Merge branch 'main' into docs-updates

.github/workflows/ci.yml

@@ -84,29 +84,36 @@ jobs:
       - uses: actions/setup-go@v3
         with:
           go-version-file: 'go.mod'
+      - name: Setup build environment
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gpgv1 monkeysphere 
+          go install github.com/goreleaser/nfpm/v2/cmd/[email protected]
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
       - name: Build Docker Image
         uses: docker/build-push-action@v3
         with:
           file: scripts/packages/packager/Dockerfile
-          tags: build-local-packager:1.0.0
+          tags: build-signed-packager:1.0.0
           context: '.'
           push: false
           load: true
           no-cache: true
           build-args: |
-            package_type=local-package
+            package_type=signed-package
       - name: Build Packages
+        env:
+          INDIGO_GPG_AGENT: ${{ secrets.INDIGO_GPG_AGENT }}
+          NFPM_SIGNING_KEY_FILE: .key.asc
         run: |
-          go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
-          make clean local-apk-package local-deb-package local-rpm-package local-txz-package
-          tar -cf ./build/snapshots.tar.gz ./build/*.deb ./build/*.rpm ./build/*.pkg ./build/*.apk
+          echo "$INDIGO_GPG_AGENT" | base64 --decode > .key.asc
+          make clean package
       - name: Upload Artifacts
         uses: actions/upload-artifact@v3
         with:
-          name: snapshots
-          path: ./build/snapshots.tar.gz
+          name: nginx-agent-snapshots
+          path: ./build/packages/nginx-agent.tar.gz
           retention-days: 3
       - name: Azure Login
         uses: azure/login@v1
@@ -116,8 +123,8 @@ jobs:
         uses: azure/CLI@v1
         with:
           inlineScript: |
-            az storage blob upload --auth-mode=login -f ./build/snapshots.tar.gz -c ${{ secrets.AZURE_CONTAINER_NAME }} \
-              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/nginx-agent-snapshot.tar.gz
+            az storage blob upload --auth-mode=login -f ./build/packages/nginx-agent.tar.gz -c ${{ secrets.AZURE_CONTAINER_NAME }} \
+              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/nginx-agent.tar.gz
       - name: Azure Logout
         run: |
           az logout

.github/workflows/release-branch.yml

@@ -161,7 +161,7 @@ jobs:
         with:
           inlineScript: |
             az storage blob upload --auth-mode=login -f ./build/packages/nginx-agent.tar.gz -c ${{ secrets.AZURE_CONTAINER_NAME }} \
-              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/build/packages/nginx-agent.tar.gz
+              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/nginx-agent.tar.gz
       - name: Azure Logout
         run: |
           az logout

Makefile

@@ -172,26 +172,26 @@ test-install: ## Run agent install test
 # Cert Generation                                                                                                 #
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 certs: ## Generate TLS certificates
-	scripts/mtls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf
-	scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client
+	scripts/tls/gen_cnf.sh ca --cn '${CERT_CLIENT_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/client/conf
+	scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/client/conf/ca.cnf --out ${CERTS_DIR}/client
 
-	scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf
-	scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client
+	scripts/tls/gen_cnf.sh intermediate --cn '${CERT_CLIENT_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/client/conf
+	scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/client/conf/int.cnf --ca-cert ${CERTS_DIR}/client/ca.crt --ca-key ${CERTS_DIR}/client/ca.key --out ${CERTS_DIR}/client
 
-	scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf
-	scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client
+	scripts/tls/gen_cnf.sh end-entity --cn '${CERT_CLIENT_EE_CN}' --san 'DNS.1=${CERT_CLIENT_DNS}' --out ${CERTS_DIR}/client/conf
+	scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/client/conf/ee.cnf --ca-cert ${CERTS_DIR}/client/int.crt --ca-key ${CERTS_DIR}/client/int.key --out ${CERTS_DIR}/client
 
 	cp ${CERTS_DIR}/client/ee.crt ${CERTS_DIR}/client.crt
 	cp ${CERTS_DIR}/client/ee.key ${CERTS_DIR}/client.key
 
-	scripts/mtls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf
-	scripts/mtls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server
+	scripts/tls/gen_cnf.sh ca --cn '${CERT_SERVER_CA_CN}' --state Cork --locality Cork --org NGINX --country IE --out ${CERTS_DIR}/server/conf
+	scripts/tls/gen_cert.sh ca --config ${CERTS_DIR}/server/conf/ca.cnf --out ${CERTS_DIR}/server
 
-	scripts/mtls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf
-	scripts/mtls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server
+	scripts/tls/gen_cnf.sh intermediate --cn '${CERT_SERVER_INT_CN}' --org NGINX --locality Cork --out ${CERTS_DIR}/server/conf
+	scripts/tls/gen_cert.sh intermediate --config ${CERTS_DIR}/server/conf/int.cnf --ca-cert ${CERTS_DIR}/server/ca.crt --ca-key ${CERTS_DIR}/server/ca.key --out ${CERTS_DIR}/server
 
-	scripts/mtls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf
-	scripts/mtls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server
+	scripts/tls/gen_cnf.sh end-entity --cn '${CERT_SERVER_EE_CN}' --san 'DNS.1=${CERT_SERVER_DNS}' --out ${CERTS_DIR}/server/conf
+	scripts/tls/gen_cert.sh end-entity --config ${CERTS_DIR}/server/conf/ee.cnf --ca-cert ${CERTS_DIR}/server/int.crt --ca-key ${CERTS_DIR}/server/int.key --out ${CERTS_DIR}/server
 
 	cat ${CERTS_DIR}/server/int.crt ${CERTS_DIR}/server/ca.crt > ${CERTS_DIR}/ca.pem
 
@@ -216,3 +216,7 @@ build-docker: # Build agent docker image for NGINX Plus, need nginx-repo.crt and
 run-docker: ## Run docker container from specified DOCKER_TAG
 	@echo Running Docker; \
 		docker run ${DOCKER_TAG}
+
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+# Dashboard Targets                                                                                               #
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Makefile.packaging

@@ -18,7 +18,7 @@ AGENT_UPLOADER_KEY := "./agent-uploader.pem"
 # Release Packaging                                                                                               #
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 clean-packages: 
-	@rm -rf $(PACKAGES_DIR)
+	rm -rf $(PACKAGES_DIR)
 
 $(PACKAGES_DIR):
 	@mkdir -p $(PACKAGES_DIR)/deb && mkdir -p $(PACKAGES_DIR)/rpm && mkdir -p $(PACKAGES_DIR)/apk && mkdir -p $(PACKAGES_DIR)/txz
@@ -49,7 +49,7 @@ package: gpg-key $(PACKAGES_DIR) ## Create final packages for all supported dist
 			VERSION=$(shell echo ${VERSION} | tr -d 'v') ARCH=amd64 nfpm pkg --config .nfpm.yaml --packager rpm --target $(PACKAGES_DIR)/rpm/${PACKAGE_PREFIX}-$(shell echo ${VERSION} | tr -d 'v').$${rpm_codename}.ngx.${UNAME_M}.rpm; \
 		fi; \
 	done; \
-	@rm -rf ./build/nginx-agent
+	rm -rf ./build/nginx-agent
 
 	# Create apk packages
 
@@ -66,7 +66,7 @@ package: gpg-key $(PACKAGES_DIR) ## Create final packages for all supported dist
 
 	# Create txz packages
 
-	@rm -rf ./build/nginx-agent
+	rm -rf ./build/nginx-agent
 	@GOWORK=off CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -ldflags=${LDFLAGS} -o ./build/nginx-agent
 
 	docker run -v `pwd`:/nginx-agent/ build-signed-packager:1.0.0

README.md

@@ -173,7 +173,7 @@ The NGINX Agent REST interface can be exposed by adding the following lines to t
 
 ```yaml
 api:
-  port: 9090 # port to expose REST API
+  port: 8081 # port to expose REST API
   
   # REST TLS parameters
   cert: "<TLS-CERTIFICATE>.crt"

examples/grafana-metrics/Makefile

@@ -11,5 +11,5 @@ build: ## Build agent package
 	cd ../../ && GOWORK=off CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -o ./build/nginx-agent
 	cd ../../ && nfpm pkg --config ./scripts/.local-nfpm.yaml --packager deb --target ./examples/grafana-metrics/build/nginx-agent.deb
 
-run: ## Start docker containers
+run: build ## Start docker containers
 	docker-compose up --build

nginx-agent.conf

@@ -11,15 +11,15 @@
 server:
   # host of the control plane
   host: 127.0.0.1
-  grpcPort: 443
+  grpcPort: 54789
   # provide servername overrides if using SNI
   # metrics: ""
   # command: ""
 # tls options
 tls:
   # enable tls in the nginx-agent setup for grpcs
   # default to enable to connect with tls connection but without client cert for mtls
-  enable: true
+  enable: false
   # specify the absolute path to the CA certificate file to use for verifying
   # the server certificate (also requires 'skip_verify: false' below)
   # by default, this will be the trusted root CAs found in the OS CA store

scripts/packages/packager/signed-entrypoint.sh

@@ -16,7 +16,7 @@ mkdir -p staging/usr/local/etc/rc.d
 
 cp nginx-agent.conf staging/usr/local/etc/nginx-agent
 cp scripts/packages/nginx-agent staging/usr/local/etc/rc.d
-cp scripts/packages/preinstall.sh /staging/+PRE_INSTALL
+cp scripts/packages/preinstall.sh staging/+PRE_INSTALL
 cp scripts/packages/postremove.sh staging/+PRE_DEINSTALL
 cp scripts/packages/postinstall.sh staging/+POST_INSTALL
 cp scripts/packages/plist staging

sdk/config_helpers_test.go

@@ -1067,14 +1067,14 @@ func getCertMeta(file string) crtMetaFields {
 }
 
 func generateCertificate() error {
-	cmd := exec.Command("../scripts/mtls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf")
+	cmd := exec.Command("../scripts/tls/gen_cnf.sh", "ca", "--cn", "'ca.local'", "--state", "Cork", "--locality", "Cork", "--org", "NGINX", "--country", "IE", "--out", "certs/conf")
 
 	err := cmd.Run()
 	if err != nil {
 		return err
 	}
 
-	cmd1 := exec.Command("../scripts/mtls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/")
+	cmd1 := exec.Command("../scripts/tls/gen_cert.sh", "ca", "--config", "certs/conf/ca.cnf", "--out", "/tmp/testdata/nginx/")
 
 	err = cmd1.Run()
 	if err != nil {

sdk/proto/dp_software_details.proto

@@ -4,11 +4,13 @@ option go_package = "github.com/nginx/agent/sdk/v2/proto;proto";
 
 import "gogo.proto";
 import "nap.proto";
+import "nginx.proto";
 
 // DataplaneSoftwareDetails contains details for additional software running on the dataplane that pertains 
 // to NGINX Agent
 message DataplaneSoftwareDetails {
     oneof data {
         AppProtectWAFDetails app_protect_waf_details = 1 [(gogoproto.jsontag) = "app_protect_waf_details"];
+        NginxDetails nginx_details = 2 [(gogoproto.jsontag) = "nginx_details"];
     }
 }

src/core/config/defaults.go

@@ -234,8 +234,8 @@ var (
 		},
 		// API Config
 		&IntFlag{
-			Name:         AgentAPIPort,
-			Usage:        "The desired port to use for nginx-agent to expose for HTTP traffic.",
+			Name:  AgentAPIPort,
+			Usage: "The desired port to use for nginx-agent to expose for HTTP traffic.",
 		},
 		&StringFlag{
 			Name:         AgentAPICert,