NGINX Opensource support added (#142)

fabriziofiorucci · web-flow · commit f7af2aa98124 · 2024-04-11T11:29:14.000-08:00
diff --git a/nginx-agent-docker/Dockerfile.oss b/nginx-agent-docker/Dockerfile.oss
@@ -0,0 +1,30 @@
+FROM nginx:stable-bullseye-perl
+
+ARG NMS_URL
+
+# Initial packages setup
+RUN apt-get -y update \
+	&& apt-get -y install wget gpg \
+	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq \
+	&& chmod +x /usr/bin/yq \
+	&& set -x \
+# Forward request logs to Docker log collector
+	&& ln -sf /dev/stdout /var/log/nginx/access.log \
+	&& ln -sf /dev/stderr /var/log/nginx/error.log \
+# User and group
+	&& groupadd -g 1001 nginx-agent \
+	&& usermod root -G nginx-agent \
+	&& usermod nginx -G nginx-agent \
+# NGINX Instance Manager agent installation
+	&& if [ `curl -o /dev/null -sk -w "%{http_code}\n" $NMS_URL/install/nginx-agent` = 200 ] ; then \
+	bash -c 'export DATA_PLANE_KEY="placeholder" && curl -k $NMS_URL/install/nginx-agent | sh' && echo "NGINX Agent installed"; else \
+	bash -c 'export DATA_PLANE_KEY="placeholder" && curl -k $NMS_URL/nginx-agent/install | sh || :' && echo "NGINX Agent installed"; fi
+
+# Startup script
+COPY ./container/start.sh /deployment/
+RUN chmod +x /deployment/start.sh && touch /.dockerenv
+
+EXPOSE 80
+STOPSIGNAL SIGTERM
+
+CMD /deployment/start.sh
diff --git a/nginx-agent-docker/Dockerfile.plus b/nginx-agent-docker/Dockerfile.plus
@@ -4,13 +4,13 @@ ARG NMS_URL
 ARG NAP_WAF=false
 
 # Initial packages setup
-RUN	apt-get -y update \
+RUN apt-get -y update \
 	&& apt-get -y install apt-transport-https lsb-release ca-certificates wget gnupg2 curl debian-archive-keyring iproute2 \
 	&& mkdir -p /deployment /etc/ssl/nginx \
 	&& addgroup --system --gid 20983 nginx \
 	&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 20983 nginx \
-        && wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq \
-        && chmod +x /usr/bin/yq
+	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq \
+	&& chmod +x /usr/bin/yq
 
 # Use certificate and key from kubernetes secret
 RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
@@ -43,8 +43,7 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
 
 # Startup script
 COPY ./container/start.sh /deployment/
-RUN	chmod +x /deployment/start.sh && touch /.dockerenv
-
+RUN chmod +x /deployment/start.sh && touch /.dockerenv
 
 EXPOSE 80
 STOPSIGNAL SIGTERM
diff --git a/nginx-agent-docker/README.md b/nginx-agent-docker/README.md
@@ -2,12 +2,14 @@
 
 ## Description
 
-This repository can be used to build a docker image with NGINX Plus and NGINX Instance Manager Agent (https://docs.nginx.com/nginx-instance-manager/).
+This repository can be used to build a docker image with NGINX (Plus or Opensource) and NGINX Instance Manager Agent (https://docs.nginx.com/nginx-instance-manager/).
 
 ## Tested releases
 
 This repository has been tested with: NGINX agent for:
 
+- NGINX Plus R29+
+- NGINX Opensource 1.24.0+
 - NGINX Agent 2.14+
 - NGINX Instance Manager 2.15+
 - NGINX App Protect WAF 4.100.1+
@@ -27,10 +29,9 @@ This repository has been tested with: NGINX agent for:
 The install script can be used to build the Docker image:
 
 ```
-$ ./scripts/build.sh 
-NGINX Plus & NGINX Instance Manager agent Docker image builder
+NGINX Opensource/Plus & NGINX Agent Docker image builder
 
- This tool builds a Docker image to run NGINX Plus and NGINX Instance Manager agent
+ This tool builds a Docker image to run NGINX Opensource/Plus and NGINX Agent
 
  === Usage:
 
@@ -42,8 +43,9 @@ NGINX Plus & NGINX Instance Manager agent Docker image builder
  -t [target image]      - The Docker image to be created
  -C [file.crt]          - Certificate to pull packages from the official NGINX repository
  -K [file.key]          - Key to pull packages from the official NGINX repository
- -n [URL]               - NGINX Instance Manager URL to fetch the agent
- -w                     - Add NGINX App Protect WAF
+ -n [URL]               - NGINX Instance Manager / NGINX SaaS console URL to fetch the agent
+ -w                     - Add NGINX App Protect WAF (requires NGINX Plus)
+ -O                     - Use NGINX Opensource instead of NGINX Plus
 
  === Examples:
 
@@ -52,21 +54,18 @@ NGINX Plus & NGINX Instance Manager agent Docker image builder
 
  NGINX Plus, NGINX App Protect WAF and NGINX Agent image:
  ./scripts/build.sh -C nginx-repo.crt -K nginx-repo.key -t registry.ff.lan:31005/nginx-with-agent:latest-nap -w -n https://nim.f5.ff.lan
+
+ NGINX Opensource and NGINX Agent image:
+ ./scripts/build.sh -O -t registry.ff.lan:31005/nginx-oss-with-agent:latest -n https://nim.f5.ff.lan
 ```
 
 1. Clone this repository
-2. Get your license certificate and key to fetch NGINX Management Suite packages from NGINX repository
-3. [Install](https://docs.nginx.com/nginx-management-suite/) and start NGINX Management Suite / NGINX Instance Manager
-4. Build the Docker image using:
-
-```
-$ ./scripts/build.sh -C nginx-repo.crt -K nginx-repo.key -t registry.ff.lan:31005/nginx-with-agent:r28 -n https://ubuntu.ff.lan
-```
+2. For NGINX Plus only: get your license certificate and key to fetch NGINX Management Suite packages from NGINX repository
+3. [Install](https://docs.nginx.com/nginx-management-suite/) and start NGINX Management Suite / NGINX Instance Manager. Skip this step if using the NGINX SaaS console
+4. Build the Docker image using `./scripts/build.sh`
 
 the build script will push the image to your private registry once build is complete.
 
-- the `-w` flag can be used to include NGINX App Protect WAF support in the docker image
-
 ### Running the docker image on Kubernetes
 
 1. Edit `manifests/1.nginx-nim.yaml` and specify the correct image by modifying the `image:` line, and set the following environment variables. Default values for `NIM_HOST` and `NIM_GRPC_PORT` can be used if NGINX Instance Manager is deployed using https://github.com/nginxinc/NGINX-Demos/tree/master/nginx-nms-docker
@@ -75,9 +74,9 @@ the build script will push the image to your private registry once build is comp
   - `NIM_TOKEN` - NGINX One Cloud Console authentication token
   - `NIM_INSTANCEGROUP` - instance group for the NGINX instance
   - `NIM_TAGS` - comma separated list of tags for the NGINX instance
-  - `NIM_ADVANCED_METRICS` - set to `"true"` to enable advanced metrics collection
-  - `NAP_WAF` - set to `"true"` to enable NGINX App Protect WAF (docker image built using `-w`)
-  - `NAP_WAF_PRECOMPILED_POLICIES` - set to `"true"` to enable NGINX App Protect WAF precompiled policies (docker image built using `-w`)
+  - `NIM_ADVANCED_METRICS` - set to `"true"` to enable advanced metrics collection - NGINX Plus only
+  - `NAP_WAF` - set to `"true"` to enable NGINX App Protect WAF (docker image built using `-w`) - NGINX Plus only
+  - `NAP_WAF_PRECOMPILED_POLICIES` - set to `"true"` to enable NGINX App Protect WAF precompiled policies (docker image built using `-w`) - NGINX Plus only
   - `AGENT_LOGLEVEL` - NGINX Agent loglevel, optional. If not specified defaults to `info`
 
 2. Start and stop using
@@ -87,7 +86,7 @@ $ ./scripts/nginxWithAgentStart.sh start
 $ ./scripts/nginxWithAgentStart.sh stop
 ```
 
-3. After startup NGINX Plus instances will register to NGINX Instance Manager and will be displayed on the "instances" dashboard
+3. After startup NGINX instances will register to NGINX Instance Manager / NGINX SaaS console and will be displayed on the "instances" dashboard
 
 ### Running the docker image on Docker
 
diff --git a/nginx-agent-docker/scripts/build.sh b/nginx-agent-docker/scripts/build.sh
@@ -2,24 +2,27 @@
 
 # https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker/#docker_plus
 
-BANNER="NGINX Plus & NGINX Instance Manager agent Docker image builder\n\n
-This tool builds a Docker image to run NGINX Plus and NGINX Instance Manager agent\n\n
+BANNER="NGINX Opensource/Plus & NGINX Agent Docker image builder\n\n
+This tool builds a Docker image to run NGINX Opensource/Plus and NGINX Agent\n\n
 === Usage:\n\n
 $0 [options]\n\n
 === Options:\n\n
 -h\t\t\t- This help\n
 -t [target image]\t- The Docker image to be created\n
 -C [file.crt]\t\t- Certificate to pull packages from the official NGINX repository\n
 -K [file.key]\t\t- Key to pull packages from the official NGINX repository\n
--n [URL]\t\t- NGINX Instance Manager URL to fetch the agent\n
--w\t\t\t- Add NGINX App Protect WAF\n\n
+-n [URL]\t\t- NGINX Instance Manager / NGINX SaaS console URL to fetch the agent\n
+-w\t\t\t- Add NGINX App Protect WAF (requires NGINX Plus)\n
+-O\t\t\t- Use NGINX Opensource instead of NGINX Plus\n\n
 === Examples:\n\n
 NGINX Plus and NGINX Agent image:\n
   $0 -C nginx-repo.crt -K nginx-repo.key -t registry.ff.lan:31005/nginx-with-agent:latest -n https://nim.f5.ff.lan\n\n
 NGINX Plus, NGINX App Protect WAF and NGINX Agent image:\n
-  $0 -C nginx-repo.crt -K nginx-repo.key -t registry.ff.lan:31005/nginx-with-agent:latest-nap -w -n https://nim.f5.ff.lan\n"
+  $0 -C nginx-repo.crt -K nginx-repo.key -t registry.ff.lan:31005/nginx-with-agent:latest-nap -w -n https://nim.f5.ff.lan\n\n
+NGINX Opensource and NGINX Agent image:\n
+  $0 -O -t registry.ff.lan:31005/nginx-oss-with-agent:latest -n https://nim.f5.ff.lan\n"
 
-while getopts 'ht:C:K:a:n:w' OPTION
+while getopts 'ht:C:K:a:n:wO' OPTION
 do
 	case "$OPTION" in
 		h)
@@ -41,6 +44,9 @@ do
 		w)
 			NAP_WAF=true
 		;;
+		O)
+			NGINX_OSS=true
+		;;
 	esac
 done
 
@@ -58,26 +64,32 @@ fi
 
 if [ -z "${NMSURL}" ]
 then
-        echo "NGINX Instance Manager URL is required"
+        echo "NGINX Instance Manager / NGINX SaaS console URL is required"
         exit
 fi
 
-if ([ -z "${NGINX_CERT}" ] || [ -z "${NGINX_KEY}" ])
+if ([ -z "${NGINX_OSS}" ] && ([ -z "${NGINX_CERT}" ] || [ -z "${NGINX_KEY}" ]) )
 then
         echo "NGINX certificate and key are required for automated installation"
         exit
 fi
 
 echo "=> Target docker image is $IMAGENAME"
 
-if [ ! -z "${NAP_WAF}" ]
+if ([ ! -z "${NAP_WAF}" ] && [ -z "${NGINX_OSS}" ])
 then
 echo "=> Building with NGINX App Protect WAF support"
 fi
 
-DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile \
-	--secret id=nginx-key,src=$NGINX_KEY --secret id=nginx-crt,src=$NGINX_CERT \
-	--build-arg NMS_URL=$NMSURL --build-arg NAP_WAF=$NAP_WAF -t $IMAGENAME .
+if [ -z "${NGINX_OSS}" ]
+then
+	DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile.plus \
+		--secret id=nginx-key,src=$NGINX_KEY --secret id=nginx-crt,src=$NGINX_CERT \
+		--build-arg NMS_URL=$NMSURL --build-arg NAP_WAF=$NAP_WAF -t $IMAGENAME .
+else
+	DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile.oss \
+		--build-arg NMS_URL=$NMSURL -t $IMAGENAME .
+fi
 
 echo "=> Build complete for $IMAGENAME"
 docker push $IMAGENAME
