KEMBAR78
Nginx 101 Kickstart Lab Guide | PDF | Remote Desktop Services | Transport Layer Security
Scribd
Upload
239 views12 pages

Nginx 101 Kickstart Lab Guide

Uploaded by

Ogeli Stark
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
239 views12 pages

Nginx 101 Kickstart Lab Guide

Uploaded by

Ogeli Stark
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

NGINX 101 HANDS-ON WORKSHOP

Module-1:-Configure Nginx Plus Instance

Install NGINX PLUS

cd /opt/nplus-keys/
Ls
sudo cp nginx-repo* /tmp/
cd /opt/install-nginx/
sudo ./install_nplus.sh
nginx -v
curl -I 127.0.0.1
curl localhost

Review NGINX Plus Default Configuration

cd /etc/nginx/
cat nginx.conf
cd conf.d/
cat default.conf
sudo mv default.conf default.conf.bak
sudo nginx -t
sudo nginx -T
sudo nginx -v
sudo nginx -V
sudo nginx -s reload
Module-2:-Configure the Web Server

Web Server Configuration

cd /opt/services/
cd App1/
Ls
cat index.html
cd /etc/nginx/conf.d/
sudo vi web.conf

### web.conf ###


server {

listen 9001;
index index.html;

location / {
root /opt/services/App1;
}
}

server {

listen 9002;
index index.html;

location / {
root /opt/services/App2;
}
}

server {

listen 9003;
index index.html;

location / {
root /opt/services/App3;
}
}
### ###
sudo nginx -t
sudo nginx -s reload
curl 10.1.1.5:9001
curl 10.1.1.5:9002
curl 10.1.1.5:9003

Access the Web Servers

Now Try accessing 10.1.1.5:9001, 10.1.1.5:9002, 10.1.1.5:9003 from the windows jump
host. You should see the below.
Module-3:- Configuring LB & Nginx+ Dashboard

Configuring Load Balancer

cd /etc/nginx/conf.d/
sudo vi lb.conf

### lb.conf ###


upstream backend_servers {
zone backend_server_zone 64k;
server 127.0.0.1:9001;
server 127.0.0.1:9002;
}

server {
listen 9000;
autoindex on;

location / {
proxy_pass http://backend_servers/;
#health_check;

proxy_set_header Host $host;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

}
}

### ###

sudo nginx -t
sudo nginx -s reload
curl localhost:9000
curl localhost:9000
curl localhost:9000
Configuring NGINX Plus Dashboard

### dashboard.conf ###

server {

listen 8080;

location /api {
api write=on;
allow all;
}

location / {
root /usr/share/nginx/html;
index dashboard.html;
}
}

### ###

Access The NGINX+ dashboard

• Once done, Go to UDF and open N+ Dashboard. If you encounter forbidden error from N+
Dashboard Web, use windows server to access 10.1.1.5:8080. Review the dashboard
Add a Dynamic Server

• Go to N+ Dashboard. Click on HTTP Upstreams.


• Click on ‘edit’ icon next to backend_servers.
• Click Add server.
• Add 127.0.0.1:9003.
• Set state as “up”
• Click “Add”

NOTE:- App3 Server will disappear on NGINX restart as we have not created a “state”
file for NGINX to store this dynamically added information.

SELF Exercise:-
Edit the /etc/nginx/conf.d/lb.conf file and add the server 127.0.0.1:9003

Module-4:- API Gateway

Configuring API Gateway

On "docker_api" Box

cd /opt/ergast-f1-api/
sudo ./start.sh --build
sudo docker ps
curl localhost:8001/api/f1/drivers

On "ubuntu_plus" Box

cd /etc/nginx/conf.d/
sudo vi api_gateway.conf

### api_gateway ###

#limit_req_zone $remote_addr zone=perip:1m rate=2r/s;

upstream f1-api {
server 10.1.1.7:8001; #validate IP address of docker_api
server 10.1.1.7:8002;
}
server {

listen 9443;
#listen 9443 ssl;
#ssl_certificate ssl/www.example.com.crt;
#ssl_certificate_key ssl/www.example.com.key;
#ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
#ssl_prefer_server_ciphers on;

location /api/f1/drivers {
proxy_pass http://f1-api;

#limit_req zone=perip nodelay;


#limit_req_status 429;
}
location /api/f1/seasons {
proxy_pass http://f1-api;
}
location /api/f1/circuits {
proxy_pass http://f1-api;
}
}
######

sudo nginx -t
sudo nginx -s reload
curl localhost:9443/api/f1/drivers
curl localhost:9443/api/f1/seasons

Once done, follow the below steps:-

• Navigate to Win2019_jumpbox| Windows Svr 2019 on UDF


• Log-on (RDP with Microsoft Remote Desktop)
• Open Postman
• Make API Call to Gateway as below:-
→ 10.1.1.5:9443/api/f1/drivers
→ 10.1.1.5:9443/api/f1/circuits
→ 10.1.1.5:9443/api/f1/seasons

Remove https if you see it in your request. We will configure SSL termination next.
API Gateway - SSL Termination

cd /etc/nginx/
sudo mkdir ssl
cd ssl/
sudo cp /opt/ssl/www.example.com* .
ls
cd /etc/nginx/conf.d/
sudo vim api_gateway.conf
sudo nginx -t
sudo nginx -s reload
curl localhost:9443/api/f1/drivers
curl https://localhost:9443/api/f1/drivers --insecure
Once done, follow the below steps:-

• Navigate to Win2019_jumpbox| Windows Svr 2019 on UDF


• Log-on (RDP with Microsoft Remote Desktop)
• Open Postman
• Make API Call to Gateway as below
→ https://10.1.1.5:9443/api/f1/drivers
→ https://10.1.1.5:9443/api/f1/circuits
→ https://10.1.1.5:9443/api/f1/seasons

Module-5:- Rate Limiting,Cache & Health Check

Enable Rate Limiting

cd /etc/nginx/conf.d/
sudo vi api_gateway.conf
sudo nginx -t
sudo nginx -s reload
curl https://localhost:9443/api/f1/drivers --insecure
!!;!!;!!;!!;!!;
Enable Cache Management

cd /etc/nginx/conf.d/
sudo vi cache.conf

### cache.conf ###

proxy_cache_path /opt/nginx-cache levels=1:2 keys_zone=upstream_cache:20m inactive=5m max_size=2G;

server {
listen 8095;
server_name _;

location / {
index index.html;
root /opt/services/covid-app;

}
}

## You are unable to serve the content and cache content within the same server block

server {
listen 8092;
server_name _;

location / {
add_header X-Cache-Status $upstream_cache_status;
proxy_cache upstream_cache;
proxy_pass http://localhost:8095;
proxy_cache_key $scheme$host$request_uri;
proxy_cache_valid 5m;
add_header X-Test-Header $host;
}
}

### ###

sudo nginx -t
sudo nginx -s reload
curl localhost:8092 -v
curl localhost:8092 -v
Check the Cache Status

• Login to win2019_jumpbox – Access via Browser from the UDF console


• Open Chrome, navigate to 10.1.1.5:8092, right click → More tools → navigate to
the developer tools On the Network tab, below header under Response header
find X-Cache Status. What does it show?

Enable Active Health Checks

cd /etc/nginx/conf.d/
sudo vi lb.conf
sudo nginx -t
sudo nginx -s reload

Check the Monitoring Status

• Login to N+ Dashboard under ubuntu_plus via Browser from the UDF console
• If you encounter forbidden error, use windows server to access 10.1.1.5:8080.
• Click on the HTTP Upstreams and then under Health monitors find the status under
Checks and Last column
End Of LAB

You might also like