- Using Nginx:
- Authentication feature: Used Basic authentication for multiple users for service eclwatch. The annotations allow for multiple users to access the service and be prompted for authentication. Tested this by visiting the external IP through web browsers, which all prompted me for authentication before giving access to the site.
- Access Control feature: Used whitelist source ranging to specify that only certain IP addresses can access the server eclwatch, tested by allowing my IP address, which denies all other IP addresses that are not specified. Then, I changed the IP address so that my IP is denied and a 403 access denied error is returned.
- Using TLS:
- Deployed the controller in an AKS cluster and configured the ingress controller with a static Public IP address. Then used cert-manager to auto-generate TLS Let’s Encrypt certificates. Then I ran the application that routes to eclwatch which is accessible over the IP address. This creates a valid certificate for the service, and ensures that the connection is secure and encrypted
- Enabled cert-manager to generate TLS certificates for HPCC components after reading documentation.
- Certificate Manager:
- Created self-signed certificate issuer for eclwatch using cert-manager configuration.
- Used Application Gateway Ingress Controller (AGIC) add-on, on Azure CLI, to expose an application in AKS cluster through an existing Application Gateway. It is used because AGIC helps eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster.
- I created and revised the documentations for Nginx functionalities, so next week I can test and debug them.
- Tried using Jupyter Notebook to markdown files and run commands with bash which makes documentation like visual shell scripts.
Next week:
- Test HA proxy functionalities
- Revise and finalize NGINX functionality documentations
