├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── dependabot.yml ├── pull_request_template.md └── workflows │ └── ossf_scorecard.yml ├── .gitignore ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── SECURITY.md ├── SUPPORT.md ├── auto-lab.sh ├── functions.sh ├── labs ├── lab0 │ ├── media │ │ ├── docker-icon.png │ │ ├── kubernetes-icon.png │ │ ├── n4a-workshop-diagram-r7.png │ │ ├── nginx-azure-icon.png │ │ ├── nginx-plus-icon.png │ │ └── redis-icon.png │ └── readme.md ├── lab1 │ ├── media │ │ ├── lab1_autolab.png │ │ ├── lab1_azure-network.png │ │ ├── lab1_azure-subnets.png │ │ ├── lab1_copy_ip_address.png │ │ ├── lab1_diagram.png │ │ ├── lab1_n4a_index_page.png │ │ ├── lab1_nginx_conf_editor.png │ │ ├── lab1_nginx_conf_populate.png │ │ ├── lab1_nginx_conf_submit_success.png │ │ ├── lab1_portal_n4a_home.png │ │ ├── lab1_portal_rg_home.png │ │ └── nginx-azure-icon.png │ └── readme.md ├── lab10 │ ├── N4A-Dashboard.json │ ├── media │ │ ├── EntraID-sign_in.png │ │ ├── grafana-dashboards-import.png │ │ ├── grafana-dashboards-import2.png │ │ ├── grafana-dashboards-json.png │ │ ├── grafana-dashboards-k8s-vm.png │ │ ├── grafana-dashboards-n4a.png │ │ ├── grafana-dashboards-new.png │ │ ├── grafana-dashboards.png │ │ ├── grafana-icon.png │ │ ├── grafana-landing-page.png │ │ ├── grafana-variables.png │ │ ├── managed-grafana.png │ │ └── nginx-azure-icon.png │ └── readme.md ├── lab11 │ ├── GeoIP.conf │ ├── as.geo.example.com.conf │ ├── downloads.example.com.conf │ ├── eu.geo.example.com.conf │ ├── geo.example.com.conf │ ├── geoip2_variables.conf │ ├── media │ │ ├── geoip-icon.jpeg │ │ ├── lab11_3datacenters.png │ │ ├── lab11_azure-log-geoip.png │ │ ├── lab11_chrome-dctest.png │ │ ├── lab11_chrome-geoip2-test.png │ │ ├── lab11_chrome-na-host.png │ │ ├── lab11_mm-account.png │ │ ├── lab11_mm-license-key.png │ │ ├── lab11_mm-main.png │ │ ├── lab11_mm-new-license.png │ │ ├── maxmind-icon.png │ │ ├── nginx-azure-icon.png │ │ └── nginx-geoip2.png │ ├── na.geo.example.com.conf │ ├── nginx.conf │ └── readme.md ├── lab12 │ ├── aks1-nlk-upstreams.conf │ ├── cafe.example.com.conf │ ├── media │ │ ├── aks-icon.png │ │ ├── azure-market-nlk.png │ │ ├── benchmark-icon.png │ │ ├── cafe-icon.png │ │ ├── chrome-icon.png │ │ ├── coffee.png │ │ ├── curl-icon.png │ │ ├── curl-logo.png │ │ ├── kubernetes-icon.png │ │ ├── lab12_aks-nodes-1.png │ │ ├── lab12_aks-nodes-5.png │ │ ├── lab12_azure-metrics-3upstreams.png │ │ ├── lab12_azure-metrics-5upstreams.png │ │ ├── lab12_nlk-api-key1.png │ │ ├── lab12_nlk-config.png │ │ ├── lab12_nlk-deployment-success.png │ │ ├── lab12_nlk-loglevel-info.png │ │ ├── n4a-nlk-diagram.png │ │ ├── nginx-2020.png │ │ ├── nginx-azure-icon.png │ │ ├── nlk-diagram.png │ │ ├── nlk-icon.png │ │ └── scuba-cat.png │ ├── nlk-api-key.txt │ ├── nodeport-aks1-nlk.yaml │ ├── nodeport-static.yaml │ └── readme.md ├── lab2 │ ├── cafe-docker-upstreams.conf │ ├── cafe.example.com.conf │ ├── docker-compose.yml │ ├── init.sh │ ├── media │ │ ├── cafe-icon.png │ │ ├── docker-icon.png │ │ ├── lab2-cloudshell.png │ │ ├── lab2_cafe-diagram.png │ │ ├── lab2_cafe-docker-upstreams.png │ │ ├── lab2_cafe-example-com-conf.png │ │ ├── lab2_cafe-inspect.png │ │ ├── lab2_cafe-out-of-stock.png │ │ ├── lab2_cafe-windows-iis.png │ │ ├── lab2_diagram.png │ │ ├── lab2_windows-upstreams.png │ │ ├── nginx-azure-icon.png │ │ ├── ubuntu-icon.png │ │ └── windows-icon.png │ ├── nginx.conf │ ├── readme.md │ └── windows-upstreams.conf ├── lab3 │ ├── PUT-NGINXplus-REPO-JWT-HERE │ ├── dashboard-vs.yaml │ ├── media │ │ ├── aks-icon.png │ │ ├── lab3_diagram.png │ │ ├── lab3_nic-dashboard.png │ │ ├── lab3_nic-dashboards-diagram.png │ │ ├── nginx-azure-icon.png │ │ └── nginx-ingress-icon.png │ ├── nginx-plus-ingress.yaml │ ├── nic1-dashboard-upstreams.conf │ ├── nic1-dashboard.conf │ ├── nic2-dashboard-upstreams.conf │ ├── nic2-dashboard.conf │ ├── nodeport-static.yaml │ ├── readme.md │ └── test-dashboard.example.com.conf ├── lab4 │ ├── cafe-vs.yaml │ ├── cafe.yaml │ ├── cafe.yaml.orig │ ├── global-configuration-redis.yaml │ ├── media │ │ ├── azure-icon.png │ │ ├── cafe-icon.png │ │ ├── lab4_cafe-upstreams-2.png │ │ ├── lab4_cafe-upstreams-3.png │ │ ├── lab4_diagram.png │ │ ├── lab4_http-zones.png │ │ ├── lab4_redis-upstreams.png │ │ ├── lab4_redis-zones.png │ │ ├── nginx-ingress-icon.png │ │ ├── readme.md │ │ └── redis-icon.png │ ├── nodeport-static-redis.yaml │ ├── readme.md │ ├── redis-follower-ts.yaml │ ├── redis-follower.yaml │ ├── redis-leader-ts.yaml │ └── redis-leader.yaml ├── lab5 │ ├── aks1-upstreams.conf │ ├── aks2-nic-headless.conf │ ├── ask2-upstreams.conf │ ├── cafe.example.com.conf │ ├── keepalive.conf │ ├── media │ │ ├── aks-icon.png │ │ ├── bluegreen-icon.jpg │ │ ├── docker-icon.png │ │ ├── kubernetes-icon.png │ │ ├── lab5_aks1-kubenet.png │ │ ├── lab5_aks2-azurecni.png │ │ ├── lab5_cafe-3way-split.png │ │ ├── lab5_cafe-aks1-loadtest.png │ │ ├── lab5_cafe-aks1-split1.png │ │ ├── lab5_cafe-aks1-split30.png │ │ ├── lab5_cafe-aks1-split50.png │ │ ├── lab5_cafe-aks1-split99.png │ │ ├── lab5_cafe-aks1.png │ │ ├── lab5_cafe-aks2-loadtest.png │ │ ├── lab5_cafe-docker.png │ │ ├── lab5_cafe-nic1-upstreams.png │ │ ├── lab5_cafe-nic2-upstreams.png │ │ ├── lab5_diagram.png │ │ ├── lab5_nic-headless-diagram.png │ │ ├── lab5_redis-bench.png │ │ ├── lab5_redis-benchmark.png │ │ ├── nginx-azure-icon.png │ │ ├── nginx-ingress-icon.png │ │ ├── redis-benchmark-icon.png │ │ ├── redis-icon.png │ │ └── windows-icon.png │ ├── nginx-ingress-headless.yaml │ ├── nginx.conf │ ├── readme.md │ ├── redis-leader-upstreams.conf │ ├── redis.example.com.conf │ └── split-clients.conf ├── lab6 │ ├── cafe.example.com.conf │ ├── media │ │ ├── docker-icon.png │ │ ├── lab6_cafe_access_log_update.png │ │ ├── lab6_cafe_query.png │ │ ├── lab6_cafe_query_details.png │ │ ├── lab6_cafe_query_save.png │ │ ├── lab6_create_dashboard.png │ │ ├── lab6_default_chart.png │ │ ├── lab6_default_query.png │ │ ├── lab6_main_access_log_update.png │ │ ├── lab6_main_ext_logformat_add.png │ │ ├── lab6_nginx_conf_editor.png │ │ ├── lab6_pin_upstream_chart.png │ │ ├── lab6_server_request_chart.png │ │ ├── lab6_show_dashboard.png │ │ ├── lab6_upstream_chart_dashboard.png │ │ ├── lab6_upstream_response_time_chart.png │ │ ├── nginx-azure-icon.png │ │ └── nginx4a_logs.png │ ├── readme.md │ └── split-clients.conf ├── lab7 │ ├── cafe.example.com.conf │ ├── media │ │ ├── docker-icon.png │ │ ├── lab7_add_certificate1.png │ │ ├── lab7_add_certificate2.png │ │ ├── lab7_add_certificate_save.png │ │ ├── lab7_add_certificate_success.png │ │ ├── lab7_browser_cert_details.png │ │ ├── lab7_browser_cert_invalid.png │ │ ├── lab7_browser_success.png │ │ ├── lab7_certificate_issuance.png │ │ ├── lab7_keyvault_screen.png │ │ ├── lab7_n4a_cert_screen.png │ │ └── nginx-azure-icon.png │ ├── readme.md │ └── self-certificate-policy.json ├── lab8 │ ├── cafe.example.com.conf │ ├── media │ │ ├── App_Registration.png │ │ ├── Authentication_add_platform.png │ │ ├── Fill_Secret_details.png │ │ ├── New_Secret_Creation.png │ │ ├── Post_App_Registration.png │ │ ├── Post_Secret_Creation.png │ │ ├── cafe-icon.png │ │ ├── curl_output.png │ │ ├── endpoints.png │ │ ├── entra-id-icon.png │ │ ├── lab8_app-registrations.png │ │ ├── lab8_azuread_redirect.png │ │ ├── lab8_azuread_success.png │ │ ├── lab8_example-register.png │ │ ├── lab8_fill-secret-details.png │ │ ├── lab8_new-secret-creation.png │ │ ├── lab8_overview.png │ │ ├── lab8_post-secret-creation.png │ │ ├── nginx-azure-icon.png │ │ └── redirect_url_setup.png │ ├── nginx.conf │ ├── openid_connect.js │ ├── openid_connect.server_conf │ ├── openid_connect_configuration.conf │ ├── readme.md │ └── zonesync.conf ├── lab9 │ ├── juiceshop-vs.yaml │ ├── juiceshop.example.com.conf │ ├── juiceshop.yaml │ ├── media │ │ ├── juiceshop-icon.png │ │ ├── lab9_chrome-add-headers.png │ │ ├── lab9_chrome-hit-miss-expired.png │ │ ├── lab9_chrome-manage-headers.png │ │ ├── lab9_chrome-new-columns.png │ │ ├── lab9_diagram.png │ │ ├── lab9_juiceshop-upstreams.png │ │ ├── lab9_rate-100.png │ │ ├── lab9_rate-1000.png │ │ ├── lab9_ratelimit-429.png │ │ ├── lab9_ratelimit-503.png │ │ ├── lab9_ratelimit-dry-run.png │ │ ├── mygarage-icon.png │ │ ├── nginx-azure-icon.png │ │ ├── nginx-cache-icon.png │ │ └── speedometer-icon.jpeg │ ├── nginx.conf │ ├── rate_limits.conf │ └── readme.md ├── labs-optional │ ├── garage-readme.md │ ├── media │ │ └── nginx-azure-icon.png │ └── readme.md ├── media │ ├── developer-seated.svg │ ├── docker-icon.png │ ├── kubernetes-icon.png │ ├── maxmind-icon.png │ ├── n4aworkshop-banner.png │ ├── nginx-azure-icon.png │ ├── nginx-plus-icon.png │ ├── redis-icon.png │ └── robot.svg └── readme.md └── n4a-configs ├── etc └── nginx │ ├── conf.d │ ├── aks1-upstreams.conf │ ├── aks2-upstreams.conf │ ├── cafe-docker-upstreams.conf │ ├── cafe.example.com.conf │ ├── nic1-dashboard-upstreams.conf │ ├── nic1-dashboard.conf │ ├── nic2-dashboard-upstreams.conf │ ├── nic2-dashboard.conf │ └── windows-upstreams.conf │ └── includes │ └── keepalive.conf └── var ├── nginx.conf └── www └── index.html /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Main global owner # 2 | ##################### 3 | * 4 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "" 5 | labels: "" 6 | assignees: "" 7 | --- 8 | 9 | ### Describe the bug 10 | 11 | A clear and concise description of what the bug is. 12 | 13 | ### To reproduce 14 | 15 | Steps to reproduce the behavior: 16 | 17 | 1. Deploy this project using ... 18 | 2. View output/logs/configuration on ... 19 | 3. See error 20 | 21 | ### Expected behavior 22 | 23 | A clear and concise description of what you expected to happen. 24 | 25 | ### Your environment 26 | 27 | - Version/release of this project or specific commit 28 | 29 | - Target deployment platform 30 | 31 | ### Additional context 32 | 33 | Add any other context about the problem here. 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "" 5 | labels: "" 6 | assignees: "" 7 | --- 8 | 9 | ### Is your feature request related to a problem? Please describe 10 | 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when ... 12 | 13 | ### Describe the solution you'd like 14 | 15 | A clear and concise description of what you want to happen. 16 | 17 | ### Describe alternatives you've considered 18 | 19 | A clear and concise description of any alternative solutions or features you've considered. 20 | 21 | ### Additional context 22 | 23 | Add any other context or screenshots about the feature request here. 24 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2 3 | updates: 4 | - package-ecosystem: github-actions 5 | directory: / 6 | schedule: 7 | interval: weekly 8 | day: monday 9 | time: "00:00" 10 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ### Proposed changes 2 | 3 | Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR). 4 | 5 | ### Checklist 6 | 7 | Before creating a PR, run through this checklist and mark each as complete. 8 | 9 | - [ ] I have read the [`CONTRIBUTING`](https://github.com/nginxinc/nginx-azure-workshops/blob/main/CONTRIBUTING.md) document 10 | - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works 11 | - [ ] If applicable, I have checked that any relevant tests pass after adding my changes 12 | - [ ] I have updated any relevant documentation ([`README.md`](https://github.com/nginxinc/nginx-azure-workshops/blob/main/README.md) and [`CHANGELOG.md`](https://github.com/nginxinc/nginx-azure-workshops/blob/main/CHANGELOG.md)) 13 | -------------------------------------------------------------------------------- /.github/workflows/ossf_scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | name: OSSF Scorecard 5 | on: 6 | # For Branch-Protection check. Only the default branch is supported. See 7 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 8 | branch_protection_rule: 9 | # To guarantee Maintained check is occasionally updated. See 10 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 11 | schedule: 12 | - cron: "0 0 * * 1" 13 | push: 14 | branches: [main, master] 15 | # Declare default permissions as read only. 16 | permissions: read-all 17 | jobs: 18 | analysis: 19 | name: Scorecard analysis 20 | runs-on: ubuntu-22.04 21 | permissions: 22 | # Needed if using Code scanning alerts 23 | security-events: write 24 | # Needed for GitHub OIDC token if publish_results is true 25 | id-token: write 26 | # Uncomment the permissions below if installing in a private repository. 27 | # contents: read 28 | # actions: read 29 | # issues: read # To allow GraphQL ListCommits to work 30 | # pull-requests: read # To allow GraphQL ListCommits to work 31 | # checks: read # To detect SAST tools 32 | steps: 33 | - name: Check out the codebase 34 | uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 35 | with: 36 | persist-credentials: false 37 | 38 | - name: Run analysis 39 | uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 40 | with: 41 | results_file: results.sarif 42 | results_format: sarif 43 | # (Optional) fine-grained personal access token. Uncomment the `repo_token` line below if: 44 | # - you want to enable the Branch-Protection check on a *public* repository, or 45 | # - you are installing Scorecard on a *private* repository 46 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional. 47 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 48 | 49 | # Publish the results for public repositories to enable scorecard badges. For more details, see 50 | # https://github.com/ossf/scorecard-action#publishing-results. 51 | # For private repositories, `publish_results` will automatically be set to `false`, regardless 52 | # of the value entered here. 53 | publish_results: true 54 | 55 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 56 | # format to the repository Actions tab. 57 | - name: Upload artifact 58 | uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 59 | with: 60 | name: SARIF file 61 | path: results.sarif 62 | retention-days: 5 63 | 64 | # Upload the results to GitHub's code scanning dashboard. 65 | - name: Upload SARIF results to code scanning 66 | uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 67 | with: 68 | sarif_file: results.sarif 69 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Any private crt and keys # 2 | ############################ 3 | *.crt 4 | *.key 5 | *.jwt 6 | *~ 7 | \#* 8 | 9 | # OS Specific # 10 | ############### 11 | Thumbs.db 12 | .DS_Store 13 | .vscode 14 | 15 | # Logs # 16 | ######## 17 | *.log 18 | /.vs 19 | 20 | # Misc Dir # 21 | ############ 22 | .apc/ 23 | 24 | #Kubernetes-ingress# 25 | #################### 26 | kubernetes-ingress 27 | 28 | # Deployment Script Artifacts 29 | ############################# 30 | n4a-configs.tar.gz 31 | package.json 32 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## 1.0.0 (April 1, 2024) 4 | 5 | Initial release of the NGINXaaS for Azure Workshop. 6 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. 6 | 7 | We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. 8 | 9 | ## Our Standards 10 | 11 | Examples of behavior that contributes to a positive environment for our community include: 12 | 13 | - Demonstrating empathy and kindness toward other people 14 | - Being respectful of differing opinions, viewpoints, and experiences 15 | - Giving and gracefully accepting constructive feedback 16 | - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience 17 | - Focusing on what is best not just for us as individuals, but for the overall community 18 | 19 | Examples of unacceptable behavior include: 20 | 21 | - The use of sexualized language or imagery, and sexual attention or advances of 22 | any kind 23 | - Trolling, insulting or derogatory comments, and personal or political attacks 24 | - Public or private harassment 25 | - Publishing others' private information, such as a physical or email address, without their explicit permission 26 | - Other conduct which could reasonably be considered inappropriate in a professional setting 27 | 28 | ## Enforcement Responsibilities 29 | 30 | Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. 31 | 32 | Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. 33 | 34 | ## Scope 35 | 36 | This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event. 37 | 38 | ## Enforcement 39 | 40 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at . All complaints will be reviewed and investigated promptly and fairly. 41 | 42 | All community leaders are obligated to respect the privacy and security of the reporter of any incident. 43 | 44 | ## Enforcement Guidelines 45 | 46 | Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: 47 | 48 | ### 1. Correction 49 | 50 | **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. 51 | 52 | **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. 53 | 54 | ### 2. Warning 55 | 56 | **Community Impact**: A violation through a single incident or series of actions. 57 | 58 | **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. 59 | 60 | ### 3. Temporary Ban 61 | 62 | **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. 63 | 64 | **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. 65 | 66 | ### 4. Permanent Ban 67 | 68 | **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. 69 | 70 | **Consequence**: A permanent ban from any sort of public interaction within the community. 71 | 72 | ## Attribution 73 | 74 | This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1, available at . 75 | 76 | Community Impact Guidelines were inspired by 77 | [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion). 78 | 79 | For answers to common questions about this code of conduct, see the FAQ at . Translations are available at . 80 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | The following is a set of guidelines for contributing to this project. We really appreciate that you are considering contributing! 4 | 5 | #### Table Of Contents 6 | 7 | [Getting Started](#getting-started) 8 | 9 | [Contributing](#contributing) 10 | 11 | [Code of Conduct](https://github.com/nginxinc/nginx-azure-workshops/blob/main/CODE_OF_CONDUCT.md) 12 | 13 | ## Getting Started 14 | 15 | Follow our [Getting Started Guide](https://github.com/nginxinc/nginx-azure-workshops/blob/main/README.md#Getting-Started) to get this project up and running. 16 | 17 | 18 | 19 | ## Contributing 20 | 21 | ### Report a Bug 22 | 23 | To report a bug, open an issue on GitHub with the label `bug` using the available bug report issue template. Please ensure the bug has not already been reported. **If the bug is a potential security vulnerability, please report it using our [security policy](https://github.com/nginxinc/nginx-azure-workshops/blob/main/SECURITY.md).** 24 | 25 | ### Provide Feedback on a Lab Exercise 26 | 27 | To send us feedback, please create an issue on GitHub with the label `feedback` using the available feedback template. 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NGINXaaS for Azure Workshop 301 2 | 3 | ![](labs/media/nginx-azure-icon.png) 4 | 5 |
6 | 7 | This Repo is for learning **`NGINX as a Service in Azure`**, with Instructor Lead and Hands-on Lab Exercises and Lab Guides that will teach a student using real world scenarios for using NGINX in front of Azure Resources. 8 | 9 |
10 | 11 | **This is an Advanced, 300 Level Workshop.** 12 | 13 | ## Audience 14 | 15 | This Workshop is meant for Cloud and Application Architects, Modern Application Developers, DevOps, Platform Ops, and SRE engineers working with NGINX, Azure, Docker, Kubernetes and Ingress Controllers, to learn and understand how NGINX for Azure works - how it is configured, deployed, monitored and managed. Using various Azure Resources like VMs, containers, AKS Clusters, and Azure networking, you will deploy real applications for external access using Nginx for Azure. 16 | 17 | `The Student taking this Advanced Workshop must have intermediate skills and knowledge with the following:` 18 | 19 | - Azure Cloud, Portal and Azure CLI 20 | - NGINX Webserver, Reverse Proxy, Load Balancing 21 | - NGINX Ingress Controller 22 | - Kubernetes Administration 23 | - Redis In Memory Cache and Redis Tools 24 | - TCP, HTTP/S, DNS, Redis protocols and traffic 25 | - Chrome or browser diagnostic tools 26 | - Linux OS commands and tools 27 | - Container / Docker administration 28 | - Visual Studio Code 29 | 30 | You should be proficient with the following technologies and concepts. 31 | 32 | - Nginx Webserver and Reverse Proxy 33 | - Nginx Ingress Controller 34 | - Kubernetes; nodes, pods, deployments, services, ingress, nodeport 35 | - Azure Cloud; subscriptions, networking, VMs, AKS Clusters 36 | - Various Desktop tools; Visual Studio, Linux, Terminal, Chrome 37 | 38 |
39 | 40 | ## Knowledge and Skills Requirements 41 | 42 |
43 | 44 | NGINXaaS for Azure | Hands-On Labs 45 | :-------------------------:|:-------------------------: 46 | ![](labs/media/nginx-azure-icon.png) | ![](labs/media/developer-seated.svg) 47 | 48 |
49 | 50 | To meet the Prerequisite skills requirement, there are other Workshops from Nginx and Azure Learning to help you prepare. The student must have completed the previous two Nginx Workshops, prior to taking this workshop. (Or have equivalent knowledge). 51 | 52 | - Nginx Basics Workshop - 101 (https://github.com/nginxinc/nginx-basics-workshops/tree/master/labs) 53 | - Nginx Plus Ingress Workshop - 201 (https://github.com/nginxinc/nginx-ingress-workshops/tree/main/Plus/labs) 54 | - Azure Portal and AzureCLI training from Microsoft Learn (https://learn.microsoft.com/en-us/training/azure/) 55 | 56 | See [Lab0 Readme](/labs/lab0/readme.md) for the Hardware/Software and Skills Prerequisites for taking this Workshop and completing the Lab Exercises. 57 | 58 |
59 | 60 | ## Getting Started 61 | 62 | Review the Github Repo content for the Nginx Basics and Nginx Plus Ingress Workshops. If you have taken these Workshops, and understand the content, you can successfully complete the Lab exercises in this Nginx for Azure Workshop. It is HIGHLY recommended that you complete the 101 and 201 Workshops prior. 63 | 64 | It is HIGHLY recommended that you complete Azure Training from http://learn.microsoft.com, so you are familiar with Azure Portal, menus, and various resources and components. 65 | 66 | It will take approximately 4 hours to complete the Nginx for Azure Workshop. 67 | 68 |
69 | 70 | ## How to Use 71 | 72 | The content and lab exercises are presented in a sequence as you build and add additional Nginx and Azure features and functionality as you progress. It is essential that the Lab Exercises are completed in the order provided. This content provided is for example only, is not for production workloads. The user of this information assumes all risks. 73 | 74 | - Click [LabGuide](labs/readme.md) to begin the Lab Exercises. 75 | - Click [Lab0 Readme](labs/lab0/readme.md) to review the Lab0 Prerequisites - "Know before you Go". 76 | 77 |
78 | 79 | ## Contributing 80 | 81 | Please see the [contributing guide](https://github.com/nginxinc/nginx-azure-workshops/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. 82 | 83 | ## License 84 | 85 | [Apache License, Version 2.0](https://github.com/nginxinc/nginx-azure-workshops/blob/main/LICENSE) 86 | 87 | © [F5, Inc.](https://www.f5.com/) 2024 88 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Latest Versions 4 | 5 | We advise users to run the most recent release of the nginx_azure_workshops. Older versions of the nginx_azure_workshops may not have all enhancements and/or bug fixes applied to them. 6 | 7 | ## Reporting a Vulnerability 8 | 9 | The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities. 10 | 11 | - If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). 12 | - If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at F5SIRT@f5.com. 13 | 14 | For more information visit [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability) 15 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | ## Ask a Question 4 | 5 | We use GitHub for tracking bugs and feature requests related to this project. 6 | 7 | Don't know how something in the nginx_azure_workshops works? Curious if the nginx_azure_workshops can achieve your desired functionality? Please open an issue on GitHub with the label `question`. 8 | 9 |
10 | 11 | ## NGINX Specific Questions and/or Issues 12 | 13 | This isn't the right place to get support for NGINX specific questions, but the following resources are available below. Thanks for your understanding! 14 | 15 |
16 | 17 | ## F5 Support 18 | 19 | If you’re an F5 customer with NGINX Plus and an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support). 20 | 21 |
22 | 23 | ## Documentation 24 | 25 | For a comprehensive list of all NGINX directives, check out . 26 | 27 | For a comprehensive list of all NGINX variables, check out . 28 | 29 | For a comprehensive list of admin and deployment guides for NGINX Plus, check out . 30 | 31 | For a comprehensive list of admin and deployment guides for all NGINX products, check out . 32 | 33 |
34 | 35 | ### Mailing List 36 | 37 | Want to get in touch with the NGINX development team directly? Try using the relevant mailing list found at ! 38 | 39 |
40 | 41 | ## Contributing 42 | 43 | Please see the [contributing guide](https://github.com/nginxinc/nginx-azure-workshops/blob/main/CONTRIBUTING.md) for guidelines on how to best contribute to this project. 44 | 45 |
46 | 47 | ## Commercial Support 48 | 49 | Commercial support for this project may be available. Please get in touch with [NGINX sales](https://www.nginx.com/contact-sales/) or check your contract details for more info! 50 | 51 |
52 | 53 | ### Community Slack 54 | 55 | We have a community [Slack](https://nginxcommunity.slack.com/)! 56 | 57 | If you are not a member, click [here](https://community.nginx.org/joinslack) to sign up (and let us know if the link does not seem to be working!) 58 | 59 | Once you join, check out the `#beginner-questions` and `nginx-users` channels :) 60 | -------------------------------------------------------------------------------- /auto-lab.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ########################################################################## 4 | # # 5 | # Id: n4a-auto-lab.sh Release 0.9.0 2024/09/03 09:00:00 acurrier # 6 | # (C) Copyright F5, Inc. 2024 # 7 | # # 8 | # n4a-auto-lab.sh - Pre-build environments for Azure labs on OS X # 9 | # Author: Adam Currier # 10 | # Version: 0.9.0, Date: 2024/09/03 09:00:00 # 11 | # # 12 | ########################################################################## 13 | 14 | #------------------------------------------------------------------------- 15 | # Todo 16 | #------------------------------------------------------------------------- 17 | # Need to log things to track what is going on. Use tee or redirects. 18 | # Could ask for owner and location values - add this via prompt. 19 | # 20 | 21 | #------------------------------------------------------------------------- 22 | # Set Variables 23 | #------------------------------------------------------------------------- 24 | NAME="n4a-auto-lab.sh" 25 | VERSION="1" 26 | LOG_FILE="n4a-autolab.log" # not used yet, but will be soon 27 | export MY_LOCATION=centralus # can be changed to your location 28 | 29 | # On OS X, you can pull your username. You can also set it yourself for use in the script: 30 | # export OWNER= 31 | export MY_NAME=$(whoami) 32 | 33 | #------------------------------------------------------------------------- 34 | # Sourced files 35 | #------------------------------------------------------------------------- 36 | source functions.sh 37 | 38 | #------------------------------------------------------------------------- 39 | # add some basic best practice settings to this script: 40 | #------------------------------------------------------------------------- 41 | set -o errexit 42 | #set -o nounset 43 | set -o pipefail 44 | 45 | #------------------------------------------------------------------------- 46 | # Let's add some debugging to the script. 47 | #------------------------------------------------------------------------- 48 | if [ "${_DEBUG:-}" == "true" ]; then 49 | set -x 50 | fi 51 | 52 | #------------------------------------------------------------------------- 53 | # Lab Functions: 54 | #------------------------------------------------------------------------- 55 | 56 | ## Lab 1 57 | function lab1(){ 58 | cleanup 59 | create_resource_group 60 | create_vnet 61 | create_security_group 62 | create_security_group_rules 63 | create_subnets 64 | create_public_ip 65 | create_identity 66 | create_n4a_deployment 67 | create_analytics 68 | 69 | echo 70 | echo "Lab1 infrastructure creation completed!" 71 | echo 72 | } 73 | 74 | ## Lab 2 75 | function lab2(){ 76 | cleanup 77 | create_ubuntu_vm 78 | secure_port_22 79 | create_windows_vm 80 | secure_port_3389 81 | 82 | echo 83 | echo "Lab2 infrastructure creation completed!" 84 | echo 85 | } 86 | 87 | ## Lab 3 88 | function lab3(){ 89 | cleanup 90 | create_aks_cluster1 91 | clone_repo 92 | create_nic_resources1 93 | create_jwt1 94 | deploy_nic1 95 | create_aks_cluster2 96 | create_nic_resources2 97 | create_jwt2 98 | deploy_nic2 99 | kubectl_apply 100 | create_nsg_rule_aks 101 | 102 | echo 103 | echo "Lab3 infrastructure creation completed!" 104 | echo 105 | } 106 | 107 | ## Lab 4 108 | function lab4(){ 109 | cleanup 110 | deploy_apps 111 | get_node_ids 112 | create_archive 113 | upload_archive 114 | update_hosts_file 115 | 116 | echo 117 | echo "Lab4 infrastructure creation completed!" 118 | echo 119 | } 120 | 121 | function lab99(){ 122 | cleanup 123 | create_resource_group 124 | create_vnet 125 | create_security_group 126 | create_security_group_rules 127 | create_subnets 128 | create_public_ip 129 | create_identity 130 | create_n4a_deployment 131 | create_analytics 132 | create_ubuntu_vm 133 | secure_port_22 134 | create_windows_vm 135 | secure_port_3389 136 | create_aks_cluster1 137 | clone_repo 138 | create_nic_resources1 139 | create_jwt1 140 | deploy_nic1 141 | create_aks_cluster2 142 | create_nic_resources2 143 | create_jwt2 144 | deploy_nic2 145 | kubectl_apply 146 | create_nsg_rule_aks 147 | deploy_apps 148 | get_node_ids 149 | create_archive 150 | upload_archive 151 | update_hosts_file 152 | 153 | echo 154 | echo "All infrastructure creation completed!" 155 | echo 156 | } 157 | 158 | ## LabTest 159 | function labtest(){ 160 | azcli_test 161 | nginx_ext_test 162 | nginx_jwt_test 163 | 164 | echo 165 | echo "Testing of lab conditions completed." 166 | echo 167 | } 168 | 169 | # How to use the script 170 | DELETE=0 171 | OPTSTRING=":adehtl:n:" 172 | 173 | function usage { 174 | cat <] [-n MY_NAME][-a] [-d] [-h] 177 | Purpose: 178 | In Azure, build the labs for the NGINXaaS workshop. 179 | - Must have valid NGINX Plus JWT in Lab 3 folder. 180 | - Azure CLI must be installed and logged in. 181 | - Currently tested on OS X 182 | 183 | Inputs: 184 | -l NUMBER 185 | This option allows you to choose which lab to build. Labs are built 186 | on top of each other (there are dependencies), so prior labs will be 187 | built. 188 | -a 189 | Build lab2, 3 or 4. All labs should be built sequentially. 190 | -d 191 | Delete the whole resource group (will ask for confirmation) 192 | -h 193 | Display this usage help text 194 | -t 195 | Test basic environment setup to be sure the script can run. 196 | 197 | EOT 198 | } 199 | 200 | while getopts ${OPTSTRING} opt; do 201 | case ${opt} in 202 | l) 203 | echo "Option -l was triggered, Argument: ${OPTARG}" 204 | LAB=${OPTARG} 205 | ;; 206 | a) 207 | echo "Option -a was triggered, running setup" 208 | LAB=4 209 | ;; 210 | d) 211 | echo "Option -d was triggered, running deletion" 212 | DELETE=1 213 | ;; 214 | e) 215 | echo "Option -e was triggered, building everything!" 216 | LAB=99 217 | ;; 218 | h) 219 | echo "Option -h was triggered, running usage" 220 | USAGE=1 221 | ;; 222 | t) 223 | echo "Option -t was triggered, running tests" 224 | TEST=1 225 | ;; 226 | :) 227 | echo "Option -${OPTARG} requires an argument." 228 | exit 1 229 | ;; 230 | ?) 231 | echo "Invalid option: -${OPTARG}." 232 | exit 1 233 | ;; 234 | esac 235 | done 236 | 237 | ## Execute the functions for setup, etc. 238 | 239 | function main() { 240 | if [[ $LAB == 1 ]]; then 241 | clear 242 | setup 243 | lab1 244 | elif [[ $LAB == 2 ]]; then 245 | clear 246 | setup 247 | lab2 248 | elif [[ $LAB == 3 ]]; then 249 | clear 250 | setup 251 | lab3 252 | elif [[ $LAB == 4 ]]; then 253 | clear 254 | setup 255 | lab4 256 | display 257 | elif [[ $LAB == 99 ]]; then 258 | clear 259 | setup 260 | lab99 261 | display 262 | elif [[ $DELETE == 1 ]]; then 263 | clear 264 | setup 265 | delete 266 | elif [[ $USAGE == 1 ]]; then 267 | clear 268 | usage 269 | elif [[ $TEST == 1 ]]; then 270 | clear 271 | labtest 272 | else 273 | echo "Nothing to do!" 274 | fi 275 | 276 | } 277 | 278 | main -------------------------------------------------------------------------------- /labs/lab0/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/docker-icon.png -------------------------------------------------------------------------------- /labs/lab0/media/kubernetes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/kubernetes-icon.png -------------------------------------------------------------------------------- /labs/lab0/media/n4a-workshop-diagram-r7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/n4a-workshop-diagram-r7.png -------------------------------------------------------------------------------- /labs/lab0/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab0/media/nginx-plus-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/nginx-plus-icon.png -------------------------------------------------------------------------------- /labs/lab0/media/redis-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab0/media/redis-icon.png -------------------------------------------------------------------------------- /labs/lab0/readme.md: -------------------------------------------------------------------------------- 1 | # Setup your Computer for NGINX Workshops 2 | 3 | ## Introduction 4 | 5 | In this Workshop, you will build a working Lab environment in Azure, and use Nginx for Azure to control traffic to these Azure Resources. The architecture you will build will look like this diagram: 6 | 7 | ![N4A Workshop](media/n4a-workshop-diagram-r7.png) 8 | 9 | In order to build this environment, your computer hardware, software, and applications must be properly installed and functional. This is the list of Prerequisite needed to successfully complete this Workshop as a Student. 10 | 11 | >It is `highly recommended` for Students attending this Workshop to be proficient with NGINX and Azure and have some experience with Kubernetes and Docker administration, networking tools, and Load Balancing concepts. An `Azure Subscription` and Admin level access to Azure Portal is required. Previous experience with Visual Studio Code and Redis Tools is also recommended. 12 | 13 |
14 | 15 | ## Prerequisites 16 | 17 | In this Lab0, the requirements for both the Student and the Azure environment will be described. 18 | 19 | > **IMPORTANT!** It is imperative that you have the appropriate computer, tools, and Azure Subscription privileges to successfully complete the Workshop. 20 | 21 |
22 | 23 | NGINXaaS for Azure | NGINX Plus | Kubernetes | Docker | Redis 24 | :-------------------------:|:-------------------------:|:-------------------------:|:-------------------------:|:-------------------------: 25 | ![](media/nginx-azure-icon.png) | ![](media/nginx-plus-icon.png) | ![](media/kubernetes-icon.png) | ![](media/docker-icon.png) | ![](media/redis-icon.png) 26 | 27 |
28 | 29 | ## Student Azure Subscription Requirements 30 | 31 | **IMPORTANT:** Students taking this Workshop will require `Owner` level privileges to complete the Lab Exercises. In addition, Students will also require the following Subscription privileges. Consult with your IT Cloud Team to ensure you have the necessary privileges for the following items, *prior* to attempting the Workshop Exercises: 32 | 33 | 1. Multiple `Public Ip Addresses` used in this lab. 34 | 35 | - Public IP Address for the Nginx for Azure instance 36 | - Public IP Address for the UbuntuVM 37 | - Public IP Address for the Kubernetes Cluster API Server for the AKS instance(s) 38 | 39 | 2. `Azure Key Vault` used in this lab, to create TLS certificates and keys. 40 | 41 | 3. `Entra ID` used in this lab, to create Applications and Settings for the OIDC/JWT integration with Nginx. 42 | 43 |
44 | 45 | ### Student Hardware/Software/Azure Requirements 46 | 47 | Verify you have the proper computer requirements - hardware and software. 48 | - Hardware: Laptop, Admin rights, Internet connection 49 | - Software: Visual Studio, Terminal, Chrome, Docker, AKS and Azure CLI. 50 | - You will need the Azure Command Line Interface tool (version 2.61.0 or higher) installed on your client machine to manage your Azure services. See [Azure CLI Installation](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) for instructions. 51 | - You will also need the Azure CLI `NGINX` extension added. See [Azure CLI Extensions](https://learn.microsoft.com/en-us/cli/azure/azure-cli-extensions-overview) for instructions. 52 | - Verify you have proper computer skills: Linux CLI, files, SSH/Terminal, Docker/Compose, Azure Portal, Load Balancing concepts, Linux tools, Azure CLI 53 | - Verify you have the proper access to Azure resources: Azure Subscription with Admin/Owner level access 54 | 55 |
56 | 57 | 58 | ### Required Skills 59 | 60 | - Nginx for Azure NGINXperts Workshop has minimum REQUIRED Nginx Skills: Students must be familiar with Nginx operation, configurations, and concepts for HTTP traffic. 61 | - The NGINXperts Basics Workshop is HIGHLY recommended, students should have taken this workshop prior. 62 | - The NGINXperts Plus Ingress Controller workshop is also HIGHLY recommended, students should have taken this workshop prior. 63 | - Azure admin skills, previous training from Microsoft Learn is HIGHLY recommended. 64 | - Recommended: TLS, DNS, HTTP caching, Grafana, Redis 65 | 66 |
67 | 68 | [NGINXperts Basics Workshop](https://github.com/nginxinc/nginx-basics-workshops) 69 | 70 | [NGINXperts Nginx Plus Ingress Controller Workshop](https://github.com/nginxinc/nginx-ingress-workshops/tree/main/Plus/labs) 71 | 72 |
73 | 74 | **This completes Lab0.** 75 | 76 |
77 | 78 | ## References: 79 | 80 | - [NGINX As A Service for Azure](https://docs.nginx.com/nginxaas/azure/) 81 | - [NGINX Plus Product Page](https://docs.nginx.com/nginx/) 82 | - [NGINX Ingress Controller](https://docs.nginx.com//nginx-ingress-controller/) 83 | - [NGINX on Docker](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/) 84 | - [NGINX Directives Index](https://nginx.org/en/docs/dirindex.html) 85 | - [NGINX Variables Index](https://nginx.org/en/docs/varindex.html) 86 | - [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/) 87 | - [NGINX - Join Community Slack](https://community.nginx.org/joinslack) 88 | 89 |
90 | 91 | ### Authors 92 | 93 | - Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc. 94 | - Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc. 95 | - Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc. 96 | - Steve Wagner - Solutions Architect - Community and Alliances @ F5, Inc. 97 | 98 | ------------- 99 | 100 | Navigate to ([Lab1](../lab1/readme.md) | [LabGuide](../readme.md)) 101 | -------------------------------------------------------------------------------- /labs/lab1/media/lab1_autolab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_autolab.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_azure-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_azure-network.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_azure-subnets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_azure-subnets.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_copy_ip_address.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_copy_ip_address.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_diagram.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_n4a_index_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_n4a_index_page.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_nginx_conf_editor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_nginx_conf_editor.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_nginx_conf_populate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_nginx_conf_populate.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_nginx_conf_submit_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_nginx_conf_submit_success.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_portal_n4a_home.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_portal_n4a_home.png -------------------------------------------------------------------------------- /labs/lab1/media/lab1_portal_rg_home.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/lab1_portal_rg_home.png -------------------------------------------------------------------------------- /labs/lab1/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab1/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab10/media/EntraID-sign_in.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/EntraID-sign_in.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-import.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-import.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-import2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-import2.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-json.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-json.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-k8s-vm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-k8s-vm.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-n4a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-n4a.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards-new.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards-new.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-dashboards.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-dashboards.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-icon.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-landing-page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-landing-page.png -------------------------------------------------------------------------------- /labs/lab10/media/grafana-variables.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/grafana-variables.png -------------------------------------------------------------------------------- /labs/lab10/media/managed-grafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/managed-grafana.png -------------------------------------------------------------------------------- /labs/lab10/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab10/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab10/readme.md: -------------------------------------------------------------------------------- 1 | # Monitoring NGINXaaS for Azure with Grafana 2 | 3 | ## Introduction 4 | 5 | In this lab, you will be exploring the integration between NGINXaaS for Azure and Grafana for monitoring of the service. NGINX as a Service for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. 6 | 7 | NGINXaaS is powered by NGINX Plus, so much of the configuration is similar to what you are already used to. We will use Grafana to create a dashboard in which we will monitor: 8 | - HTTP requests 9 | - HTTP Metrics 10 | - Cache Hit Ratio 11 | - SSL Metrics 12 | - Upstream Response Time 13 | - Health checks 14 | 15 | The data for these will be based on the work done in previous labs. 16 | 17 | 18 | 19 | NGINXaaS for Azure | Grafana 20 | :-------------------------:|:-------------------------: 21 | ![N4A](media/nginx-azure-icon.png) | ![Grafana](media/grafana-icon.png) 22 | 23 | ## Learning Objectives 24 | 25 | By the end of the lab you will be able to: 26 | 27 | - Create a Grafana managed instance in Azure 28 | - Create a Dashboard to monitor metrics in NGINXaaS for Azure 29 | - Test the Grafana Server 30 | - View the Grafana Dashboard 31 | 32 | ## Pre-Requisites 33 | 34 | - You must be using NGINXaaS for Azure 35 | - See `Lab0` for instructions on setting up your system for this Workshop 36 | - Have Docker installed to run workloads (for graph data) 37 | - Familiarity with basic Linux commands and commandline tools 38 | - Familiarity with basic HTTP protocol 39 | - Familiarity with Grafana 40 | 41 | 42 | 1. Ensure you are in the `lab10` folder. We will set two environment variables and then use these to create the Grafana Instance via the Azure CLI. 43 | 44 | > Please Note there is a charge associated with standing up a Managed Grafana instance in Azure and you should be sure to delete the resources when you are finished exploring the lab. 45 | 46 | The resource group should be the same as the one you have been using for the whole workshop. If it is not set, do it here. The MY_GRAFANA variable is what the resource will be called when you are looking for it in Azure. 47 | 48 | ```bash 49 | export MY_RESOURCEGROUP=a.currier-workshop 50 | export MY_GRAFANA=grafanaworkshop 51 | 52 | az grafana create --name $MY_GRAFANA --resource-group $MY_RESOURCEGROUP 53 | ``` 54 | 55 | 2. In the output of the above command, take note of the endpoint that has been created for you. It should be found in a key labelled *endpoint*. 56 | 57 | ![Managed Grafana](media/managed-grafana.png) 58 | 59 | Using the endpoint URL you can log into the Managed Grafana instance using your Microsoft Entra ID (that you have been using for these labs). If you forgot to grab the endpoint URL, you can retrieve it via the Azure CLI tool: 60 | ```bash 61 | az grafana show --name $MY_GRAFANA --resource-group $MY_RESOURCEGROUP --query "properties.endpoint" --output tsv 62 | ``` 63 | 64 | Open a web browser and go to the endpoint address listed. You should see an Entra ID login which may or may not have your credentials pre-populated: 65 | 66 | 67 | ![Sign In](media/EntraID-sign_in.png) 68 | 69 | Once signed in, you will be taken to the default Grafana landing page. 70 | 71 | ![Sign In](media/grafana-landing-page.png) 72 | 73 | From here we will want to click on the Dashboards Menu on the left hand side. 74 | 75 | ![Dashboards Menu](media/grafana-dashboards.png) 76 | 77 | In the upper right of the page is a blue drop down button. We will select *Import*: 78 | 79 | ![Dashboard Import](media/grafana-dashboards-new.png) 80 | 81 | In Visual Studio Code, navigate to the Lab10 folder. Open the N4A-Dashboard.json file and inspect it. 82 | 83 | This template file makes use of Grafana Variables to make it easier to customize to your environment. Let's retrieve the values we will need for the dashboard in the VS terminal by running the following commands: 84 | 85 | ```bash 86 | export MY_RESOURCEGROUP=$(az resource list --resource-group a.currier-workshop --resource-type Nginx.NginxPlus/nginxDeployments --query "[].resourceGroup" -o tsv) 87 | export MY_RESOURCENAME=$(az resource list --resource-group a.currier-workshop --resource-type Nginx.NginxPlus/nginxDeployments --query "[].name" -o tsv) 88 | export MY_LOCATION=$(az resource list --resource-group a.currier-workshop --resource-type Nginx.NginxPlus/nginxDeployments --query "[].location" -o tsv) 89 | export MY_AKSCluster1=n4a-aks1 90 | export MY_AKSCluster2=n4a-aks2 91 | export MY_WindowsVM=windowsvm 92 | export MY_UbuntuVM=ubuntuvm 93 | ``` 94 | 95 | Confirm the values were set: 96 | ```bash 97 | set | grep MY 98 | MY_AKSCluster1=n4a-aks1 99 | MY_AKSCluster2=n4a-aks2 100 | MY_LOCATION=eastus 101 | MY_RESOURCEGROUP=a.currier-workshop 102 | MY_RESOURCENAME=nginx4a 103 | MY_UbuntuVM=ubuntuvm 104 | MY_WindowsVM=windowsvm 105 | ``` 106 | 107 | Now that we have these 7 values we can use them in the Dashboard template. 108 | 109 | Copy the code from the N4A-Dashboard.json file. In the grafana import window, paste the code into the import field and then click the blue load button. 110 | 111 | ![Dashboard Import](media/grafana-dashboards-json.png) 112 | 113 | To get the Dashboards to load. Replace each variable field at the top (see image) with the values you retrieved for your lab: 114 | 115 | ![Dashboard Import](media/grafana-variables.png) 116 | 117 | ### Generate a workload 118 | 119 | 1. Start the WRK load generation tool. This will provide some traffic to the NGINXaaS for Azure instance, so that the statistics will be increasing. 120 | 121 | ```bash 122 | docker run --rm williamyeh/wrk -t20 -d600s -c1000 https://cafe.example.com/ 123 | ``` 124 | 125 |
126 | 127 | 128 | ### Grafana 129 | 130 | We now have a working dashboard displaying some key metrics of the NGINX for Azure service. As with most dashboards, you can adjust the time intervals, etc. to get a better look at the data. Feel free to explore each of the data panels. 131 | 132 | ![Grafana Dashboard](media/grafana-dashboards-n4a.png) 133 | 134 | ![Grafana Dashboard](media/grafana-dashboards-k8s-vm.png) 135 | 136 | There are many different metrics available to use and you have the option to create and build dashboards to suit your needs. For these pre-built ones, we added three sections. The first section highlights metrics for NGINXaaS. These are taken directly from the NGINXaaS Metrics page that you can find linked below. The next section is monitoring your Kubernetes clusters that you built in the previous labs. The final section adds a few metrics for the Virtual Machines that were previously created. Feel free to review each of these panels and explore adding panels of your own. 137 | 138 | To delete the Managed Grafana instance, you can do so via the CLI using this command: 139 | 140 | ```bash 141 | az grafana delete --name $MY_GRAFANA --resource-group $MY_RESOURCEGROUP --yes 142 | ``` 143 | 144 | > If the `wrk` load generation tool is still running, then you can stop it by pressing `ctrl + c`. 145 | 146 | 147 | 148 |
149 | 150 | **This completes Lab 10.** 151 | 152 |
153 | 154 | ## References: 155 | 156 | - [NGINX For Azure Metrics Catalog](https://docs.nginx.com/nginxaas/azure/monitoring/metrics-catalog/) 157 | - [Azure Managed Grafana Docs](https://learn.microsoft.com/en-us/azure/managed-grafana/) 158 | - [Build a Grafana Dashboard](https://grafana.com/docs/grafana/latest/getting-started/build-first-dashboard/) 159 | - [NGINX Admin Guide](https://docs.nginx.com/nginx/admin-guide/) 160 | - [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/) 161 | 162 |
163 | 164 |
165 | 166 | ### Authors 167 | 168 | - Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc. 169 | - Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc. 170 | - Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc. 171 | 172 | ------------- 173 | 174 | Navigate to ([Lab11](../lab11/readme.md) | [LabGuide](../readme.md)) 175 | -------------------------------------------------------------------------------- /labs/lab11/GeoIP.conf: -------------------------------------------------------------------------------- 1 | # GeoIP.conf file for `geoipupdate` program, for versions >= 3.1.1. 2 | # Used to update GeoIP databases from https://www.maxmind.com. 3 | # For more information about this config file, visit the docs at 4 | # https://dev.maxmind.com/geoip/updating-databases. 5 | 6 | # `AccountID` is from your MaxMind account. 7 | AccountID xxxxxxx 8 | 9 | # `LicenseKey` is from your MaxMind account. 10 | LicenseKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 11 | 12 | # `EditionIDs` is from your MaxMind account. 13 | EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country 14 | -------------------------------------------------------------------------------- /labs/lab11/as.geo.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - as.geo.example.com.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Nginx Server Block for GeoIP Continent Routing 5 | # 6 | # Asia Data Center 7 | # 8 | server { 9 | listen 80; 10 | server_name as.geo.example.com; 11 | 12 | location / { 13 | 14 | return 200 "Welcome to N4A Workshop, Asia website at $host\n"; 15 | add_header X-DCTEST-FQDN $host; 16 | 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /labs/lab11/downloads.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - downloads.example.com.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Nginx Map Block for Country Download Export Control 5 | # 6 | map $geoip2_data_continent_code $is_allowed { 7 | CA 1; # Canada 8 | FR 1; # France 9 | DE 1; # Germany 10 | IT 1; # Italy 11 | JP 1; # Japan 12 | UK 1; # United Kingdom 13 | US 1; # United States 14 | default 0; 15 | } 16 | # Download Server 17 | # 18 | server { 19 | listen 80; 20 | server_name downloads.example.com; 21 | 22 | access_log /var/log/nginx/downloads.example.com.log geoip2; # Add new GeoIP2 logging 23 | 24 | location /downloads { 25 | 26 | if ($is_allowed = 0) { 27 | return 403 "Access not allowed from\nCountry: $geoip2_data_country_iso_code\n"; 28 | } 29 | 30 | return 200 "Welcome to the /downloads URI\nYour IP Address is: $remote_addr\nFrom CountryISO: $geoip2_data_country_iso_code\n"; 31 | } 32 | # 33 | # Test Source IPs using XFF Header 34 | # 35 | location /testip { 36 | 37 | return 200 "Welcome to /downloads test, GeoIP2 tested IP: $http_x_forwarded_for from\nContinent: $test_geoip2_data_continent_code\nCountryISO: $test_geoip2_data_country_iso_code\n"; 38 | 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /labs/lab11/eu.geo.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - eu.geo.example.com.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Nginx Server Block for GeoIP Continent Routing 5 | # 6 | # European Data Center 7 | # 8 | server { 9 | listen 80; 10 | server_name eu.geo.example.com; 11 | 12 | location / { 13 | 14 | return 200 "Welcome to N4A Workshop, Europe website at $host\n"; 15 | add_header X-DCTEST-FQDN $host; 16 | 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /labs/lab11/geo.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - geo.example.com.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Nginx Map Block for GeoIP Continent Routing 5 | # 6 | map $geoip2_data_continent_code $nearest_data_center { 7 | EU eu; # Routes to eu.geo.example.com 8 | NA na; # Routes to na.geo.example.com 9 | AS as; # Routes to as.geo.example.com 10 | default na; # Routes to na.geo.example.com 11 | 12 | } 13 | # Main website 14 | server { 15 | listen 80; 16 | server_name geo.example.com; 17 | 18 | location / { 19 | 20 | return 200 "Welcome to N4A Workshop, GeoIP tracked your IP: $remote_addr from\nContinent: $geoip2_data_continent_code\nCountryISO: $geoip2_data_country_iso_code\nCity: $geoip2_data_city_name\nPostal: $geoip2_data_postal_code\nLat-Long: $geoip2_data_latitude $geoip2_data_longitude\nState: $geoip2_data_state_name\nStateISO: $geoip2_data_state_code\n"; 21 | 22 | } 23 | # 24 | # Data Center Redirect based on Continent 25 | # 26 | location /dctest { 27 | return 301 http://$nearest_data_center.geo.example.com; # Use HTTP Redirect to closest Data Center 28 | add_header X-GeoIP-Continent $nearest_data_center; # Add an HTTP Header for tracking 29 | } 30 | # 31 | # Test Source IPs using XFF Header 32 | # 33 | location /testip { 34 | 35 | return 200 "Welcome to N4A Workshop, GeoIP2 tested IP: $http_x_forwarded_for from\nContinent: $test_geoip2_data_continent_code\nCountryISO: $test_geoip2_data_country_iso_code\nCity: $test_geoip2_data_city_name\nPostal: $test_geoip2_data_postal_code\nLat-Long: $test_geoip2_data_latitude $test_geoip2_data_longitude\nState: $test_geoip2_data_state_name\nStateISO: $test_geoip2_data_state_code\n"; 36 | 37 | } 38 | 39 | 40 | } 41 | -------------------------------------------------------------------------------- /labs/lab11/geoip2_variables.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - geoip2_variables.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Using "GeoLite2-Country" as one of the EditionIDs in /etc/nginx/GeoIP.conf 5 | # Using "GeoLite2-City" as one of the EditionIDs in /etc/nginx/GeoIP.conf 6 | # 7 | # Set geoip2_ variables from City Database 8 | geoip2 /usr/local/share/GeoIP/GeoLite2-City.mmdb { 9 | $geoip2_data_city_name city names en; 10 | $geoip2_data_postal_code postal code; 11 | $geoip2_data_latitude location latitude; 12 | $geoip2_data_longitude location longitude; 13 | $geoip2_data_state_name subdivisions 0 names en; 14 | $geoip2_data_state_code subdivisions 0 iso_code; 15 | 16 | # Test IP Address from XFF Header 17 | $test_geoip2_data_city_name source=$http_x_forwarded_for city names en; 18 | $test_geoip2_data_postal_code source=$http_x_forwarded_for postal code; 19 | $test_geoip2_data_latitude source=$http_x_forwarded_for location latitude; 20 | $test_geoip2_data_longitude source=$http_x_forwarded_for location longitude; 21 | $test_geoip2_data_state_name source=$http_x_forwarded_for subdivisions 0 names en; 22 | $test_geoip2_data_state_code source=$http_x_forwarded_for subdivisions 0 iso_code; 23 | } 24 | 25 | # Set geoip2_ variables from Country Database 26 | geoip2 /usr/local/share/GeoIP/GeoLite2-Country.mmdb { 27 | $geoip2_data_continent_code continent code; 28 | $geoip2_data_country_iso_code country iso_code; 29 | 30 | # Test IP Address from XFF Header 31 | $test_geoip2_data_continent_code source=$http_x_forwarded_for continent code; 32 | $test_geoip2_data_country_iso_code source=$http_x_forwarded_for country iso_code; 33 | } 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /labs/lab11/media/geoip-icon.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/geoip-icon.jpeg -------------------------------------------------------------------------------- /labs/lab11/media/lab11_3datacenters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_3datacenters.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_azure-log-geoip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_azure-log-geoip.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_chrome-dctest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_chrome-dctest.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_chrome-geoip2-test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_chrome-geoip2-test.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_chrome-na-host.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_chrome-na-host.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_mm-account.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_mm-account.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_mm-license-key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_mm-license-key.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_mm-main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_mm-main.png -------------------------------------------------------------------------------- /labs/lab11/media/lab11_mm-new-license.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/lab11_mm-new-license.png -------------------------------------------------------------------------------- /labs/lab11/media/maxmind-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/maxmind-icon.png -------------------------------------------------------------------------------- /labs/lab11/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab11/media/nginx-geoip2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab11/media/nginx-geoip2.png -------------------------------------------------------------------------------- /labs/lab11/na.geo.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - na.geo.example.com.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | # Nginx Server Block for GeoIP Continent Routing 5 | # 6 | # North America Data Center 7 | # 8 | server { 9 | listen 80; 10 | server_name na.geo.example.com; 11 | 12 | location / { 13 | 14 | return 200 "Welcome to N4A Workshop, North America website at $host\n"; 15 | add_header X-DCTEST-FQDN $host; 16 | 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /labs/lab11/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | worker_rlimit_nofile 8192; 4 | pid /run/nginx/nginx.pid; 5 | 6 | # Load geoip2 software into memory 7 | load_module modules/ngx_http_geoip2_module.so; 8 | 9 | events { 10 | worker_connections 4000; 11 | } 12 | 13 | error_log /var/log/nginx/error.log error; 14 | 15 | http { 16 | 17 | log_format geoip2 '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "http_x_forwarded_for" "$geoip2_data_continent_code" "$geoip2_data_country_iso_code" "$geoip2_data_city_name" "$geoip2_data_postal_code" "$geoip2_data_latitude-$geoip2_data_longitude" "$geoip2_data_state_name" "$geoip2_data_state_code" ua=$upstream_addr'; 18 | 19 | server_tokens ""; 20 | server { 21 | listen 80; 22 | server_name localhost; 23 | location / { 24 | # Points to a directory with a basic html index file with 25 | # a "Welcome to NGINX as a Service for Azure!" page 26 | root /var/www; 27 | index index.html; 28 | } 29 | 30 | } 31 | 32 | include /etc/nginx/conf.d/*.conf; 33 | include /etc/nginx/includes/*.conf; # shared files 34 | 35 | } -------------------------------------------------------------------------------- /labs/lab12/aks1-nlk-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 2 | # Nginx Upstream Block for NLK Controller 3 | # 4 | # Nginx 4 Azure - aks1-nlk-upstreams.conf 5 | # 6 | upstream aks1-nlk-upstreams { 7 | zone aks1-nlk-upstreams 256K; # required for metrics 8 | state /tmp/aks1-nlk-upstreams.state; # required for backup 9 | 10 | least_time last_byte; # choose the fastest NodePort 11 | 12 | # Server List dynamically managed by NLK Controller 13 | 14 | keepalive 16; 15 | 16 | } 17 | -------------------------------------------------------------------------------- /labs/lab12/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx to AKS1 with NLK 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Jan 2025 3 | # 4 | server { 5 | 6 | listen 80; # Listening on port 80 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/cafe.example.com.log main; 12 | error_log /var/log/nginx/cafe.example.com_error.log info; 13 | 14 | location / { 15 | status_zone /; # Metrics zone name 16 | # 17 | # return 200 "You have reached cafe.example.com, location /\n"; 18 | 19 | proxy_pass http://aks1-nlk-upstreams; # Proxy AND load balance to AKS2 Nginx Ingress 20 | add_header X-Proxy-Pass aks1-nlk-upstreams; # Custom Header 21 | add_header X-Aks1-Upstream $upstream_addr; # Which AKS1 NodeIP:Port 22 | 23 | # proxy_pass http://cafe_nginx; # Proxy AND load balance to Docker VM 24 | # add_header X-Proxy-Pass cafe_nginx; # Custom Header 25 | 26 | # proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 27 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 28 | 29 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 30 | # add_header X-Proxy-Pass aks2_ingress; # Custom Header 31 | 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /labs/lab12/media/aks-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/aks-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/azure-market-nlk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/azure-market-nlk.png -------------------------------------------------------------------------------- /labs/lab12/media/benchmark-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/benchmark-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/cafe-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/cafe-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/chrome-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/chrome-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/coffee.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/coffee.png -------------------------------------------------------------------------------- /labs/lab12/media/curl-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/curl-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/curl-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/curl-logo.png -------------------------------------------------------------------------------- /labs/lab12/media/kubernetes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/kubernetes-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_aks-nodes-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_aks-nodes-1.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_aks-nodes-5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_aks-nodes-5.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_azure-metrics-3upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_azure-metrics-3upstreams.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_azure-metrics-5upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_azure-metrics-5upstreams.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_nlk-api-key1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_nlk-api-key1.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_nlk-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_nlk-config.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_nlk-deployment-success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_nlk-deployment-success.png -------------------------------------------------------------------------------- /labs/lab12/media/lab12_nlk-loglevel-info.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/lab12_nlk-loglevel-info.png -------------------------------------------------------------------------------- /labs/lab12/media/n4a-nlk-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/n4a-nlk-diagram.png -------------------------------------------------------------------------------- /labs/lab12/media/nginx-2020.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/nginx-2020.png -------------------------------------------------------------------------------- /labs/lab12/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/nlk-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/nlk-diagram.png -------------------------------------------------------------------------------- /labs/lab12/media/nlk-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/nlk-icon.png -------------------------------------------------------------------------------- /labs/lab12/media/scuba-cat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab12/media/scuba-cat.png -------------------------------------------------------------------------------- /labs/lab12/nlk-api-key.txt: -------------------------------------------------------------------------------- 1 | #API Key 2 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 3 | 4 | #Dataplane API endpoint 5 | https://nginx4a-xxxxxxxxxxxx.centralus.nginxaas.net/nplus 6 | 7 | -------------------------------------------------------------------------------- /labs/lab12/nodeport-aks1-nlk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-ingress 5 | namespace: nginx-ingress 6 | annotations: 7 | # Let the controller know to Watch this K8s Service. 8 | nginx.com/nginxaas: nginxaas 9 | spec: 10 | # expose the HTTP port on the nodes 11 | type: NodePort 12 | ports: 13 | - port: 80 14 | targetPort: 80 15 | protocol: TCP 16 | # The port name maps to N4A upstream. It must be prefixed with `http-` 17 | # and the rest of the name must match the name of an upstream 18 | name: http-aks1-nlk-upstreams 19 | selector: 20 | app: nginx-ingress 21 | -------------------------------------------------------------------------------- /labs/lab12/nodeport-static.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-ingress 5 | namespace: nginx-ingress 6 | spec: 7 | type: NodePort 8 | ports: 9 | - port: 80 10 | nodePort: 32080 11 | protocol: TCP 12 | name: http 13 | - port: 443 14 | nodePort: 32443 15 | protocol: TCP 16 | name: https 17 | - port: 9000 18 | nodePort: 32090 19 | protocol: TCP 20 | name: dashboard 21 | selector: 22 | app: nginx-ingress 23 | -------------------------------------------------------------------------------- /labs/lab2/cafe-docker-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure, Cafe Nginx Demo Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # cafe-nginx servers 5 | # 6 | upstream cafe_nginx { 7 | zone cafe_nginx 256k; 8 | 9 | # from docker compose 10 | server n4a-ubuntuvm:81; 11 | server n4a-ubuntuvm:82; 12 | server n4a-ubuntuvm:83; 13 | 14 | keepalive 32; 15 | 16 | } -------------------------------------------------------------------------------- /labs/lab2/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx and Windows IIS HTTP 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 80; # Listening on port 80 on all IP addresses on this machine 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/cafe.example.com.log main; 12 | error_log /var/log/nginx/cafe.example.com_error.log info; 13 | 14 | location / { 15 | # 16 | # return 200 "You have reached cafe.example.com, location /\n"; 17 | 18 | proxy_pass http://cafe_nginx; # Proxy AND load balance to a list of servers 19 | add_header X-Proxy-Pass cafe_nginx; # Custom Header 20 | 21 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 22 | # add_header X-Proxy-Pass windowsvm; # Custom Header 23 | 24 | } 25 | 26 | } -------------------------------------------------------------------------------- /labs/lab2/docker-compose.yml: -------------------------------------------------------------------------------- 1 | # NGINX webservers with ingress-demo pages 2 | # NGINX for Azure, Mar 2024 3 | # Chris Akker, Shouvik Dutta, Adam Currier 4 | # 5 | services: 6 | web1: 7 | hostname: docker-web1 8 | container_name: docker-web1 9 | image: nginxinc/ingress-demo # Image from Docker Hub 10 | restart: always 11 | ports: 12 | - "81:80" # Open for HTTP 13 | - "4431:443" # Open for HTTPS 14 | web2: 15 | hostname: docker-web2 16 | container_name: docker-web2 17 | image: nginxinc/ingress-demo 18 | restart: always 19 | ports: 20 | - "82:80" 21 | - "4432:443" 22 | web3: 23 | hostname: docker-web3 24 | container_name: docker-web3 25 | image: nginxinc/ingress-demo 26 | restart: always 27 | ports: 28 | - "83:80" 29 | - "4433:443" -------------------------------------------------------------------------------- /labs/lab2/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo apt-get update 4 | 5 | # Install Linux Networking Tools 6 | sudo apt install -y net-tools 7 | 8 | # Install Docker 9 | sudo apt-get install -y docker.io 10 | 11 | # Install Docker Compose 12 | sudo curl -L "https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 13 | sudo chmod +x /usr/local/bin/docker-compose 14 | 15 | # Create a new directory 16 | cd $HOME 17 | mkdir cafe 18 | 19 | # Download docker compose file 20 | cd cafe 21 | wget https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/main/labs/lab2/docker-compose.yml 22 | 23 | # Run docker compose to create the containers 24 | sudo docker-compose up -d -------------------------------------------------------------------------------- /labs/lab2/media/cafe-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/cafe-icon.png -------------------------------------------------------------------------------- /labs/lab2/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/docker-icon.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2-cloudshell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2-cloudshell.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-diagram.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-docker-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-docker-upstreams.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-example-com-conf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-example-com-conf.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-inspect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-inspect.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-out-of-stock.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-out-of-stock.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_cafe-windows-iis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_cafe-windows-iis.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_diagram.png -------------------------------------------------------------------------------- /labs/lab2/media/lab2_windows-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/lab2_windows-upstreams.png -------------------------------------------------------------------------------- /labs/lab2/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab2/media/ubuntu-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/ubuntu-icon.png -------------------------------------------------------------------------------- /labs/lab2/media/windows-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab2/media/windows-icon.png -------------------------------------------------------------------------------- /labs/lab2/nginx.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Default - Updated Nginx.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | user nginx; 5 | worker_processes auto; 6 | worker_rlimit_nofile 8192; 7 | pid /run/nginx/nginx.pid; 8 | 9 | events { 10 | worker_connections 4000; 11 | } 12 | 13 | error_log /var/log/nginx/error.log error; 14 | 15 | http { 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log off; 21 | server_tokens ""; 22 | server { 23 | listen 80 default_server; 24 | server_name localhost; 25 | location / { 26 | # Points to a directory with a basic html index file with 27 | # a "Welcome to NGINX as a Service for Azure!" page 28 | root /var/www; 29 | index index.html; 30 | } 31 | } 32 | 33 | include /etc/nginx/conf.d/*.conf; 34 | # include /etc/nginx/includes/*.conf; # shared files 35 | 36 | } 37 | 38 | # stream { 39 | 40 | # include /etc/nginx/stream/*.conf; # Stream TCP nginx files 41 | 42 | # } 43 | -------------------------------------------------------------------------------- /labs/lab2/windows-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure, Windows IIS Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # windows IIS server 5 | # 6 | upstream windowsvm { 7 | zone windowsvm 256k; 8 | 9 | server n4a-windowsvm:80; # IIS Server 10 | 11 | keepalive 32; 12 | 13 | } 14 | -------------------------------------------------------------------------------- /labs/lab3/PUT-NGINXplus-REPO-JWT-HERE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/PUT-NGINXplus-REPO-JWT-HERE -------------------------------------------------------------------------------- /labs/lab3/dashboard-vs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dashboard-svc 5 | namespace: nginx-ingress 6 | spec: 7 | ports: 8 | - port: 9000 9 | targetPort: 9000 10 | protocol: TCP 11 | name: dashboard 12 | selector: 13 | app: nginx-ingress 14 | --- 15 | apiVersion: k8s.nginx.org/v1 16 | kind: VirtualServer 17 | metadata: 18 | name: dashboard-vs 19 | namespace: nginx-ingress 20 | spec: 21 | host: dashboard.example.com 22 | upstreams: 23 | - name: dashboard 24 | service: dashboard-svc 25 | port: 9000 26 | routes: 27 | - path: /dashboard.html 28 | action: 29 | pass: dashboard 30 | - path: /api 31 | action: 32 | pass: dashboard 33 | -------------------------------------------------------------------------------- /labs/lab3/media/aks-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/aks-icon.png -------------------------------------------------------------------------------- /labs/lab3/media/lab3_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/lab3_diagram.png -------------------------------------------------------------------------------- /labs/lab3/media/lab3_nic-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/lab3_nic-dashboard.png -------------------------------------------------------------------------------- /labs/lab3/media/lab3_nic-dashboards-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/lab3_nic-dashboards-diagram.png -------------------------------------------------------------------------------- /labs/lab3/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab3/media/nginx-ingress-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab3/media/nginx-ingress-icon.png -------------------------------------------------------------------------------- /labs/lab3/nginx-plus-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-ingress 5 | namespace: nginx-ingress 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: nginx-ingress 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx-ingress 15 | app.kubernetes.io/name: nginx-ingress 16 | annotations: 17 | prometheus.io/scrape: "true" 18 | prometheus.io/port: "9113" 19 | prometheus.io/scheme: http 20 | spec: 21 | serviceAccountName: nginx-ingress 22 | imagePullSecrets: 23 | - name: regcred 24 | automountServiceAccountToken: true 25 | securityContext: 26 | seccompProfile: 27 | type: RuntimeDefault 28 | # volumes: 29 | # - name: nginx-etc 30 | # emptyDir: {} 31 | # - name: nginx-cache 32 | # emptyDir: {} 33 | # - name: nginx-lib 34 | # emptyDir: {} 35 | # - name: nginx-log 36 | # emptyDir: {} 37 | containers: 38 | - image: private-registry.nginx.com/nginx-ic/nginx-plus-ingress:3.3.2 39 | imagePullPolicy: IfNotPresent 40 | name: nginx-plus-ingress 41 | ports: 42 | - name: http 43 | containerPort: 80 44 | - name: https 45 | containerPort: 443 46 | - name: readiness-port 47 | containerPort: 8081 48 | - name: prometheus 49 | containerPort: 9113 50 | - name: service-insight 51 | containerPort: 9114 52 | - name: dashboard 53 | containerPort: 9000 54 | readinessProbe: 55 | httpGet: 56 | path: /nginx-ready 57 | port: readiness-port 58 | periodSeconds: 1 59 | resources: 60 | requests: 61 | cpu: "100m" 62 | memory: "128Mi" 63 | #limits: 64 | # cpu: "1" 65 | # memory: "1Gi" 66 | securityContext: 67 | allowPrivilegeEscalation: true 68 | # readOnlyRootFilesystem: true 69 | runAsUser: 101 #nginx 70 | runAsNonRoot: true 71 | capabilities: 72 | drop: 73 | - ALL 74 | add: 75 | - NET_BIND_SERVICE 76 | # volumeMounts: 77 | # - mountPath: /etc/nginx 78 | # name: nginx-etc 79 | # - mountPath: /var/cache/nginx 80 | # name: nginx-cache 81 | # - mountPath: /var/lib/nginx 82 | # name: nginx-lib 83 | # - mountPath: /var/log/nginx 84 | # name: nginx-log 85 | env: 86 | - name: POD_NAMESPACE 87 | valueFrom: 88 | fieldRef: 89 | fieldPath: metadata.namespace 90 | - name: POD_NAME 91 | valueFrom: 92 | fieldRef: 93 | fieldPath: metadata.name 94 | args: 95 | - -nginx-plus 96 | - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config 97 | - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret 98 | - -nginx-status-port=9000 99 | - -nginx-status-allow-cidrs=0.0.0.0/0 100 | #- -include-year 101 | #- -enable-cert-manager 102 | #- -enable-external-dns 103 | #- -enable-app-protect 104 | #- -enable-app-protect-dos 105 | #- -v=3 # Enables extensive logging. Useful for troubleshooting. 106 | - -report-ingress-status 107 | #- -external-service=nginx-ingress 108 | - -enable-prometheus-metrics 109 | - -enable-oidc 110 | #- -enable-service-insight 111 | - -global-configuration=$(POD_NAMESPACE)/nginx-configuration 112 | # initContainers: 113 | # - image: nginx/nginx-ingress:3.2.1 114 | # imagePullPolicy: IfNotPresent 115 | # name: init-nginx-ingress 116 | # command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc'] 117 | # securityContext: 118 | # allowPrivilegeEscalation: false 119 | # readOnlyRootFilesystem: true 120 | # runAsUser: 101 #nginx 121 | # runAsNonRoot: true 122 | # capabilities: 123 | # drop: 124 | # - ALL 125 | # volumeMounts: 126 | # - mountPath: /mnt/etc 127 | # name: nginx-etc 128 | -------------------------------------------------------------------------------- /labs/lab3/nic1-dashboard-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Node for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # nginx ingress dashboard 5 | # 6 | upstream nic1_dashboard { 7 | zone nic1_dashboard 256k; 8 | 9 | # from nginx-ingress NodePort Service / aks1 Node IPs 10 | server aks-nodepool1-19055428-vmss000003:32090; #aks1 node1 11 | server aks-nodepool1-19055428-vmss000004:32090; #aks1 node2 12 | server aks-nodepool1-19055428-vmss000005:32090; #aks1 node3 13 | 14 | keepalive 8; 15 | 16 | } 17 | -------------------------------------------------------------------------------- /labs/lab3/nic1-dashboard.conf: -------------------------------------------------------------------------------- 1 | # N4A NIC Dashboard config for AKS1 2 | # 3 | server { 4 | listen 9001; 5 | server_name dashboard.example.com; 6 | access_log off; 7 | 8 | location = /dashboard.html { 9 | #return 200 "You have reached /nic1dashboard."; 10 | 11 | proxy_pass http://nic1_dashboard; 12 | 13 | } 14 | 15 | location /api/ { 16 | 17 | proxy_pass http://nic1_dashboard; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /labs/lab3/nic2-dashboard-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Node for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # nginx ingress dashboard 5 | # 6 | upstream nic2_dashboard { 7 | zone nic2_dashboard 256k; 8 | 9 | # from nginx-ingress NodePort Service / aks Node IPs 10 | server aks-nodepool1-29147198-vmss000000:32090; #aks2 node1 11 | server aks-nodepool1-29147198-vmss000001:32090; #aks2 node2 12 | server aks-nodepool1-29147198-vmss000002:32090; #aks2 node3 13 | server aks-nodepool1-29147198-vmss000003:32090; #aks2 node4 14 | 15 | keepalive 8; 16 | 17 | } 18 | -------------------------------------------------------------------------------- /labs/lab3/nic2-dashboard.conf: -------------------------------------------------------------------------------- 1 | # N4A NIC Dashboard config for AKS2 2 | # 3 | server { 4 | listen 9002; 5 | server_name dashboard.example.com; 6 | access_log off; 7 | 8 | location = /dashboard.html { 9 | #return 200 "You have reached /nic2dashboard."; 10 | 11 | proxy_pass http://nic2_dashboard; 12 | 13 | } 14 | 15 | location /api/ { 16 | 17 | proxy_pass http://nic2_dashboard; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /labs/lab3/nodeport-static.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-ingress 5 | namespace: nginx-ingress 6 | spec: 7 | type: NodePort 8 | ports: 9 | - port: 80 10 | nodePort: 32080 11 | protocol: TCP 12 | name: http 13 | - port: 443 14 | nodePort: 32443 15 | protocol: TCP 16 | name: https 17 | - port: 9000 18 | nodePort: 32090 19 | protocol: TCP 20 | name: dashboard 21 | selector: 22 | app: nginx-ingress 23 | -------------------------------------------------------------------------------- /labs/lab3/test-dashboard.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Nginx Ingress Dashboards HTTP 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 9000; # Listening on port 9000 on all IP addresses on this machine 7 | 8 | server_name dashboard.example.com; # Set hostname to match in request 9 | status_zone dashboard.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/dashboard.example.com.log main; 12 | error_log /var/log/nginx/dashboard.example.com_error.log info; 13 | 14 | 15 | location = /aks1/dashboard.html { 16 | proxy_pass http://nic1_dashboard/dashboard.html; 17 | } 18 | 19 | location /aks1/api/ { 20 | proxy_pass http://nic1_dashboard/api/; 21 | } 22 | 23 | location = /aks2/dashboard.html { 24 | proxy_pass http://nic2_dashboard/dashboard.html; 25 | } 26 | 27 | location /aks2/api/ { 28 | proxy_pass http://nic2_dashboard/api/; 29 | } 30 | 31 | } 32 | -------------------------------------------------------------------------------- /labs/lab4/cafe-vs.yaml: -------------------------------------------------------------------------------- 1 | #Example virtual server with routes for Cafe Demo 2 | # 3 | apiVersion: k8s.nginx.org/v1 4 | kind: VirtualServer 5 | metadata: 6 | name: cafe-vs 7 | spec: 8 | host: cafe.example.com 9 | #tls: 10 | #secret: cafe-secret 11 | #redirect: 12 | #enable: true #Redirect from http > https 13 | #code: 301 14 | upstreams: 15 | - name: tea 16 | service: tea-svc 17 | port: 80 18 | healthCheck: 19 | enable: true 20 | path: /tea 21 | interval: 20s 22 | jitter: 3s 23 | fails: 5 24 | passes: 2 25 | connect-timeout: 30s 26 | read-timeout: 20s 27 | - name: coffee 28 | service: coffee-svc 29 | port: 80 30 | healthCheck: 31 | enable: true 32 | path: /coffee 33 | interval: 10s 34 | jitter: 3s 35 | fails: 3 36 | passes: 2 37 | connect-timeout: 30s 38 | read-timeout: 20s 39 | routes: 40 | - path: / 41 | action: 42 | redirect: 43 | url: http://cafe.example.com/coffee 44 | code: 302 45 | - path: /tea 46 | action: 47 | pass: tea 48 | - path: /coffee 49 | action: 50 | pass: coffee 51 | - path: /workshop 52 | action: 53 | return: 54 | code: 200 55 | type: text/html 56 | body: "Welcome to Nginx4Azure Workshop !!" 57 | 58 | -------------------------------------------------------------------------------- /labs/lab4/cafe.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: coffee 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: coffee 10 | template: 11 | metadata: 12 | labels: 13 | app: coffee 14 | spec: 15 | containers: 16 | - name: coffee 17 | image: chrisakker/ingress-demo 18 | ports: 19 | - containerPort: 80 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: coffee-svc 25 | spec: 26 | type: ClusterIP 27 | clusterIP: None 28 | ports: 29 | - port: 80 30 | targetPort: 80 31 | protocol: TCP 32 | name: http 33 | selector: 34 | app: coffee 35 | --- 36 | apiVersion: apps/v1 37 | kind: Deployment 38 | metadata: 39 | name: tea 40 | spec: 41 | replicas: 3 42 | selector: 43 | matchLabels: 44 | app: tea 45 | template: 46 | metadata: 47 | labels: 48 | app: tea 49 | spec: 50 | containers: 51 | - name: tea 52 | image: chrisakker/ingress-demo 53 | ports: 54 | - containerPort: 80 55 | --- 56 | apiVersion: v1 57 | kind: Service 58 | metadata: 59 | name: tea-svc 60 | spec: 61 | type: ClusterIP 62 | clusterIP: None 63 | ports: 64 | - port: 80 65 | targetPort: 80 66 | protocol: TCP 67 | name: http 68 | selector: 69 | app: tea 70 | -------------------------------------------------------------------------------- /labs/lab4/cafe.yaml.orig: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: coffee 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: coffee 10 | template: 11 | metadata: 12 | labels: 13 | app: coffee 14 | spec: 15 | containers: 16 | - name: coffee 17 | image: nginxinc/ingress-demo 18 | ports: 19 | - containerPort: 80 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: coffee-svc 25 | spec: 26 | type: ClusterIP 27 | clusterIP: None 28 | ports: 29 | - port: 80 30 | targetPort: 80 31 | protocol: TCP 32 | name: http 33 | selector: 34 | app: coffee 35 | --- 36 | apiVersion: apps/v1 37 | kind: Deployment 38 | metadata: 39 | name: tea 40 | spec: 41 | replicas: 3 42 | selector: 43 | matchLabels: 44 | app: tea 45 | template: 46 | metadata: 47 | labels: 48 | app: tea 49 | spec: 50 | containers: 51 | - name: tea 52 | image: nginxinc/ingress-demo 53 | ports: 54 | - containerPort: 80 55 | --- 56 | apiVersion: v1 57 | kind: Service 58 | metadata: 59 | name: tea-svc 60 | spec: 61 | type: ClusterIP 62 | clusterIP: None 63 | ports: 64 | - port: 80 65 | targetPort: 80 66 | protocol: TCP 67 | name: http 68 | selector: 69 | app: tea 70 | -------------------------------------------------------------------------------- /labs/lab4/global-configuration-redis.yaml: -------------------------------------------------------------------------------- 1 | # Nginx For Azure 2 | # NIC Global Config manifest for custom TCP ports for Redis 3 | # Chris Akker Jan 2024 4 | # 5 | apiVersion: k8s.nginx.org/v1alpha1 6 | kind: GlobalConfiguration 7 | metadata: 8 | name: nginx-configuration 9 | namespace: nginx-ingress 10 | spec: 11 | listeners: 12 | - name: redis-leader-listener 13 | port: 6379 14 | protocol: TCP 15 | - name: redis-follower-listener 16 | port: 6380 17 | protocol: TCP 18 | -------------------------------------------------------------------------------- /labs/lab4/media/azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/azure-icon.png -------------------------------------------------------------------------------- /labs/lab4/media/cafe-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/cafe-icon.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_cafe-upstreams-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_cafe-upstreams-2.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_cafe-upstreams-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_cafe-upstreams-3.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_diagram.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_http-zones.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_http-zones.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_redis-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_redis-upstreams.png -------------------------------------------------------------------------------- /labs/lab4/media/lab4_redis-zones.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/lab4_redis-zones.png -------------------------------------------------------------------------------- /labs/lab4/media/nginx-ingress-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/nginx-ingress-icon.png -------------------------------------------------------------------------------- /labs/lab4/media/redis-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab4/media/redis-icon.png -------------------------------------------------------------------------------- /labs/lab4/nodeport-static-redis.yaml: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure, AKS2 NIC NodePort for Redis 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: nginx-ingress 8 | namespace: nginx-ingress 9 | spec: 10 | type: NodePort 11 | ports: 12 | - port: 80 13 | nodePort: 32080 14 | protocol: TCP 15 | name: http 16 | - port: 443 17 | nodePort: 32443 18 | protocol: TCP 19 | name: https 20 | - port: 6379 21 | nodePort: 32379 22 | protocol: TCP 23 | name: redis-leader 24 | - port: 6380 25 | nodePort: 32380 26 | protocol: TCP 27 | name: redis-follower 28 | - port: 9000 29 | nodePort: 32090 30 | protocol: TCP 31 | name: dashboard 32 | selector: 33 | app: nginx-ingress 34 | -------------------------------------------------------------------------------- /labs/lab4/redis-follower-ts.yaml: -------------------------------------------------------------------------------- 1 | # NIC Plus TransportServer file 2 | # Add ports 6379 for Redis Follower 3 | # Chris Akker, Jan 2024 4 | # 5 | apiVersion: k8s.nginx.org/v1alpha1 6 | kind: TransportServer 7 | metadata: 8 | name: redis-follower-ts 9 | spec: 10 | listener: 11 | name: redis-follower-listener 12 | protocol: TCP 13 | upstreams: 14 | - name: redis-upstream 15 | service: redis-follower 16 | port: 6379 17 | maxFails: 3 18 | maxConns: 100 19 | failTimeout: 10s 20 | loadBalancingMethod: least_time last_byte # use fastest pod 21 | action: 22 | pass: redis-upstream 23 | -------------------------------------------------------------------------------- /labs/lab4/redis-follower.yaml: -------------------------------------------------------------------------------- 1 | # SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: redis-follower 6 | labels: 7 | app: redis 8 | role: follower 9 | tier: backend 10 | spec: 11 | replicas: 2 12 | selector: 13 | matchLabels: 14 | app: redis 15 | template: 16 | metadata: 17 | labels: 18 | app: redis 19 | role: follower 20 | tier: backend 21 | spec: 22 | containers: 23 | - name: follower 24 | image: us-docker.pkg.dev/google-samples/containers/gke/gb-redis-follower:v2 25 | resources: 26 | requests: 27 | cpu: 100m 28 | memory: 100Mi 29 | ports: 30 | - containerPort: 6379 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | name: redis-follower 36 | labels: 37 | app: redis 38 | role: follower 39 | tier: backend 40 | spec: 41 | ports: 42 | # the port that this service should serve on 43 | - port: 6379 44 | selector: 45 | app: redis 46 | role: follower 47 | tier: backend 48 | -------------------------------------------------------------------------------- /labs/lab4/redis-leader-ts.yaml: -------------------------------------------------------------------------------- 1 | # NIC Plus TransportServer file 2 | # Add ports 6379 for Redis Leader 3 | # Chris Akker, Jan 2024 4 | # 5 | apiVersion: k8s.nginx.org/v1alpha1 6 | kind: TransportServer 7 | metadata: 8 | name: redis-leader-ts 9 | spec: 10 | listener: 11 | name: redis-leader-listener 12 | protocol: TCP 13 | upstreams: 14 | - name: redis-upstream 15 | service: redis-leader 16 | port: 6379 17 | maxFails: 3 18 | maxConns: 100 19 | failTimeout: 10s 20 | loadBalancingMethod: least_time last_byte # use fastest pod 21 | action: 22 | pass: redis-upstream 23 | -------------------------------------------------------------------------------- /labs/lab4/redis-leader.yaml: -------------------------------------------------------------------------------- 1 | # SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: redis-leader 6 | labels: 7 | app: redis 8 | role: leader 9 | tier: backend 10 | spec: 11 | replicas: 1 12 | selector: 13 | matchLabels: 14 | app: redis 15 | template: 16 | metadata: 17 | labels: 18 | app: redis 19 | role: leader 20 | tier: backend 21 | spec: 22 | containers: 23 | - name: leader 24 | image: "docker.io/redis:6.0.5" 25 | resources: 26 | requests: 27 | cpu: 100m 28 | memory: 100Mi 29 | ports: 30 | - containerPort: 6379 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | name: redis-leader 36 | labels: 37 | app: redis 38 | role: leader 39 | tier: backend 40 | spec: 41 | ports: 42 | - port: 6379 43 | targetPort: 6379 44 | selector: 45 | app: redis 46 | role: leader 47 | tier: backend 48 | -------------------------------------------------------------------------------- /labs/lab5/aks1-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Nodes for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # AKS1 nginx ingress upstreams 5 | # 6 | upstream aks1_ingress { 7 | zone aks1_ingress 256k; 8 | 9 | least_time last_byte; 10 | 11 | # from nginx-ingress NodePort Service / aks1 Node names 12 | # Note: change servers to match 13 | # 14 | server aks-userpool-76919110-vmss000001:32080; #aks1 node1 15 | server aks-userpool-76919110-vmss000002:32080; #aks1 node2 16 | server aks-userpool-76919110-vmss000003:32080; #aks1 node3 17 | 18 | keepalive 32; 19 | 20 | } -------------------------------------------------------------------------------- /labs/lab5/aks2-nic-headless.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure direct to NIC for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # direct to nginx ingress Headless Service ( no NodePort ) 5 | # 6 | upstream aks2_nic_headless { 7 | zone aks2_nic_headless 256k; 8 | 9 | least_time last_byte; 10 | 11 | # direct to nginx-ingress Headless Service Endpoint Cluster IP 12 | # Resolvers set to kube-dns Endpoints List 13 | 14 | resolver 172.16.20.59 172.16.20.81 valid=10s ipv6=off status_zone=kube-dns; 15 | 16 | # Server name must follow this Kubernetes Service Name format 17 | # server ..svc.cluster.local 18 | 19 | server nginx-ingress-headless.nginx-ingress.svc.cluster.local:80 resolve; 20 | 21 | 22 | keepalive 32; 23 | 24 | } 25 | -------------------------------------------------------------------------------- /labs/lab5/ask2-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Node for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # AKS2 nginx ingress upstreams 5 | # 6 | upstream aks2_ingress { 7 | zone aks2_ingress 256k; 8 | 9 | least_time last_byte; 10 | 11 | # from nginx-ingress NodePort Service / aks2 Node names 12 | # Note: change servers to match 13 | # 14 | server aks-nodepool1-19485366-vmss000003:32080; #aks2 node1 15 | server aks-nodepool1-19485366-vmss000004:32080; #aks2 node2 16 | server aks-nodepool1-19485366-vmss000005:32080; #aks2 node3 17 | server aks-nodepool1-19485366-vmss000006:32080; #aks2 node4 18 | 19 | keepalive 32; 20 | 21 | } 22 | -------------------------------------------------------------------------------- /labs/lab5/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx to AKS2 NIC 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 80; # Listening on port 80 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/cafe.example.com.log main; 12 | error_log /var/log/nginx/cafe.example.com_error.log info; 13 | 14 | location / { 15 | # 16 | # return 200 "You have reached cafe.example.com, location /\n"; 17 | 18 | proxy_pass http://cafe_nginx; # Proxy AND load balance to Docker VM 19 | add_header X-Proxy-Pass cafe_nginx; # Custom Header 20 | 21 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 22 | # add_header X-Proxy-Pass windowsvm; # Custom Header 23 | 24 | # proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 25 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 26 | 27 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 28 | # add_header X-Proxy-Pass aks2_ingress; # Custom Header 29 | 30 | # proxy_pass http://$upstream; # Use Split Clients config 31 | # add_header X-Proxy-Pass $upstream; # Custom Header 32 | 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /labs/lab5/keepalive.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Mar 2024 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # Default is HTTP/1.0 to upstreams, keepalives is only enabled for HTTP/1.1 5 | proxy_http_version 1.1; 6 | 7 | # Set the Connection header to empty 8 | proxy_set_header Connection ""; 9 | 10 | # Host request header field, or the server name matching a request 11 | proxy_set_header Host $host; 12 | -------------------------------------------------------------------------------- /labs/lab5/media/aks-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/aks-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/bluegreen-icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/bluegreen-icon.jpg -------------------------------------------------------------------------------- /labs/lab5/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/docker-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/kubernetes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/kubernetes-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_aks1-kubenet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_aks1-kubenet.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_aks2-azurecni.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_aks2-azurecni.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-3way-split.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-3way-split.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1-loadtest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1-loadtest.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1-split1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1-split1.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1-split30.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1-split30.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1-split50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1-split50.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1-split99.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1-split99.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks1.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-aks2-loadtest.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-aks2-loadtest.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-docker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-docker.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-nic1-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-nic1-upstreams.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_cafe-nic2-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_cafe-nic2-upstreams.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_diagram.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_nic-headless-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_nic-headless-diagram.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_redis-bench.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_redis-bench.png -------------------------------------------------------------------------------- /labs/lab5/media/lab5_redis-benchmark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/lab5_redis-benchmark.png -------------------------------------------------------------------------------- /labs/lab5/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/nginx-ingress-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/nginx-ingress-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/redis-benchmark-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/redis-benchmark-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/redis-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/redis-icon.png -------------------------------------------------------------------------------- /labs/lab5/media/windows-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab5/media/windows-icon.png -------------------------------------------------------------------------------- /labs/lab5/nginx-ingress-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-ingress-headless 5 | namespace: nginx-ingress 6 | spec: 7 | type: ClusterIP 8 | clusterIP: None 9 | ports: 10 | - port: 80 11 | targetPort: 80 12 | #nodePort: 32080 13 | protocol: TCP 14 | name: http 15 | - port: 443 16 | targetPort: 443 17 | #nodePort: 32443 18 | protocol: TCP 19 | name: https 20 | selector: 21 | app: nginx-ingress 22 | -------------------------------------------------------------------------------- /labs/lab5/nginx.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Nginx.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | user nginx; 5 | worker_processes auto; 6 | worker_rlimit_nofile 8192; 7 | pid /run/nginx/nginx.pid; 8 | 9 | events { 10 | worker_connections 4000; 11 | } 12 | 13 | error_log /var/log/nginx/error.log error; 14 | 15 | http { 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | 21 | # access_log off; 22 | server_tokens ""; 23 | server { 24 | listen 80 default_server; 25 | server_name localhost; 26 | location / { 27 | # Points to a directory with a basic html index file with 28 | # a "Welcome to NGINX as a Service for Azure!" page 29 | root /var/www; 30 | index index.html; 31 | } 32 | } 33 | 34 | include /etc/nginx/conf.d/*.conf; 35 | include /etc/nginx/includes/*.conf; # shared files 36 | 37 | } 38 | 39 | # stream { 40 | 41 | # include /etc/nginx/stream/*.conf; # Stream TCP nginx files 42 | 43 | # } 44 | -------------------------------------------------------------------------------- /labs/lab5/redis-leader-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Node for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # nginx ingress upstreams for Redis Leader 5 | # 6 | upstream aks2_redis_leader { 7 | zone aks2_redis_leader 256k; 8 | 9 | least_time last_byte; 10 | 11 | # from nginx-ingress NodePort Service / aks Node IPs 12 | server aks-nodepool1-19485366-vmss000003:32379; #aks2 node1: 13 | server aks-nodepool1-19485366-vmss000004:32379; #aks2 node2: 14 | server aks-nodepool1-19485366-vmss000005:32379; #aks2 node3: 15 | 16 | } 17 | -------------------------------------------------------------------------------- /labs/lab5/redis.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to NIC, AKS Node for Upstreams 2 | # Stream for Redis Leader 3 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 4 | # 5 | server { 6 | 7 | listen 6379; # Standard Redis Port 8 | status_zone aks2-redis-leader; 9 | 10 | proxy_pass aks2_redis_leader; 11 | 12 | } 13 | -------------------------------------------------------------------------------- /labs/lab5/split-clients.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to AKS1/2 NICs and/or UbuntuVMs for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # HTTP Split Clients Configuration for AKS Cluster1/Cluster2 or UbuntuVM ratios 4 | # 5 | split_clients $request_id $upstream { 6 | 7 | # Uncomment the percent wanted for AKS Cluster #1, #2, or UbuntuVM 8 | # 0.1% aks1_ingress; 9 | 1.0% aks1_ingress; 10 | # 5.0% aks1_ingress; 11 | # 30% aks1_ingress; 12 | # 50% aks1_ingress; 13 | # 80% aks1_ingress; 14 | # 95% aks1_ingress; 15 | # 99% aks1_ingress; 16 | # * aks1_ingress; 17 | # 30% aks2_ingress; 18 | * cafe_nginx; # Ubuntu VM containers 19 | # * aks1_nic_direct; # Direct to NIC pods - headless/no nodeport 20 | 21 | } 22 | -------------------------------------------------------------------------------- /labs/lab6/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx to AKS2 NIC 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 80; # Listening on port 80 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/cafe.example.com.log main_ext; 12 | error_log /var/log/nginx/cafe.example.com_error.log info; 13 | 14 | location / { 15 | # 16 | # return 200 "You have reached cafe.example.com, location /\n"; 17 | 18 | # proxy_pass http://cafe_nginx; # Proxy AND load balance to Docker VM 19 | # add_header X-Proxy-Pass cafe_nginx; # Custom Header 20 | 21 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 22 | # add_header X-Proxy-Pass windowsvm; # Custom Header 23 | 24 | # proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 25 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 26 | 27 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 28 | # add_header X-Proxy-Pass aks2_ingress; # Custom Header 29 | 30 | proxy_pass http://$upstream; # Use Split Clients config 31 | add_header X-Proxy-Pass $upstream; # Custom Header 32 | 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /labs/lab6/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/docker-icon.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_cafe_access_log_update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_cafe_access_log_update.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_cafe_query.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_cafe_query.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_cafe_query_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_cafe_query_details.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_cafe_query_save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_cafe_query_save.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_create_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_create_dashboard.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_default_chart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_default_chart.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_default_query.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_default_query.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_main_access_log_update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_main_access_log_update.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_main_ext_logformat_add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_main_ext_logformat_add.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_nginx_conf_editor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_nginx_conf_editor.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_pin_upstream_chart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_pin_upstream_chart.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_server_request_chart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_server_request_chart.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_show_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_show_dashboard.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_upstream_chart_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_upstream_chart_dashboard.png -------------------------------------------------------------------------------- /labs/lab6/media/lab6_upstream_response_time_chart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/lab6_upstream_response_time_chart.png -------------------------------------------------------------------------------- /labs/lab6/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab6/media/nginx4a_logs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab6/media/nginx4a_logs.png -------------------------------------------------------------------------------- /labs/lab6/split-clients.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure to AKS1/2 NICs and/or UbuntuVMs for Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # HTTP Split Clients Configuration for AKS Cluster1/Cluster2 or UbuntuVM ratios 4 | # 5 | split_clients $request_id $upstream { 6 | 7 | # Uncomment the percent wanted for AKS Cluster #1, #2, or UbuntuVM 8 | # 0.1% aks1_ingress; 9 | # 1.0% aks1_ingress; 10 | # 5.0% aks1_ingress; 11 | 30% aks1_ingress; # 30% traffic to AKS1 12 | # 50% aks1_ingress; 13 | # 80% aks1_ingress; 14 | # 95% aks1_ingress; 15 | # 99% aks1_ingress; 16 | # * aks1_ingress; 17 | 30% aks2_ingress; # 30% traffic to AKS2 18 | * cafe_nginx; # Rest 40% traffic to Ubuntu VM containers 19 | # * aks1_nic_direct; # Direct to NIC pods - headless/no nodeport 20 | 21 | } 22 | -------------------------------------------------------------------------------- /labs/lab7/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx HTTPS 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 443 ssl; # Listening on port 443 with "ssl" parameter for terminating TLS on all IP addresses on this machine 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | ssl_certificate /etc/nginx/cert/n4a-cert.cert; 12 | ssl_certificate_key /etc/nginx/cert/n4a-cert.key; 13 | 14 | access_log /var/log/nginx/cafe.example.com.log main_ext; 15 | error_log /var/log/nginx/cafe.example.com_error.log info; 16 | 17 | location / { 18 | # 19 | # return 200 "You have reached cafe.example.com, location /\n"; 20 | 21 | proxy_pass http://cafe_nginx; # Proxy AND load balance to a list of servers 22 | add_header X-Proxy-Pass cafe_nginx; # Custom Header 23 | 24 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 25 | # add_header X-Proxy-Pass windowsvm; # Custom Header 26 | 27 | # proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 28 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 29 | 30 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 31 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 32 | 33 | # proxy_pass http://$upstream; # Use Split Clients config 34 | # add_header X-Proxy-Pass $upstream; # Custom Header 35 | 36 | } 37 | } -------------------------------------------------------------------------------- /labs/lab7/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/docker-icon.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_add_certificate1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_add_certificate1.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_add_certificate2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_add_certificate2.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_add_certificate_save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_add_certificate_save.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_add_certificate_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_add_certificate_success.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_browser_cert_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_browser_cert_details.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_browser_cert_invalid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_browser_cert_invalid.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_browser_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_browser_success.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_certificate_issuance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_certificate_issuance.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_keyvault_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_keyvault_screen.png -------------------------------------------------------------------------------- /labs/lab7/media/lab7_n4a_cert_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/lab7_n4a_cert_screen.png -------------------------------------------------------------------------------- /labs/lab7/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab7/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab7/self-certificate-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "issuerParameters": { 3 | "certificateTransparency": null, 4 | "name": "Self" 5 | }, 6 | "keyProperties": { 7 | "curve": null, 8 | "exportable": true, 9 | "keySize": 2048, 10 | "keyType": "RSA", 11 | "reuseKey": false 12 | }, 13 | "lifetimeActions": [ 14 | { 15 | "action": { 16 | "actionType": "AutoRenew" 17 | }, 18 | "trigger": { 19 | "daysBeforeExpiry": 90 20 | } 21 | } 22 | ], 23 | "secretProperties": { 24 | "contentType": "application/x-pem-file" 25 | }, 26 | "x509CertificateProperties": { 27 | "keyUsage": [ 28 | "digitalSignature", 29 | "keyEncipherment" 30 | ], 31 | "subject": "CN=n4a-Workshop", 32 | "validityInMonths": 12 33 | } 34 | } -------------------------------------------------------------------------------- /labs/lab8/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx with Entra ID / OIDC 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | # Include AzureAD Auth configuration files 7 | include /etc/nginx/oidc/openid_connect.server_conf; # Authorization code flow and Relying Party processing 8 | 9 | listen 443 ssl; # Listening on port 443 with "ssl" parameter for terminating TLS on all IP addresses on this machine 10 | 11 | server_name cafe.example.com; # Set hostname to match in request 12 | status_zone cafe.example.com; # Metrics zone name 13 | 14 | ssl_certificate /etc/nginx/cert/n4a-cert.cert; 15 | ssl_certificate_key /etc/nginx/cert/n4a-cert.key; 16 | 17 | access_log /var/log/nginx/cafe.example.com.log main; 18 | error_log /var/log/nginx/cafe.example.com_error.log info; 19 | 20 | location / { 21 | # 22 | # return 200 "You have reached cafe.example.com, location /\n"; 23 | 24 | proxy_pass http://cafe_nginx; # Proxy AND load balance to a list of servers 25 | add_header X-Proxy-Pass cafe_nginx; # Custom Header 26 | 27 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 28 | # add_header X-Proxy-Pass windowsvm; # Custom Header 29 | 30 | #proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 31 | #add_header X-Proxy-Pass aks1_ingress; # Custom Header 32 | 33 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 34 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 35 | 36 | # proxy_pass http://$upstream; # Use Split Clients config 37 | # add_header X-Proxy-Pass $upstream; # Custom Header 38 | 39 | } 40 | 41 | # starting path regex 42 | # This location is protected with OpenID Connect and Azure Entra ID 43 | # 44 | location ~ ^/(beer|wine)$ { 45 | 46 | auth_jwt "" token=$session_jwt; 47 | error_page 401 = @do_oidc_flow; 48 | 49 | #auth_jwt_key_file $oidc_jwt_keyfile; # Enable when using filename 50 | auth_jwt_key_request /_jwks_uri; # Enable when using URL 51 | 52 | # Successfully authenticated users are proxied to the backend, 53 | # with 'sub' claim passed as HTTP header 54 | proxy_set_header username $jwt_claim_sub; 55 | 56 | # Bearer token is used to authorize NGINX to access protected backend 57 | #proxy_set_header Authorization "Bearer $access_token"; 58 | 59 | # Intercept and redirect "401 Unauthorized" proxied responses to nginx 60 | # for processing with the error_page directive. Necessary if Access Token 61 | # can expire before ID Token. 62 | #proxy_intercept_errors on; 63 | 64 | proxy_pass http://cafe_nginx; # The backend site/app 65 | add_header X-Proxy-Pass cafe_nginx_oidc; # Custom Header 66 | 67 | access_log /var/log/nginx/access.log main_jwt; 68 | 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /labs/lab8/media/App_Registration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/App_Registration.png -------------------------------------------------------------------------------- /labs/lab8/media/Authentication_add_platform.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/Authentication_add_platform.png -------------------------------------------------------------------------------- /labs/lab8/media/Fill_Secret_details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/Fill_Secret_details.png -------------------------------------------------------------------------------- /labs/lab8/media/New_Secret_Creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/New_Secret_Creation.png -------------------------------------------------------------------------------- /labs/lab8/media/Post_App_Registration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/Post_App_Registration.png -------------------------------------------------------------------------------- /labs/lab8/media/Post_Secret_Creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/Post_Secret_Creation.png -------------------------------------------------------------------------------- /labs/lab8/media/cafe-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/cafe-icon.png -------------------------------------------------------------------------------- /labs/lab8/media/curl_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/curl_output.png -------------------------------------------------------------------------------- /labs/lab8/media/endpoints.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/endpoints.png -------------------------------------------------------------------------------- /labs/lab8/media/entra-id-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/entra-id-icon.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_app-registrations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_app-registrations.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_azuread_redirect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_azuread_redirect.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_azuread_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_azuread_success.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_example-register.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_example-register.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_fill-secret-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_fill-secret-details.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_new-secret-creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_new-secret-creation.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_overview.png -------------------------------------------------------------------------------- /labs/lab8/media/lab8_post-secret-creation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/lab8_post-secret-creation.png -------------------------------------------------------------------------------- /labs/lab8/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab8/media/redirect_url_setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab8/media/redirect_url_setup.png -------------------------------------------------------------------------------- /labs/lab8/nginx.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure with Entra ID / OIDC - Updated Nginx.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | user nginx; 5 | worker_processes auto; 6 | worker_rlimit_nofile 8192; 7 | pid /run/nginx/nginx.pid; 8 | 9 | load_module modules/ngx_http_js_module.so; #Added for OIDC 10 | 11 | events { 12 | worker_connections 4000; 13 | } 14 | 15 | error_log /var/log/nginx/error.log error; 16 | 17 | http { 18 | 19 | # Custom log format to include the 'sub' claim in the REMOTE_USER field 20 | log_format main_jwt '$remote_addr - $jwt_claim_sub [$time_local] "$request" $status ' 21 | '$body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; 22 | 23 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 24 | '$status $body_bytes_sent "$http_referer" ' 25 | '"$http_user_agent" "$http_x_forwarded_for"'; 26 | 27 | log_format main_ext 'remote_addr="$remote_addr", ' 28 | '[time_local=$time_local], ' 29 | 'request="$request", ' 30 | 'status="$status", ' 31 | 'http_referer="$http_referer", ' 32 | 'body_bytes_sent="$body_bytes_sent", ' 33 | 'Host="$host", ' 34 | 'sn="$server_name", ' 35 | 'request_time=$request_time, ' 36 | 'http_user_agent="$http_user_agent", ' 37 | 'http_x_forwarded_for="$http_x_forwarded_for", ' 38 | 'request_length="$request_length", ' 39 | 'upstream_address="$upstream_addr", ' 40 | 'upstream_status="$upstream_status", ' 41 | 'upstream_connect_time="$upstream_connect_time", ' 42 | 'upstream_header_time="$upstream_header_time", ' 43 | 'upstream_response_time="$upstream_response_time", ' 44 | 'upstream_response_length="$upstream_response_length", ' 45 | 'cachestatus=“$upstream_cache_status“, ' 46 | 'limitstatus=“$limit_req_status“ '; 47 | 48 | access_log off; 49 | server_tokens ""; 50 | server { 51 | listen 80 default_server; 52 | server_name localhost; 53 | location / { 54 | # Points to a directory with a basic html index file with 55 | # a "Welcome to NGINX as a Service for Azure!" page 56 | root /var/www; 57 | index index.html; 58 | } 59 | } 60 | 61 | include /etc/nginx/oidc/openid_connect.server_conf; # OICD authorization code flow and Relying Party processing 62 | include /etc/nginx/conf.d/*.conf; 63 | include /etc/nginx/includes/*.conf; # shared files 64 | 65 | } 66 | 67 | stream { 68 | 69 | resolver 127.0.0.1:49153 valid=20s; 70 | 71 | server { 72 | listen 9000; # should match the port specified with zone_sync_server 73 | 74 | zone_sync; 75 | zone_sync_server internal.nginxaas.nginx.com:9000 resolve; 76 | } 77 | 78 | include /etc/nginx/stream/*.conf; # Stream TCP nginx files 79 | 80 | } 81 | -------------------------------------------------------------------------------- /labs/lab8/openid_connect.server_conf: -------------------------------------------------------------------------------- 1 | # Advanced configuration START 2 | set $internal_error_message "NGINX / OpenID Connect login failure\n"; 3 | set $pkce_id ""; 4 | resolver 8.8.8.8; # For DNS lookup of IdP endpoints; 5 | subrequest_output_buffer_size 32k; # To fit a complete tokenset response 6 | gunzip on; # Decompress IdP responses if necessary 7 | # Advanced configuration END 8 | 9 | location = /_jwks_uri { 10 | internal; 11 | proxy_cache jwk; # Cache the JWK Set recieved from IdP 12 | proxy_cache_valid 200 12h; # How long to consider keys "fresh" 13 | proxy_cache_use_stale error timeout updating; # Use old JWK Set if cannot reach IdP 14 | proxy_ssl_server_name on; # For SNI to the IdP 15 | proxy_method GET; # In case client request was non-GET 16 | proxy_set_header Content-Length ""; # '' 17 | proxy_pass $oidc_jwt_keyfile; # Expecting to find a URI here 18 | proxy_ignore_headers Cache-Control Expires Set-Cookie; # Does not influence caching 19 | } 20 | 21 | location @do_oidc_flow { 22 | status_zone "OIDC start"; 23 | js_content oidc.auth; 24 | default_type text/plain; # In case we throw an error 25 | } 26 | 27 | set $redir_location "/_codexch"; 28 | location = /_codexch { 29 | # This location is called by the IdP after successful authentication 30 | status_zone "OIDC code exchange"; 31 | js_content oidc.codeExchange; 32 | error_page 500 502 504 @oidc_error; 33 | } 34 | 35 | location = /_token { 36 | # This location is called by oidcCodeExchange(). We use the proxy_ directives 37 | # to construct the OpenID Connect token request, as per: 38 | # http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest 39 | internal; 40 | proxy_ssl_server_name on; # For SNI to the IdP 41 | proxy_set_header Content-Type "application/x-www-form-urlencoded"; 42 | proxy_set_body "grant_type=authorization_code&client_id=$oidc_client&$args&redirect_uri=$redirect_base$redir_location"; 43 | proxy_method POST; 44 | proxy_pass $oidc_token_endpoint; 45 | } 46 | 47 | location = /_refresh { 48 | # This location is called by oidcAuth() when performing a token refresh. We 49 | # use the proxy_ directives to construct the OpenID Connect token request, as per: 50 | # https://openid.net/specs/openid-connect-core-1_0.html#RefreshingAccessToken 51 | internal; 52 | proxy_ssl_server_name on; # For SNI to the IdP 53 | proxy_set_header Content-Type "application/x-www-form-urlencoded"; 54 | proxy_set_body "grant_type=refresh_token&refresh_token=$arg_token&client_id=$oidc_client&client_secret=$oidc_client_secret"; 55 | proxy_method POST; 56 | proxy_pass $oidc_token_endpoint; 57 | } 58 | 59 | location = /_id_token_validation { 60 | # This location is called by oidcCodeExchange() and oidcRefreshRequest(). We use 61 | # the auth_jwt_module to validate the OpenID Connect token response, as per: 62 | # https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 63 | internal; 64 | auth_jwt "" token=$arg_token; 65 | js_content oidc.validateIdToken; 66 | error_page 500 502 504 @oidc_error; 67 | } 68 | 69 | location = /logout { 70 | status_zone "OIDC logout"; 71 | add_header Set-Cookie "auth_token=; $oidc_cookie_flags"; # Send empty cookie 72 | add_header Set-Cookie "auth_redir=; $oidc_cookie_flags"; # Erase original cookie 73 | js_content oidc.logout; 74 | } 75 | 76 | location = /_logout { 77 | # This location is the default value of $oidc_logout_redirect (in case it wasn't configured) 78 | default_type text/plain; 79 | return 200 "Logged out\n"; 80 | } 81 | 82 | location @oidc_error { 83 | # This location is called when oidcAuth() or oidcCodeExchange() returns an error 84 | status_zone "OIDC error"; 85 | default_type text/plain; 86 | return 500 $internal_error_message; 87 | } 88 | 89 | # vim: syntax=nginx -------------------------------------------------------------------------------- /labs/lab8/openid_connect_configuration.conf: -------------------------------------------------------------------------------- 1 | # Nginx for Azure / OpenID Connect configuration 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # 5 | map $host $oidc_authz_endpoint { 6 | default "https://"; # Your Authorization Endpoint URL 7 | #default "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/auth"; 8 | } 9 | 10 | map $host $oidc_authz_extra_args { 11 | # Extra arguments to include in the request to the IdP's authorization 12 | # endpoint. 13 | # Some IdPs provide extended capabilities controlled by extra arguments, 14 | # for example Keycloak can select an IdP to delegate to via the 15 | # "kc_idp_hint" argument. 16 | # Arguments must be expressed as query string parameters and URL-encoded 17 | # if required. 18 | default ""; 19 | #www.example.com "kc_idp_hint=another_provider" 20 | } 21 | 22 | map $host $oidc_token_endpoint { 23 | default "https://"; # Your Token Endpoint URL 24 | #default "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token"; 25 | } 26 | 27 | map $host $oidc_jwt_keyfile { 28 | default "https://"; # Your jwks_uri URL 29 | #default "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/certs"; 30 | } 31 | 32 | map $host $oidc_client { 33 | default ""; # Your $MY_CLIENT_ID value 34 | #default ""; 35 | } 36 | 37 | map $host $oidc_pkce_enable { 38 | default 0; 39 | } 40 | 41 | map $host $oidc_client_secret { 42 | default ""; # Your $MY_CLIENT_SECRET value 43 | #default ""; 44 | } 45 | 46 | map $host $oidc_scopes { 47 | default "openid+profile+email+offline_access"; 48 | } 49 | 50 | map $host $oidc_logout_redirect { 51 | # Where to send browser after requesting /logout location. This can be 52 | # replaced with a custom logout page, or complete URL. 53 | default "/_logout"; # Built-in, simple logout page 54 | } 55 | 56 | map $host $oidc_hmac_key { 57 | cafe.example.com "NGINX for Azure Workshop"; 58 | # This should be unique for every NGINX instance/cluster 59 | default "ChangeMe"; 60 | } 61 | 62 | map $host $zone_sync_leeway { 63 | # Specifies the maximum timeout for synchronizing ID tokens between cluster 64 | # nodes when you use shared memory zone content sync. This option is only 65 | # recommended for scenarios where cluster nodes can randomly process 66 | # requests from user agents and there may be a situation where node "A" 67 | # successfully received a token, and node "B" receives the next request in 68 | # less than zone_sync_interval. 69 | default 2000; # Time in milliseconds, e.g. (zone_sync_interval * 2 * 1000) 70 | } 71 | 72 | map $proto $oidc_cookie_flags { 73 | http "Path=/; SameSite=lax;"; # For HTTP/plaintext testing 74 | https "Path=/; SameSite=lax; HttpOnly; Secure;"; # Production recommendation 75 | } 76 | 77 | map $http_x_forwarded_port $redirect_base { 78 | "" $proto://$host:$server_port; 79 | default $proto://$host:$http_x_forwarded_port; 80 | } 81 | 82 | map $http_x_forwarded_proto $proto { 83 | "" $scheme; 84 | default $http_x_forwarded_proto; 85 | } 86 | 87 | # ADVANCED CONFIGURATION BELOW THIS LINE 88 | # Additional advanced configuration (server context) in openid_connect.server_conf 89 | 90 | # JWK Set will be fetched from $oidc_jwks_uri and cached here - ensure writable by nginx user 91 | proxy_cache_path /var/cache/nginx/jwk levels=1 keys_zone=jwk:64k max_size=1m; 92 | 93 | # Change timeout values to at least the validity period of each token type 94 | keyval_zone zone=oidc_id_tokens:1M state=/opt/oidc_id_tokens.json timeout=1h sync; 95 | keyval_zone zone=oidc_access_tokens:1M state=/opt/oidc_access_tokens.json timeout=1h sync; 96 | keyval_zone zone=refresh_tokens:1M state=/opt/refresh_tokens.json timeout=8h sync; 97 | keyval_zone zone=oidc_pkce:128K timeout=90s sync; # Temporary storage for PKCE code verifier. 98 | 99 | keyval $cookie_auth_token $session_jwt zone=oidc_id_tokens; # Exchange cookie for JWT 100 | keyval $cookie_auth_token $access_token zone=oidc_access_tokens; # Exchange cookie for access token 101 | keyval $cookie_auth_token $refresh_token zone=refresh_tokens; # Exchange cookie for refresh token 102 | keyval $request_id $new_session zone=oidc_id_tokens; # For initial session creation 103 | keyval $request_id $new_access_token zone=oidc_access_tokens; 104 | keyval $request_id $new_refresh zone=refresh_tokens; # '' 105 | keyval $pkce_id $pkce_code_verifier zone=oidc_pkce; 106 | 107 | auth_jwt_claim_set $jwt_audience aud; # In case aud is an array 108 | js_import oidc from /etc/nginx/oidc/openid_connect.js; 109 | -------------------------------------------------------------------------------- /labs/lab8/zonesync.conf: -------------------------------------------------------------------------------- 1 | # Nginx for Azure Zone Sync config 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | resolver 127.0.0.1:49153 valid=20s; 5 | 6 | server { 7 | 8 | listen 9000; # should match the port specified with zone_sync_server 9 | status_zone n4a-zonesync; 10 | 11 | zone_sync; 12 | zone_sync_server internal.nginxaas.nginx.com:9000 resolve; 13 | 14 | } 15 | -------------------------------------------------------------------------------- /labs/lab9/juiceshop-vs.yaml: -------------------------------------------------------------------------------- 1 | #Example virtual server with routes for Juiceshop Demo 2 | # 3 | apiVersion: k8s.nginx.org/v1 4 | kind: VirtualServer 5 | metadata: 6 | name: juiceshop-vs 7 | namespace: juice 8 | spec: 9 | host: juiceshop.example.com 10 | #tls: 11 | #secret: juice-secret 12 | upstreams: 13 | - name: juiceshop 14 | service: juiceshop-svc 15 | port: 80 16 | #slow-start: 5s 17 | sessionCookie: 18 | enable: true 19 | name: srv_id 20 | path: / 21 | expires: 1h 22 | domain: .example.com 23 | healthCheck: 24 | enable: true 25 | port: 3000 26 | path: / 27 | interval: 20s 28 | jitter: 3s 29 | fails: 3 30 | passes: 1 31 | connect-timeout: 30s 32 | read-timeout: 30s 33 | routes: 34 | - path: / 35 | action: 36 | pass: juiceshop 37 | -------------------------------------------------------------------------------- /labs/lab9/juiceshop.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Juiceshop Nginx HTTP 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # Image Caching for Juiceshop 5 | # Rate Limits testing 6 | # 7 | proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=image_cache:10m max_size=100m use_temp_path=off; 8 | # 9 | server { 10 | 11 | listen 80; # Listening on port 80 on all IP addresses on this machine 12 | 13 | server_name juiceshop.example.com; # Set hostname to match in request 14 | status_zone juiceshop; 15 | 16 | # access_log /var/log/nginx/juiceshop.log main; 17 | access_log /var/log/nginx/juiceshop.example.com.log main_ext; # Extended Logging 18 | error_log /var/log/nginx/juiceshop.example.com_error.log info; 19 | 20 | location / { 21 | 22 | # return 200 "You have reached juiceshop server block, location /\n"; 23 | 24 | # Set Rate Limit, uncomment below 25 | # limit_req zone=limit100; #burst=110; # Set Limit and burst here 26 | # limit_req_status 429; # Set HTTP Status Code, better than 503s 27 | # limit_req_dry_run on; # Test the Rate limit, logged, but not enforced 28 | # add_header X-Ratelimit-Status $limit_req_status; # Add a custom status header 29 | 30 | proxy_pass http://aks1_ingress; # Proxy to AKS1 Nginx Ingress Controllers 31 | add_header X-Proxy-Pass aks1_ingress_juiceshop; # Custom Header 32 | 33 | } 34 | 35 | # Cache Proxy example for static images / page components 36 | # Match common files with Regex 37 | location ~* \.(?:ico|jpg|png)$ { 38 | 39 | ### Uncomment for new status_zone in dashboard 40 | status_zone images; 41 | 42 | proxy_cache image_cache; 43 | proxy_cache_valid 200 60s; 44 | proxy_cache_key $scheme$proxy_host$request_uri; 45 | 46 | # Override cache control headers 47 | proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; 48 | expires 365d; 49 | add_header Cache-Control "public"; 50 | 51 | # Add a Cache status header - MISS, HIT, EXPIRED 52 | 53 | add_header X-Cache-Status $upstream_cache_status; 54 | 55 | proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 NIC 56 | add_header X-Proxy-Pass nginxazure_imagecache; # Custom Header 57 | 58 | } 59 | 60 | } 61 | -------------------------------------------------------------------------------- /labs/lab9/juiceshop.yaml: -------------------------------------------------------------------------------- 1 | # JuiceShop Demo application deployment 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: juiceshop 6 | namespace: juice 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: juiceshop 12 | template: 13 | metadata: 14 | labels: 15 | app: juiceshop 16 | spec: 17 | containers: 18 | - name: juiceshop 19 | image: bkimminich/juice-shop 20 | imagePullPolicy: IfNotPresent 21 | ports: 22 | - containerPort: 3000 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: juiceshop-svc 28 | namespace: juice 29 | spec: 30 | type: ClusterIP 31 | clusterIP: None 32 | ports: 33 | - port: 80 34 | targetPort: 3000 35 | protocol: TCP 36 | name: http 37 | selector: 38 | app: juiceshop 39 | --- 40 | apiVersion: v1 41 | kind: Secret 42 | metadata: 43 | name: juice-secret 44 | namespace: juice 45 | type: kubernetes.io/tls 46 | data: 47 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhZQ0NRREFPRjl0THNhWFdqQU5CZ2txaGtpRzl3MEJBUXNGQURCYU1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1EwRXhJVEFmQmdOVkJBb01HRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MApaREViTUJrR0ExVUVBd3dTWTJGbVpTNWxlR0Z0Y0d4bExtTnZiU0FnTUI0WERURTRNRGt4TWpFMk1UVXpOVm9YCkRUSXpNRGt4TVRFMk1UVXpOVm93V0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ01Ba05CTVNFd0h3WUQKVlFRS0RCaEpiblJsY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEdUQVhCZ05WQkFNTUVHTmhabVV1WlhoaApiWEJzWlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcDZLbjdzeTgxCnAwanVKL2N5ayt2Q0FtbHNmanRGTTJtdVpOSzBLdGVjcUcyZmpXUWI1NXhRMVlGQTJYT1N3SEFZdlNkd0kyaloKcnVXOHFYWENMMnJiNENaQ0Z4d3BWRUNyY3hkam0zdGVWaVJYVnNZSW1tSkhQUFN5UWdwaW9iczl4N0RsTGM2SQpCQTBaalVPeWwwUHFHOVNKZXhNVjczV0lJYTVyRFZTRjJyNGtTa2JBajREY2o3TFhlRmxWWEgySTVYd1hDcHRDCm42N0pDZzQyZitrOHdnemNSVnA4WFprWldaVmp3cTlSVUtEWG1GQjJZeU4xWEVXZFowZXdSdUtZVUpsc202OTIKc2tPcktRajB2a29QbjQxRUUvK1RhVkVwcUxUUm9VWTNyemc3RGtkemZkQml6Rk8yZHNQTkZ4MkNXMGpYa05MdgpLbzI1Q1pyT2hYQUhBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLSEZDY3lPalp2b0hzd1VCTWRMClJkSEliMzgzcFdGeW5acS9MdVVvdnNWQTU4QjBDZzdCRWZ5NXZXVlZycTVSSWt2NGxaODFOMjl4MjFkMUpINnIKalNuUXgrRFhDTy9USkVWNWxTQ1VwSUd6RVVZYVVQZ1J5anNNL05VZENKOHVIVmhaSitTNkZBK0NuT0Q5cm4yaQpaQmVQQ0k1ckh3RVh3bm5sOHl3aWozdnZRNXpISXV5QmdsV3IvUXl1aTlmalBwd1dVdlVtNG52NVNNRzl6Q1Y3ClBwdXd2dWF0cWpPMTIwOEJqZkUvY1pISWc4SHc5bXZXOXg5QytJUU1JTURFN2IvZzZPY0s3TEdUTHdsRnh2QTgKN1dqRWVxdW5heUlwaE1oS1JYVmYxTjM0OWVOOThFejM4Zk9USFRQYmRKakZBL1BjQytHeW1lK2lHdDVPUWRGaAp5UkU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 48 | tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcWVpcCs3TXZOYWRJN2lmM01wUHJ3Z0pwYkg0N1JUTnBybVRTdENyWG5LaHRuNDFrCkcrZWNVTldCUU5semtzQndHTDBuY0NObzJhN2x2S2wxd2k5cTIrQW1RaGNjS1ZSQXEzTVhZNXQ3WGxZa1YxYkcKQ0pwaVJ6ejBza0lLWXFHN1BjZXc1UzNPaUFRTkdZMURzcGRENmh2VWlYc1RGZTkxaUNHdWF3MVVoZHErSkVwRwp3SStBM0kreTEzaFpWVng5aU9WOEZ3cWJRcCt1eVFvT05uL3BQTUlNM0VWYWZGMlpHVm1WWThLdlVWQ2cxNWhRCmRtTWpkVnhGbldkSHNFYmltRkNaYkp1dmRySkRxeWtJOUw1S0Q1K05SQlAvazJsUkthaTAwYUZHTjY4NE93NUgKYzMzUVlzeFR0bmJEelJjZGdsdEkxNURTN3lxTnVRbWF6b1Z3QndJREFRQUJBb0lCQVFDUFNkU1luUXRTUHlxbApGZlZGcFRPc29PWVJoZjhzSStpYkZ4SU91UmF1V2VoaEp4ZG01Uk9ScEF6bUNMeUw1VmhqdEptZTIyM2dMcncyCk45OUVqVUtiL1ZPbVp1RHNCYzZvQ0Y2UU5SNThkejhjbk9SVGV3Y290c0pSMXBuMWhobG5SNUhxSkpCSmFzazEKWkVuVVFmY1hackw5NGxvOUpIM0UrVXFqbzFGRnM4eHhFOHdvUEJxalpzVjdwUlVaZ0MzTGh4bndMU0V4eUZvNApjeGI5U09HNU9tQUpvelN0Rm9RMkdKT2VzOHJKNXFmZHZ5dGdnOXhiTGFRTC94MGtwUTYyQm9GTUJEZHFPZVBXCktmUDV6WjYvMDcvdnBqNDh5QTFRMzJQem9idWJzQkxkM0tjbjMyamZtMUU3cHJ0V2wrSmVPRmlPem5CUUZKYk4KNHFQVlJ6NWhBb0dCQU50V3l4aE5DU0x1NFArWGdLeWNrbGpKNkY1NjY4Zk5qNUN6Z0ZScUowOXpuMFRsc05ybwpGVExaY3hEcW5SM0hQWU00MkpFUmgySi9xREZaeW5SUW8zY2czb2VpdlVkQlZHWTgrRkkxVzBxZHViL0w5K3l1CmVkT1pUUTVYbUdHcDZyNmpleHltY0ppbS9Pc0IzWm5ZT3BPcmxEN1NQbUJ2ek5MazRNRjZneGJYQW9HQkFNWk8KMHA2SGJCbWNQMHRqRlhmY0tFNzdJbUxtMHNBRzR1SG9VeDBlUGovMnFyblRuT0JCTkU0TXZnRHVUSnp5K2NhVQprOFJxbWRIQ2JIelRlNmZ6WXEvOWl0OHNaNzdLVk4xcWtiSWN1YytSVHhBOW5OaDFUanNSbmU3NFowajFGQ0xrCmhIY3FIMHJpN1BZU0tIVEU4RnZGQ3haWWRidUI4NENtWmlodnhicFJBb0dBSWJqcWFNWVBUWXVrbENkYTVTNzkKWVNGSjFKelplMUtqYS8vdER3MXpGY2dWQ0thMzFqQXdjaXowZi9sU1JxM0hTMUdHR21lemhQVlRpcUxmZVpxYwpSMGlLYmhnYk9jVlZrSkozSzB5QXlLd1BUdW14S0haNnpJbVpTMGMwYW0rUlk5WUdxNVQ3WXJ6cHpjZnZwaU9VCmZmZTNSeUZUN2NmQ21mb09oREN0enVrQ2dZQjMwb0xDMVJMRk9ycW40M3ZDUzUxemM1em9ZNDR1QnpzcHd3WU4KVHd2UC9FeFdNZjNWSnJEakJDSCtULzZzeXNlUGJKRUltbHpNK0l3eXRGcEFOZmlJWEV0LzQ4WGY2ME54OGdXTQp1SHl4Wlp4L05LdER3MFY4dlgxUE9ucTJBNWVpS2ErOGpSQVJZS0pMWU5kZkR1d29seHZHNmJaaGtQaS80RXRUCjNZMThzUUtCZ0h0S2JrKzdsTkpWZXN3WEU1Y1VHNkVEVXNEZS8yVWE3ZlhwN0ZjanFCRW9hcDFMU3crNlRYcDAKWmdybUtFOEFSek00NytFSkhVdmlpcS9udXBFMTVnMGtKVzNzeWhwVTl6WkxPN2x0QjBLSWtPOVpSY21Vam84UQpjcExsSE1BcWJMSjhXWUdKQ2toaVd4eWFsNmhZVHlXWTRjVmtDMHh0VGwvaFVFOUllTktvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 49 | -------------------------------------------------------------------------------- /labs/lab9/media/juiceshop-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/juiceshop-icon.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_chrome-add-headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_chrome-add-headers.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_chrome-hit-miss-expired.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_chrome-hit-miss-expired.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_chrome-manage-headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_chrome-manage-headers.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_chrome-new-columns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_chrome-new-columns.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_diagram.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_juiceshop-upstreams.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_juiceshop-upstreams.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_rate-100.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_rate-100.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_rate-1000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_rate-1000.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_ratelimit-429.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_ratelimit-429.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_ratelimit-503.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_ratelimit-503.png -------------------------------------------------------------------------------- /labs/lab9/media/lab9_ratelimit-dry-run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/lab9_ratelimit-dry-run.png -------------------------------------------------------------------------------- /labs/lab9/media/mygarage-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/mygarage-icon.png -------------------------------------------------------------------------------- /labs/lab9/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/lab9/media/nginx-cache-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/nginx-cache-icon.png -------------------------------------------------------------------------------- /labs/lab9/media/speedometer-icon.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/lab9/media/speedometer-icon.jpeg -------------------------------------------------------------------------------- /labs/lab9/nginx.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Default - Updated Nginx.conf 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | user nginx; 5 | worker_processes auto; 6 | worker_rlimit_nofile 8192; 7 | pid /run/nginx/nginx.pid; 8 | 9 | events { 10 | worker_connections 4000; 11 | } 12 | 13 | error_log /var/log/nginx/error.log error; 14 | 15 | http { 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | log_format main_ext 'remote_addr="$remote_addr", ' 21 | '[time_local=$time_local], ' 22 | 'request="$request", ' 23 | 'status="$status", ' 24 | 'http_referer="$http_referer", ' 25 | 'body_bytes_sent="$body_bytes_sent", ' 26 | 'Host="$host", ' 27 | 'sn="$server_name", ' 28 | 'request_time=$request_time, ' 29 | 'http_user_agent="$http_user_agent", ' 30 | 'http_x_forwarded_for="$http_x_forwarded_for", ' 31 | 'request_length="$request_length", ' 32 | 'upstream_address="$upstream_addr", ' 33 | 'upstream_status="$upstream_status", ' 34 | 'upstream_connect_time="$upstream_connect_time", ' 35 | 'upstream_header_time="$upstream_header_time", ' 36 | 'upstream_response_time="$upstream_response_time", ' 37 | 'upstream_response_length="$upstream_response_length", ' 38 | 'cachestatus=“$upstream_cache_status“, ' 39 | 'limitstatus=“$limit_req_status“ '; 40 | 41 | access_log off; 42 | server_tokens ""; 43 | server { 44 | listen 80 default_server; 45 | server_name localhost; 46 | location / { 47 | # Points to a directory with a basic html index file with 48 | # a "Welcome to NGINX as a Service for Azure!" page 49 | root /var/www; 50 | index index.html; 51 | } 52 | } 53 | 54 | include /etc/nginx/conf.d/*.conf; 55 | include /etc/nginx/includes/*.conf; # shared files 56 | 57 | } 58 | 59 | stream { 60 | 61 | resolver 127.0.0.1:49153 valid=20s; 62 | 63 | server { 64 | listen 9000; # should match the port specified with zone_sync_server 65 | 66 | zone_sync; 67 | zone_sync_server internal.nginxaas.nginx.com:9000 resolve; 68 | } 69 | 70 | include /etc/nginx/stream/*.conf; # Stream TCP nginx files 71 | 72 | } 73 | -------------------------------------------------------------------------------- /labs/lab9/rate_limits.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Mar 2024 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # Define HTTP Request Limit Zones 5 | # 6 | limit_req_zone $binary_remote_addr zone=limitone:10m rate=1r/s; 7 | limit_req_zone $binary_remote_addr zone=limit10:10m rate=10r/s; 8 | limit_req_zone $binary_remote_addr zone=limit100:10m rate=100r/s; 9 | limit_req_zone $binary_remote_addr zone=limit1000:10m rate=1000r/s; 10 | -------------------------------------------------------------------------------- /labs/labs-optional/garage-readme.md: -------------------------------------------------------------------------------- 1 | # NGINX Garage (UNDER CONSTRUCTION) 2 | 3 | ## Introduction 4 | 5 | In this lab, you will build ( x,y,x ). 6 | 7 | < Lab specific Images here, in the /media sub-folder > 8 | 9 | NGINX aaS | Docker 10 | :-------------------------:|:-------------------------: 11 | ![NGINX aaS](media/nginx-azure-icon.png) |![Docker](media/docker-icon.png) 12 | 13 | ## Learning Objectives 14 | 15 | By the end of the lab you will be able to: 16 | 17 | - Introduction to `xx` 18 | - Build an `yyy` Nginx configuration 19 | - Test access to your lab enviroment with Curl and Chrome 20 | - Investigate `zzz` 21 | 22 | 23 | ## Pre-Requisites 24 | 25 | - You must have `aaaa` installed and running 26 | - You must have `bbbbb` installed 27 | - See `Lab0` for instructions on setting up your system for this Workshop 28 | - Familiarity with basic Linux commands and commandline tools 29 | - Familiarity with basic Docker concepts and commands 30 | - Familiarity with basic HTTP protocol 31 | 32 |
33 | 34 | ### Lab exercise 1 35 | 36 | 37 | 38 | ### Lab exercise 2 39 | 40 | 41 | 42 | ### Lab exercise 3 43 | 44 | 45 | 46 | ### << more exercises/steps>> 47 | 48 | 49 | 50 |
51 | 52 | **This completes Lab8.** 53 | 54 |
55 | 56 | ## References: 57 | 58 | - [NGINX As A Service for Azure](https://docs.nginx.com/nginxaas/azure/) 59 | - [NGINX Plus Product Page](https://docs.nginx.com/nginx/) 60 | - [NGINX Ingress Controller](https://docs.nginx.com//nginx-ingress-controller/) 61 | - [NGINX on Docker](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/) 62 | - [NGINX Directives Index](https://nginx.org/en/docs/dirindex.html) 63 | - [NGINX Variables Index](https://nginx.org/en/docs/varindex.html) 64 | - [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/) 65 | - [NGINX - Join Community Slack](https://community.nginx.org/joinslack) 66 | 67 |
68 | 69 | ### Authors 70 | 71 | - Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc. 72 | - Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc. 73 | - Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc. 74 | 75 | ------------- 76 | 77 | Navigate to ([Lab9](../lab9/readme.md) | [LabGuide](../readme.md)) 78 | -------------------------------------------------------------------------------- /labs/labs-optional/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/labs-optional/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/labs-optional/readme.md: -------------------------------------------------------------------------------- 1 | # Optional Exercises / Grafana 2 | 3 | ## Introduction 4 | 5 | In this lab, you will build ( x,y,x ). 6 | 7 | < Lab specific Images here, in the /media sub-folder > 8 | 9 | NGINX aaS | Docker 10 | :-------------------------:|:-------------------------: 11 | ![NGINX aaS](media/nginx-azure-icon.png) |![Docker](media/docker-icon.png) 12 | 13 | ## Learning Objectives 14 | 15 | By the end of the lab you will be able to: 16 | 17 | - Introduction to `xx` 18 | - Build an `yyy` Nginx configuration 19 | - Test access to your lab enviroment with Curl and Chrome 20 | - Investigate `zzz` 21 | 22 | 23 | ## Pre-Requisites 24 | 25 | - You must have `aaaa` installed and running 26 | - You must have `bbbbb` installed 27 | - See `Lab0` for instructions on setting up your system for this Workshop 28 | - Familiarity with basic Linux commands and commandline tools 29 | - Familiarity with basic Docker concepts and commands 30 | - Familiarity with basic HTTP protocol 31 | 32 |
33 | 34 | ## Create and attach Azure Container Registry (ACR) 35 | 36 | 1. Create a container registry using the `az acr create` command. The registry name must be unique within Azure, and contain 5-50 alphanumeric characters 37 | ```bash 38 | MY_RESOURCEGROUP=s.dutta 39 | MY_ACR=acrshouvik 40 | 41 | az acr create \ 42 | --resource-group $MY_RESOURCEGROUP \ 43 | --name $MY_ACR \ 44 | --sku Basic 45 | ``` 46 | 47 | 2. From the output of the `az acr create` command, make a note of the `loginServer`. The value of `loginServer` key is the fully qualified registry name. In our example the registry name is `acrshouvik` and the login server name is `acrshouvik.azurecr.io`. 48 | 49 | 3. Login to the registry using below command. Make sure your local Docker daemon is up and running. 50 | ```bash 51 | MY_ACR=acrshouvik 52 | 53 | az acr login --name $MY_ACR 54 | ``` 55 | At the end of the output you should see `Login Succeeded`! 56 | 57 | ### Test access to your Azure ACR 58 | 59 | We can quickly test the ability to push images to our Private ACR from our client machine. 60 | 61 | 1. If you do not have a test container image to push to ACR, you can use a simple container for testing, e.g.[nginxinc/ingress-demo](https://hub.docker.com/r/nginxinc/ingress-demo). You will use this same container for the lab exercises. 62 | 63 | ```bash 64 | az acr import --name $MY_ACR --source docker.io/nginxinc/ingress-demo:latest --image nginxinc/ingress-demo:v1 65 | ``` 66 | The above command pulls the `nginxinc/ingress-demo` image from docker hub and pushes it to Azure ACR. 67 | 68 | 2. Check if the image was successfully pushed to ACR using the azure cli command below: 69 | 70 | ```bash 71 | MY_ACR=acrshouvik 72 | az acr repository list --name $MY_ACR --output table 73 | ``` 74 | ```bash 75 | ###Sample Output### 76 | Result 77 | --------------------- 78 | nginxinc/ingress-demo 79 | ``` 80 | 81 | ### Attach an Azure Container Registry (ACR) to Azure Kubernetes cluster (AKS) 82 | 83 | 1. You will attach the newly created ACR to both AKS clusters. This will enable you to pull private images within AKS clusters directly from your ACR. Run below command to attach ACR to 1st AKS cluster: 84 | ```bash 85 | MY_RESOURCEGROUP=s.dutta 86 | MY_AKS=aks-shouvik # first cluster 87 | MY_ACR=acrshouvik 88 | 89 | az aks update -n $MY_AKS -g $MY_RESOURCEGROUP --attach-acr $MY_ACR 90 | ``` 91 | 92 | 1. Change the $MY_AKS environment variable, so you can attach your ACR to your second Cluster: 93 | ```bash 94 | MY_RESOURCEGROUP=s.dutta 95 | MY_AKS=aks2-shouvik # change to second cluster 96 | MY_ACR=acrshouvik 97 | 98 | az aks update -n $MY_AKS -g $MY_RESOURCEGROUP --attach-acr $MY_ACR 99 | ``` 100 | 101 | **NOTE:** You need the Owner, Azure account administrator, or Azure co-administrator role on your Azure subscription. To avoid needing one of these roles, you can instead use an existing managed identity to authenticate ACR from AKS. See [references](#references) for more details. 102 | 103 | 104 | ### Lab exercise 2 105 | 106 | Nginx Rate Limiting here 107 | 108 | ### Lab exercise 3 109 | 110 | 111 | 112 | ### << more exercises/steps>> 113 | 114 | 115 | 116 |
117 | 118 | **This completes LabX.** 119 | 120 |
121 | 122 | ## References: 123 | 124 | - [NGINX As A Service for Azure](https://docs.nginx.com/nginxaas/azure/) 125 | - [NGINX Plus Product Page](https://docs.nginx.com/nginx/) 126 | - [NGINX Ingress Controller](https://docs.nginx.com//nginx-ingress-controller/) 127 | - [NGINX on Docker](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/) 128 | - [NGINX Directives Index](https://nginx.org/en/docs/dirindex.html) 129 | - [NGINX Variables Index](https://nginx.org/en/docs/varindex.html) 130 | - [NGINX Technical Specs](https://docs.nginx.com/nginx/technical-specs/) 131 | - [NGINX - Join Community Slack](https://community.nginx.org/joinslack) 132 | - [NGINX - HTTP Request Limits](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) 133 | 134 | 135 |
136 | 137 | ### Authors 138 | 139 | - Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc. 140 | - Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc. 141 | - Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc. 142 | 143 | ------------- 144 | 145 | Navigate to ([Lab Guide](../readme.md)) 146 | -------------------------------------------------------------------------------- /labs/media/docker-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/docker-icon.png -------------------------------------------------------------------------------- /labs/media/kubernetes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/kubernetes-icon.png -------------------------------------------------------------------------------- /labs/media/maxmind-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/maxmind-icon.png -------------------------------------------------------------------------------- /labs/media/n4aworkshop-banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/n4aworkshop-banner.png -------------------------------------------------------------------------------- /labs/media/nginx-azure-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/nginx-azure-icon.png -------------------------------------------------------------------------------- /labs/media/nginx-plus-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/nginx-plus-icon.png -------------------------------------------------------------------------------- /labs/media/redis-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nginxinc/nginx-azure-workshops/13be87691e47542da11665bdc5067d0d578b6d7f/labs/media/redis-icon.png -------------------------------------------------------------------------------- /labs/media/robot.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 19 | 20 | 21 | 23 | 24 | 25 | 26 | 27 | 28 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 47 | 48 | 49 | 51 | 52 | 53 | 55 | 56 | 57 | 58 | 59 | 60 | 62 | 63 | 64 | 70 | 71 | 72 | 80 | 81 | 82 | 84 | 85 | 86 | 87 | 88 | 89 | 92 | 93 | 94 | 97 | 98 | 99 | 101 | 102 | 103 | 104 | 105 | 106 | 109 | 110 | 111 | 112 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 127 | 128 | 129 | 131 | 132 | 133 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 149 | 150 | 151 | 153 | 154 | 155 | 157 | 158 | 159 | 161 | 162 | 163 | 164 | -------------------------------------------------------------------------------- /labs/readme.md: -------------------------------------------------------------------------------- 1 | ![NGINX 4 Azure](media/n4aworkshop-banner.png) 2 | 3 |
4 | 5 | ## NGINXaaS for Azure Workshop 6 | 7 |
8 | 9 | ### Overview 10 | 11 |
12 | 13 | > >Welcome to the NGINXaaS for Azure Workshop! 14 | 15 |
16 | 17 | This **NGINXperts Workshop** will introduce **`NGINXaaS for Azure`** with hands-on practice through lab exercises. 18 | 19 | You will learn and explore NGINX for Azure, deploy and configure it with various Azure Resources. You will use many NGINX Plus features, for routing traffic, terminate TLS, splitting traffic, and caching. You will build a sample Enterprise environment in Azure with apps and services in Linux and Windows VMs, use Docker, and multiple Kubernetes AKS clusters. You will terminate TLS, route HTTP/S traffic, load balance running VMs, containers, pods and Nginx Ingress Controllers. You will configure Advanced Nginx Plus features like Caching and Dynamic Split Clients for Blue/Green testing, using live traffic. You will route traffic to the nearest Data Center using Nginx and MaxMind GeoIP2 data. You will expose both Web and TCP applications on the Internet. You will explore the integrations of Nginx with Azure Cloud Resources like Key Vault, Monitoring, Logging/Analytics, and Grafana. 20 | 21 | The Hands-on Lab Exercises are designed to build upon each other, adding additional services and features as you progress through them, completing the labs in sequential order is required. You will follow along as an instructor guides you through these exercises. 22 | 23 | This is the third Workshop in the `NGINXperts Series' from the Nginx Communities and Alliances Team at Nginx. 24 | 25 |
26 | 27 | NGINXaaS for Azure | NGINXperts Workshops 28 | :-------------------------:|:-------------------------: 29 | ![](media/nginx-azure-icon.png) | ![](media/developer-seated.svg) 30 | 31 |
32 | 33 | The Hands-On Lab Exercises are designed to build upon each other, adding additional services and features as you progress through them. `It is important to complete the lab exercises in sequential order.` 34 | 35 | By the end of this Workshop, you will have a working, operational NGINX for Azure deployment and Lab environment, with the skills to deploy and operate one for your Modern Application projects in Azure. 36 | 37 |
38 | 39 | ### Prerequisites 40 | 41 | See the [Lab0 Readme.md](lab0/readme.md) for details on Student Prerequisites for this Workshop. 42 | 43 |
44 | 45 | NGINXaaS for Azure | NGINX Plus | Kubernetes | Docker | Redis | MaxMind 46 | :-------------------------:|:-------------------------:|:-------------------------:|:-------------------------:|:-------------------------:|:-------------------------: 47 | ![](media/nginx-azure-icon.png) | ![](media/nginx-plus-icon.png) | ![](media/kubernetes-icon.png) | ![](media/docker-icon.png) | ![](media/redis-icon.png) | ![](media/maxmind-icon.png) 48 | 49 |
50 | 51 | ## Lab Outline 52 | 53 | ### Lab 0: Prerequesites - Azure Subscription / Resources 54 | - [Lab 0: Prerequesites - Azure Subscription / Resources](lab0/readme.md) 55 | 56 | ### Lab 1: Azure VNet and Subnet and Network Security Group 57 | - [Lab 1: Azure VNet and Subnet and Network Security Group](lab1/readme.md) 58 | 59 | ### Lab 2: Nginx for Azure Overview and Deployment 60 | - [Lab 2: Nginx for Azure Overview and Deployment](lab2/readme.md) 61 | 62 | ### Lab 3: Ubuntu VM / Docker / Windows VM / Cafe Demo 63 | - [Lab 3: Ubuntu VM / Docker / Windows VM / Cafe Demo](lab3/readme.md) 64 | 65 | ### Lab 4: AKS / Nginx Ingress Controller / Cafe Demo / Redis 66 | - [Lab 4: AKS / Nginx Ingress Controller / Cafe Demo / Redis](lab4/readme.md) 67 | 68 | ### Lab 5: Nginx Load Balancing / Blue-Green / Split Clients / Multi Cluster LB 69 | - [Lab 5: Nginx Load Balancing / Blue-Green / Split Clients / Multi Cluster LB](lab5/readme.md) 70 | 71 | ### Lab 6: Azure Monitoring / Logging Analytics 72 | - [Lab 6: Azure Monitoring / Logging Analytics](lab6/readme.md) 73 | 74 | ### Lab 7: Azure Key Vault / TLS Essentials 75 | - [Lab 7: Azure Key Vault / TLS Essentials](lab7/readme.md) 76 | 77 | ### Lab 8: Nginx for Azure with Entra ID / Azure AD 78 | - [Lab 8: Nginx for Azure with Entra ID / Azure AD](lab8/readme.md) 79 | 80 | ### Lab 9: Nginx Caching / Rate Limits / Juiceshop 81 | - [Lab9: Nginx Caching / Rate Limits / Juiceshop](lab9/readme.md) 82 | 83 | ### Lab 10: Nginx with Grafana for Azure 84 | - [Lab10: Nginx with Grafana for Azure](lab10/readme.md) 85 | 86 | ### Lab 11: Nginx for Azure with MaxMind GeoIP2 87 | - [Lab11: Nginx for Azure with MaxMind GeoIP2](lab11/readme.md) 88 | 89 | ### Lab 12: Nginx for Azure with Nginx Loadbalancer for Kubernetes 90 | - [Lab12: Nginx for Azure with Nginx Loadbalancer for Kubernetes](lab12/readme.md) 91 | 92 | #### Labs Optional: Optional Exercises 93 | - [Labs Optional: Optional Exercises](labs-optional/readme.md) 94 | 95 |
96 | 97 | ### Authors 98 | 99 | - Chris Akker - Solutions Architect - Community and Alliances @ F5, Inc. 100 | - Shouvik Dutta - Solutions Architect - Community and Alliances @ F5, Inc. 101 | - Adam Currier - Solutions Architect - Community and Alliances @ F5, Inc. 102 | - Steve Wagner - Solutions Architect - Community and Alliances @ F5, Inc. 103 | 104 |
105 | 106 | Click [Lab0: Student Prerequisites](lab0/readme.md) for details on Student Prerequisite Requirements for this Workshop. 107 | 108 | Click [Lab1: Azure VNet and Subnet and Network Security Group](lab1/readme.md) to get started! 109 | 110 | -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/aks1-upstreams.conf: -------------------------------------------------------------------------------- 1 | upstream aks1_ingress { 2 | zone aks1_ingress 256k; 3 | 4 | least_time last_byte; 5 | 6 | # from nginx-ingress NodePort Service / aks Node names 7 | # Note: change servers to match 8 | # 9 | server aks-nodepool1-_AKS1_NODES_-vmss000000:32080; #aks1 node1 10 | server aks-nodepool1-_AKS1_NODES_-vmss000001:32080; #aks1 node2 11 | server aks-nodepool1-_AKS1_NODES_-vmss000002:32080; #aks1 node3 12 | 13 | keepalive 32; 14 | 15 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/aks2-upstreams.conf: -------------------------------------------------------------------------------- 1 | upstream aks2_ingress { 2 | zone aks2_ingress 256k; 3 | 4 | least_time last_byte; 5 | 6 | # from nginx-ingress NodePort Service / aks Node names 7 | # Note: change servers to match 8 | # 9 | server aks-nodepool1-_AKS2_NODES_-vmss000000:32080; #aks2 node1 10 | server aks-nodepool1-_AKS2_NODES_-vmss000001:32080; #aks2 node2 11 | server aks-nodepool1-_AKS2_NODES_-vmss000002:32080; #aks2 node3 12 | server aks-nodepool1-_AKS2_NODES_-vmss000003:32080; #aks2 node4 13 | 14 | keepalive 32; 15 | 16 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/cafe-docker-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure, Cafe Nginx Demo Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # cafe-nginx servers 5 | # 6 | upstream cafe_nginx { 7 | zone cafe_nginx 256k; 8 | 9 | # from docker compose 10 | server n4a-ubuntuvm:81; 11 | server n4a-ubuntuvm:82; 12 | server n4a-ubuntuvm:83; 13 | 14 | keepalive 32; 15 | 16 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/cafe.example.com.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure - Cafe Nginx to AKS2 NIC 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | server { 5 | 6 | listen 80; # Listening on port 80 7 | 8 | server_name cafe.example.com; # Set hostname to match in request 9 | status_zone cafe.example.com; # Metrics zone name 10 | 11 | access_log /var/log/nginx/cafe.example.com.log main; 12 | error_log /var/log/nginx/cafe.example.com_error.log info; 13 | 14 | location / { 15 | # 16 | # return 200 "You have reached cafe.example.com, location /\n"; 17 | 18 | proxy_pass http://cafe_nginx; # Proxy AND load balance to Docker VM 19 | add_header X-Proxy-Pass cafe_nginx; # Custom Header 20 | 21 | # proxy_pass http://windowsvm; # Proxy AND load balance to a list of servers 22 | # add_header X-Proxy-Pass windowsvm; # Custom Header 23 | 24 | # proxy_pass http://aks1_ingress; # Proxy AND load balance to AKS1 Nginx Ingress 25 | # add_header X-Proxy-Pass aks1_ingress; # Custom Header 26 | 27 | # proxy_pass http://aks2_ingress; # Proxy AND load balance to AKS2 Nginx Ingress 28 | # add_header X-Proxy-Pass aks2_ingress; # Custom Header 29 | 30 | 31 | 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/nic1-dashboard-upstreams.conf: -------------------------------------------------------------------------------- 1 | upstream nic1_dashboard { 2 | zone nic1_dashboard 256k; 3 | 4 | # from nginx-ingress NodePort Service / aks1 Node IPs 5 | server aks-nodepool1-_AKS1_NODES_-vmss000000:32090; #aks1 node1 6 | server aks-nodepool1-_AKS1_NODES_-vmss000001:32090; #aks1 node2 7 | server aks-nodepool1-_AKS1_NODES_-vmss000002:32090; #aks1 node3 8 | 9 | keepalive 8; 10 | 11 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/nic1-dashboard.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 9001; 3 | server_name dashboard.example.com; 4 | access_log off; 5 | 6 | location = /dashboard.html { 7 | #return 200 "You have reached /nic1dashboard."; 8 | 9 | proxy_pass http://nic1_dashboard; 10 | 11 | } 12 | 13 | location /api/ { 14 | 15 | proxy_pass http://nic1_dashboard; 16 | } 17 | 18 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/nic2-dashboard-upstreams.conf: -------------------------------------------------------------------------------- 1 | upstream nic2_dashboard { 2 | zone nic2_dashboard 256k; 3 | 4 | # from nginx-ingress NodePort Service / aks Node IPs 5 | server aks-nodepool1-_AKS2_NODES_-vmss000000:32090; #aks2 node1 6 | server aks-nodepool1-_AKS2_NODES_-vmss000001:32090; #aks2 node2 7 | server aks-nodepool1-_AKS2_NODES_-vmss000002:32090; #aks2 node3 8 | server aks-nodepool1-_AKS2_NODES_-vmss000003:32090; #aks2 node4 9 | 10 | keepalive 8; 11 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/nic2-dashboard.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 9002; 3 | server_name dashboard.example.com; 4 | access_log off; 5 | 6 | location = /dashboard.html { 7 | #return 200 "You have reached /nic2dashboard."; 8 | 9 | proxy_pass http://nic2_dashboard; 10 | 11 | } 12 | 13 | location /api/ { 14 | 15 | proxy_pass http://nic2_dashboard; 16 | } 17 | 18 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/conf.d/windows-upstreams.conf: -------------------------------------------------------------------------------- 1 | # Nginx 4 Azure, Windows IIS Upstreams 2 | # Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024 3 | # 4 | # windows IIS server 5 | # 6 | upstream windowsvm { 7 | zone windowsvm 256k; 8 | 9 | server n4a-windowsvm:80; # IIS Server 10 | 11 | keepalive 32; 12 | 13 | } -------------------------------------------------------------------------------- /n4a-configs/etc/nginx/includes/keepalive.conf: -------------------------------------------------------------------------------- 1 | # Default is HTTP/1.0 to upstreams, keepalives is only enabled for HTTP/1.1 2 | proxy_http_version 1.1; 3 | 4 | # Set the Connection header to empty 5 | proxy_set_header Connection ""; 6 | 7 | # Host request header field, or the server name matching a request 8 | proxy_set_header Host $host; -------------------------------------------------------------------------------- /n4a-configs/var/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | worker_rlimit_nofile 8192; 4 | pid /run/nginx/nginx.pid; 5 | 6 | events { 7 | worker_connections 4000; 8 | } 9 | 10 | error_log /var/log/nginx/error.log error; 11 | 12 | http { 13 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 14 | '$status $body_bytes_sent "$http_referer" ' 15 | '"$http_user_agent" "$http_x_forwarded_for"'; 16 | 17 | log_format main_ext 'remote_addr="$remote_addr", ' 18 | '[time_local=$time_local], ' 19 | 'request="$request", ' 20 | 'status="$status", ' 21 | 'http_referer="$http_referer", ' 22 | 'body_bytes_sent="$body_bytes_sent", ' 23 | 'Host="$host", ' 24 | 'sn="$server_name", ' 25 | 'request_time=$request_time, ' 26 | 'http_user_agent="$http_user_agent", ' 27 | 'http_x_forwarded_for="$http_x_forwarded_for", ' 28 | 'request_length="$request_length", ' 29 | 'upstream_address="$upstream_addr", ' 30 | 'upstream_status="$upstream_status", ' 31 | 'upstream_connect_time="$upstream_connect_time", ' 32 | 'upstream_header_time="$upstream_header_time", ' 33 | 'upstream_response_time="$upstream_response_time", ' 34 | 'upstream_response_length="$upstream_response_length", '; 35 | 36 | access_log off; 37 | server_tokens ""; 38 | server { 39 | listen 80 default_server; 40 | server_name localhost; 41 | location / { 42 | # Points to a directory with a basic html index file with 43 | # a "Welcome to NGINX as a Service for Azure!" page 44 | root /var/www; 45 | index index.html; 46 | } 47 | } 48 | 49 | include /etc/nginx/conf.d/*.conf; 50 | include /etc/nginx/includes/*.conf; # shared files 51 | } 52 | 53 | stream { 54 | include /etc/nginx/stream/*.conf; # Stream TCP nginx files 55 | } -------------------------------------------------------------------------------- /n4a-configs/var/www/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Welcome to NGINXaaS for Azure! 6 | 20 | 21 | 22 | 23 |

Welcome to NGINX as a Service for Azure!

24 |

If you see this page, the NGINX instance is successfully installed and 25 | working. Further configuration is required.

26 | 27 |

For online documentation, please refer to 28 | docs.nginx.com/nginxaas/azure.
29 |


30 | 31 | 32 |
33 | NGINX-for-Azure-logo 36 | 37 | 38 | 39 | --------------------------------------------------------------------------------