diff --git a/nginx-agent-docker/Dockerfile b/nginx-agent-docker/Dockerfile index 92de345e..135b3c2e 100644 --- a/nginx-agent-docker/Dockerfile +++ b/nginx-agent-docker/Dockerfile @@ -6,7 +6,7 @@ ARG NAP_WAF=false # Initial packages setup RUN apt-get -y update \ - && apt-get -y install apt-transport-https lsb-release ca-certificates wget gnupg2 curl debian-archive-keyring \ + && apt-get -y install apt-transport-https lsb-release ca-certificates wget gnupg2 curl debian-archive-keyring iproute2 \ && mkdir -p /deployment /etc/ssl/nginx \ && addgroup --system --gid 20983 nginx \ && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 20983 nginx diff --git a/nginx-agent-docker/README.md b/nginx-agent-docker/README.md index 057fbb3a..6da1bbd9 100644 --- a/nginx-agent-docker/README.md +++ b/nginx-agent-docker/README.md @@ -8,7 +8,7 @@ This repository can be used to build a docker image with NGINX Plus and NGINX In This repository has been tested with NGINX agent for: -- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0 +- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0, 2.14.1 - API Connectivity Manager 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0 - NGINX App Protect WAF 4.100.1+ @@ -75,8 +75,9 @@ the build script will push the image to your private registry once build is comp 1. Edit `manifests/1.nginx-nim.yaml` and specify the correct image by modifying the `image:` line, and set the following environment variables. Default values for `NIM_HOST` and `NIM_GRPC_PORT` can be used if NGINX Instance Manager is deployed using https://github.com/nginxinc/NGINX-Demos/tree/master/nginx-nms-docker - `NIM_HOST` - NGINX Instance Manager hostname/IP address - `NIM_GRPC_PORT` - NGINX Instance Manager gRPC port. - - `NIM_INSTANCEGROUP` - instance group for the NGINX Kubernetes Deployment - - `NIM_TAGS` - comma separated list of tags for the NGINX Kubernetes Deployment + - `NIM_INSTANCEGROUP` - instance group for the NGINX instance + - `NIM_TAGS` - comma separated list of tags for the NGINX instance + - `NIM_ADVANCED_METRICS` - set to `"true"` to enable advanced metrics collection - `NAP_WAF` - set to `"true"` to enable NGINX App Protect WAF (docker image built using `-w`) - `NAP_WAF_PRECOMPILED_POLICIES` - set to `"true"` to enable NGINX App Protect WAF precompiled policies (docker image built using `-w`) - `ACM_DEVPORTAL` - set to `"true"` to enable API Connectivity Manager Developer Portal (docker image built using `-d`) diff --git a/nginx-agent-docker/container/start.sh b/nginx-agent-docker/container/start.sh index 0ad195a7..b5181d74 100755 --- a/nginx-agent-docker/container/start.sh +++ b/nginx-agent-docker/container/start.sh @@ -27,18 +27,35 @@ if [[ ! -z "$NIM_TAGS" ]]; then PARM="${PARM} --tags $NIM_TAGS" fi +if [[ "$NIM_ADVANCED_METRICS" == "true" ]]; then + if [ $OLD_AGENT == "false" ] + then + EXTRA_EXTENSIONS="- advanced-metrics" + + cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf + +# Advanced metrics +advanced_metrics: + socket_path: /var/run/nginx-agent/advanced-metrics.sock + aggregation_period: 1s + publishing_period: 3s + table_sizes_limits: + staging_table_max_size: 1000 + staging_table_threshold: 1000 + priority_table_max_size: 1000 + priority_table_threshold: 1000 +__EOT__ + fi +fi + if [[ "$NAP_WAF" == "true" ]]; then if [ $OLD_AGENT == "true" ] then PARM="${PARM} --nginx-app-protect-report-interval 15s --nap-monitoring-collector-buffer-size 50000 --nap-monitoring-processor-buffer-size 50000 --nap-monitoring-syslog-ip 127.0.0.1 --nap-monitoring-syslog-port 514" else - cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf + EXTRA_EXTENSIONS=$EXTRA_EXTENSIONS"\n- nginx-app-protect\n- nap-monitoring" -# Enable NAP and Advanced Metrics -extensions: - - advanced-metrics - - nginx-app-protect - - nap-monitoring + cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf # NGINX App Protect Monitoring config nap_monitoring: @@ -62,7 +79,6 @@ __EOT__ done chown nginx:nginx /opt/app_protect/pipe/* -fi if [[ "$NAP_WAF_PRECOMPILED_POLICIES" == "true" ]]; then if [ $OLD_AGENT == "true" ] @@ -78,6 +94,17 @@ __EOT__ fi fi +fi + +if [[ "$EXTRA_EXTENSIONS" != "" ]]; then + cat - << __EOT__ >> /etc/nginx-agent/nginx-agent.conf + +# Enable extensions +extensions: +`echo -e $EXTRA_EXTENSIONS | sed "s/^/\ \ /g"` +__EOT__ +fi + if [[ "$ACM_DEVPORTAL" == "true" ]]; then nginx-devportal server & fi