Lab8 fixes after running through clean install (#58)

* Lab8 fixes after running through clean install

* Found the issue - nginx.conf has the resolve items which seems cleaner.

* Cleaned up Lab9 with all the previous labs done.

Author: apcurrier

labs/lab7/readme.md

@@ -286,7 +286,7 @@ Now that you have a self signed TLS certificate for testing, you will configure
 
     ![Browser Cert Invalid](media/lab7_browser_cert_invalid.png)
 
-1. You can use browser's built-in certificate viewer to look at the details of the TLS certificate that was sent from NGINX to your browser. In address bar, click on the `Not Secure` icon, then click on `Certificate is not valid`. This will display the certificate. You can verify looking at the `Comman Name` field that this is the same certificate that you provided to NGINX for Azure resource.
+1. You can use browser's built-in certificate viewer to look at the details of the TLS certificate that was sent from NGINX to your browser. In the address bar, click on the `Not Secure` icon, then click on `Certificate is not valid`. This will display the certificate. You can verify looking at the `Common Name` field that this is the same certificate that you provided to NGINX for Azure resource.
 
     ![Browser Cert Details](media/lab7_browser_cert_details.png)
 

labs/lab8/cafe.example.com.conf

@@ -4,7 +4,7 @@
 server {
 
     # Include AzureAD Auth configuration files
-    include /etc/nginx/conf.d/oidc/openid_connect.server_conf; # Authorization code flow and Relying Party processing
+    include /etc/nginx/oidc/openid_connect.server_conf; # Authorization code flow and Relying Party processing
 
     listen 443 ssl; # Listening on port 443 with "ssl" parameter for terminating TLS on all IP addresses on this machine
 

labs/lab8/media/lab8_app-registrations.png

@@ -66,6 +66,15 @@ http {
 
 stream {
 
+    resolver 127.0.0.1:49153 valid=20s;
+
+    server {
+        listen 9000; # should match the port specified with zone_sync_server
+
+        zone_sync;
+        zone_sync_server internal.nginxaas.nginx.com:9000 resolve;
+    }
+    
     include /etc/nginx/stream/*.conf;          # Stream TCP nginx files
 
 }

labs/lab8/media/lab8_example-register.png

@@ -1,16 +1,11 @@
-# Nginx for Azure / OpenID Connect configuration
-# Chris Akker, Shouvik Dutta, Adam Currier - Mar 2024
-#
-# Advanced configuration START
+    # Advanced configuration START
     set $internal_error_message "NGINX / OpenID Connect login failure\n";
     set $pkce_id "";
     resolver 8.8.8.8; # For DNS lookup of IdP endpoints;
     subrequest_output_buffer_size 32k; # To fit a complete tokenset response
     gunzip on; # Decompress IdP responses if necessary
     # Advanced configuration END
 
-    js_import oidc from /etc/nginx/oidc/openid_connect.js;
-
     location = /_jwks_uri {
         internal;
         proxy_cache jwk;                              # Cache the JWK Set recieved from IdP
@@ -34,9 +29,9 @@
         # This location is called by the IdP after successful authentication
         status_zone "OIDC code exchange";
         js_content oidc.codeExchange;
-        error_page 500 502 504 @oidc_error;
+        error_page 500 502 504 @oidc_error; 
     }
-
+   
     location = /_token {
         # This location is called by oidcCodeExchange(). We use the proxy_ directives
         # to construct the OpenID Connect token request, as per:
@@ -90,3 +85,5 @@
         default_type text/plain;
         return 500 $internal_error_message;
     }
+
+# vim: syntax=nginx