf8 map: it does not 3 | # contain Serbian and Macedonian letters. If you need a full map, 4 | # use contrib/unicode2nginx/win-utf map instead. 5 | 6 | charset_map windows-1251 utf-8 { 7 | 8 | 82 E2809A ; # single low-9 quotation mark 9 | 10 | 84 E2809E ; # double low-9 quotation mark 11 | 85 E280A6 ; # ellipsis 12 | 86 E280A0 ; # dagger 13 | 87 E280A1 ; # double dagger 14 | 88 E282AC ; # euro 15 | 89 E280B0 ; # per mille 16 | 17 | 91 E28098 ; # left single quotation mark 18 | 92 E28099 ; # right single quotation mark 19 | 93 E2809C ; # left double quotation mark 20 | 94 E2809D ; # right double quotation mark 21 | 95 E280A2 ; # bullet 22 | 96 E28093 ; # en dash 23 | 97 E28094 ; # em dash 24 | 25 | 99 E284A2 ; # trade mark sign 26 | 27 | A0 C2A0 ; #   28 | A1 D18E ; # capital Byelorussian short U 29 | A2 D19E ; # small Byelorussian short u 30 | 31 | A4 C2A4 ; # currency sign 32 | A5 D290 ; # capital Ukrainian soft G 33 | A6 C2A6 ; # borken bar 34 | A7 C2A7 ; # section sign 35 | A8 D081 ; # capital YO 36 | A9 C2A9 ; # (C) 37 | AA D084 ; # capital Ukrainian YE 38 | AB C2AB ; # left-pointing double angle quotation mark 39 | AC C2AC ; # not sign 40 | AD C2AD ; # soft hypen 41 | AE C2AE ; # (R) 42 | AF D087 ; # capital Ukrainian YI 43 | 44 | B0 C2B0 ; # ° 45 | B1 C2B1 ; # plus-minus sign 46 | B2 D086 ; # capital Ukrainian I 47 | B3 D196 ; # small Ukrainian i 48 | B4 D291 ; # small Ukrainian soft g 49 | B5 C2B5 ; # micro sign 50 | B6 C2B6 ; # pilcrow sign 51 | B7 C2B7 ; # · 52 | B8 D191 ; # small yo 53 | B9 E28496 ; # numero sign 54 | BA D194 ; # small Ukrainian ye 55 | BB C2BB ; # right-pointing double angle quotation mark 56 | 57 | BF D197 ; # small Ukrainian yi 58 | 59 | C0 D090 ; # capital A 60 | C1 D091 ; # capital B 61 | C2 D092 ; # capital V 62 | C3 D093 ; # capital G 63 | C4 D094 ; # capital D 64 | C5 D095 ; # capital YE 65 | C6 D096 ; # capital ZH 66 | C7 D097 ; # capital Z 67 | C8 D098 ; # capital I 68 | C9 D099 ; # capital J 69 | CA D09A ; # capital K 70 | CB D09B ; # capital L 71 | CC D09C ; # capital M 72 | CD D09D ; # capital N 73 | CE D09E ; # capital O 74 | CF D09F ; # capital P 75 | 76 | D0 D0A0 ; # capital R 77 | D1 D0A1 ; # capital S 78 | D2 D0A2 ; # capital T 79 | D3 D0A3 ; # capital U 80 | D4 D0A4 ; # capital F 81 | D5 D0A5 ; # capital KH 82 | D6 D0A6 ; # capital TS 83 | D7 D0A7 ; # capital CH 84 | D8 D0A8 ; # capital SH 85 | D9 D0A9 ; # capital SHCH 86 | DA D0AA ; # capital hard sign 87 | DB D0AB ; # capital Y 88 | DC D0AC ; # capital soft sign 89 | DD D0AD ; # capital E 90 | DE D0AE ; # capital YU 91 | DF D0AF ; # capital YA 92 | 93 | E0 D0B0 ; # small a 94 | E1 D0B1 ; # small b 95 | E2 D0B2 ; # small v 96 | E3 D0B3 ; # small g 97 | E4 D0B4 ; # small d 98 | E5 D0B5 ; # small ye 99 | E6 D0B6 ; # small zh 100 | E7 D0B7 ; # small z 101 | E8 D0B8 ; # small i 102 | E9 D0B9 ; # small j 103 | EA D0BA ; # small k 104 | EB D0BB ; # small l 105 | EC D0BC ; # small m 106 | ED D0BD ; # small n 107 | EE D0BE ; # small o 108 | EF D0BF ; # small p 109 | 110 | F0 D180 ; # small r 111 | F1 D181 ; # small s 112 | F2 D182 ; # small t 113 | F3 D183 ; # small u 114 | F4 D184 ; # small f 115 | F5 D185 ; # small kh 116 | F6 D186 ; # small ts 117 | F7 D187 ; # small ch 118 | F8 D188 ; # small sh 119 | F9 D189 ; # small shch 120 | FA D18A ; # small hard sign 121 | FB D18B ; # small y 122 | FC D18C ; # small soft sign 123 | FD D18D ; # small e 124 | FE D18E ; # small yu 125 | FF D18F ; # small ya 126 | } 127 | -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/ssl/PLACE_YOUR_CERT_KEY_DHPARAMS_HERE: -------------------------------------------------------------------------------- 1 | This NGINX config expects the following: 2 | * appster.com.crt 3 | * appster.com.key 4 | * dhparam_2048.pem 5 | * dhparam_4096.pem -------------------------------------------------------------------------------- /files/end_state/appster-lb/etc/ssl/nginx/PLACE_NGINX_CERT_AND_KEY_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/appster-lb/etc/ssl/nginx/PLACE_NGINX_CERT_AND_KEY_HERE -------------------------------------------------------------------------------- /files/end_state/gitlabappster/.gitignore: -------------------------------------------------------------------------------- 1 | nginx-repo.* 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | # Install prerequisite packages: 6 | # none 7 | 8 | ## Install Nginx Plus 9 | # Download certificate and key from the customer portal https://cs.nginx.com 10 | # and copy to the build context 11 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 12 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 13 | RUN chmod 644 /etc/apk/cert* 14 | 15 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 16 | # Remove the cert/keys from the image 17 | RUN wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 18 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 19 | && apk add nginx-plus \ 20 | ## Optional: Install NGINX Plus Modules from repo 21 | # See https://www.nginx.com/products/nginx/modules 22 | # nginx-plus modsecurity 23 | # && apk add nginx-plus-module-modsecurity \ 24 | # nginx-plus geoip module 25 | # && apk add nginx-plus-module-geoip \ 26 | # nginx-plus NGINX Javascript module 27 | # && apk add nginx-plus-module-njs 28 | # Remove default nginx config 29 | && rm /etc/nginx/conf.d/default.conf \ 30 | ## Forward request logs to docker log collector 31 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 32 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 33 | # Remove the cert/keys from the image 34 | && rm /etc/apk/cert.pem /etc/apk/cert.key 35 | 36 | # Optional: Create cache folder and set permissions for proxy caching 37 | #CMD mkdir -p /var/cache/nginx \ 38 | #&& chown -R nginx /var/cache/nginx 39 | 40 | # COPY /etc/nginx (Nginx configuration) directory 41 | COPY etc/nginx /etc/nginx 42 | RUN chown -R nginx:nginx /etc/nginx 43 | 44 | # Optional: COPY over any of your SSL certs for HTTPS servers 45 | # e.g. 46 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 47 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 48 | 49 | 50 | 51 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 52 | EXPOSE 80 443 8080 53 | STOPSIGNAL SIGTERM 54 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/conf.d/appster.com.conf: -------------------------------------------------------------------------------- 1 | # Appster website 2 | server { 3 | status_zone appster; 4 | listen 80 default_server; 5 | root /etc/nginx/html/; 6 | index index.html; 7 | server_name www.appster.com appster.com ""; 8 | location / { 9 | try_files $uri $uri/ =404; 10 | } 11 | 12 | # Lets try to add a HTTP301 Redirect 13 | # location = /pricing { 14 | # return 301 $scheme://www.example.com/\#pricing ; 15 | # } 16 | } -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | fastcgi_param REQUEST_SCHEME $scheme; 13 | fastcgi_param HTTPS $https if_not_empty; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/apple_store.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/apple_store.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/gallery-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/gallery-1.jpg -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/gallery-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/gallery-2.jpg -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/google-play.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/google-play.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/iphone_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/iphone_7.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/iphone_x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/iphone_x.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/team-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/team-1.jpg -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/team-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/team-2.jpg -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/img/team-3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/nginx/html/img/team-3.jpg -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/html/js/scripts.js: -------------------------------------------------------------------------------- 1 | /* 2 | Created on : Jul 4, 2017, 12:43:10 AM 3 | Author : Atta-Ur-Rehman Shah (http://attacomsian.com) 4 | */ 5 | $(function () { 6 | 7 | //init wow effects 8 | new WOW().init(); 9 | 10 | //scroll menu 11 | $(window).scroll(function () { 12 | var secondFeature = $('#features').offset().top; 13 | var scroll = $(window).scrollTop(); 14 | if (scroll >= 300) { 15 | $('.sticky-navigation').css({"top": '0px'}); 16 | } else { 17 | $('.sticky-navigation').css({"top": '-100px'}); 18 | } 19 | if (scroll >= secondFeature - 200) { 20 | $(".mobileScreen").css({'background-position': 'center top'}); 21 | } 22 | return false; 23 | }); 24 | 25 | //page scroll 26 | $('a.page-scroll').bind('click', function (event) { 27 | var $anchor = $(this); 28 | $('html, body').stop().animate({ 29 | scrollTop: $($anchor.attr('href')).offset().top - 20 30 | }, 1500, 'easeInOutExpo'); 31 | event.preventDefault(); 32 | }); 33 | }); -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/koi-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full koi8-r <> utf8 map: it does not contain 3 | # box-drawing and some other characters. Besides this map contains 4 | # several koi8-u and Byelorussian letters which are not in koi8-r. 5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 6 | # map instead. 7 | 8 | charset_map koi8-r utf-8 { 9 | 10 | 80 E282AC ; # euro 11 | 12 | 95 E280A2 ; # bullet 13 | 14 | 9A C2A0 ; #   15 | 16 | 9E C2B7 ; # · 17 | 18 | A3 D191 ; # small yo 19 | A4 D194 ; # small Ukrainian ye 20 | 21 | A6 D196 ; # small Ukrainian i 22 | A7 D197 ; # small Ukrainian yi 23 | 24 | AD D291 ; # small Ukrainian soft g 25 | AE D19E ; # small Byelorussian short u 26 | 27 | B0 C2B0 ; # ° 28 | 29 | B3 D081 ; # capital YO 30 | B4 D084 ; # capital Ukrainian YE 31 | 32 | B6 D086 ; # capital Ukrainian I 33 | B7 D087 ; # capital Ukrainian YI 34 | 35 | B9 E28496 ; # numero sign 36 | 37 | BD D290 ; # capital Ukrainian soft G 38 | BE D18E ; # capital Byelorussian short U 39 | 40 | BF C2A9 ; # (C) 41 | 42 | C0 D18E ; # small yu 43 | C1 D0B0 ; # small a 44 | C2 D0B1 ; # small b 45 | C3 D186 ; # small ts 46 | C4 D0B4 ; # small d 47 | C5 D0B5 ; # small ye 48 | C6 D184 ; # small f 49 | C7 D0B3 ; # small g 50 | C8 D185 ; # small kh 51 | C9 D0B8 ; # small i 52 | CA D0B9 ; # small j 53 | CB D0BA ; # small k 54 | CC D0BB ; # small l 55 | CD D0BC ; # small m 56 | CE D0BD ; # small n 57 | CF D0BE ; # small o 58 | 59 | D0 D0BF ; # small p 60 | D1 D18F ; # small ya 61 | D2 D180 ; # small r 62 | D3 D181 ; # small s 63 | D4 D182 ; # small t 64 | D5 D183 ; # small u 65 | D6 D0B6 ; # small zh 66 | D7 D0B2 ; # small v 67 | D8 D18C ; # small soft sign 68 | D9 D18B ; # small y 69 | DA D0B7 ; # small z 70 | DB D188 ; # small sh 71 | DC D18D ; # small e 72 | DD D189 ; # small shch 73 | DE D187 ; # small ch 74 | DF D18A ; # small hard sign 75 | 76 | E0 D0AE ; # capital YU 77 | E1 D090 ; # capital A 78 | E2 D091 ; # capital B 79 | E3 D0A6 ; # capital TS 80 | E4 D094 ; # capital D 81 | E5 D095 ; # capital YE 82 | E6 D0A4 ; # capital F 83 | E7 D093 ; # capital G 84 | E8 D0A5 ; # capital KH 85 | E9 D098 ; # capital I 86 | EA D099 ; # capital J 87 | EB D09A ; # capital K 88 | EC D09B ; # capital L 89 | ED D09C ; # capital M 90 | EE D09D ; # capital N 91 | EF D09E ; # capital O 92 | 93 | F0 D09F ; # capital P 94 | F1 D0AF ; # capital YA 95 | F2 D0A0 ; # capital R 96 | F3 D0A1 ; # capital S 97 | F4 D0A2 ; # capital T 98 | F5 D0A3 ; # capital U 99 | F6 D096 ; # capital ZH 100 | F7 D092 ; # capital V 101 | F8 D0AC ; # capital soft sign 102 | F9 D0AB ; # capital Y 103 | FA D097 ; # capital Z 104 | FB D0A8 ; # capital SH 105 | FC D0AD ; # capital E 106 | FD D0A9 ; # capital SHCH 107 | FE D0A7 ; # capital CH 108 | FF D0AA ; # capital hard sign 109 | } 110 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/koi-win: -------------------------------------------------------------------------------- 1 | 2 | charset_map koi8-r windows-1251 { 3 | 4 | 80 88 ; # euro 5 | 6 | 95 95 ; # bullet 7 | 8 | 9A A0 ; #   9 | 10 | 9E B7 ; # · 11 | 12 | A3 B8 ; # small yo 13 | A4 BA ; # small Ukrainian ye 14 | 15 | A6 B3 ; # small Ukrainian i 16 | A7 BF ; # small Ukrainian yi 17 | 18 | AD B4 ; # small Ukrainian soft g 19 | AE A2 ; # small Byelorussian short u 20 | 21 | B0 B0 ; # ° 22 | 23 | B3 A8 ; # capital YO 24 | B4 AA ; # capital Ukrainian YE 25 | 26 | B6 B2 ; # capital Ukrainian I 27 | B7 AF ; # capital Ukrainian YI 28 | 29 | B9 B9 ; # numero sign 30 | 31 | BD A5 ; # capital Ukrainian soft G 32 | BE A1 ; # capital Byelorussian short U 33 | 34 | BF A9 ; # (C) 35 | 36 | C0 FE ; # small yu 37 | C1 E0 ; # small a 38 | C2 E1 ; # small b 39 | C3 F6 ; # small ts 40 | C4 E4 ; # small d 41 | C5 E5 ; # small ye 42 | C6 F4 ; # small f 43 | C7 E3 ; # small g 44 | C8 F5 ; # small kh 45 | C9 E8 ; # small i 46 | CA E9 ; # small j 47 | CB EA ; # small k 48 | CC EB ; # small l 49 | CD EC ; # small m 50 | CE ED ; # small n 51 | CF EE ; # small o 52 | 53 | D0 EF ; # small p 54 | D1 FF ; # small ya 55 | D2 F0 ; # small r 56 | D3 F1 ; # small s 57 | D4 F2 ; # small t 58 | D5 F3 ; # small u 59 | D6 E6 ; # small zh 60 | D7 E2 ; # small v 61 | D8 FC ; # small soft sign 62 | D9 FB ; # small y 63 | DA E7 ; # small z 64 | DB F8 ; # small sh 65 | DC FD ; # small e 66 | DD F9 ; # small shch 67 | DE F7 ; # small ch 68 | DF FA ; # small hard sign 69 | 70 | E0 DE ; # capital YU 71 | E1 C0 ; # capital A 72 | E2 C1 ; # capital B 73 | E3 D6 ; # capital TS 74 | E4 C4 ; # capital D 75 | E5 C5 ; # capital YE 76 | E6 D4 ; # capital F 77 | E7 C3 ; # capital G 78 | E8 D5 ; # capital KH 79 | E9 C8 ; # capital I 80 | EA C9 ; # capital J 81 | EB CA ; # capital K 82 | EC CB ; # capital L 83 | ED CC ; # capital M 84 | EE CD ; # capital N 85 | EF CE ; # capital O 86 | 87 | F0 CF ; # capital P 88 | F1 DF ; # capital YA 89 | F2 D0 ; # capital R 90 | F3 D1 ; # capital S 91 | F4 D2 ; # capital T 92 | F5 D3 ; # capital U 93 | F6 C6 ; # capital ZH 94 | F7 C2 ; # capital V 95 | F8 DC ; # capital soft sign 96 | F9 DB ; # capital Y 97 | FA C7 ; # capital Z 98 | FB D8 ; # capital SH 99 | FC DD ; # capital E 100 | FD D9 ; # capital SHCH 101 | FE D7 ; # capital CH 102 | FF DA ; # capital hard sign 103 | } 104 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/mime.types: -------------------------------------------------------------------------------- 1 | 2 | types { 3 | text/html html htm shtml; 4 | text/css css; 5 | text/xml xml; 6 | image/gif gif; 7 | image/jpeg jpeg jpg; 8 | application/javascript js; 9 | application/atom+xml atom; 10 | application/rss+xml rss; 11 | 12 | text/mathml mml; 13 | text/plain txt; 14 | text/vnd.sun.j2me.app-descriptor jad; 15 | text/vnd.wap.wml wml; 16 | text/x-component htc; 17 | 18 | image/png png; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/x-icon ico; 22 | image/x-jng jng; 23 | image/x-ms-bmp bmp; 24 | image/svg+xml svg svgz; 25 | image/webp webp; 26 | 27 | application/font-woff woff; 28 | application/java-archive jar war ear; 29 | application/json json; 30 | application/mac-binhex40 hqx; 31 | application/msword doc; 32 | application/pdf pdf; 33 | application/postscript ps eps ai; 34 | application/rtf rtf; 35 | application/vnd.apple.mpegurl m3u8; 36 | application/vnd.ms-excel xls; 37 | application/vnd.ms-fontobject eot; 38 | application/vnd.ms-powerpoint ppt; 39 | application/vnd.wap.wmlc wmlc; 40 | application/vnd.google-earth.kml+xml kml; 41 | application/vnd.google-earth.kmz kmz; 42 | application/x-7z-compressed 7z; 43 | application/x-cocoa cco; 44 | application/x-java-archive-diff jardiff; 45 | application/x-java-jnlp-file jnlp; 46 | application/x-makeself run; 47 | application/x-perl pl pm; 48 | application/x-pilot prc pdb; 49 | application/x-rar-compressed rar; 50 | application/x-redhat-package-manager rpm; 51 | application/x-sea sea; 52 | application/x-shockwave-flash swf; 53 | application/x-stuffit sit; 54 | application/x-tcl tcl tk; 55 | application/x-x509-ca-cert der pem crt; 56 | application/x-xpinstall xpi; 57 | application/xhtml+xml xhtml; 58 | application/xspf+xml xspf; 59 | application/zip zip; 60 | 61 | application/octet-stream bin exe dll; 62 | application/octet-stream deb; 63 | application/octet-stream dmg; 64 | application/octet-stream iso img; 65 | application/octet-stream msi msp msm; 66 | 67 | application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; 68 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; 69 | application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; 70 | 71 | audio/midi mid midi kar; 72 | audio/mpeg mp3; 73 | audio/ogg ogg; 74 | audio/x-m4a m4a; 75 | audio/x-realaudio ra; 76 | 77 | video/3gpp 3gpp 3gp; 78 | video/mp2t ts; 79 | video/mp4 mp4; 80 | video/mpeg mpeg mpg; 81 | video/quicktime mov; 82 | video/webm webm; 83 | video/x-flv flv; 84 | video/x-m4v m4v; 85 | video/x-mng mng; 86 | video/x-ms-asf asx asf; 87 | video/x-ms-wmv wmv; 88 | video/x-msvideo avi; 89 | } 90 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/scgi_params: -------------------------------------------------------------------------------- 1 | 2 | scgi_param REQUEST_METHOD $request_method; 3 | scgi_param REQUEST_URI $request_uri; 4 | scgi_param QUERY_STRING $query_string; 5 | scgi_param CONTENT_TYPE $content_type; 6 | 7 | scgi_param DOCUMENT_URI $document_uri; 8 | scgi_param DOCUMENT_ROOT $document_root; 9 | scgi_param SCGI 1; 10 | scgi_param SERVER_PROTOCOL $server_protocol; 11 | scgi_param REQUEST_SCHEME $scheme; 12 | scgi_param HTTPS $https if_not_empty; 13 | 14 | scgi_param REMOTE_ADDR $remote_addr; 15 | scgi_param REMOTE_PORT $remote_port; 16 | scgi_param SERVER_PORT $server_port; 17 | scgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/uwsgi_params: -------------------------------------------------------------------------------- 1 | 2 | uwsgi_param QUERY_STRING $query_string; 3 | uwsgi_param REQUEST_METHOD $request_method; 4 | uwsgi_param CONTENT_TYPE $content_type; 5 | uwsgi_param CONTENT_LENGTH $content_length; 6 | 7 | uwsgi_param REQUEST_URI $request_uri; 8 | uwsgi_param PATH_INFO $document_uri; 9 | uwsgi_param DOCUMENT_ROOT $document_root; 10 | uwsgi_param SERVER_PROTOCOL $server_protocol; 11 | uwsgi_param REQUEST_SCHEME $scheme; 12 | uwsgi_param HTTPS $https if_not_empty; 13 | 14 | uwsgi_param REMOTE_ADDR $remote_addr; 15 | uwsgi_param REMOTE_PORT $remote_port; 16 | uwsgi_param SERVER_PORT $server_port; 17 | uwsgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/nginx/win-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full windows-1251 <> utf8 map: it does not 3 | # contain Serbian and Macedonian letters. If you need a full map, 4 | # use contrib/unicode2nginx/win-utf map instead. 5 | 6 | charset_map windows-1251 utf-8 { 7 | 8 | 82 E2809A ; # single low-9 quotation mark 9 | 10 | 84 E2809E ; # double low-9 quotation mark 11 | 85 E280A6 ; # ellipsis 12 | 86 E280A0 ; # dagger 13 | 87 E280A1 ; # double dagger 14 | 88 E282AC ; # euro 15 | 89 E280B0 ; # per mille 16 | 17 | 91 E28098 ; # left single quotation mark 18 | 92 E28099 ; # right single quotation mark 19 | 93 E2809C ; # left double quotation mark 20 | 94 E2809D ; # right double quotation mark 21 | 95 E280A2 ; # bullet 22 | 96 E28093 ; # en dash 23 | 97 E28094 ; # em dash 24 | 25 | 99 E284A2 ; # trade mark sign 26 | 27 | A0 C2A0 ; #   28 | A1 D18E ; # capital Byelorussian short U 29 | A2 D19E ; # small Byelorussian short u 30 | 31 | A4 C2A4 ; # currency sign 32 | A5 D290 ; # capital Ukrainian soft G 33 | A6 C2A6 ; # borken bar 34 | A7 C2A7 ; # section sign 35 | A8 D081 ; # capital YO 36 | A9 C2A9 ; # (C) 37 | AA D084 ; # capital Ukrainian YE 38 | AB C2AB ; # left-pointing double angle quotation mark 39 | AC C2AC ; # not sign 40 | AD C2AD ; # soft hypen 41 | AE C2AE ; # (R) 42 | AF D087 ; # capital Ukrainian YI 43 | 44 | B0 C2B0 ; # ° 45 | B1 C2B1 ; # plus-minus sign 46 | B2 D086 ; # capital Ukrainian I 47 | B3 D196 ; # small Ukrainian i 48 | B4 D291 ; # small Ukrainian soft g 49 | B5 C2B5 ; # micro sign 50 | B6 C2B6 ; # pilcrow sign 51 | B7 C2B7 ; # · 52 | B8 D191 ; # small yo 53 | B9 E28496 ; # numero sign 54 | BA D194 ; # small Ukrainian ye 55 | BB C2BB ; # right-pointing double angle quotation mark 56 | 57 | BF D197 ; # small Ukrainian yi 58 | 59 | C0 D090 ; # capital A 60 | C1 D091 ; # capital B 61 | C2 D092 ; # capital V 62 | C3 D093 ; # capital G 63 | C4 D094 ; # capital D 64 | C5 D095 ; # capital YE 65 | C6 D096 ; # capital ZH 66 | C7 D097 ; # capital Z 67 | C8 D098 ; # capital I 68 | C9 D099 ; # capital J 69 | CA D09A ; # capital K 70 | CB D09B ; # capital L 71 | CC D09C ; # capital M 72 | CD D09D ; # capital N 73 | CE D09E ; # capital O 74 | CF D09F ; # capital P 75 | 76 | D0 D0A0 ; # capital R 77 | D1 D0A1 ; # capital S 78 | D2 D0A2 ; # capital T 79 | D3 D0A3 ; # capital U 80 | D4 D0A4 ; # capital F 81 | D5 D0A5 ; # capital KH 82 | D6 D0A6 ; # capital TS 83 | D7 D0A7 ; # capital CH 84 | D8 D0A8 ; # capital SH 85 | D9 D0A9 ; # capital SHCH 86 | DA D0AA ; # capital hard sign 87 | DB D0AB ; # capital Y 88 | DC D0AC ; # capital soft sign 89 | DD D0AD ; # capital E 90 | DE D0AE ; # capital YU 91 | DF D0AF ; # capital YA 92 | 93 | E0 D0B0 ; # small a 94 | E1 D0B1 ; # small b 95 | E2 D0B2 ; # small v 96 | E3 D0B3 ; # small g 97 | E4 D0B4 ; # small d 98 | E5 D0B5 ; # small ye 99 | E6 D0B6 ; # small zh 100 | E7 D0B7 ; # small z 101 | E8 D0B8 ; # small i 102 | E9 D0B9 ; # small j 103 | EA D0BA ; # small k 104 | EB D0BB ; # small l 105 | EC D0BC ; # small m 106 | ED D0BD ; # small n 107 | EE D0BE ; # small o 108 | EF D0BF ; # small p 109 | 110 | F0 D180 ; # small r 111 | F1 D181 ; # small s 112 | F2 D182 ; # small t 113 | F3 D183 ; # small u 114 | F4 D184 ; # small f 115 | F5 D185 ; # small kh 116 | F6 D186 ; # small ts 117 | F7 D187 ; # small ch 118 | F8 D188 ; # small sh 119 | F9 D189 ; # small shch 120 | FA D18A ; # small hard sign 121 | FB D18B ; # small y 122 | FC D18C ; # small soft sign 123 | FD D18D ; # small e 124 | FE D18E ; # small yu 125 | FF D18F ; # small ya 126 | } 127 | -------------------------------------------------------------------------------- /files/end_state/gitlabappster/etc/ssl/nginx/PLACE_NGINX_REPO_CRT_AND_KEY_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/etc/ssl/nginx/PLACE_NGINX_REPO_CRT_AND_KEY_HERE -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/appster_iphone7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/appster_iphone7.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/appster_iphonex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/appster_iphonex.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/appster_subheader_original.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/appster_subheader_original.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/appster_subheader_updated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/appster_subheader_updated.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/bg-purple-yellow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/bg-purple-yellow.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/bg-yellow-purple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/bg-yellow-purple.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/cron: -------------------------------------------------------------------------------- 1 | # Start appster on boot 2 | @reboot ( sleep 60 ; sh /var/www/appster/start.sh) -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | watchtower: 4 | image: containrrr/watchtower 5 | volumes: 6 | - /var/run/docker.sock:/var/run/docker.sock 7 | - /root/.docker/config.json:/config.json 8 | command: --interval 30 9 | web1: 10 | image: registry.gitlab.com/armsultan/appster:latest 11 | ports: 12 | - '9090:80' 13 | web2: 14 | image: registry.gitlab.com/armsultan/appster:latest 15 | ports: 16 | - '9091:80' -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/gitlab_cicd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/gitlabappster/extra/gitlab_cicd.png -------------------------------------------------------------------------------- /files/end_state/gitlabappster/extra/start.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # To Run on boot add the following cron job (crontab -e): 4 | # Start appster on boot 5 | # @reboot ( sleep 60 ; sh /var/www/appster/start.sh ) 6 | 7 | DIRECTORY=`dirname $0` 8 | docker && docker-compose -f $DIRECTORY/docker-compose.yml up -d --remove-orphans -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/.gitignore: -------------------------------------------------------------------------------- 1 | # OS generated files # 2 | ###################### 3 | .DS_Store 4 | .DS_Store? 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | ehthumbs.db 9 | Thumbs.db 10 | 11 | # NGINX Specific files # 12 | ######################## 13 | nginx-repo.key 14 | nginx-repo.crt 15 | .log -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.10 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 F5 Demo Lab 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/README.md: -------------------------------------------------------------------------------- 1 | # NGINX Plus Dockerfiles 2 | 3 | A Bunch of Dockerfiles for [NGINX Plus](https://www.nginx.com/products/nginx/). 4 | **Just add licenses** 5 | 6 | #### Requirements 7 | 8 | 1. **Just add [licenses](https://www.nginx.com/free-trial-request/)** 9 | 2. Continuous Integration: Setup a [Gitlab CICD]((https://docs.gitlab.com/ee/ci/quick_start/)) continuous integration service 10 | 3. A Linux build server with a [Gitlab Runner](https://docs.gitlab.com/ee/ci/runners/README.html), running Dind (Docker in Docker) 11 | 12 | #### Other setup Instructions: 13 | 1. Place `nginx-repo.crt` and `nginx-repo.crt` files following files as Gitlab Variables 14 | * Retrieve your NGINX Plus Key and Certificate from the NGINX [customer portal](https://cs.nginx.com/) or from an activated evaluation 15 | 2. Automate a [CICD pipeline using gitlab](https://docs.gitlab.com/ee/ci/pipelines.html). A example gitlab CI/CD pipeline file (`.gitlab-ci.yml`) is provided. 16 | 3. Optional: Modify the `Dockerfile` as necessary, e.g. To install addtional NGINX Plus [Dynamic modules](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/) 17 | 18 | ## Demos 19 | 20 | SEE LAB GUIDE FOR DETAILED INSTRUCTIONS -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/build-nginx-plus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Usage EXAMPLE: ./build-nginx-plus.sh ubuntu18.04 3 | distro="$(tr [A-Z] [a-z] <<< "$1")" # set to lowercase 4 | 5 | # Pull changes 6 | git pull --no-edit 7 | 8 | # remove Dockerfile here 9 | rm Dockerfile 10 | 11 | # copy desired Dockerfile 12 | cp Dockerfiles/$distro/Dockerfile . 13 | 14 | # Build and tag it as "nginx-plus-[distro]" 15 | docker build -t nginx-plus-$distro . --pull --no-cache # No caching 16 | # docker build -t nginx-plus-$distro 17 | 18 | # Show all docker containers build with names containing "nginx-plus-" 19 | printf "\n" 20 | printf "Nginx Plus containers built:" 21 | printf "\n" 22 | docker images | grep nginx-plus- -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Tested on ubuntu 18.04 3 | # Generating random number between $FPORT and $EPORT for port binding 4 | FPORT=1025; 5 | EPORT=9999; 6 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 7 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) 8 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) 9 | # Name of the Docker container provided in ARG $1 10 | NAME=$1 11 | 12 | check_port_availability () { 13 | 14 | HTTP_PORT_CHECK=$1 15 | SSL_PORT_CHECK=$2 16 | DASH_PORT_CHECK=$3 17 | 18 | if [ $HTTP_PORT_CHECK -eq $SSL_PORT_CHECK ] || [ $HTTP_PORT_CHECK -eq $DASH_PORT_CHECK ] || [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 19 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 20 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 21 | exit 22 | fi 23 | 24 | if [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 25 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 26 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 27 | exit 28 | fi 29 | 30 | for USED_PORT in $( netstat -ltn | sed -rne '/^tcp/{/:\>/d;s/.*:([0-9]+)\>.*/\1/p}' | sort -n | uniq ); do 31 | if [ $HTTP_PORT_CHECK -eq $USED_PORT ]; then 32 | printf "\n\n$HTTP_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTP Port!\n\n" 33 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 34 | exit 35 | elif [ $SSL_PORT_CHECK -eq $USED_PORT ]; then 36 | printf "\n\n$SSL_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTPS Port!\n\n" 37 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 38 | exit 39 | elif [ $DASH_PORT_CHECK -eq $USED_PORT ]; then 40 | printf "\n\n$DASH_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing Dashboard/API Port!\n\n" 41 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 42 | exit 43 | fi 44 | done 45 | 46 | return 47 | } 48 | 49 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 50 | 51 | # Port check and randomize 52 | # Loop until all ports are random 53 | if [ -z "$port_sanity" ]; then 54 | printf "\nWe will run the container with these randomly assigned ports:\nHTTP port $RANDHTTP\nHTTPS port $RANDSSL\nDashboard port $RANDDASH\n\n" 55 | else 56 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 57 | fi 58 | 59 | # Run container 60 | # Make sure this Container is not running 61 | printf "Make sure a Container with the designated name is not running..." 62 | OUTPUT="$(docker stop $NAME)" 63 | if echo "$OUTPUT" | grep -c "No such container"; then 64 | echo "A container with name, $NAME, was stopped. Good to proceed.." 65 | else 66 | echo "No container with name, $NAME, exists. Good to proceed.." 67 | 68 | fi 69 | 70 | printf "\nGoing to run:\ndocker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v '$(pwd)/test/etc/nginx/conf.d:/etc/nginx/conf.d' --name $NAME $NAME\n\n" 71 | docker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v "$(pwd)/etc/nginx/conf.d:/etc/nginx/conf.d" --name $NAME $NAME 72 | exit -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | #user nginx; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | # # ModSecurity dynamic module 10 | # load_module modules/ngx_http_modsecurity_module.so; 11 | # # Nginx javascript 12 | # # Prometheus exporter NJS (njs http module required) 13 | # load_module modules/ngx_http_js_module.so; # njs http 14 | # load_module modules/ngx_stream_js_module.so; # njs stream 15 | # # GeoIP 16 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 17 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 18 | # # GeoIP2 19 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 20 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 21 | # # Brotli compression 22 | # load_module modules/ngx_http_brotli_filter_module.so; 23 | # load_module modules/ngx_http_brotli_static_module.so; 24 | # # cookie flag 25 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 26 | # # Headers-More 27 | # load_module modules/ngx_http_headers_more_filter_module.so; 28 | # # encrypted session 29 | # load_module modules/ndk_http_module.so; 30 | # load_module modules/ngx_http_encrypted_session_module.so; 31 | # # headers-more 32 | # load_module modules/ngx_http_headers_more_filter_module.so; 33 | # # Image-Filter 34 | # load_module modules/ngx_http_image_filter_module.so; 35 | # # Lua (NDK + lua) 36 | # load_module modules/ndk_http_module.so; 37 | # load_module modules/ngx_http_lua_module.so; 38 | # # OpenTracing 39 | # load_module modules/ngx_http_opentracing_module.so; 40 | # # Phusion Passenger 41 | # load_module modules/ngx_http_passenger_module.so; 42 | # # Perl 43 | # load_module modules/ngx_http_perl_module.so; 44 | # # RTMP 45 | # load_module modules/ngx_rtmp_module.so; 46 | # # set-misc (NDK + set-misc) 47 | # load_module modules/ndk_http_module.so; 48 | # load_module modules/ngx_http_set_misc_module.so; 49 | # # HTTP Substitutions Filter 50 | # load_module modules/ngx_http_subs_filter_module.so; 51 | # # XSLT 52 | # load_module modules/ngx_http_xslt_module.so; 53 | 54 | error_log /var/log/nginx/error.log notice; 55 | 56 | pid /var/run/nginx.pid; 57 | 58 | events { 59 | worker_connections 1024; 60 | } 61 | 62 | http { 63 | include /etc/nginx/mime.types; 64 | default_type application/octet-stream; 65 | 66 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 67 | '$status $body_bytes_sent "$http_referer" ' 68 | '"$http_user_agent" "$http_x_forwarded_for"'; 69 | 70 | # NGINX Plus Additional NGINX Metrics 71 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 72 | '$status $body_bytes_sent "$http_referer" "$http2" ' 73 | '"$http_user_agent" "$http_x_forwarded_for" ' 74 | '"$host" sn="$server_name" ' 75 | 'rt=$request_time ' 76 | 'ua="$upstream_addr" us="$upstream_status" ' 77 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 78 | 'cs=$upstream_cache_status' ; 79 | 80 | access_log /var/log/nginx/access.log main; # Default 81 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 82 | 83 | sendfile on; 84 | #tcp_nopush on; 85 | 86 | keepalive_timeout 65; 87 | 88 | gzip on; 89 | 90 | # Include Local sub files 91 | include /etc/nginx/conf.d/*.conf; 92 | 93 | } 94 | 95 | # TCP/UDP proxy and load balancing block 96 | 97 | stream { 98 | # Include Local sub files 99 | include /etc/nginx/stream.conf.d/*.conf; 100 | } 101 | 102 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/end_state/nginx-plus-dockerfiles/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/test/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | 14 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/end_state/nginx-plus-dockerfiles/test/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | #user nginx; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | # # ModSecurity dynamic module 10 | # load_module modules/ngx_http_modsecurity_module.so; 11 | # # Nginx javascript 12 | # # Prometheus exporter NJS (njs http module required) 13 | # load_module modules/ngx_http_js_module.so; # njs http 14 | # load_module modules/ngx_stream_js_module.so; # njs stream 15 | # # GeoIP 16 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 17 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 18 | # # GeoIP2 19 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 20 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 21 | # # Brotli compression 22 | # load_module modules/ngx_http_brotli_filter_module.so; 23 | # load_module modules/ngx_http_brotli_static_module.so; 24 | # # cookie flag 25 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 26 | # # Headers-More 27 | # load_module modules/ngx_http_headers_more_filter_module.so; 28 | # # encrypted session 29 | # load_module modules/ndk_http_module.so; 30 | # load_module modules/ngx_http_encrypted_session_module.so; 31 | # # headers-more 32 | # load_module modules/ngx_http_headers_more_filter_module.so; 33 | # # Image-Filter 34 | # load_module modules/ngx_http_image_filter_module.so; 35 | # # Lua (NDK + lua) 36 | # load_module modules/ndk_http_module.so; 37 | # load_module modules/ngx_http_lua_module.so; 38 | # # OpenTracing 39 | # load_module modules/ngx_http_opentracing_module.so; 40 | # # Phusion Passenger 41 | # load_module modules/ngx_http_passenger_module.so; 42 | # # Perl 43 | # load_module modules/ngx_http_perl_module.so; 44 | # # RTMP 45 | # load_module modules/ngx_rtmp_module.so; 46 | # # set-misc (NDK + set-misc) 47 | # load_module modules/ndk_http_module.so; 48 | # load_module modules/ngx_http_set_misc_module.so; 49 | # # HTTP Substitutions Filter 50 | # load_module modules/ngx_http_subs_filter_module.so; 51 | # # XSLT 52 | # load_module modules/ngx_http_xslt_module.so; 53 | 54 | error_log /var/log/nginx/error.log notice; 55 | 56 | pid /var/run/nginx.pid; 57 | 58 | events { 59 | worker_connections 1024; 60 | } 61 | 62 | http { 63 | include /etc/nginx/mime.types; 64 | default_type application/octet-stream; 65 | 66 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 67 | '$status $body_bytes_sent "$http_referer" ' 68 | '"$http_user_agent" "$http_x_forwarded_for"'; 69 | 70 | # NGINX Plus Additional NGINX Metrics 71 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 72 | '$status $body_bytes_sent "$http_referer" "$http2" ' 73 | '"$http_user_agent" "$http_x_forwarded_for" ' 74 | '"$host" sn="$server_name" ' 75 | 'rt=$request_time ' 76 | 'ua="$upstream_addr" us="$upstream_status" ' 77 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 78 | 'cs=$upstream_cache_status' ; 79 | 80 | access_log /var/log/nginx/access.log main; # Default 81 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 82 | 83 | sendfile on; 84 | #tcp_nopush on; 85 | 86 | keepalive_timeout 65; 87 | 88 | gzip on; 89 | 90 | # Include Local sub files 91 | include /etc/nginx/conf.d/*.conf; 92 | 93 | } 94 | 95 | # TCP/UDP proxy and load balancing block 96 | 97 | stream { 98 | # Include Local sub files 99 | include /etc/nginx/stream.conf.d/*.conf; 100 | } 101 | 102 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/.gitignore: -------------------------------------------------------------------------------- 1 | # Don't track these files 2 | nginx-repo.crt 3 | nginx-repo.key 4 | .DS_Store 5 | .key 6 | .crt 7 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/cicd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/appster-lb/cicd.png -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/conf.d/health_checks.conf: -------------------------------------------------------------------------------- 1 | match status_text_ok { 2 | # Simple health check expecting http 200 and text/plain 3 | status 200; 4 | header Content-Type = text/plain; 5 | body ~ "healthy"; # Regex body check 6 | } 7 | 8 | match status_html_ok { 9 | # Simple health check expecting http 200 and text/html 10 | status 200; 11 | header Content-Type = text/html; 12 | } 13 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/conf.d/upstreams_prod.conf: -------------------------------------------------------------------------------- 1 | resolver 10.1.1.10:53 ipv6=off; 2 | 3 | upstream http_appster_prod { 4 | zone http_appster_prod 64k; 5 | 6 | # Production Servers ------- 7 | server nginx.f5demolab.com:81 resolve; 8 | server nginx.f5demolab.com:82 resolve; 9 | server nginx.f5demolab.com:83 resolve; 10 | server nginx.f5demolab.com:84 resolve; 11 | # end ---------------------- 12 | 13 | # Load Balancing 14 | # Round Robin - Default 15 | # ip_hash; 16 | # hash [key] [consistent]; 17 | # least_conn; 18 | # least_time header last_byte [inflight]; 19 | # random [two [method]]; 20 | 21 | # Activates the cache for connections to upstream servers 22 | keepalive 64; 23 | } 24 | 25 | # 26 | # Load Balancing 27 | # 28 | # Round Robin (the default) – Distributes requests in order across the list of 29 | # upstream servers. 30 | 31 | # Least Connections – Sends requests to the server with the lowest number of 32 | # active connections. 33 | 34 | #least_conn; 35 | 36 | # Least Time – Sends requests to the server selected by a formula that combines 37 | # the fastest response time and fewest active connections. 38 | # Exclusive to NGINX Plus. 39 | # e.g. least_time header | last_byte [inflight]; 40 | 41 | #least_time last_byte; 42 | 43 | # Hash – Distributes requests based on a key you define, such as the client IP 44 | # address or the request URL. NGINX Plus can optionally apply a consistent 45 | # hash to minimize redistribution of loads if the set of upstream servers 46 | # changes. 47 | # e.g. hash key [consistent]; 48 | 49 | #hash $request_uri consistent; 50 | 51 | # IP Hash (HTTP only) – Distributes requests based on the first three octets of 52 | # the client IP address. 53 | 54 | #ip_hash; 55 | 56 | # Random with Two Choices – Picks two servers at random and sends the request 57 | # to the one that is selected by then applying t 58 | # he Least Connections algorithm (or for NGINX Plus 59 | # the Least Time algorithm, if so configured). 60 | # e.g. random [two [method]] 61 | 62 | # random two; # Round Robin 63 | # random two least_conn; # Least connections 64 | # random two least_time=last_byte; # Least time: use header or last_byte -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/conf.d/www.appster.com.conf: -------------------------------------------------------------------------------- 1 | # Rate limit 2 | # Uncomment lines below to enable here 3 | # limit_req_zone $binary_remote_addr zone=limit_me:1m rate=10r/s; 4 | 5 | # www.appster.com HTTP 6 | server { 7 | listen 80 default_server; 8 | server_name www.appster.com appster.com ""; 9 | status_zone www.appster.com_http; 10 | 11 | # Separate logs 12 | access_log /var/log/nginx/www.appster.com.log main_ext; # access logs 13 | error_log /var/log/nginx/www.appster.com_errors.log info; # error logs 14 | 15 | location / { 16 | include includes/proxy_headers/proxy_headers.conf; 17 | include includes/proxy_headers/keepalive.conf; 18 | 19 | # Rate limiting 20 | # Uncomment below to enable here. 21 | # limit_req zone=limit_me; 22 | # limit_req_status 429; 23 | 24 | # Set Variable for dynamic templating (CICD) 25 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 26 | proxy_pass http://${appster_upstream}; 27 | } 28 | 29 | # Active Healthcheck 30 | location @health_check { 31 | proxy_set_header Host www.appster.com; 32 | 33 | # Set Variable for dynamic templating (CICD) 34 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 35 | proxy_pass http://${appster_upstream}; 36 | 37 | health_check interval=5s fails=2 passes=2 uri=/ match=status_html_ok; 38 | access_log /var/log/nginx/health_check.log main; 39 | 40 | internal; # Internal request only 41 | } 42 | } -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | fastcgi_param REQUEST_SCHEME $scheme; 13 | fastcgi_param HTTPS $https if_not_empty; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/add_headers/security.conf: -------------------------------------------------------------------------------- 1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ 2 | 3 | # via: https://gist.github.com/plentz/6737338 4 | 5 | # don't send the nginx version number in error pages and Server header 6 | server_tokens off; 7 | 8 | # config to don't allow the browser to render the page inside an frame or iframe 9 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking 10 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri 11 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options 12 | add_header X-Frame-Options SAMEORIGIN; 13 | 14 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, 15 | # to disable content-type sniffing on some browsers. 16 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 17 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx 18 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx 19 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 20 | add_header X-Content-Type-Options nosniff; 21 | 22 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. 23 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 24 | # this particular website if it was disabled by the user. 25 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 26 | add_header X-XSS-Protection "1; mode=block"; 27 | 28 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), 29 | # you can tell the browser that it can only download content from the domains you explicitly allow 30 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 31 | # https://www.owasp.org/index.php/Content_Security_Policy 32 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' 33 | # directives for css and js(if you have inline css or js, you will need to keep it too). 34 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful 35 | add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; 36 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/proxy_headers/keepalive.conf: -------------------------------------------------------------------------------- 1 | # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 2 | proxy_http_version 1.1; 3 | 4 | # Remove the Connection header if the client sends it, 5 | # it could be "close" to close a keepalive connection 6 | proxy_set_header Connection ""; 7 | 8 | # Host request header field, or the server name matching a request 9 | proxy_set_header Host $host; 10 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/proxy_headers/proxy_headers.conf: -------------------------------------------------------------------------------- 1 | ## Set Headers to the proxied servers ## 2 | 3 | # Host request header field, or the server name matching a request 4 | # proxy_set_header Host $host; # Disable for UDF 5 | # client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses 6 | proxy_set_header X-Real-IP $remote_addr; 7 | # X-Forwarded-For client request header field with the $remote_addr variable appended to it, 8 | # separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, 9 | # the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable. 10 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 11 | # request scheme, “http” or “https” 12 | proxy_set_header X-Forwarded-Proto $scheme; 13 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/ssl/ssl_ intermediate.conf: -------------------------------------------------------------------------------- 1 | # SSL | intermediate configuration 2 | # nginx 1.14.0 | intermediate profile | OpenSSL 1.0.1e 3 | # Oldest compatible clients: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=inte 7 | 8 | # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 9 | 10 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 11 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 12 | # ssl_certificate_key /etc/ssl/example.com.key; 13 | 14 | ssl_session_timeout 1d; 15 | ssl_session_cache shared:SSL:50m; 16 | ssl_session_tickets off; 17 | 18 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits 19 | ssl_dhparam /etc/ssl/dhparam_2048.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 2048 20 | 21 | # intermediate configuration. tweak to your needs. 22 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 23 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; 24 | ssl_prefer_server_ciphers on; 25 | 26 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 27 | add_header Strict-Transport-Security max-age=15768000; 28 | 29 | # OCSP Stapling --- 30 | # fetch OCSP records from URL in ssl_certificate and cache them 31 | ssl_stapling on; 32 | ssl_stapling_verify on; 33 | 34 | # Todo: 35 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 36 | # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 37 | 38 | # Make sure resolver is set in the server block, i.e.: 39 | # resolver valid=300s; 40 | # resolver_timeout 5s; 41 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/ssl/ssl_a+_strong.conf: -------------------------------------------------------------------------------- 1 | # Based on SSL Labs A+ (https://www.ssllabs.com/ssltest/) 2 | # See: https://cipherli.st and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 3 | 4 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 5 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 6 | # ssl_certificate_key /etc/ssl/example.com.key; 7 | 8 | ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2 9 | ssl_prefer_server_ciphers on; 10 | ssl_dhparam /etc/ssl/dhparam_4096.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096 11 | ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; 12 | ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 13 | ssl_session_timeout 10m; 14 | ssl_session_cache shared:SSL:10m; 15 | ssl_session_tickets off; # Requires nginx >= 1.5.9 16 | ssl_stapling on; # Requires nginx >= 1.3.7 17 | ssl_stapling_verify on; # Requires nginx => 1.3.7 18 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 19 | add_header X-Frame-Options DENY; 20 | add_header X-Content-Type-Options nosniff; 21 | add_header X-XSS-Protection "1; mode=block"; 22 | 23 | # Make sure resolver is set in the server block, i.e.: 24 | # resolver valid=300s; 25 | # resolver_timeout 5s; 26 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/ssl/ssl_modern.conf: -------------------------------------------------------------------------------- 1 | # SSL | Modern configuration 2 | # nginx 1.14.0 | modern profile | OpenSSL 1.0.1e 3 | # Oldest compatible clients: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=modern 7 | 8 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 9 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 10 | # ssl_certificate_key /etc/ssl/example.com.key; 11 | 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:50m; 14 | ssl_session_tickets off; 15 | 16 | # modern configuration. tweak to your needs. 17 | ssl_protocols TLSv1.2; 18 | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; 19 | ssl_prefer_server_ciphers on; 20 | 21 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 22 | add_header Strict-Transport-Security max-age=15768000; 23 | 24 | # OCSP Stapling --- 25 | # fetch OCSP records from URL in ssl_certificate and cache them 26 | ssl_stapling on; 27 | ssl_stapling_verify on; 28 | 29 | # Todo: 30 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 31 | # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 32 | 33 | # Make sure resolver is set in the server block, i.e.: 34 | # resolver valid=300s; 35 | # resolver_timeout 5s; 36 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/includes/ssl/ssl_old.conf: -------------------------------------------------------------------------------- 1 | # SSL | Old configuration 2 | # nginx 1.14.0 | old profile | OpenSSL 1.0.1e | link 3 | # Oldest compatible clients: Windows XP IE6, Java 6 4 | # 5 | # Based on Mozilla SSL Configuration Generator 6 | # See https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.0.1e&hsts=yes&profile=old 7 | 8 | # Define your certificate/keys here (uncomment lines below and remove directives from server context) 9 | # ssl_certificate /etc/ssl/example.com.crt; # signed certificate plus intermediates 10 | # ssl_certificate_key /etc/ssl/example.com.key; 11 | 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:50m; 14 | ssl_session_tickets off; 15 | 16 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits 17 | ssl_dhparam /etc/ssl/dhparam_2048.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 2048 18 | 19 | # old configuration. tweak to your needs. 20 | ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; 21 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP'; 22 | ssl_prefer_server_ciphers on; 23 | 24 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 25 | add_header Strict-Transport-Security max-age=15768000; 26 | 27 | # OCSP Stapling --- 28 | # fetch OCSP records from URL in ssl_certificate and cache them 29 | ssl_stapling on; 30 | ssl_stapling_verify on; 31 | 32 | ## verify chain of trust of OCSP response using Root CA and Intermediate certs 33 | ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; 34 | 35 | # Make sure resolver is set in the server block, i.e.: 36 | # resolver valid=300s; 37 | # resolver_timeout 5s; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/koi-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full koi8-r <> utf8 map: it does not contain 3 | # box-drawing and some other characters. Besides this map contains 4 | # several koi8-u and Byelorussian letters which are not in koi8-r. 5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 6 | # map instead. 7 | 8 | charset_map koi8-r utf-8 { 9 | 10 | 80 E282AC ; # euro 11 | 12 | 95 E280A2 ; # bullet 13 | 14 | 9A C2A0 ; #   15 | 16 | 9E C2B7 ; # · 17 | 18 | A3 D191 ; # small yo 19 | A4 D194 ; # small Ukrainian ye 20 | 21 | A6 D196 ; # small Ukrainian i 22 | A7 D197 ; # small Ukrainian yi 23 | 24 | AD D291 ; # small Ukrainian soft g 25 | AE D19E ; # small Byelorussian short u 26 | 27 | B0 C2B0 ; # ° 28 | 29 | B3 D081 ; # capital YO 30 | B4 D084 ; # capital Ukrainian YE 31 | 32 | B6 D086 ; # capital Ukrainian I 33 | B7 D087 ; # capital Ukrainian YI 34 | 35 | B9 E28496 ; # numero sign 36 | 37 | BD D290 ; # capital Ukrainian soft G 38 | BE D18E ; # capital Byelorussian short U 39 | 40 | BF C2A9 ; # (C) 41 | 42 | C0 D18E ; # small yu 43 | C1 D0B0 ; # small a 44 | C2 D0B1 ; # small b 45 | C3 D186 ; # small ts 46 | C4 D0B4 ; # small d 47 | C5 D0B5 ; # small ye 48 | C6 D184 ; # small f 49 | C7 D0B3 ; # small g 50 | C8 D185 ; # small kh 51 | C9 D0B8 ; # small i 52 | CA D0B9 ; # small j 53 | CB D0BA ; # small k 54 | CC D0BB ; # small l 55 | CD D0BC ; # small m 56 | CE D0BD ; # small n 57 | CF D0BE ; # small o 58 | 59 | D0 D0BF ; # small p 60 | D1 D18F ; # small ya 61 | D2 D180 ; # small r 62 | D3 D181 ; # small s 63 | D4 D182 ; # small t 64 | D5 D183 ; # small u 65 | D6 D0B6 ; # small zh 66 | D7 D0B2 ; # small v 67 | D8 D18C ; # small soft sign 68 | D9 D18B ; # small y 69 | DA D0B7 ; # small z 70 | DB D188 ; # small sh 71 | DC D18D ; # small e 72 | DD D189 ; # small shch 73 | DE D187 ; # small ch 74 | DF D18A ; # small hard sign 75 | 76 | E0 D0AE ; # capital YU 77 | E1 D090 ; # capital A 78 | E2 D091 ; # capital B 79 | E3 D0A6 ; # capital TS 80 | E4 D094 ; # capital D 81 | E5 D095 ; # capital YE 82 | E6 D0A4 ; # capital F 83 | E7 D093 ; # capital G 84 | E8 D0A5 ; # capital KH 85 | E9 D098 ; # capital I 86 | EA D099 ; # capital J 87 | EB D09A ; # capital K 88 | EC D09B ; # capital L 89 | ED D09C ; # capital M 90 | EE D09D ; # capital N 91 | EF D09E ; # capital O 92 | 93 | F0 D09F ; # capital P 94 | F1 D0AF ; # capital YA 95 | F2 D0A0 ; # capital R 96 | F3 D0A1 ; # capital S 97 | F4 D0A2 ; # capital T 98 | F5 D0A3 ; # capital U 99 | F6 D096 ; # capital ZH 100 | F7 D092 ; # capital V 101 | F8 D0AC ; # capital soft sign 102 | F9 D0AB ; # capital Y 103 | FA D097 ; # capital Z 104 | FB D0A8 ; # capital SH 105 | FC D0AD ; # capital E 106 | FD D0A9 ; # capital SHCH 107 | FE D0A7 ; # capital CH 108 | FF D0AA ; # capital hard sign 109 | } 110 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/koi-win: -------------------------------------------------------------------------------- 1 | 2 | charset_map koi8-r windows-1251 { 3 | 4 | 80 88 ; # euro 5 | 6 | 95 95 ; # bullet 7 | 8 | 9A A0 ; #   9 | 10 | 9E B7 ; # · 11 | 12 | A3 B8 ; # small yo 13 | A4 BA ; # small Ukrainian ye 14 | 15 | A6 B3 ; # small Ukrainian i 16 | A7 BF ; # small Ukrainian yi 17 | 18 | AD B4 ; # small Ukrainian soft g 19 | AE A2 ; # small Byelorussian short u 20 | 21 | B0 B0 ; # ° 22 | 23 | B3 A8 ; # capital YO 24 | B4 AA ; # capital Ukrainian YE 25 | 26 | B6 B2 ; # capital Ukrainian I 27 | B7 AF ; # capital Ukrainian YI 28 | 29 | B9 B9 ; # numero sign 30 | 31 | BD A5 ; # capital Ukrainian soft G 32 | BE A1 ; # capital Byelorussian short U 33 | 34 | BF A9 ; # (C) 35 | 36 | C0 FE ; # small yu 37 | C1 E0 ; # small a 38 | C2 E1 ; # small b 39 | C3 F6 ; # small ts 40 | C4 E4 ; # small d 41 | C5 E5 ; # small ye 42 | C6 F4 ; # small f 43 | C7 E3 ; # small g 44 | C8 F5 ; # small kh 45 | C9 E8 ; # small i 46 | CA E9 ; # small j 47 | CB EA ; # small k 48 | CC EB ; # small l 49 | CD EC ; # small m 50 | CE ED ; # small n 51 | CF EE ; # small o 52 | 53 | D0 EF ; # small p 54 | D1 FF ; # small ya 55 | D2 F0 ; # small r 56 | D3 F1 ; # small s 57 | D4 F2 ; # small t 58 | D5 F3 ; # small u 59 | D6 E6 ; # small zh 60 | D7 E2 ; # small v 61 | D8 FC ; # small soft sign 62 | D9 FB ; # small y 63 | DA E7 ; # small z 64 | DB F8 ; # small sh 65 | DC FD ; # small e 66 | DD F9 ; # small shch 67 | DE F7 ; # small ch 68 | DF FA ; # small hard sign 69 | 70 | E0 DE ; # capital YU 71 | E1 C0 ; # capital A 72 | E2 C1 ; # capital B 73 | E3 D6 ; # capital TS 74 | E4 C4 ; # capital D 75 | E5 C5 ; # capital YE 76 | E6 D4 ; # capital F 77 | E7 C3 ; # capital G 78 | E8 D5 ; # capital KH 79 | E9 C8 ; # capital I 80 | EA C9 ; # capital J 81 | EB CA ; # capital K 82 | EC CB ; # capital L 83 | ED CC ; # capital M 84 | EE CD ; # capital N 85 | EF CE ; # capital O 86 | 87 | F0 CF ; # capital P 88 | F1 DF ; # capital YA 89 | F2 D0 ; # capital R 90 | F3 D1 ; # capital S 91 | F4 D2 ; # capital T 92 | F5 D3 ; # capital U 93 | F6 C6 ; # capital ZH 94 | F7 C2 ; # capital V 95 | F8 DC ; # capital soft sign 96 | F9 DB ; # capital Y 97 | FA C7 ; # capital Z 98 | FB D8 ; # capital SH 99 | FC DD ; # capital E 100 | FD D9 ; # capital SHCH 101 | FE D7 ; # capital CH 102 | FF DA ; # capital hard sign 103 | } 104 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | # Load Modules 8 | # load_module modules/ngx_http_modsecurity_module.so; # Modsecurity WAF 9 | # load_module modules/ngx_http_js_module.so; # NGINX Javascript 10 | # load_module modules/ngx_http_geoip_module.so; # geoip 11 | # load_module modules/ngx_stream_geoip_module.so; # geoip 12 | 13 | events { 14 | worker_connections 1024; 15 | } 16 | 17 | http { 18 | include /etc/nginx/mime.types; 19 | default_type application/octet-stream; 20 | 21 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | '$status $body_bytes_sent "$http_referer" ' 23 | '"$http_user_agent" "$http_x_forwarded_for" "$request_id"'; 24 | 25 | # NGINX Plus Additional NGINX Metrics 26 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 27 | '$status $body_bytes_sent "$http_referer" "$http2" ' 28 | '"$http_user_agent" "$http_x_forwarded_for" ' 29 | '"$host" sn="$server_name" ' 30 | 'rt=$request_time ' 31 | 'ua="$upstream_addr" us="$upstream_status" ' 32 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 33 | 'cs=$upstream_cache_status $request_id' ; 34 | 35 | # access_log /var/log/nginx/access.log main; # Default 36 | access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 37 | 38 | sendfile on; 39 | #tcp_nopush on; 40 | 41 | keepalive_timeout 65; 42 | 43 | #gzip on; 44 | 45 | # Use relative path because we are going to use non-default nginx directory in prod 46 | include conf.d/*.conf; # HTTP/S configs 47 | #include /etc/nginx/test_env/*.conf; # test upstream groups. Uncomment in TEST only 48 | } 49 | 50 | 51 | # TCP/UDP proxy and load balancing block 52 | 53 | stream { 54 | include stream.conf.d/*.conf; # TCP/UDP traffic 55 | } 56 | 57 | # vim: syntax=nginx 58 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/scgi_params: -------------------------------------------------------------------------------- 1 | 2 | scgi_param REQUEST_METHOD $request_method; 3 | scgi_param REQUEST_URI $request_uri; 4 | scgi_param QUERY_STRING $query_string; 5 | scgi_param CONTENT_TYPE $content_type; 6 | 7 | scgi_param DOCUMENT_URI $document_uri; 8 | scgi_param DOCUMENT_ROOT $document_root; 9 | scgi_param SCGI 1; 10 | scgi_param SERVER_PROTOCOL $server_protocol; 11 | scgi_param REQUEST_SCHEME $scheme; 12 | scgi_param HTTPS $https if_not_empty; 13 | 14 | scgi_param REMOTE_ADDR $remote_addr; 15 | scgi_param REMOTE_PORT $remote_port; 16 | scgi_param SERVER_PORT $server_port; 17 | scgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/test_env/test_environments.md: -------------------------------------------------------------------------------- 1 | # Localhost testing 2 | 3 | Place test loopback virtual server here: `upstreams_prod.conf` 4 | 5 | We will enable this in NGINX.conf by uncommenting `#include /etc/nginx/test_env/*.conf;` and 6 | replacing the variable `_upstream_` to `http_appster_test` 7 | 8 | i.e. we replace `_upstream_` in `www.appster.com.conf` and `www2.appster.com.conf` using `sed`: 9 | 10 | ```bash 11 | find etc/nginx -type f -name "*.conf" -exec sed -i -e 's/\${appster_upstream}/http_appster_test/g' {} \; 12 | ``` 13 | 14 | ```ini 15 | # www.appster.com.conf and www2.appster.com.conf 16 | 17 | location { 18 | #... 19 | 20 | # Set Variable for dynamic templating (CICD) 21 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 22 | proxy_pass http://${appster_upstream}; 23 | } 24 | 25 | # becomes: 26 | 27 | location { 28 | #... 29 | 30 | # Set Variable for dynamic templating (CICD) 31 | # Sed replace ${appster_upstream} with "http_appster_test" or "http_appster_prod" 32 | proxy_pass http://${appster_upstream}; 33 | } 34 | 35 | ``` 36 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/test_env/upstreams_test.conf: -------------------------------------------------------------------------------- 1 | ## 2 | # Plain Webservers | HTTP | port 9096, 9097, 9098, 9099 3 | # Dummy loopback web servers reponds with text/html with $request_uri (the rewritten URL) 4 | # sub_filter is used to replace placeholder values 5 | # To add more variables see https://nginx.org/en/docs/varindex.html 6 | ## 7 | 8 | upstream http_appster_test { 9 | zone dummy_servers 64k; 10 | server 127.0.0.1:9096; 11 | server 127.0.0.1:9097; 12 | server 127.0.0.1:9098; 13 | server 127.0.0.1:9099; 14 | keepalive 64; 15 | 16 | } 17 | 18 | server { 19 | listen 9096; 20 | listen 9097; 21 | listen 9098; 22 | listen 9099; 23 | server_name www.appster.com ""; 24 | 25 | default_type text/html; 26 | 27 | error_log /var/log/nginx/localhost.log notice; 28 | 29 | # Don't cache me 30 | expires -1; 31 | 32 | # Return webpage 33 | location / { 34 | return 200 'Status code: $status\nServer address: $server_addr:$server_port\nServer name: $hostname\nDate: $time_local\nUser-Agent: $http_user_agent\nCookie: $http_cookie\nURI: $request_uri\nRequest ID: $request_id\n'; 35 | } 36 | 37 | # Health check page 38 | location /health { 39 | return 200 'healthy'; 40 | } 41 | } -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/uwsgi_params: -------------------------------------------------------------------------------- 1 | 2 | uwsgi_param QUERY_STRING $query_string; 3 | uwsgi_param REQUEST_METHOD $request_method; 4 | uwsgi_param CONTENT_TYPE $content_type; 5 | uwsgi_param CONTENT_LENGTH $content_length; 6 | 7 | uwsgi_param REQUEST_URI $request_uri; 8 | uwsgi_param PATH_INFO $document_uri; 9 | uwsgi_param DOCUMENT_ROOT $document_root; 10 | uwsgi_param SERVER_PROTOCOL $server_protocol; 11 | uwsgi_param REQUEST_SCHEME $scheme; 12 | uwsgi_param HTTPS $https if_not_empty; 13 | 14 | uwsgi_param REMOTE_ADDR $remote_addr; 15 | uwsgi_param REMOTE_PORT $remote_port; 16 | uwsgi_param SERVER_PORT $server_port; 17 | uwsgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/nginx/win-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full windows-1251 <> utf8 map: it does not 3 | # contain Serbian and Macedonian letters. If you need a full map, 4 | # use contrib/unicode2nginx/win-utf map instead. 5 | 6 | charset_map windows-1251 utf-8 { 7 | 8 | 82 E2809A ; # single low-9 quotation mark 9 | 10 | 84 E2809E ; # double low-9 quotation mark 11 | 85 E280A6 ; # ellipsis 12 | 86 E280A0 ; # dagger 13 | 87 E280A1 ; # double dagger 14 | 88 E282AC ; # euro 15 | 89 E280B0 ; # per mille 16 | 17 | 91 E28098 ; # left single quotation mark 18 | 92 E28099 ; # right single quotation mark 19 | 93 E2809C ; # left double quotation mark 20 | 94 E2809D ; # right double quotation mark 21 | 95 E280A2 ; # bullet 22 | 96 E28093 ; # en dash 23 | 97 E28094 ; # em dash 24 | 25 | 99 E284A2 ; # trade mark sign 26 | 27 | A0 C2A0 ; #   28 | A1 D18E ; # capital Byelorussian short U 29 | A2 D19E ; # small Byelorussian short u 30 | 31 | A4 C2A4 ; # currency sign 32 | A5 D290 ; # capital Ukrainian soft G 33 | A6 C2A6 ; # borken bar 34 | A7 C2A7 ; # section sign 35 | A8 D081 ; # capital YO 36 | A9 C2A9 ; # (C) 37 | AA D084 ; # capital Ukrainian YE 38 | AB C2AB ; # left-pointing double angle quotation mark 39 | AC C2AC ; # not sign 40 | AD C2AD ; # soft hypen 41 | AE C2AE ; # (R) 42 | AF D087 ; # capital Ukrainian YI 43 | 44 | B0 C2B0 ; # ° 45 | B1 C2B1 ; # plus-minus sign 46 | B2 D086 ; # capital Ukrainian I 47 | B3 D196 ; # small Ukrainian i 48 | B4 D291 ; # small Ukrainian soft g 49 | B5 C2B5 ; # micro sign 50 | B6 C2B6 ; # pilcrow sign 51 | B7 C2B7 ; # · 52 | B8 D191 ; # small yo 53 | B9 E28496 ; # numero sign 54 | BA D194 ; # small Ukrainian ye 55 | BB C2BB ; # right-pointing double angle quotation mark 56 | 57 | BF D197 ; # small Ukrainian yi 58 | 59 | C0 D090 ; # capital A 60 | C1 D091 ; # capital B 61 | C2 D092 ; # capital V 62 | C3 D093 ; # capital G 63 | C4 D094 ; # capital D 64 | C5 D095 ; # capital YE 65 | C6 D096 ; # capital ZH 66 | C7 D097 ; # capital Z 67 | C8 D098 ; # capital I 68 | C9 D099 ; # capital J 69 | CA D09A ; # capital K 70 | CB D09B ; # capital L 71 | CC D09C ; # capital M 72 | CD D09D ; # capital N 73 | CE D09E ; # capital O 74 | CF D09F ; # capital P 75 | 76 | D0 D0A0 ; # capital R 77 | D1 D0A1 ; # capital S 78 | D2 D0A2 ; # capital T 79 | D3 D0A3 ; # capital U 80 | D4 D0A4 ; # capital F 81 | D5 D0A5 ; # capital KH 82 | D6 D0A6 ; # capital TS 83 | D7 D0A7 ; # capital CH 84 | D8 D0A8 ; # capital SH 85 | D9 D0A9 ; # capital SHCH 86 | DA D0AA ; # capital hard sign 87 | DB D0AB ; # capital Y 88 | DC D0AC ; # capital soft sign 89 | DD D0AD ; # capital E 90 | DE D0AE ; # capital YU 91 | DF D0AF ; # capital YA 92 | 93 | E0 D0B0 ; # small a 94 | E1 D0B1 ; # small b 95 | E2 D0B2 ; # small v 96 | E3 D0B3 ; # small g 97 | E4 D0B4 ; # small d 98 | E5 D0B5 ; # small ye 99 | E6 D0B6 ; # small zh 100 | E7 D0B7 ; # small z 101 | E8 D0B8 ; # small i 102 | E9 D0B9 ; # small j 103 | EA D0BA ; # small k 104 | EB D0BB ; # small l 105 | EC D0BC ; # small m 106 | ED D0BD ; # small n 107 | EE D0BE ; # small o 108 | EF D0BF ; # small p 109 | 110 | F0 D180 ; # small r 111 | F1 D181 ; # small s 112 | F2 D182 ; # small t 113 | F3 D183 ; # small u 114 | F4 D184 ; # small f 115 | F5 D185 ; # small kh 116 | F6 D186 ; # small ts 117 | F7 D187 ; # small ch 118 | F8 D188 ; # small sh 119 | F9 D189 ; # small shch 120 | FA D18A ; # small hard sign 121 | FB D18B ; # small y 122 | FC D18C ; # small soft sign 123 | FD D18D ; # small e 124 | FE D18E ; # small yu 125 | FF D18F ; # small ya 126 | } 127 | -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/ssl/PLACE_YOUR_CERT_KEY_DHPARAMS_HERE: -------------------------------------------------------------------------------- 1 | This NGINX config expects the following: 2 | * appster.com.crt 3 | * appster.com.key 4 | * dhparam_2048.pem 5 | * dhparam_4096.pem -------------------------------------------------------------------------------- /files/orginal_state/appster-lb/etc/ssl/nginx/PLACE_NGINX_CERT_AND_KEY_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/appster-lb/etc/ssl/nginx/PLACE_NGINX_CERT_AND_KEY_HERE -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/.gitignore: -------------------------------------------------------------------------------- 1 | nginx-repo.* 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | # Install prerequisite packages: 6 | # none 7 | 8 | ## Install Nginx Plus 9 | # Download certificate and key from the customer portal https://cs.nginx.com 10 | # and copy to the build context 11 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 12 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 13 | RUN chmod 644 /etc/apk/cert* 14 | 15 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 16 | # Remove the cert/keys from the image 17 | RUN wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 18 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 19 | && apk add nginx-plus \ 20 | ## Optional: Install NGINX Plus Modules from repo 21 | # See https://www.nginx.com/products/nginx/modules 22 | # nginx-plus modsecurity 23 | # && apk add nginx-plus-module-modsecurity \ 24 | # nginx-plus geoip module 25 | # && apk add nginx-plus-module-geoip \ 26 | # nginx-plus NGINX Javascript module 27 | # && apk add nginx-plus-module-njs 28 | # Remove default nginx config 29 | && rm /etc/nginx/conf.d/default.conf \ 30 | ## Forward request logs to docker log collector 31 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 32 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 33 | # Remove the cert/keys from the image 34 | && rm /etc/apk/cert.pem /etc/apk/cert.key 35 | 36 | # Optional: Create cache folder and set permissions for proxy caching 37 | #CMD mkdir -p /var/cache/nginx \ 38 | #&& chown -R nginx /var/cache/nginx 39 | 40 | # COPY /etc/nginx (Nginx configuration) directory 41 | COPY etc/nginx /etc/nginx 42 | RUN chown -R nginx:nginx /etc/nginx 43 | 44 | # Optional: COPY over any of your SSL certs for HTTPS servers 45 | # e.g. 46 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 47 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 48 | 49 | 50 | 51 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 52 | EXPOSE 80 443 8080 53 | STOPSIGNAL SIGTERM 54 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/conf.d/appster.com.conf: -------------------------------------------------------------------------------- 1 | # Appster website 2 | server { 3 | status_zone appster; 4 | listen 80 default_server; 5 | root /etc/nginx/html/; 6 | index index.html; 7 | server_name www.appster.com appster.com ""; 8 | location / { 9 | try_files $uri $uri/ =404; 10 | } 11 | } -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | fastcgi_param REQUEST_SCHEME $scheme; 13 | fastcgi_param HTTPS $https if_not_empty; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/apple_store.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/apple_store.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/gallery-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/gallery-1.jpg -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/gallery-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/gallery-2.jpg -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/google-play.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/google-play.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/iphone_7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/iphone_7.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/iphone_x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/iphone_x.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/team-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/team-1.jpg -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/team-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/team-2.jpg -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/img/team-3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/nginx/html/img/team-3.jpg -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/html/js/scripts.js: -------------------------------------------------------------------------------- 1 | /* 2 | Created on : Jul 4, 2017, 12:43:10 AM 3 | Author : Atta-Ur-Rehman Shah (http://attacomsian.com) 4 | */ 5 | $(function () { 6 | 7 | //init wow effects 8 | new WOW().init(); 9 | 10 | //scroll menu 11 | $(window).scroll(function () { 12 | var secondFeature = $('#features').offset().top; 13 | var scroll = $(window).scrollTop(); 14 | if (scroll >= 300) { 15 | $('.sticky-navigation').css({"top": '0px'}); 16 | } else { 17 | $('.sticky-navigation').css({"top": '-100px'}); 18 | } 19 | if (scroll >= secondFeature - 200) { 20 | $(".mobileScreen").css({'background-position': 'center top'}); 21 | } 22 | return false; 23 | }); 24 | 25 | //page scroll 26 | $('a.page-scroll').bind('click', function (event) { 27 | var $anchor = $(this); 28 | $('html, body').stop().animate({ 29 | scrollTop: $($anchor.attr('href')).offset().top - 20 30 | }, 1500, 'easeInOutExpo'); 31 | event.preventDefault(); 32 | }); 33 | }); -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/koi-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full koi8-r <> utf8 map: it does not contain 3 | # box-drawing and some other characters. Besides this map contains 4 | # several koi8-u and Byelorussian letters which are not in koi8-r. 5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 6 | # map instead. 7 | 8 | charset_map koi8-r utf-8 { 9 | 10 | 80 E282AC ; # euro 11 | 12 | 95 E280A2 ; # bullet 13 | 14 | 9A C2A0 ; #   15 | 16 | 9E C2B7 ; # · 17 | 18 | A3 D191 ; # small yo 19 | A4 D194 ; # small Ukrainian ye 20 | 21 | A6 D196 ; # small Ukrainian i 22 | A7 D197 ; # small Ukrainian yi 23 | 24 | AD D291 ; # small Ukrainian soft g 25 | AE D19E ; # small Byelorussian short u 26 | 27 | B0 C2B0 ; # ° 28 | 29 | B3 D081 ; # capital YO 30 | B4 D084 ; # capital Ukrainian YE 31 | 32 | B6 D086 ; # capital Ukrainian I 33 | B7 D087 ; # capital Ukrainian YI 34 | 35 | B9 E28496 ; # numero sign 36 | 37 | BD D290 ; # capital Ukrainian soft G 38 | BE D18E ; # capital Byelorussian short U 39 | 40 | BF C2A9 ; # (C) 41 | 42 | C0 D18E ; # small yu 43 | C1 D0B0 ; # small a 44 | C2 D0B1 ; # small b 45 | C3 D186 ; # small ts 46 | C4 D0B4 ; # small d 47 | C5 D0B5 ; # small ye 48 | C6 D184 ; # small f 49 | C7 D0B3 ; # small g 50 | C8 D185 ; # small kh 51 | C9 D0B8 ; # small i 52 | CA D0B9 ; # small j 53 | CB D0BA ; # small k 54 | CC D0BB ; # small l 55 | CD D0BC ; # small m 56 | CE D0BD ; # small n 57 | CF D0BE ; # small o 58 | 59 | D0 D0BF ; # small p 60 | D1 D18F ; # small ya 61 | D2 D180 ; # small r 62 | D3 D181 ; # small s 63 | D4 D182 ; # small t 64 | D5 D183 ; # small u 65 | D6 D0B6 ; # small zh 66 | D7 D0B2 ; # small v 67 | D8 D18C ; # small soft sign 68 | D9 D18B ; # small y 69 | DA D0B7 ; # small z 70 | DB D188 ; # small sh 71 | DC D18D ; # small e 72 | DD D189 ; # small shch 73 | DE D187 ; # small ch 74 | DF D18A ; # small hard sign 75 | 76 | E0 D0AE ; # capital YU 77 | E1 D090 ; # capital A 78 | E2 D091 ; # capital B 79 | E3 D0A6 ; # capital TS 80 | E4 D094 ; # capital D 81 | E5 D095 ; # capital YE 82 | E6 D0A4 ; # capital F 83 | E7 D093 ; # capital G 84 | E8 D0A5 ; # capital KH 85 | E9 D098 ; # capital I 86 | EA D099 ; # capital J 87 | EB D09A ; # capital K 88 | EC D09B ; # capital L 89 | ED D09C ; # capital M 90 | EE D09D ; # capital N 91 | EF D09E ; # capital O 92 | 93 | F0 D09F ; # capital P 94 | F1 D0AF ; # capital YA 95 | F2 D0A0 ; # capital R 96 | F3 D0A1 ; # capital S 97 | F4 D0A2 ; # capital T 98 | F5 D0A3 ; # capital U 99 | F6 D096 ; # capital ZH 100 | F7 D092 ; # capital V 101 | F8 D0AC ; # capital soft sign 102 | F9 D0AB ; # capital Y 103 | FA D097 ; # capital Z 104 | FB D0A8 ; # capital SH 105 | FC D0AD ; # capital E 106 | FD D0A9 ; # capital SHCH 107 | FE D0A7 ; # capital CH 108 | FF D0AA ; # capital hard sign 109 | } 110 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/koi-win: -------------------------------------------------------------------------------- 1 | 2 | charset_map koi8-r windows-1251 { 3 | 4 | 80 88 ; # euro 5 | 6 | 95 95 ; # bullet 7 | 8 | 9A A0 ; #   9 | 10 | 9E B7 ; # · 11 | 12 | A3 B8 ; # small yo 13 | A4 BA ; # small Ukrainian ye 14 | 15 | A6 B3 ; # small Ukrainian i 16 | A7 BF ; # small Ukrainian yi 17 | 18 | AD B4 ; # small Ukrainian soft g 19 | AE A2 ; # small Byelorussian short u 20 | 21 | B0 B0 ; # ° 22 | 23 | B3 A8 ; # capital YO 24 | B4 AA ; # capital Ukrainian YE 25 | 26 | B6 B2 ; # capital Ukrainian I 27 | B7 AF ; # capital Ukrainian YI 28 | 29 | B9 B9 ; # numero sign 30 | 31 | BD A5 ; # capital Ukrainian soft G 32 | BE A1 ; # capital Byelorussian short U 33 | 34 | BF A9 ; # (C) 35 | 36 | C0 FE ; # small yu 37 | C1 E0 ; # small a 38 | C2 E1 ; # small b 39 | C3 F6 ; # small ts 40 | C4 E4 ; # small d 41 | C5 E5 ; # small ye 42 | C6 F4 ; # small f 43 | C7 E3 ; # small g 44 | C8 F5 ; # small kh 45 | C9 E8 ; # small i 46 | CA E9 ; # small j 47 | CB EA ; # small k 48 | CC EB ; # small l 49 | CD EC ; # small m 50 | CE ED ; # small n 51 | CF EE ; # small o 52 | 53 | D0 EF ; # small p 54 | D1 FF ; # small ya 55 | D2 F0 ; # small r 56 | D3 F1 ; # small s 57 | D4 F2 ; # small t 58 | D5 F3 ; # small u 59 | D6 E6 ; # small zh 60 | D7 E2 ; # small v 61 | D8 FC ; # small soft sign 62 | D9 FB ; # small y 63 | DA E7 ; # small z 64 | DB F8 ; # small sh 65 | DC FD ; # small e 66 | DD F9 ; # small shch 67 | DE F7 ; # small ch 68 | DF FA ; # small hard sign 69 | 70 | E0 DE ; # capital YU 71 | E1 C0 ; # capital A 72 | E2 C1 ; # capital B 73 | E3 D6 ; # capital TS 74 | E4 C4 ; # capital D 75 | E5 C5 ; # capital YE 76 | E6 D4 ; # capital F 77 | E7 C3 ; # capital G 78 | E8 D5 ; # capital KH 79 | E9 C8 ; # capital I 80 | EA C9 ; # capital J 81 | EB CA ; # capital K 82 | EC CB ; # capital L 83 | ED CC ; # capital M 84 | EE CD ; # capital N 85 | EF CE ; # capital O 86 | 87 | F0 CF ; # capital P 88 | F1 DF ; # capital YA 89 | F2 D0 ; # capital R 90 | F3 D1 ; # capital S 91 | F4 D2 ; # capital T 92 | F5 D3 ; # capital U 93 | F6 C6 ; # capital ZH 94 | F7 C2 ; # capital V 95 | F8 DC ; # capital soft sign 96 | F9 DB ; # capital Y 97 | FA C7 ; # capital Z 98 | FB D8 ; # capital SH 99 | FC DD ; # capital E 100 | FD D9 ; # capital SHCH 101 | FE D7 ; # capital CH 102 | FF DA ; # capital hard sign 103 | } 104 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/mime.types: -------------------------------------------------------------------------------- 1 | 2 | types { 3 | text/html html htm shtml; 4 | text/css css; 5 | text/xml xml; 6 | image/gif gif; 7 | image/jpeg jpeg jpg; 8 | application/javascript js; 9 | application/atom+xml atom; 10 | application/rss+xml rss; 11 | 12 | text/mathml mml; 13 | text/plain txt; 14 | text/vnd.sun.j2me.app-descriptor jad; 15 | text/vnd.wap.wml wml; 16 | text/x-component htc; 17 | 18 | image/png png; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/x-icon ico; 22 | image/x-jng jng; 23 | image/x-ms-bmp bmp; 24 | image/svg+xml svg svgz; 25 | image/webp webp; 26 | 27 | application/font-woff woff; 28 | application/java-archive jar war ear; 29 | application/json json; 30 | application/mac-binhex40 hqx; 31 | application/msword doc; 32 | application/pdf pdf; 33 | application/postscript ps eps ai; 34 | application/rtf rtf; 35 | application/vnd.apple.mpegurl m3u8; 36 | application/vnd.ms-excel xls; 37 | application/vnd.ms-fontobject eot; 38 | application/vnd.ms-powerpoint ppt; 39 | application/vnd.wap.wmlc wmlc; 40 | application/vnd.google-earth.kml+xml kml; 41 | application/vnd.google-earth.kmz kmz; 42 | application/x-7z-compressed 7z; 43 | application/x-cocoa cco; 44 | application/x-java-archive-diff jardiff; 45 | application/x-java-jnlp-file jnlp; 46 | application/x-makeself run; 47 | application/x-perl pl pm; 48 | application/x-pilot prc pdb; 49 | application/x-rar-compressed rar; 50 | application/x-redhat-package-manager rpm; 51 | application/x-sea sea; 52 | application/x-shockwave-flash swf; 53 | application/x-stuffit sit; 54 | application/x-tcl tcl tk; 55 | application/x-x509-ca-cert der pem crt; 56 | application/x-xpinstall xpi; 57 | application/xhtml+xml xhtml; 58 | application/xspf+xml xspf; 59 | application/zip zip; 60 | 61 | application/octet-stream bin exe dll; 62 | application/octet-stream deb; 63 | application/octet-stream dmg; 64 | application/octet-stream iso img; 65 | application/octet-stream msi msp msm; 66 | 67 | application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; 68 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; 69 | application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; 70 | 71 | audio/midi mid midi kar; 72 | audio/mpeg mp3; 73 | audio/ogg ogg; 74 | audio/x-m4a m4a; 75 | audio/x-realaudio ra; 76 | 77 | video/3gpp 3gpp 3gp; 78 | video/mp2t ts; 79 | video/mp4 mp4; 80 | video/mpeg mpeg mpg; 81 | video/quicktime mov; 82 | video/webm webm; 83 | video/x-flv flv; 84 | video/x-m4v m4v; 85 | video/x-mng mng; 86 | video/x-ms-asf asx asf; 87 | video/x-ms-wmv wmv; 88 | video/x-msvideo avi; 89 | } 90 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/scgi_params: -------------------------------------------------------------------------------- 1 | 2 | scgi_param REQUEST_METHOD $request_method; 3 | scgi_param REQUEST_URI $request_uri; 4 | scgi_param QUERY_STRING $query_string; 5 | scgi_param CONTENT_TYPE $content_type; 6 | 7 | scgi_param DOCUMENT_URI $document_uri; 8 | scgi_param DOCUMENT_ROOT $document_root; 9 | scgi_param SCGI 1; 10 | scgi_param SERVER_PROTOCOL $server_protocol; 11 | scgi_param REQUEST_SCHEME $scheme; 12 | scgi_param HTTPS $https if_not_empty; 13 | 14 | scgi_param REMOTE_ADDR $remote_addr; 15 | scgi_param REMOTE_PORT $remote_port; 16 | scgi_param SERVER_PORT $server_port; 17 | scgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/uwsgi_params: -------------------------------------------------------------------------------- 1 | 2 | uwsgi_param QUERY_STRING $query_string; 3 | uwsgi_param REQUEST_METHOD $request_method; 4 | uwsgi_param CONTENT_TYPE $content_type; 5 | uwsgi_param CONTENT_LENGTH $content_length; 6 | 7 | uwsgi_param REQUEST_URI $request_uri; 8 | uwsgi_param PATH_INFO $document_uri; 9 | uwsgi_param DOCUMENT_ROOT $document_root; 10 | uwsgi_param SERVER_PROTOCOL $server_protocol; 11 | uwsgi_param REQUEST_SCHEME $scheme; 12 | uwsgi_param HTTPS $https if_not_empty; 13 | 14 | uwsgi_param REMOTE_ADDR $remote_addr; 15 | uwsgi_param REMOTE_PORT $remote_port; 16 | uwsgi_param SERVER_PORT $server_port; 17 | uwsgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/nginx/win-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full windows-1251 <> utf8 map: it does not 3 | # contain Serbian and Macedonian letters. If you need a full map, 4 | # use contrib/unicode2nginx/win-utf map instead. 5 | 6 | charset_map windows-1251 utf-8 { 7 | 8 | 82 E2809A ; # single low-9 quotation mark 9 | 10 | 84 E2809E ; # double low-9 quotation mark 11 | 85 E280A6 ; # ellipsis 12 | 86 E280A0 ; # dagger 13 | 87 E280A1 ; # double dagger 14 | 88 E282AC ; # euro 15 | 89 E280B0 ; # per mille 16 | 17 | 91 E28098 ; # left single quotation mark 18 | 92 E28099 ; # right single quotation mark 19 | 93 E2809C ; # left double quotation mark 20 | 94 E2809D ; # right double quotation mark 21 | 95 E280A2 ; # bullet 22 | 96 E28093 ; # en dash 23 | 97 E28094 ; # em dash 24 | 25 | 99 E284A2 ; # trade mark sign 26 | 27 | A0 C2A0 ; #   28 | A1 D18E ; # capital Byelorussian short U 29 | A2 D19E ; # small Byelorussian short u 30 | 31 | A4 C2A4 ; # currency sign 32 | A5 D290 ; # capital Ukrainian soft G 33 | A6 C2A6 ; # borken bar 34 | A7 C2A7 ; # section sign 35 | A8 D081 ; # capital YO 36 | A9 C2A9 ; # (C) 37 | AA D084 ; # capital Ukrainian YE 38 | AB C2AB ; # left-pointing double angle quotation mark 39 | AC C2AC ; # not sign 40 | AD C2AD ; # soft hypen 41 | AE C2AE ; # (R) 42 | AF D087 ; # capital Ukrainian YI 43 | 44 | B0 C2B0 ; # ° 45 | B1 C2B1 ; # plus-minus sign 46 | B2 D086 ; # capital Ukrainian I 47 | B3 D196 ; # small Ukrainian i 48 | B4 D291 ; # small Ukrainian soft g 49 | B5 C2B5 ; # micro sign 50 | B6 C2B6 ; # pilcrow sign 51 | B7 C2B7 ; # · 52 | B8 D191 ; # small yo 53 | B9 E28496 ; # numero sign 54 | BA D194 ; # small Ukrainian ye 55 | BB C2BB ; # right-pointing double angle quotation mark 56 | 57 | BF D197 ; # small Ukrainian yi 58 | 59 | C0 D090 ; # capital A 60 | C1 D091 ; # capital B 61 | C2 D092 ; # capital V 62 | C3 D093 ; # capital G 63 | C4 D094 ; # capital D 64 | C5 D095 ; # capital YE 65 | C6 D096 ; # capital ZH 66 | C7 D097 ; # capital Z 67 | C8 D098 ; # capital I 68 | C9 D099 ; # capital J 69 | CA D09A ; # capital K 70 | CB D09B ; # capital L 71 | CC D09C ; # capital M 72 | CD D09D ; # capital N 73 | CE D09E ; # capital O 74 | CF D09F ; # capital P 75 | 76 | D0 D0A0 ; # capital R 77 | D1 D0A1 ; # capital S 78 | D2 D0A2 ; # capital T 79 | D3 D0A3 ; # capital U 80 | D4 D0A4 ; # capital F 81 | D5 D0A5 ; # capital KH 82 | D6 D0A6 ; # capital TS 83 | D7 D0A7 ; # capital CH 84 | D8 D0A8 ; # capital SH 85 | D9 D0A9 ; # capital SHCH 86 | DA D0AA ; # capital hard sign 87 | DB D0AB ; # capital Y 88 | DC D0AC ; # capital soft sign 89 | DD D0AD ; # capital E 90 | DE D0AE ; # capital YU 91 | DF D0AF ; # capital YA 92 | 93 | E0 D0B0 ; # small a 94 | E1 D0B1 ; # small b 95 | E2 D0B2 ; # small v 96 | E3 D0B3 ; # small g 97 | E4 D0B4 ; # small d 98 | E5 D0B5 ; # small ye 99 | E6 D0B6 ; # small zh 100 | E7 D0B7 ; # small z 101 | E8 D0B8 ; # small i 102 | E9 D0B9 ; # small j 103 | EA D0BA ; # small k 104 | EB D0BB ; # small l 105 | EC D0BC ; # small m 106 | ED D0BD ; # small n 107 | EE D0BE ; # small o 108 | EF D0BF ; # small p 109 | 110 | F0 D180 ; # small r 111 | F1 D181 ; # small s 112 | F2 D182 ; # small t 113 | F3 D183 ; # small u 114 | F4 D184 ; # small f 115 | F5 D185 ; # small kh 116 | F6 D186 ; # small ts 117 | F7 D187 ; # small ch 118 | F8 D188 ; # small sh 119 | F9 D189 ; # small shch 120 | FA D18A ; # small hard sign 121 | FB D18B ; # small y 122 | FC D18C ; # small soft sign 123 | FD D18D ; # small e 124 | FE D18E ; # small yu 125 | FF D18F ; # small ya 126 | } 127 | -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/etc/ssl/nginx/PLACE_NGINX_REPO_CRT_AND_KEY_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/etc/ssl/nginx/PLACE_NGINX_REPO_CRT_AND_KEY_HERE -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/appster_iphone7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/appster_iphone7.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/appster_iphonex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/appster_iphonex.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/appster_subheader_original.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/appster_subheader_original.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/appster_subheader_updated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/appster_subheader_updated.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/bg-purple-yellow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/bg-purple-yellow.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/bg-yellow-purple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/bg-yellow-purple.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/cron: -------------------------------------------------------------------------------- 1 | # Start appster on boot 2 | @reboot ( sleep 60 ; sh /var/www/appster/start.sh) -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | watchtower: 4 | image: containrrr/watchtower 5 | volumes: 6 | - /var/run/docker.sock:/var/run/docker.sock 7 | - /root/.docker/config.json:/config.json 8 | command: --interval 30 9 | web1: 10 | image: registry.gitlab.com/armsultan/appster:latest 11 | ports: 12 | - '9090:80' 13 | web2: 14 | image: registry.gitlab.com/armsultan/appster:latest 15 | ports: 16 | - '9091:80' -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/gitlab_cicd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/gitlabappster/extra/gitlab_cicd.png -------------------------------------------------------------------------------- /files/orginal_state/gitlabappster/extra/start.sh: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env bash 2 | 3 | # To Run on boot add the following cron job (crontab -e): 4 | # Start appster on boot 5 | # @reboot ( sleep 60 ; sh /var/www/appster/start.sh ) 6 | 7 | DIRECTORY=`dirname $0` 8 | docker && docker-compose -f $DIRECTORY/docker-compose.yml up -d --remove-orphans -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/.gitignore: -------------------------------------------------------------------------------- 1 | # OS generated files # 2 | ###################### 3 | .DS_Store 4 | .DS_Store? 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | ehthumbs.db 9 | Thumbs.db 10 | 11 | # NGINX Specific files # 12 | ######################## 13 | nginx-repo.key 14 | nginx-repo.crt 15 | .log -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.10 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/Dockerfiles/alpine3.9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.9 2 | 3 | LABEL maintainer="armand@nginx.com" 4 | 5 | ## Install Nginx Plus 6 | # Download certificate and key from the customer portal https://cs.nginx.com 7 | # and copy to the build context and set correct permissions 8 | COPY etc/ssl/nginx/nginx-repo.crt /etc/apk/cert.pem 9 | COPY etc/ssl/nginx/nginx-repo.key /etc/apk/cert.key 10 | RUN chmod 644 /etc/apk/cert* \ 11 | # Prepare repo config and install NGINX Plus (https://cs.nginx.com/repo_setup) 12 | && wget -O /etc/apk/keys/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \ 13 | && printf "https://plus-pkgs.nginx.com/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \ 14 | && apk add nginx-plus \ 15 | ## Optional: Install NGINX Plus Dynamic Modules (3rd-party) from repo 16 | ## See https://www.nginx.com/products/nginx/modules 17 | ## For debug binaries, install module ending with "-dbg" 18 | ## brotli compression dynamic modules 19 | # && apk add nginx-plus-module-brotli \ 20 | # && apk add nginx-plus-module-brotli-dbg \ 21 | ## cookie flag dynamic module 22 | # && apk add nginx-plus-module-cookie-flag \ 23 | ## encrypted session dynamic module 24 | # && apk add nginx-plus-module-encrypted-session \ 25 | ## GeoIP dynamic modules 26 | # && apk add nginx-plus-module-geoip \ 27 | ## GeoIP2 dynamic modules 28 | # && apk add nginx-plus-module-geoip2 \ 29 | ## headers-more dynamic module 30 | # && apk add nginx-plus-module-headers-more \ 31 | ## image filter dynamic module 32 | # && apk add nginx-plus-module-image-filter \ 33 | ## Lua dynamic module 34 | # && apk add nginx-plus-module-lua \ 35 | ## ModSecurity dynamic module 36 | # && apk add nginx-plus-module-modsecurity \ 37 | ## NDK dynamic module 38 | # && apk add nginx-plus-module-ndk \ 39 | ## njs dynamic modules 40 | # && apk add nginx-plus-module-njs \ 41 | ## OpenTracing dynamic module 42 | # && apk add nginx-plus-module-opentracing \ 43 | ## Passenger dynamic module 44 | # && apk add nginx-plus-module-passenger \ 45 | ## Perl dynamic module 46 | # && apk add nginx-plus-module-perl \ 47 | ## Prometheus exporter NJS module 48 | # && apk add nginx-plus-module-prometheus \ 49 | ## RTMP dynamic module 50 | # && apk add nginx-plus-module-rtmp \ 51 | ## set-misc dynamic module 52 | # && apk add nginx-plus-module-set-misc \ 53 | ## substitution dynamic module 54 | # && apk add nginx-plus-module-subs-filter \ 55 | ## xslt dynamic module 56 | # && apk add nginx-plus-module-xslt \ 57 | ## Optional: Install Tools 58 | # curl 59 | && apk add curl \ 60 | # Clear apk cache 61 | && rm -rf /var/cache/apk/* \ 62 | # Remove default nginx config 63 | && rm /etc/nginx/conf.d/default.conf \ 64 | # Optional: Create cache folder and set permissions for proxy caching 65 | && mkdir -p /var/cache/nginx \ 66 | && chown -R nginx /var/cache/nginx \ 67 | # Optional: Create State file folder and set permissions 68 | && mkdir -p /var/lib/nginx/state \ 69 | && chown -R nginx /var/lib/nginx/state 70 | 71 | # Optional: COPY over any of your SSL certs for HTTPS servers 72 | # e.g. 73 | #COPY etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt 74 | #COPY etc/ssl/www.example.com.key /etc/ssl/www.example.com.key 75 | 76 | # COPY /etc/nginx (Nginx configuration) directory 77 | COPY etc/nginx /etc/nginx 78 | RUN chown -R nginx:nginx /etc/nginx \ 79 | # Forward request logs to docker log collector 80 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 81 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 82 | # **Remove the Nginx Plus cert/keys from the image** 83 | && rm /etc/apk/cert.pem /etc/apk/cert.key 84 | 85 | # EXPOSE ports, HTTP 80, HTTPS 443 and, Nginx status page 8080 86 | EXPOSE 80 443 8080 87 | STOPSIGNAL SIGTERM 88 | CMD ["nginx", "-g", "daemon off;"] -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 F5 Demo Lab 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/README.md: -------------------------------------------------------------------------------- 1 | # NGINX Plus Dockerfiles 2 | 3 | A Bunch of Dockerfiles for [NGINX Plus](https://www.nginx.com/products/nginx/). 4 | **Just add licenses** 5 | 6 | #### Requirements 7 | 8 | 1. **Just add [licenses](https://www.nginx.com/free-trial-request/)** 9 | 2. Continuous Integration: Setup a [Gitlab CICD]((https://docs.gitlab.com/ee/ci/quick_start/)) continuous integration service 10 | 3. A Linux build server with a [Gitlab Runner](https://docs.gitlab.com/ee/ci/runners/README.html), running Dind (Docker in Docker) 11 | 12 | #### Other setup Instructions: 13 | 1. Place `nginx-repo.crt` and `nginx-repo.crt` files following files as Gitlab Variables 14 | * Retrieve your NGINX Plus Key and Certificate from the NGINX [customer portal](https://cs.nginx.com/) or from an activated evaluation 15 | 2. Automate a [CICD pipeline using gitlab](https://docs.gitlab.com/ee/ci/pipelines.html). A example gitlab CI/CD pipeline file (`.gitlab-ci.yml`) is provided. 16 | 3. Optional: Modify the `Dockerfile` as necessary, e.g. To install addtional NGINX Plus [Dynamic modules](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/) 17 | 18 | ## Demos 19 | 20 | SEE LAB GUIDE FOR DETAILED INSTRUCTIONS -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/build-nginx-plus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Usage EXAMPLE: ./build-nginx-plus.sh ubuntu18.04 3 | distro="$(tr [A-Z] [a-z] <<< "$1")" # set to lowercase 4 | 5 | # Pull changes 6 | git pull --no-edit 7 | 8 | # remove Dockerfile here 9 | rm Dockerfile 10 | 11 | # copy desired Dockerfile 12 | cp Dockerfiles/$distro/Dockerfile . 13 | 14 | # Build and tag it as "nginx-plus-[distro]" 15 | docker build -t nginx-plus-$distro . --pull --no-cache # No caching 16 | # docker build -t nginx-plus-$distro 17 | 18 | # Show all docker containers build with names containing "nginx-plus-" 19 | printf "\n" 20 | printf "Nginx Plus containers built:" 21 | printf "\n" 22 | docker images | grep nginx-plus- -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Tested on ubuntu 18.04 3 | # Generating random number between $FPORT and $EPORT for port binding 4 | FPORT=1025; 5 | EPORT=9999; 6 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 7 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) 8 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) 9 | # Name of the Docker container provided in ARG $1 10 | NAME=$1 11 | 12 | check_port_availability () { 13 | 14 | HTTP_PORT_CHECK=$1 15 | SSL_PORT_CHECK=$2 16 | DASH_PORT_CHECK=$3 17 | 18 | if [ $HTTP_PORT_CHECK -eq $SSL_PORT_CHECK ] || [ $HTTP_PORT_CHECK -eq $DASH_PORT_CHECK ] || [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 19 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 20 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 21 | exit 22 | fi 23 | 24 | if [ $SSL_PORT_CHECK -eq $DASH_PORT_CHECK ]; then 25 | printf "\n\nRandom Port Collision...Randomizing HTTP Port!\n\n" 26 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 27 | exit 28 | fi 29 | 30 | for USED_PORT in $( netstat -ltn | sed -rne '/^tcp/{/:\>/d;s/.*:([0-9]+)\>.*/\1/p}' | sort -n | uniq ); do 31 | if [ $HTTP_PORT_CHECK -eq $USED_PORT ]; then 32 | printf "\n\n$HTTP_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTP Port!\n\n" 33 | RANDHTTP=$(( ( RANDOM % $FPORT ) + $EPORT )) 34 | exit 35 | elif [ $SSL_PORT_CHECK -eq $USED_PORT ]; then 36 | printf "\n\n$SSL_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing HTTPS Port!\n\n" 37 | RANDSSL=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 38 | exit 39 | elif [ $DASH_PORT_CHECK -eq $USED_PORT ]; then 40 | printf "\n\n$DASH_PORT_CHECK conflicts with open port: $USED_PORT...Randomizing Dashboard/API Port!\n\n" 41 | RANDDASH=$(( ( RANDOM % $FPORT ) + $EPORT )) # Randomizing port 42 | exit 43 | fi 44 | done 45 | 46 | return 47 | } 48 | 49 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 50 | 51 | # Port check and randomize 52 | # Loop until all ports are random 53 | if [ -z "$port_sanity" ]; then 54 | printf "\nWe will run the container with these randomly assigned ports:\nHTTP port $RANDHTTP\nHTTPS port $RANDSSL\nDashboard port $RANDDASH\n\n" 55 | else 56 | port_sanity=$(check_port_availability $RANDHTTP $RANDSSL $RANDDASH) 57 | fi 58 | 59 | # Run container 60 | # Make sure this Container is not running 61 | printf "Make sure a Container with the designated name is not running..." 62 | OUTPUT="$(docker stop $NAME)" 63 | if echo "$OUTPUT" | grep -c "No such container"; then 64 | echo "A container with name, $NAME, was stopped. Good to proceed.." 65 | else 66 | echo "No container with name, $NAME, exists. Good to proceed.." 67 | 68 | fi 69 | 70 | printf "\nGoing to run:\ndocker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v '$(pwd)/test/etc/nginx/conf.d:/etc/nginx/conf.d' --name $NAME $NAME\n\n" 71 | docker run -d -p $RANDHTTP:80 -p $RANDSSL:443 -p $RANDDASH:8080 -v "$(pwd)/etc/nginx/conf.d:/etc/nginx/conf.d" --name $NAME $NAME 72 | exit -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | #user nginx; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | # # ModSecurity dynamic module 10 | # load_module modules/ngx_http_modsecurity_module.so; 11 | # # Nginx javascript 12 | # # Prometheus exporter NJS (njs http module required) 13 | # load_module modules/ngx_http_js_module.so; # njs http 14 | # load_module modules/ngx_stream_js_module.so; # njs stream 15 | # # GeoIP 16 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 17 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 18 | # # GeoIP2 19 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 20 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 21 | # # Brotli compression 22 | # load_module modules/ngx_http_brotli_filter_module.so; 23 | # load_module modules/ngx_http_brotli_static_module.so; 24 | # # cookie flag 25 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 26 | # # Headers-More 27 | # load_module modules/ngx_http_headers_more_filter_module.so; 28 | # # encrypted session 29 | # load_module modules/ndk_http_module.so; 30 | # load_module modules/ngx_http_encrypted_session_module.so; 31 | # # headers-more 32 | # load_module modules/ngx_http_headers_more_filter_module.so; 33 | # # Image-Filter 34 | # load_module modules/ngx_http_image_filter_module.so; 35 | # # Lua (NDK + lua) 36 | # load_module modules/ndk_http_module.so; 37 | # load_module modules/ngx_http_lua_module.so; 38 | # # OpenTracing 39 | # load_module modules/ngx_http_opentracing_module.so; 40 | # # Phusion Passenger 41 | # load_module modules/ngx_http_passenger_module.so; 42 | # # Perl 43 | # load_module modules/ngx_http_perl_module.so; 44 | # # RTMP 45 | # load_module modules/ngx_rtmp_module.so; 46 | # # set-misc (NDK + set-misc) 47 | # load_module modules/ndk_http_module.so; 48 | # load_module modules/ngx_http_set_misc_module.so; 49 | # # HTTP Substitutions Filter 50 | # load_module modules/ngx_http_subs_filter_module.so; 51 | # # XSLT 52 | # load_module modules/ngx_http_xslt_module.so; 53 | 54 | error_log /var/log/nginx/error.log notice; 55 | 56 | pid /var/run/nginx.pid; 57 | 58 | events { 59 | worker_connections 1024; 60 | } 61 | 62 | http { 63 | include /etc/nginx/mime.types; 64 | default_type application/octet-stream; 65 | 66 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 67 | '$status $body_bytes_sent "$http_referer" ' 68 | '"$http_user_agent" "$http_x_forwarded_for"'; 69 | 70 | # NGINX Plus Additional NGINX Metrics 71 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 72 | '$status $body_bytes_sent "$http_referer" "$http2" ' 73 | '"$http_user_agent" "$http_x_forwarded_for" ' 74 | '"$host" sn="$server_name" ' 75 | 'rt=$request_time ' 76 | 'ua="$upstream_addr" us="$upstream_status" ' 77 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 78 | 'cs=$upstream_cache_status' ; 79 | 80 | access_log /var/log/nginx/access.log main; # Default 81 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 82 | 83 | sendfile on; 84 | #tcp_nopush on; 85 | 86 | keepalive_timeout 65; 87 | 88 | gzip on; 89 | 90 | # Include Local sub files 91 | include /etc/nginx/conf.d/*.conf; 92 | 93 | } 94 | 95 | # TCP/UDP proxy and load balancing block 96 | 97 | stream { 98 | # Include Local sub files 99 | include /etc/nginx/stream.conf.d/*.conf; 100 | } 101 | 102 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/armsultan/nginx-plus-cicd-lab/1c357e4397d370830261d1c8236b186c26a7d470/files/orginal_state/nginx-plus-dockerfiles/etc/ssl/nginx/PLACE_NGINX_REPO_KEY_AND_CRT_HERE -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/test/etc/nginx/conf.d/stub_status.conf: -------------------------------------------------------------------------------- 1 | # ngx_http_stub_status_module (Available in NGINX F/OSS) 2 | # provides Basic Status information http://nginx.org/en/docs/http/ngx_http_stub_status_module.html 3 | 4 | server { 5 | listen 127.0.0.1:80; 6 | server_name 127.0.0.1; 7 | location /nginx_status { 8 | stub_status on; 9 | allow 127.0.0.1; 10 | deny all; 11 | } 12 | } 13 | 14 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/orginal_state/nginx-plus-dockerfiles/test/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | #user nginx; 3 | # user daemon is the default; use root with transparent proxy_bind 4 | user root; 5 | worker_processes auto; 6 | 7 | ## Load NGINX Plus Dyanamic Modules ## 8 | # See: https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ 9 | # # ModSecurity dynamic module 10 | # load_module modules/ngx_http_modsecurity_module.so; 11 | # # Nginx javascript 12 | # # Prometheus exporter NJS (njs http module required) 13 | # load_module modules/ngx_http_js_module.so; # njs http 14 | # load_module modules/ngx_stream_js_module.so; # njs stream 15 | # # GeoIP 16 | # load_module modules/ngx_http_geoip_module.so; # GeoIP http 17 | # load_module modules/ngx_stream_geoip_module.so; # GeoIP stream 18 | # # GeoIP2 19 | # load_module modules/ngx_http_geoip2_module.so; # GeoIP2 http 20 | # load_module modules/ngx_stream_geoip2_module.so;# GeoIP2 stream 21 | # # Brotli compression 22 | # load_module modules/ngx_http_brotli_filter_module.so; 23 | # load_module modules/ngx_http_brotli_static_module.so; 24 | # # cookie flag 25 | # load_module modules/ngx_http_cookie_flag_filter_module.so; 26 | # # Headers-More 27 | # load_module modules/ngx_http_headers_more_filter_module.so; 28 | # # encrypted session 29 | # load_module modules/ndk_http_module.so; 30 | # load_module modules/ngx_http_encrypted_session_module.so; 31 | # # headers-more 32 | # load_module modules/ngx_http_headers_more_filter_module.so; 33 | # # Image-Filter 34 | # load_module modules/ngx_http_image_filter_module.so; 35 | # # Lua (NDK + lua) 36 | # load_module modules/ndk_http_module.so; 37 | # load_module modules/ngx_http_lua_module.so; 38 | # # OpenTracing 39 | # load_module modules/ngx_http_opentracing_module.so; 40 | # # Phusion Passenger 41 | # load_module modules/ngx_http_passenger_module.so; 42 | # # Perl 43 | # load_module modules/ngx_http_perl_module.so; 44 | # # RTMP 45 | # load_module modules/ngx_rtmp_module.so; 46 | # # set-misc (NDK + set-misc) 47 | # load_module modules/ndk_http_module.so; 48 | # load_module modules/ngx_http_set_misc_module.so; 49 | # # HTTP Substitutions Filter 50 | # load_module modules/ngx_http_subs_filter_module.so; 51 | # # XSLT 52 | # load_module modules/ngx_http_xslt_module.so; 53 | 54 | error_log /var/log/nginx/error.log notice; 55 | 56 | pid /var/run/nginx.pid; 57 | 58 | events { 59 | worker_connections 1024; 60 | } 61 | 62 | http { 63 | include /etc/nginx/mime.types; 64 | default_type application/octet-stream; 65 | 66 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 67 | '$status $body_bytes_sent "$http_referer" ' 68 | '"$http_user_agent" "$http_x_forwarded_for"'; 69 | 70 | # NGINX Plus Additional NGINX Metrics 71 | log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" ' 72 | '$status $body_bytes_sent "$http_referer" "$http2" ' 73 | '"$http_user_agent" "$http_x_forwarded_for" ' 74 | '"$host" sn="$server_name" ' 75 | 'rt=$request_time ' 76 | 'ua="$upstream_addr" us="$upstream_status" ' 77 | 'ut="$upstream_response_time" ul="$upstream_response_length" ' 78 | 'cs=$upstream_cache_status' ; 79 | 80 | access_log /var/log/nginx/access.log main; # Default 81 | # access_log /var/log/nginx/access.log main_ext; # NGINX Plus Additional NGINX Metrics 82 | 83 | sendfile on; 84 | #tcp_nopush on; 85 | 86 | keepalive_timeout 65; 87 | 88 | gzip on; 89 | 90 | # Include Local sub files 91 | include /etc/nginx/conf.d/*.conf; 92 | 93 | } 94 | 95 | # TCP/UDP proxy and load balancing block 96 | 97 | stream { 98 | # Include Local sub files 99 | include /etc/nginx/stream.conf.d/*.conf; 100 | } 101 | 102 | # vim: syntax=nginx -------------------------------------------------------------------------------- /files/readme.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting Files 2 | 3 | This folder contains the original state (`orginal_state`) of the repositories 4 | and end state / answers (`end_state`) of the repository and can be used as 5 | resetting the state of the lab, comparing answers or troubleshooting -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | NGINX Plus CICD Lab 2 | ==================== 3 | 4 | ### Last Updated: **04/22/2020** 5 | 6 | ### Instructors at Agility 2020: 7 | 8 | - Jason Williams \<[ja.williams\@f5.com](mailto:%3cja.williams@f5.com)\> 9 | - Armand Sultantono \<[armand\@f5.com](mailto:%3carmand@f5.com)\> 10 | - Doug Gallarda \<[d.gallarda@f5.com](mailto:d.gallarda@f5.com)\> 11 | - Chris Akker \<[c.akker@f5.com](mailto:c.akker@f5.com)\> 12 | 13 | ### UDF Lab Maintainers: 14 | 15 | - Armand Sultantono \<[armand\@f5.com](mailto:%3carmand@f5.com)\> 16 | - Tom Gamull \<[t.gamull\@f5.com](mailto:%3ct.gamull@f5.com)\> 17 | - Jason Williams \<[ja.williams\@f5.com](mailto:%3cja.williams@f5.com)\> 18 | 19 | ## Contents: 20 | 21 | - [Introduction](0.Introduction/0.Introduction.md) 22 | - [Exercise 1.0. Creating Docker Images for Nginx Plus](1.0.creating-docker-images-for-nginx-plus/1.0.creating-docker-images-for-nginx-plus.md) 23 | * Task 1: Run a pipeline to build NGINX Plus images 24 | * Task 2: GitLab CI/CD environment variables 25 | * Task 3: **Optional:** Pull and run a Docker image from our private Docker Registry 26 | - [Exercise 2.0. Deploying Nginx Plus Web Server with CICD](2.0.deploying-nginx-plus-web-server-with-cicd/2.0.deploying-nginx-plus-web-server-with-cicd.md) 27 | * Task 1: Make new code commit, push changes and deploy to Staging and Production 28 | * Task 2. **Optional:** Made new code commit, push changes using command line tools, and deploy 29 | - [Exercise 3.0. Continuous Deployment for NGINX Plus Load Balancers](3.0.continuous-deployment-for-nginx-plus-load-balancers/3.0.continuous-deployment-for-nginx-plus-load-balancers.md) 30 | * Task 1: Make new code commit, push changes to a live running NGINX Plus Virtual Machine 31 | 32 | ------------- 33 | ### Navigation 34 | 35 | > [Next - Introduction =>](./0.Introduction/0.Introduction.md) --------------------------------------------------------------------------------