-
Notifications
You must be signed in to change notification settings - Fork 4
/
configure-nginx-backend.ps1
155 lines (122 loc) · 5.89 KB
/
configure-nginx-backend.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<#
.SYNOPSIS
Downloads, configures Nginx as workload sample and process its requests.
#>
# Initialize Managed Data Disk
$dataDisk = (Get-Disk | Where partitionstyle -eq 'raw' | sort number)[0]
$dataDisk | Initialize-Disk -PartitionStyle MBR -PassThru | New-Partition -UseMaximumSize -DriveLetter 'W' | Format-Volume -FileSystem NTFS -NewFileSystemLabel 'dataDisk' -Confirm:$false -Force
# Firewall config
netsh advfirewall firewall add rule name="http" dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="https" dir=in action=allow protocol=TCP localport=443
netsh advfirewall firewall add rule name="ssh" dir=in action=allow protocol=TCP localport=22
# Install OpenSSH server, start and configure the service
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
# Download nginx.
cd w:\
Invoke-WebRequest 'https://nginx.org/download/nginx-1.24.0.zip' -OutFile 'w:/nginx.zip'
# Install Nginx.
Expand-Archive w:/nginx.zip w:/
Move-Item w:/nginx-1.24.0 w:/nginx
# Create addtional folders
New-Item -ItemType Directory w:/nginx/ssl
New-Item -ItemType Directory w:/nginx/data
# Export Ssl crt and pfx from LocalMachine
$cert = Get-ChildItem -path Cert:\* -Recurse | where {$_.Subject -eq 'O=Contoso IaaS Ingresses, CN=*.iaas-ingress.contoso.com'}
@(
'-----BEGIN CERTIFICATE-----'
[System.Convert]::ToBase64String($cert.RawData, [System.Base64FormattingOptions]::InsertLineBreaks)
'-----END CERTIFICATE-----'
) | Out-File -FilePath w:/nginx/ssl/nginx-ingress-internal-iaas-ingress-tls.crt -Encoding ascii
$rsaKey = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
$keyBytes = $rsaKey.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
@(
'-----BEGIN RSA PRIVATE KEY-----'
[System.Convert]::ToBase64String($keyBytes, [System.Base64FormattingOptions]::InsertLineBreaks)
'-----END RSA PRIVATE KEY-----'
) | Out-File -FilePath w:/nginx/ssl/nginx-ingress-internal-iaas-ingress-tls.key -Encoding ascii
# Create home page.
Invoke-WebRequest 'https://raw.githubusercontent.com/mspnp/iaas-baseline/main/workload/index.html' -OutFile 'w:/nginx/html/index.html'
# Configure Nginx with root page, ssl, healt probe endpoint, and reverse proxy
@"
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip off;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name backend.iaas-ingress.contoso.com;
ssl_certificate w:/nginx/ssl/nginx-ingress-internal-iaas-ingress-tls.crt;
ssl_certificate_key w:/nginx/ssl/nginx-ingress-internal-iaas-ingress-tls.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
root w:/nginx/html;
location / {
access_log w:/nginx/logs/backend.log combined buffer=10K flush=1m;
index index.html;
sub_filter '[backend]' '`$hostname';
sub_filter_once off;
}
location = /favicon.ico {
empty_gif;
access_log off;
}
}
}
"@ | Out-File -FilePath w:/nginx/conf/nginx.conf -Encoding ascii
# Start nginx
cd w:/nginx
start nginx
# Task Scheduler to rotate and process workload total number of requests.
# Initialize processed request count data file
"0" | Out-File -FilePath w:/nginx/data/backend.data -Encoding ascii
# Create rotation processing requests script
@"
# Renaming
Move-Item -Path w:/nginx/logs/backend.log -Destination w:/nginx/logs/backend.log.rot -Force
# Send USR1
cd w:/nginx
./nginx.exe -s reopen
# Get rorated log content
`$lastProcessedRequestContent = (Get-Content w:/nginx/logs/backend.log.rot)
# Process rotated log
`$lastProcessedRequestCount = (`$lastProcessedRequestContent | Measure-Object -Line).Lines
# Get current number of processed requests
`$currentProcessedRequestCount = (Get-Content w:/nginx/data/backend.data)
# Write total number of processed requests
`$totalProcessedRequestCount = (`$lastProcessedRequestCount + `$currentProcessedRequestCount)
`$totalProcessedRequestCount | Out-File -FilePath w:/nginx/data/backend.data -Force -Encoding ascii
# Get last write time
`$lastWriteTime = ((Get-Item w:/nginx/data/backend.data).LastWriteTime).GetDateTimeFormats('u')
# Update workload content with total processed requests
`$updatedCount = [string]::Format('<h2>Welcome to the Contoso WebApp! Your request has been load balanced through [frontend] and [backend] {{Total Processed Requests: {0}, Last Update Time: {1}}}.</h2>', `$totalProcessedRequestCount, [string]`$lastWriteTime)
((Get-Content W:\nginx\html\index.html) -replace '(\s*)<h2>[\s\S]+</h2>(\s*)', `$updatedCount) | Set-Content -Path w:/nginx/html/index.html
# Append recent rotated log content to a daily rotated log file
`$lastProcessedRequestContent | Out-File -FilePath w:/nginx/data/backend`$(Get-Date -format 'yyyy-MM-dd').log -Append -Encoding ascii
"@ | Out-File -FilePath w:/nginx/rotate-process-nginx-backend-logs.ps1 -Encoding ascii
#Task Scheduler
$principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount
$action = New-ScheduledTaskAction -Execute 'PowerShell.exe' -Argument '-ExecutionPolicy Unrestricted -File w:/nginx/rotate-process-nginx-backend-logs.ps1' -WorkingDirectory 'w:/nginx/'
$trigger = New-ScheduledTaskTrigger -Daily -At 12am
$task = Register-ScheduledTask -TaskName "Rotate and process workload logs" -Trigger $trigger -Action $action -Principal $principal
$task.Triggers.Repetition.Duration = "P1D"
$task.Triggers.Repetition.Interval = "PT2M"
$task | Set-ScheduledTask