nginxinc
diff --git a/‎ca-notes/LabOutline.md
Lines changed: 184 additions & 0 deletions b/‎ca-notes/LabOutline.md
Lines changed: 184 additions & 0 deletions
diff --git a/‎ca-notes/N4A Reference Arch.md
Lines changed: 44 additions & 0 deletions b/‎ca-notes/N4A Reference Arch.md
Lines changed: 44 additions & 0 deletions
diff --git a/‎ca-notes/N4A-feedback.md
Lines changed: 154 additions & 0 deletions b/‎ca-notes/N4A-feedback.md
Lines changed: 154 additions & 0 deletions
diff --git a/‎ca-notes/R30Plus-dashboard.html
Lines changed: 1928 additions & 0 deletions b/‎ca-notes/R30Plus-dashboard.html
Lines changed: 1928 additions & 0 deletions
@@ -0,0 +1,184 @@
+# Nginx for Azure Workshop Outline / Summary
+
+## Lab 0 - Prequesites - Subscription / Resources
+## Lab 1 - Azure VNet/Subnet / Network Security Group / Nginx for Azure Overview
+## Lab 2 - UbuntuVM/Docker / Windows VM / Cafe Demo Deployment 
+## Lab 3 - AKS / ACR / Nginx Ingress Controller Deployment
+## Lab 4 - NIC Dashboard / Cafe Demo / Redis Deployment
+## Lab 5 - Nginx for Azure Load Balancing / Reverse Proxy
+## Lab 6 - Azure Key Vault / TLS Essentials
+## Lab 7 - Azure Monitoring / Logging Analytics
+## Lab 8 - Nginx Garage or Azure Petshop
+## Lab 9 - Nginx Caching / Rate Limits / Juiceshop
+## Lab 10 - Grafana for Azure
+## Lab 11 - Optional Exercises - Windows VM
+## Summary and Wrap-up
+
+<br/>
+
+### Lab 0 - Prequesites - Subscription / Resources
+
+- Overview
+In this Lab, the Prerequisite Requirements for both the Student and the Azure environment will be detailed.  It is imperative that you have the appropriate computer, tools, skills, and Azure access to successfully complete the workshop.  The Lab exercises must be done sequentially to build the environment as described.  This is an intermediate level class, you must be proficient in several areas to successfully complete the workshop.  Beginner level workshops are available from Nginx, to help prepare you for this workshop - see the References section below.
+
+- Learning Objectives
+Verify you have the proper computer requirements - hardware and software.
+- Hardware:  Laptop, Admin rights, Internet connection
+- Software:  Visual Studio, Terminal, Chrome, Docker, AKS and AZ CLI, Redis-CLI.
+Verify you have proper computer skills.
+- Computer skills:  Linux CLI, file mgmt, SSH/Terminal, Docker/Compose, Azure Portal, HTTP/S, Kubernetes Nodes/Pods/Services skills, Load Balancing concepts
+- Optional: TLS, DNS, HTTP caching, Prometheus, Grafana, Redis
+Verify you have the proper access to Azure resources.
+- Azure subscription, list of Azure Roles/permissions here
+
+- Nginx for Azure Workshop has the following REQUIRED Nginx Skills
+Students must be familiar with Nginx basic operations, configurations, and concepts for HTTP traffic.
+-- The Nginx Basics Workshop is HIGHLY recommended, students should have taken this workshop prior.
+-- The Nginx Plus Ingress Controller workshop is also HIGHLY recommended, students should have taken this workshop prior.
+-- Previous training on Azure Resource Groups, VMs, Azure Networking, AKS, ACR, and NSG is HIGHLY recommended.
+
+<br/>
+
+### Lab 1 - Azure VNet/Subnet / Network Security Group / Nginx for Azure Overview
+
+- Overview
+In this lab, you will be adding and configuring the Azure Networking components needed for this workshop.  This will require a few network resources, and a Network Security Group to allow incoming traffic to your Nginx for Azure workshop resources.  Then you will explore the Nginx for Azure product, as a quick Overview of what it is and how to deploy it.
+
+- Learning Objectives
+Setup your Azure Vnet and Subnets
+Setup your Azure Network Security Group for inbound traffic
+Explore Nginx for Azure
+Deploy an Nginx for Azure instance / enable logging
+Test Nginx for Azure welcome page
+
+<br/>
+
+### Lab 2 - Ubuntu VM/Docker / Windows VM / Cafe Demo Deployment
+
+- Overview
+In this lab, you will deploy an Ubuntu VM, and configure it for a Legacy web application.  You will deploy a Windows VM.  You will configure Nginx for Azure to proxy and load balance these backends.
+
+- Learning Objectives
+Deploy Ubuntu VM
+Install Docker and Docker-compose
+Run Legacy docker container apps - Cafe Demo
+Optional Exercise: Deploy Windows VM
+Configure Nginx Load Balancing for these apps
+
+<br/>
+
+### Lab 3 - AKS / ACR / Nginx Ingress Controller Deployment
+
+- Overview
+In this lab, you will deploy 2 AKS clusters, with Nginx Ingress Controllers.  You will also deploy a private Container Registry.
+
+- Learning Objectives
+Deploy 1 AKS cluster using the Azure AZ CLI.
+Deploy 2nd AKS cluster with a bash script.
+Deploy Nginx Plus Ingress Controller with F5 Private Registry, to both the Clusters.
+Configure Nginx Plus Ingress Controller Dashboards.
+Expose the NIC Plus Dashboards externally for Live Monitoring.
+
+<br/>
+
+### 4 - Cafe Demo / Redis Deployment / Plus Dashboard
+
+- Overview
+In this lab, you will deploy 2 AKS clusters, with Nginx Ingress Controllers, a Redis cluster, and a Modern Web Application.  
+
+- Learning Objectives
+Deploy a demo web application in the clusters.
+Deploy and test a Redis In Memory Cache to the AKS cluster.
+Configure Nginx Ingress for Cafe Demo.
+Configure Nginx Ingress for Redis Leader.
+Configure Nginx for Azure for Cafe and Redis applications.
+
+<br/>
+
+### Lab 5 - Nginx Load Balancing / Reverse Proxy
+
+- Overview
+In this lab, you will configure Nginx for Azure to Load Balance various workloads running in Azure.  After successful configuration and adding Best Practice Nginx parameters, you will Load Test these applications, and test multiple load balancing and request routing parameters to suit different use cases.
+
+- Learning Objectives
+Configure Nginx for Azure, to Load Balance traffic to both AKS Nginx Ingress Controllers.
+Configure HTTP Split Clients, and route traffic to all 3 backend systems.
+Load test the Legacy and Modern web applications.
+
+<br/>
+
+### Lab 6 - Azure Key Vault / TLS Essentials
+
+- Overview
+In this lab, you use Azure Key Vault for TLS certificates and keys.  You will configure Nginx for Azure to use these Azure resources to terminate TLS.
+
+- Learning Objectives
+Create a sample Azure Key Vault
+Create a TLS cert/key
+Configure and test Nginx for Azure to use the Azure Keys
+Update the previous Nginx configurations to use TLS for apps
+Update NSGs for TLS inbound traffic
+
+<br/>
+
+### Lab 7 - Azure Montoring / Logging Analytics
+
+- Overview
+Enable and configure Azure Monitoring for Nginx for Azure.  Create custom Azure Dashboards for your applications.  Gain experience using Azure Logs and logging tools.
+
+- Learning Objectives
+Enable, configure, and test Azure Monitoring for Nginx for Azure.
+Create a couple custom dashboards for your load balanced applications.
+Explore the Azure logging and Analytics tools available.
+
+<br/>
+
+### Lab 8 - Nginx Garage or Azure Petshop
+
+- Overview
+In this lab, you will deploy a modern application in your AKS cluster.  You will expose it with Nginx Ingress Controller and Nginx for Azure.
+
+- Learning Objectives
+Deploy the modern app in AKS
+Test and Verify the app is working correctly
+Expose this application outside the cluster with Nginx Ingress Controller
+Configure Nginx for Azure for this new application
+
+<br/>
+
+### Lab 9 - Nginx Caching / Rate Limits / Juiceshop
+
+- Overview
+In this lab, you will deploy an image rich application, and use Nginx Caching to cache images to improve performance.
+
+- Learning Objectives
+Deploy JuiceShop in AKS cluster.
+Expose JuiceShop with Nginx Ingress Controller.
+Configure Nginx for Azure for load balancing JuiceShop.
+Add Nginx Caching to improve delivery of images.
+
+<br/>
+
+### Lab 10 - Grafana for Azure
+
+- Overview
+In this lab, you will explore the Nginx and Grafana for Azure integration.
+
+- Learning Objectives
+Deploy Grafana for Azure.
+Configure the Datasource
+Explore a sample Grafana Dashboard for Nginx for Azure
+
+
+<br/>
+
+### Lab 11 - Optional Exercises
+
+
+
+
+<br/>
+
+### Summary and Wrap-up
+
+- Summary and Wrap-up comments here
@@ -0,0 +1,44 @@
+N4A Reference Arch
+
+Plus features:
+
+Least time algo
+Active HC - not working
+Dashboard - not available
+metrics
+Prometheus
+KV store - no API access
+Zone synch
+Active Active nodes - 
+OIDC-jwt - no
+Split clients
+NTLM - no app
+Caching
+FIPS - AKS/NIC only
+
+NIC - Deep Insight
+NLK
+NAP WAF - not available
+
+Azure Integrations
+Azure Console
+AzureAD - not available
+Azure Mon
+Azure DNS
+Azure Log Analisys
+Azure Key Vault - certs/keys
+Azure HSM - not possible
+
+
+Infrastructure
+FQDN Reg
+Public IPs
+
+2 Demo Apps,
+One for VMs with NTLM
+One for AKS with NIC
+And cafe to start
+
+****
+
+N4A Feedback / Issues, feedback, suggestions
@@ -0,0 +1,154 @@
+# N4A Feedback / Issues, feedback, suggestions
+
+
+
+## Azure Metrics are blank, text box is malformed, see screenshot
+
+Nginx Default config `nginx.conf` should have two status_zone directives included.  One for server{} block, one for / location block.  **This will allow metrics to show up immediately, without the user having to find, understand, and configure status_zones in their nginx.conf file, or included files in /etc/nginx/conf.d.**
+
+```nginx
+
+user nginx;
+worker_processes auto;
+worker_rlimit_nofile 8192;
+pid /run/nginx/nginx.pid;
+
+events {
+    worker_connections 4000;
+}
+
+error_log /var/log/nginx/error.log error;
+
+http {
+    access_log off;
+    server_tokens "";
+    server {
+        listen 80 default_server;
+        status_zone default;         # Add something here
+        server_name localhost;
+        location / {
+            status_zone /;           # Add something here
+            # Points to a directory with a basic html index file with
+            # a "Welcome to NGINX as a Service for Azure!" page
+            root /var/www;
+            index index.html;
+        }
+    }
+}
+
+```
+
+There should be a step by step config guide for getting the Metrics to show up, and create a basic Dashboard for Nginx, including the Prerequisites.
+
+## Nginx Standards and Best Practice Violations/Issues
+
+The Nginx default HTML folder/files are missing.  This should be included, `/usr/share/nginx/html`, with all the Nginx Error Pages, and other Nginx primitives.  Consult a new installation of NginxPlus-R3x to match files.
+
+The usage of the `/var/www` folder is an Apache/Microsoft standard, not an Nginx standard.  It should be replaced with `/usr/share/nginx/html` for Nginx users.
+
+The usage of the `/var/cache` folder for caching content is inconsistent with Nginx standards and docs.  Most Nginx documentation for caching refers to the `/data/nginx/cache` folder location, and should be changed for Nginx users.
+
+Missing standard nginx.conf `include` directive, for including files in /etc/nginx/conf.d folder.
+
+## NGINX configuration issues
+
+Upload Config Package overwrites the existing nginx.conf, this is a terrible idea.  Config package upload should be modified to only allow uploads to the /etc/nginx/conf.d folder, the Nginx standard location for http config files.  Perhaps also allow uploads to `/etc/nginx/stream`, the Nginx standard for L4 config files.  Even better, allow uploads to a dedicated folder that won't overwrite standard Nginx folders/files, but the user would have to manually copy/paste to move them into the correct folder.  Lots of room for discussion and improvement here.
+
+## Caching
+
+From the docs: NGINXaaS for Azure only supports caching to /var/cache/nginx. This is because data at /var/cache/nginx will be stored in a separate Temporary Disk. The size of the temporary disk is 4GB.
+
+This is too small, and there should be an option to use other Azure storage options besides a Temporary disk.
+
+Caching Configuration example is incomplete.  It only set up the cache_path location:
+
+http {
+    # ...
+    proxy_cache_path /var/cache/nginx keys_zone=mycache:10m;
+}
+
+It is `missing` all the other parameters needed for caching to work.  A link to Nginx Content Caching is provided, but that is not very helpful.
+
+A complete Caching config example should be provided, perhaps with an include file, pre-configured ?
+
+```nginx
+
+http {
+    ...
+
+    proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=mycache:10m max_size=500m use_temp_path=off;
+
+    ...
+
+    server {
+        ...
+        server_name localhost;
+        location /images {
+            ...
+            proxy_cache mycache;                              # Use the cache
+            proxy_cache_key "$host$request_uri$cookie_user";  # Cache Key
+            proxy_cache_min_uses 2;                           # Cache after 2 reqs
+            proxy_cache_valid 200 30m;                        # Cache for 30m
+            proxy_cache_valid 404 1m;
+            
+            # Required caching headers
+            proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
+            add_header Cache-Control "public";
+            add_header X-Cache-Status $upstream_cache_status;  # Add Cache status header
+
+
+        }
+    }
+}
+
+```
+
+## Default 'includes' Directive is missing
+
+## Can't see the Nginx Upstreams
+
+Without the Plus realtime dash board, there is no way to know if the Upstreams defined are correct or working, because
+
+## No access to Nginx Access or Error logs
+
+There is no realtime access to either the Error or Access Logs from Nginx.  It makes it virtually impossible to "see what's going on" with Nginx without these logs.
+
+Using the Azure Logging services is complicated, you can't see the original Access or Error logs.  An Azure Logging Workspace that shows the error and Access log should be included when the user Deploys N4A.  It should be there by default. The lack of this feature will frustrate a large number of Nginx users, especially if they are new to Azure Monitoring / Logging Workspaces.
+
+
+## Nginx Keepalive for HTTP1.1 settings should be included, missing Best Practice.
+
+```nginx
+# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+proxy_http_version 1.1;
+
+# Remove the Connection header if the client sends it,
+# it could be "close" to close a keepalive connection
+proxy_set_header Connection "";
+
+# Host request header field, or the server name matching a request
+proxy_set_header Host $host;
+
+```
+
+## Nginx Azure Monitor - can't used Saved Dashboards.
+
+If you create and save a dashboard, it does not work.  Looks like you have Share a Dashboard.
+
+I can see the name in the list, but Azure Monitor does not let me "load it and use it".  It starts with a new, blank dashboard instead.  If you refresh the browser page, all customizations are lost and you start at the beginning.
+
+nginx requests and responses, plus.http.status.4xx are reporting incorrectly.  looks like 2xx and 4xx metrics are swapped!
+
+Unique Server, Location, and Upstream block metrics are not available, everything is aggregated in to a Total, no metrics with fine grain resolution.
+
+Very difficult to even see the Upstream IP addresses, this is critical for a Proxy configuration.
+
+
+***********
+
+## Engineering Areas to investigate
+
+Adam - AzureAD/DNS/Grafana - ingress-demo container update
+Chris - Plus LB, AZcompute, Cafe Demo, aks/nic/cafe
+Shouvik - AZ monitor, KeyVault, new repo
+Steve - Demo app, Redis