«

»

Apr 07 2017

Securing Nutanix PRISM for Alexa Skill with NGINX Container

I recently published the Alexa Skill for Nutanix and the skill is available now for all countries where Amazon allow Alexa to be used. In my article Getting Started with Alexa Skill for Nutanix, I explain how to get it up and running with your Nutanix cluster. Here is a demo posted by one of the first users.

 

 

Given that the Alexa skill requires Nutanix port 9440 to be open to the internet it may be wise to implement some form of access control. In my home setup, I’m using NGINX with Nutanix ACS (Acropolis Container Service). Alexa uses AWS Lambda service, and that is the only ingress IP addresses that should be allowed.

Detailed information about setting up Nutanix ACS can be found here. Make sure you have installed the docker-machine drivers for Nutanix on your computer – they are also available from the Nutanix Portal, here.

 

Deploying NGINX with ACS

$ docker-machine ssh docker-01 docker run -d –name nginx -v /mnt/airportextreme/nginx:/etc/nginx:ro -p 9440:9440 -p 8081:80 nginx

 

/etc/nginx – I am using an external drive to host NGINX configuration files because I want my Nutanix CE to be stateless. You may mount the config path using ACS persistent storage.

[click to enlarge]

 

Configuring NGINX

I am providing NGINX configuration files ready to be used with Alexa and your Nutanix cluster; that also include the alloweips.conf file that will allow only AWS EC2 addresses to connect to the Nutanix cluster. Download the configuration files from here and copy them to /etc/nginx.

AWS EC2 regions allowed are us-east-2, us-east-2, eu-west-1 and eu-west-2.

Edit nginx.conf file and replace proxy_pass https://10.0.1.101:9440 with your internal cluster IP address. Save and close the file. Test the config file, enter:

# /usr/local/nginx/sbin/nginx -t

Reload the new config, enter:

# /usr/local/nginx/sbin/nginx -s reload

 

Monitoring NGINX

The containerized version of NGINX uses Docker log for output. Use the command below to tail the access log file.

$ docker-machine ssh docker-01 docker logs –details –follow nginx

 

 

This article was first published by Andre Leibovici (@andreleibovici) at myvirtualcloud.net.

 

1 ping

  1. Getting Started with Alexa Skill for Nutanix » myvirtualcloud.net

    […] Securing Nutanix PRISM for Alexa Skill with NGINX Container » […]

Leave a Reply