- ssh into your VM using the username ubuntu and password Nginx1122!
- Set your hostname with:
-
sudo hostnamectl set-hostname yourname
-
- Install our required dependencies for the workshop.
-
cd NGINX-Ansible-Controller-Workshop
-
sh 0-install-required-dependencies.sh
-
- Verify that nginx is not running
-
curl localhost
-
- Take a look at the playbook and note the host groups that will be targeted (loadbalancers). Also view the hosts files to see which host(s) will be updated.
-
cat nginx_plus.yaml
-
cat hosts
-
cat nginx_plus_vars.yaml
-
- Run the Ansible playbook to install NGINX Plus. (use option 1 or 2)
- Full command:
ansible-playbook nginx_plus.yaml -b -i hosts
- Scripted equivalent
sh 1-run-nginx_plus-playbook.sh
- Full command:
- https://controller1.ddns.net (User: admin@nginx.com / Nginx1122!)
- Click the upper left NGINX logo and Infrastructure section>graphs. Note that your instance isn't there.
- Go back to your ssh session and run the controller agent install playbook. (use option 1 or 2)
- Full command:
ansible-playbook nginx_controller_agent_3x.yaml -b -i hosts -e "user_email=admin@nginx.com user_password=Nginx1122! controller_fqdn=controller1.ddns.net"
- Scripted Equivalent:
sh 2-run-nginx_controller_agent_3x-playbook.sh
- Full command:
- Go back to the Controller GUI and go to the Infrastructure>Graphs page
- Wait for the new instance to appear and then feel free to change the alias by clicking the settings (gear icon) so it is easy for you to find.
- Click on the NGINX logo and select Services.
- Go to the Gateways
- Create a new gateway, call it yourname-gw
- Put it in the production environment and hit next.
- In the Placements, select your NGINX instance, hit next.
- Under the hostnames, add
- http://nginx.ddns.net
- https://nginx.ddns.net
- Be sure to hit done after adding each URI.
- Select the nginx.ddns.net certificate and select all protocols.
- Feel free to view the optional configuration options.
- Publish the gateway and wait on the Gateways screen until your status is green.
- On the leftmost column hit Apps to show the My Apps menu > select overview. Click one of the buttons that say Create App.
- Name your app yourname-app and put it in the production environment.
- Hit submit.
- You should be brought to the Apps list and you see your app listed. You now need to create a Component for your app. There are at least four ways to create this first component, but here is one way that is also available later to add more components: Hover over your app and hit the eye icon under the View column. This page provides an Overview for this entire app. Hit Create Component near the upper-right corner of the page.
- Name the first component time1
- In the Gateways section, select your gateway.
- In the URI section, add (link is on top right of screen) uri: /time1
- Hit done.
- Click next through the optional configuration items until you get to workload groups.
- Add a workload group. Name it time1
- Add the backend workload URI: http://18.223.169.105
- Be sure to hit done after adding the URI.
- Hit publish.
- Wait for the green Configured status.
- Open a web browser to https://your-aws-IP/time1 and refresh a few times
- View the changes made to /etc/nginx/nginx.conf on your host.
-
sudo nginx -T
-
- Repeat steps 24-35 adding a component for time2 and point it to http://3.16.214.214
- Add another component and name it both.
- Select your gateway.
- In the URI section add: /
- Click done.
- Click on Workload groups and add a workload group called both
- Add both of our backend workoad URIs:
- Test the new configuration with a few curl commands on your SSH session:
- curl localhost/time1
- curl localhost/time2
- curl localhost (run it several times to see the round robin)
- curl -k https://localhost/ (to test https is working)
- you can also test using the public IP of your VM in a browser
- Navigate to Services>APIs and view the workload group. (ergast.com:80)
- On API Definitions create your "F1 Yourname" API with base path /api/f1
- Hit save and add URI /seasons and /drivers. Enable documentation with response 200 and {"response":"2009"} as an example (you can make this up, it is just for future developers who might consume this API resource)
- Click Add A Published API f1_api in prod and create a new application "yourname_f1_app"
- Select the entry point, click save.
- Scroll to the bottom and add the routes to the resources we created.
- Publish and wait for the success message.
- curl a few of these examples:
curl -k http://localhost/api/f1/seasons
curl -k http://localhost/api/f1/drivers
curl -k http://localhost/api/f1/drivers.json
curl -k http://localhost/api/f1/drivers/arnold.json
- Edit your published API and add a rate limit policy.
- Publish and test a couple more requests.
- Review the JWT Identity Provider under the API Managment Section. A JWT has been configured. It is in this repo, named auth_jwt_key_file.jwk.
- Go back to your API Definition and edit your published API to require an Authentication Policy using the JWT Provider.
- Publish and test a curl command using this token (which is in the script in option 2). Alternatively, use postman.
-
curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjAwMDEifQ.eyJuYW1lIjoiUXVvdGF0aW9uIFN5c3RlbSIsInN1YiI6InF1b3RlcyIsImV4cCI6IjE2MDk0NTkxOTkiLCJpc3MiOiJNeSBBUEkgR2F0ZXdheSJ9.lJfCn7b_0mfKHKGk56Iu6CPGdJElG2UhFL64X47vu2M" localhost/api/f1/seasons
-
sh 3-run-jwt-curl.sh
-
Optional, if you have time:
- Add an alert for too many 500 errors.
- Create a dashboard that you think might be useful in a NOC.
- Access the Developer API Management Portal: http://3.19.238.184:8090 Feel free to browse around the GUI to see other functionality.