Earlier this year we introduced NGINX Management Suite as our new control plane for NGINX software solutions, enabling you to configure, scale, secure and monitor user applications and REST APIs on the NGINX data plane from a single pane of glass.
NGINX Management Suite has a modular design: at its core is the Instance Manager module, which provides tracking, configuration, and visibility for your entire fleet of NGINX Open Source and NGINX Plus instances. As of this writing, API Connectivity Manager is the other available module, used to manage and orchestrate NGINX Plus running as an API gateway.
NGINX Management Suite can run on bare metal, as a Linux virtual machine, or containerized. The recommended way to deploy it on Kubernetes is using the Helm chart we provide, but for specific purposes you might need to build your own Docker image and manage its lifecycle through a custom CI/CD pipeline that doesn’t necessarily rely on Helm.
[Editor – This post was updated in February 2023 to fully automate the process of building the Docker image.]
Prerequisites
We provide a GitHub repository of the resources you need to create a Docker image for NGINX Management Suite, with support for these versions of Instance Manager and API Connectivity Manager:
- Instance Manager 2.4.0+
- API Connectivity Manager 1.0.0+
- Security Monitoring 1.0.0+
To build the Docker image, you need:
- A Linux host (bare metal or VM)
- Docker 20.10+
- A private registry to which you can push the target Docker image
- A subscription (or 30-day free trial) for NGINX Management Suite
To run the Docker image, you need:
- A running Kubernetes cluster
kubectlwith access to the Kubernetes cluster- A subscription (or 30-day free trial) for the NGINX Ingress Controller based on NGINX Plus
Building the Docker Image
Follow these instructions to build the Docker image.
Note: We have made every effort to accurately represent the NGINX Management Suite UI at the time of publication, but the UI is subject to change. Use these instructions as a reference and adapt them to the current UI as necessary.
- Clone the GitHub repository:
- Change to the build directory:
- Run
dockerpsto verify that Docker is running and then run the buildNIM.sh script to build the Docker image. The‑ioption sets the automated build mode,‑Cand‑Kare required options which name the NGINX Management Suite certificate and key respectively, and the‑toption specifies the location and name of the private registry to which the image is pushed.
Running NGINX Management Suite on Kubernetes
Follow these instructions to prepare the Deployment manifest and start NGINX Management Suite on Kubernetes.
- Base64‑encode the NGINX Management Suite license you downloaded in Step 4 of the previous section, and copy the output to the clipboard:
- Using your favorite editor, open manifests/1.nginx-nim.yaml and make the following changes:
- In the
spec.template.spec.containerssection, replace the default image name (your.registry.tld/nginx-nim2:tag) with the Docker image name you specified with the‑toption in Step 3 of the previous section (in our case, registry.ff.lan:31005/nginx-nms:2.5.1): - In the
spec.template.spec.containers.envsection, configure authentication credentials by making these substitutions in thevaluefield for each indicatedname:NIM_USERNAME– (Optional) Replace the defaultadminwith an admin account name.NIM_PASSWORD– (Required) Replace the defaultnimadminwith a strong password.NIM_LICENSE– (Required) Replace the default<BASE64_ENCODED_LICENSE_FILE>with the base64‑encoded license you generated in Step 1 above.
- In the
- Check and modify files under manifests/certs to customize the TLS certificate and key used for TLS offload by setting the FQDN you want to use. By default, the nimDockerStart.sh startup script publishes the containerized NGINX Management Suite through NGINX Ingress Controller.
- Optionally, edit manifests/3.vs.yaml and customize the hostnames used to reach NGINX Management Suite.
- Run nimDockerStart.sh to start NGINX Management Suite in your Kubernetes cluster. As indicated in the trace, it runs as the nginx-nim2 pod. The script also initializes pods for ClickHouse as the backend database and Grafana for analytics visualization. For more information, see the README at the GitHub repo.
- Verify that three pods are now running:
Accessing NGINX Management Suite
To access NGINX Management Suite, navigate in a browser to https://nim2.f5.ff.lan (or the alternate hostname you set in Step 4 of the previous section). Log in using the credentials you set in Step 2 of the previous section.
Stopping NGINX Management Suite
To stop and remove the Docker instance of NGINX Management Suite, run this command:
Get Started
To try out the NGINX solutions discussed in this post, start a 30-day free trial today or contact us to discuss your use cases:
- NGINX Management Suite
- NGINX Ingress Controller based on NGINX Plus
About the Author
Related Blog Posts
Secure Your API Gateway with NGINX App Protect WAF
As monoliths move to microservices, applications are developed faster than ever. Speed is necessary to stay competitive and APIs sit at the front of these rapid modernization efforts. But the popularity of APIs for application modernization has significant implications for app security.
How Do I Choose? API Gateway vs. Ingress Controller vs. Service Mesh
When you need an API gateway in Kubernetes, how do you choose among API gateway vs. Ingress controller vs. service mesh? We guide you through the decision, with sample scenarios for north-south and east-west API traffic, plus use cases where an API gateway is the right tool.
Deploying NGINX as an API Gateway, Part 2: Protecting Backend Services
In the second post in our API gateway series, Liam shows you how to batten down the hatches on your API services. You can use rate limiting, access restrictions, request size limits, and request body validation to frustrate illegitimate or overly burdensome requests.
New Joomla Exploit CVE-2015-8562
Read about the new zero day exploit in Joomla and see the NGINX configuration for how to apply a fix in NGINX or NGINX Plus.
Why Do I See “Welcome to nginx!” on My Favorite Website?
The ‘Welcome to NGINX!’ page is presented when NGINX web server software is installed on a computer but has not finished configuring