Renamed demo, updated and tested with NIM 2.19.0

README.md

@@ -23,7 +23,7 @@ utilizing *fleet* and *etcd*.
 
 *   **nginx-hello-nonroot**: NGINX running as webserver with non root privilege in a docker container that serves a simple page containing the container's hostname, IP address and port
 
-*   **nginx-nms-docker**: This demo helps building a docker image to deploy NGINX Management Suite on containers without Helm. A helper script is provided for Helm deployments
+*   **nginx-nim-docker**: This demo helps building a docker image for NGINX Instance Manager
 
 *   **nginx-openstack-heat**: Shows how to deploy and configure NGINX Plus to load balance a simple
 web application in OpenStack using Heat. Also the demo shows how NGINX Plus can be reconfigured so that

nginx-nms-docker/Dockerfile.automated → nginx-nim-docker/Dockerfile.automated

@@ -1,7 +1,5 @@
-FROM ubuntu:24.04
+FROM ubuntu:20.04
 
-ARG BUILD_WITH_SECONDSIGHT=false
-ARG ADD_SM
 ARG ADD_PUM
 
 # Initial setup
@@ -23,9 +21,6 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
 	&& apt-get update \
 	&& apt-get install -y nms-instance-manager \
 	&& curl -s http://hg.nginx.org/nginx.org/raw-file/tip/xml/en/security_advisories.xml > /usr/share/nms/cve.xml \
-	# Optional Security Monitoring
-	&& if [ "${ADD_SM}" = "true" ] ; then \
-	apt-get -y install nms-sm; fi \
 	# Optional WAF Policy Compiler
 	&& if [ ! -z "${ADD_PUM}" ] ; then \
 	apt-get -y install nms-nap-compiler-$ADD_PUM; fi \
@@ -34,21 +29,5 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
 	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_`dpkg --print-architecture` -O /usr/bin/yq \
 	&& chmod +x /usr/bin/yq
 
-# Optional Second Sight
-WORKDIR /deployment
-RUN if [ "$BUILD_WITH_SECONDSIGHT" = "true" ] ; then \
-        apt-get install -y -q build-essential python3-pip python3-dev python3-simplejson git nano curl && \
-        pip3 install fastapi uvicorn requests clickhouse-driver python-dateutil flask && \
-	touch /deployment/counter.enabled && \
-	git clone https://github.com/F5Networks/SecondSight && \
-	cp SecondSight/f5tt/app.py . && \
-	cp SecondSight/f5tt/bigiq.py . && \
-	cp SecondSight/f5tt/cveDB.py . && \
-	cp SecondSight/f5tt/f5ttCH.py . && \
-	cp SecondSight/f5tt/f5ttfs.py . && \
-	cp SecondSight/f5tt/nms.py . && \
-	cp SecondSight/f5tt/utils.py . && \
-	rm -rf SecondSight; fi
-
 WORKDIR /deployment
 CMD /deployment/startNIM.sh

nginx-nms-docker/Dockerfile.manual → nginx-nim-docker/Dockerfile.manual

@@ -1,7 +1,6 @@
-FROM ubuntu:24.04
+FROM ubuntu:20.04
 
 ARG NIM_DEBFILE
-ARG BUILD_WITH_SECONDSIGHT=false
 ARG SM_IMAGE=nim-files/.placeholder
 ARG PUM_IMAGE=nim-files/.placeholder
 
@@ -37,21 +36,5 @@ RUN apt-get -y install /deployment/setup/nim.deb && \
 	&& chmod +x /usr/bin/yq \
 	&& rm -r /deployment/setup
 
-# Optional Second Sight
-WORKDIR /deployment
-RUN if [ "$BUILD_WITH_SECONDSIGHT" = "true" ] ; then \
-        apt-get install -y -q build-essential python3-pip python3-dev python3-simplejson git nano curl && \
-        pip3 install fastapi uvicorn requests clickhouse-driver python-dateutil flask && \
-	touch /deployment/counter.enabled && \
-	git clone https://github.com/F5Networks/SecondSight && \
-	cp SecondSight/f5tt/app.py . && \
-	cp SecondSight/f5tt/bigiq.py . && \
-	cp SecondSight/f5tt/cveDB.py . && \
-	cp SecondSight/f5tt/f5ttCH.py . && \
-	cp SecondSight/f5tt/f5ttfs.py . && \
-	cp SecondSight/f5tt/nms.py . && \
-	cp SecondSight/f5tt/utils.py . && \
-	rm -rf SecondSight; fi
-
 WORKDIR /deployment
 CMD /deployment/startNIM.sh

nginx-nms-docker/README.md → nginx-nim-docker/README.md

@@ -16,9 +16,9 @@ The image can optionally be built with [Second Sight](https://github.com/F5Netwo
 
 This repository has been tested on `amd64` and `arm64` architectures with:
 
-- NGINX Instance Manager 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0, 2.14.1, 2.15.0, 2.15.1, 2.16.0, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.18.0
-- Security Monitoring 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.1
-- NGINX App Protect WAF compiler v3.1088.2, v4.100.1, v4.2.0, v4.218.0, v4.279.0, v4.402.0, v4.457.0, v4.583.0, v4.641.0, v4.762.0, v4.815.0, v5.17.0, v5.48.0
+- NGINX Instance Manager 2.4.0+
+- Security Monitoring 1.0.0+
+- NGINX App Protect WAF compiler v3.1088.2+
 
 ## Prerequisites
 

nginx-nms-docker/scripts/buildNIM.sh → nginx-nim-docker/scripts/buildNIM.sh

@@ -1,13 +1,12 @@
 #!/bin/bash
 
-BANNER="NGINX Management Suite Docker image builder\n\n
-This tool builds a Docker image to run NGINX Management Suite\n\n
+BANNER="NGINX Instance Manager Docker image builder\n\n
+This tool builds a Docker image to run NGINX Instance Manager\n\n
 === Usage:\n\n
 $0 [options]\n\n
 === Options:\n\n
 -h\t\t\t- This help\n
--t [target image]\t- Docker image name to be created\n
--s\t\t\t- Enable Second Sight (https://github.com/F5Networks/SecondSight/) - optional\n\n
+-t [target image]\t- Docker image name to be created\n\n
 Manual build:\n\n
 -n [filename]\t\t- NGINX Instance Manager .deb package filename\n
 -w [filename]\t\t- Security Monitoring .deb package filename - optional\n
@@ -16,7 +15,6 @@ Automated build:\n\n
 -i\t\t\t- Automated build - requires cert & key\n
 -C [file.crt]\t\t- Certificate file to pull packages from the official NGINX repository\n
 -K [file.key]\t\t- Key file to pull packages from the official NGINX repository\n
--W\t\t\t- Enable Security Monitoring - optional\n
 -P [version]\t\t- Enable WAF policy compiler, version can be any [v3.1088.2|v4.100.1|v4.2.0|v4.218.0|v4.279.0|v4.402.0|v4.457.0|v4.583.0|v4.641|v4.762|v4.815.0|v5.17.0|v5.48.0|v5.144.0] - optional\n\n
 === Examples:\n\n
 Manual build:\n
@@ -26,13 +24,10 @@ Manual build:\n
 \t\t-p nim-files/nms-nap-compiler-v4.815.0_4.815.0-1~focal_amd64.deb\n\n
 Automated build:\n
 \t$0 -i -C nginx-repo.crt -K nginx-repo.key \\\\\n
-\t\t-W -P v5.144.0 -t my.registry.tld/nginx-nms:latest\n
+\t\t-P v5.144.0 -t my.registry.tld/nginx-nms:latest\n
 "
 
-# Defaults
-COUNTER=false
-
-while getopts 'hn:w:p:t:siC:K:AWP:' OPTION
+while getopts 'hn:w:p:t:siC:K:AP:' OPTION
 do
 	case "$OPTION" in
 		h)
@@ -51,9 +46,6 @@ do
 		t)
 			IMGNAME=$OPTARG
 		;;
-		s)
-			COUNTER=true
-		;;
 		i)
 			AUTOMATED_INSTALL=true
 		;;
@@ -63,9 +55,6 @@ do
 		K)
 			NGINX_KEY=$OPTARG
 		;;
-		W)
-			ADD_SM=true
-		;;
                 P)
                         ADD_PUM=$OPTARG
                 ;;
@@ -100,12 +89,11 @@ echo "==> Building NGINX Management Suite docker image"
 
 if [ -z "${AUTOMATED_INSTALL}" ]
 then
-        docker build --no-cache -f Dockerfile.manual --build-arg NIM_DEBFILE=$DEBFILE --build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \
+        docker build --no-cache -f Dockerfile.manual --build-arg NIM_DEBFILE=$DEBFILE \
                 --build-arg SM_IMAGE=$SM_IMAGE --build-arg PUM_IMAGE=$PUM_IMAGE -t $IMGNAME .
 else
 	DOCKER_BUILDKIT=1 docker build --no-cache -f Dockerfile.automated --secret id=nginx-key,src=$NGINX_KEY --secret id=nginx-crt,src=$NGINX_CERT \
-                --build-arg ADD_SM=$ADD_SM --build-arg ADD_PUM=$ADD_PUM \
-		--build-arg BUILD_WITH_SECONDSIGHT=$COUNTER \
+                --build-arg ADD_PUM=$ADD_PUM \
                 -t $IMGNAME .
 fi