Address workshop issues and expand challenge guidance

proxy/html/solutions.html

@@ -190,12 +190,12 @@ location /service/c {
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }</code></pre>
           <p><span class="kw">Check:</span> <code>curl http://localhost:8080/service/c</code></p>
+          <p><span class="kw">Hinweis:</span> Stelle sicher, dass <code>backends/c/index.html</code> existiert (Starterdatei liegt bereits im Repo).</p>
         </details>
 
         <details>
           <summary><span class="badge easy">Easy</span> 3) Rewrite Route</summary>
           <pre><code>location = /demo/a {
-  rewrite ^ /service/a break;
   proxy_pass http://backend_a/;
 }</code></pre>
           <p><span class="kw">Check:</span> <code>curl http://localhost:8080/demo/a</code></p>
@@ -221,7 +221,9 @@ add_header Referrer-Policy "no-referrer" always;</code></pre>
   default_type text/plain;
   return 200 "internal ok\n";
 }</code></pre>
-          <p><span class="kw">Check:</span> <code>curl -i http://localhost:8080/internal/status</code></p>
+          <p><span class="kw">Check (Host):</span> <code>curl -i http://localhost:8080/internal/status</code> (typisch 403)</p>
+          <p><span class="kw">Check (Container-intern):</span></p>
+          <pre><code>./scripts/compose.sh exec -T reverse-proxy sh -lc "wget -qO- http://127.0.0.1/internal/status"</code></pre>
         </details>
 
         <details>
@@ -235,6 +237,44 @@ access_log /var/log/nginx/access.log workshop;</code></pre>
           <pre><code>curl http://localhost:8080/service/a
 ./scripts/compose.sh logs reverse-proxy</code></pre>
         </details>
+
+        <details>
+          <summary><span class="badge medium">Medium</span> 6a) Load Balancing</summary>
+          <p><span class="kw">Compose (backend-a2):</span></p>
+          <pre><code>backend-a2:
+  image: nginx:1.27-alpine
+  container_name: workshop-backend-a2
+  volumes:
+    - ./backends/a2:/usr/share/nginx/html:ro,z</code></pre>
+          <p><span class="kw">Nginx (upstream erweitern):</span></p>
+          <pre><code>upstream backend_a {
+  server backend-a:80;
+  server backend-a2:80;
+}</code></pre>
+          <p><span class="kw">Check:</span></p>
+          <pre><code>for i in $(seq 1 8); do
+  curl -s http://localhost:8080/service/a | grep -o "Target A2\|Target A"
+done</code></pre>
+        </details>
+
+        <details>
+          <summary><span class="badge medium">Medium</span> 6b) Header Stripping</summary>
+          <pre><code>location /service/a {
+  proxy_pass http://backend_a/;
+  proxy_hide_header ETag;
+  proxy_hide_header Last-Modified;
+}</code></pre>
+          <p><span class="kw">Check:</span> <code>curl -I http://localhost:8080/service/a</code></p>
+        </details>
+
+        <details>
+          <summary><span class="badge medium">Medium</span> 6c) Debugging Challenge</summary>
+          <p>Kopiere testweise <code>proxy/nginx.broken.conf</code> auf <code>proxy/nginx.conf</code>, behebe die Fehler und stelle danach die funktionierende Konfiguration wieder her.</p>
+          <pre><code>cp proxy/nginx.broken.conf proxy/nginx.conf
+make proxy-reload
+./scripts/compose.sh logs reverse-proxy</code></pre>
+          <p><span class="kw">Check:</span> beide Routen funktionieren wieder.</p>
+        </details>
       </section>
 
       <section class="panel">
@@ -261,6 +301,7 @@ cd certs/easyrsa
 
         <details>
           <summary><span class="badge hard">Hard</span> 8) HTTP -&gt; HTTPS Redirect</summary>
+          <p><span class="kw">Voraussetzung:</span> Challenge 7 abgeschlossen (gleiches Config-File weiterverwenden).</p>
           <pre><code>server {
   listen 80;
   server_name _;
@@ -279,6 +320,7 @@ cd certs/easyrsa
 
         <details>
           <summary><span class="badge hard">Hard</span> 9) TLS Haertung + HSTS</summary>
+          <p><span class="kw">Voraussetzung:</span> Challenge 7 und 8 abgeschlossen.</p>
           <pre><code>ssl_protocols TLSv1.2 TLSv1.3;
 ssl_prefer_server_ciphers on;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;</code></pre>