diff --git a/.github/ISSUE_TEMPLATE/1-feature_request.md b/.github/ISSUE_TEMPLATE/1-feature_request.md index a0b4c03f7..8b2820beb 100644 --- a/.github/ISSUE_TEMPLATE/1-feature_request.md +++ b/.github/ISSUE_TEMPLATE/1-feature_request.md @@ -2,7 +2,7 @@ name: Feature request about: Suggest an idea for this project title: "" -labels: "" +labels: "enhancement" assignees: "" --- diff --git a/.github/ISSUE_TEMPLATE/2-bug_report.md b/.github/ISSUE_TEMPLATE/2-bug_report.md index 1d3d925c4..12a6c787b 100644 --- a/.github/ISSUE_TEMPLATE/2-bug_report.md +++ b/.github/ISSUE_TEMPLATE/2-bug_report.md @@ -2,7 +2,7 @@ name: Bug report about: Create a report to help us improve title: "" -labels: "" +labels: "bug" assignees: "" --- diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 113d884bf..47978539f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -26,10 +26,10 @@ Before merging a pull request, run through this checklist and mark each as compl - [ ] I have rebased my branch onto main - [ ] I have ensured my PR is targeting the main branch and pulling from my branch from my own fork - [ ] I have ensured that the commit messages adhere to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/#summary) -- [ ] I have ensured that documentation content adheres to [the style guide](https://github.com/nginx/documentation/blob/main/templates/style-guide.md) +- [ ] I have ensured that documentation content adheres to [the style guide](/documentation/style-guide.md) - [ ] If the change involves potentially sensitive changes[^1], I have assessed the possible impact - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works - [ ] I have ensured that existing tests pass after adding my changes -- [ ] If applicable, I have updated [`README.md`](https://github.com/nginx/documentation/blob/main/README.md) and [`CHANGELOG.md`](https://github.com/nginx/documentation/blob/main/CHANGELOG.md) +- [ ] If applicable, I have updated [`README.md`](/README.md) -[^1]: Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation. Please refer to [our style guide](https://github.com/nginx/documentation/blob/main/templates/style-guide.md) for guidance about placeholder content. \ No newline at end of file +[^1]: Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation. Please refer to [our style guide](/documentation/style-guide.md) for guidance about placeholder content. \ No newline at end of file diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 5b833cfca..aedf4214e 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -58,7 +58,7 @@ jobs: call-docs-build-push: needs: prod-check-branch - uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@285440f02d9967b62aeb1b7e0b5c2c70d4f950cf # v1.0.10 + uses: nginxinc/docs-actions/.github/workflows/docs-build-push.yml@04ed2db338ee08cc560a327f412684d0c8260de2 # v1.0.11 with: production_url_path: "" preview_url_path: "${{ vars.PREVIEW_URL_PATH }}" diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 1fb78fab3..7d94f92bb 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -25,6 +25,6 @@ jobs: uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2 - name: Scan - uses: fossas/fossa-action@c0a7d013f84c8ee5e910593186598625513cc1e4 # v1.6.0 + uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: api-key: ${{ secrets.FOSSA_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/linkchecker.yml b/.github/workflows/linkchecker.yml index e82efb09b..bf148bda9 100644 --- a/.github/workflows/linkchecker.yml +++ b/.github/workflows/linkchecker.yml @@ -31,7 +31,7 @@ env: --ignore-url ^https://lightstep.com --ignore-url ^https://www.owasp.org/ --ignore-url ^https://www.maxmind.com --ignore-url ^https://www.splunk.com/ --ignore-url ^https://oauth2.googleapis.com --ignore-url ^https://openidconnect.googleapis.com --ignore-url ^https://www.base64url.com/ --ignore-url ^https://go.googlesource.com/ --ignore-url ^https://go.googlesource.com/sync --ignore-url ^https://linkerd.io/2.13/ - --ignore-url ^http://www.redirectpage.com/ --ignore-url ^https://www.gnu.org/ + --ignore-url ^http://www.redirectpage.com/ --ignore-url ^https://www.gnu.org/ --ignore-url ^https://insert_your_tenant_name.console.ves.volterra.io/ --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-ingress-controller/css --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginxaas/azure/css --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-gateway-fabric/css diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 63944f691..864924b3a 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -56,6 +56,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: sarif_file: results.sarif diff --git a/.gitlint b/.gitlint new file mode 100644 index 000000000..c776e9dbb --- /dev/null +++ b/.gitlint @@ -0,0 +1,15 @@ +[general] +ignore = body-is-missing +contrib = contrib-title-conventional-commits + +[title-max-length] +line-length = 50 + +[title-min-length] +min-length = 5 + +[body-max-line-length] +line-length= 72 + +[body-min-length] +min-length = 5 \ No newline at end of file diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..d48d49e18 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,13 @@ +default_install_hook_types: + - pre-commit + - commit-msg + +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: no-commit-to-branch +- repo: https://github.com/jorisroovers/gitlint + rev: v0.19.1 + hooks: + - id: gitlint diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index b65b17fe4..000000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,5 +0,0 @@ -# Changelog - -## 1.0.0 (January 13, 2025) - -Initial open source release of the documentation repository for enterprise NGINX products. This is a filtered mirror of an internal repository. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 01c0637ec..7a0af1f48 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,80 +1,51 @@ # Contributing guidelines -The following is a set of guidelines for community contributions to this project. - -We really appreciate your desire to contribute! +The following are a set of guidelines for contributing to this project. We appreciate your desire to get involved! If you are an F5 employee, see the following additional guidance on [Maintainers etiquette](/documentation/maintainers-etiquette.md). ## Table of contents -- [Report a Bug](#report-a-bug) -- [Suggest a Feature or Enhancement](#suggest-a-feature-or-enhancement) -- [Open a Discussion](#open-a-discussion) -- [Submit a Pull Request](#submit-a-pull-request) - - Review our [Git style guide](#git-style-guide) - - Review the [Writing style guide](/documentation/style-guide.md) - - Review [Managing content with Hugo](/documentation/writing-hugo.md) -- [Issue Lifecycle](#issue-lifecycle) +- [Create an issue](#create-an-issue) +- [Start a discussion](#start-a-discussion) +- [Submit a pull request](#submit-a-pull-request) +- [Issue lifecycle](#issue-lifecycle) - [Additional NGINX documentation](#additional-nginx-documentation) - [F5 Contributor License Agreement (CLA)](#f5-contributor-license-agreement) -## Report a bug - -To report a bug, open an issue on GitHub with the label `bug` using the -available bug report issue template. Before reporting a bug, make sure the -issue has not already been reported. - -## Suggest a feature or enhancement +## Create an issue -To suggest a feature or enhancement, open an issue on GitHub with the label -`feature` or `enhancement` using the available feature request issue template. -Please ensure the feature or enhancement has not already been suggested. +One way to contribute to the project is by [creating an issue](https://github.com/nginx/documentation/issues/new/choose). -## Open a Discussion +The two most common are enhancements and bug reports. When using the issue templates, they will be automatically labelled. -If you want to start a conversation with the community and maintainers, -we encourage you to use -[GitHub Discussions](https://github.com/nginx/documentation/discussions). +- An enhancement is an improvement of some kind, such as a new document or additional detail for a product feature +- A bug report draws attention to an issue in documentation, such as an incorrect command or outdated information -## Submit a Pull Request +Before creating an issue, please check there is [no existing issue](https://github.com/nginx/documentation/issues?q=is%3Aissue) for the topic. -To contribute to F5 NGINX documentation, follow these steps: - -- Fork the NGINX repository -- Create a branch -- Implement your changes in your branch -- Submit a pull request (PR) when your changes are ready for review +We encourage discussions within issues, since they act as a source of contextual truth and are linked to pull requests. -Alternatively, you're welcome to suggest improvements to highlight problems with -our documentation as described in our [support](./SUPPORT.md) page. +## Start a discussion -### Git style guide +We encourage you to use [GitHub Discussions](https://github.com/nginx/documentation/discussions) for conversations with the community and maintainers. -- Keep a clean, concise and meaningful Git commit history on your branch, rebasing locally and squashing before you submit a PR -- We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/#summary) formatting. -- Follow the guidelines of writing a good commit message as described here - and summarized in the next few points: +If you'd like to discuss something NGINX-related that doesn't involve documentation, you should go to the [NGINX Community Forum](https://community.nginx.org/). - - In the subject line, use the present tense ("Add feature" not "Added feature") - - In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...") - - Limit the subject line to 72 characters or less - - Reference issues and pull requests liberally after the subject line - - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in - your text editor to write a good message instead of `git commit -am`) +## Submit a pull request -#### Branch protection rules +Before making documentation changes, you should view the [documentation style guide](/documentation/style-guide.md) and [Managing content with Hugo](/documentation/writing-hugo.md). -This repository has the following branch protection rules in place: +To understand how we use Git in this repository, read our [Git conventions](/documentation/git-conventions.md) documentation. -- **Pushing branches that contain the "internal/" prefix is not allowed.** This ensures internal development branches are not accidentally or purposefully pushed to this repo. -- **Two approvers are required for all merges to main and release branches.** This ensures all code that is approved for release to production is appropriately reviewed. This rule applies to all branches with `*release*` in the branch name. -- **Only NGINX DocOps Team members can create release branches.** This ensures the docs team is aware of all branches supporting specific product releases. This rule applies to all branches with `*release*` in the branch name. -- **Pushes (force or otherwise) directly to main or release branches is not allowed.** Release branches serve as "main" for the release they are associated with. Restricting pushes directly to main and release branches ensures all content changes are reviewed and approved. This rule applies to all branches with `*release*` in the branch name and to "main". +The broad workflow is as follows: -### Documentation style guide +- Fork the NGINX repository +- Create a branch +- Implement your changes in your branch +- Submit a pull request (PR) when your changes are ready for review -For detailed guidance, see our documentation [style guide](./templates/style-guide.md). +Alternatively, you're welcome to suggest improvements to highlight problems with our documentation as described in our [support](./SUPPORT.md) page. ## Issue lifecycle @@ -93,7 +64,6 @@ This repository does not include all of the source content for the NGINX documen - [NGINX Open Source](https://github.com/nginx/nginx) - source for [NGINX changelog](https://nginx.org/en/CHANGES) - [nginx.org](https://github.com/nginx/nginx.org) - source for https://nginx.org - [NGINX Unit](https://github.com/nginx/unit) - source for https://unit.nginx.org -- [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress/) - source for https://docs.nginx.com/nginx-ingress-controller In those repositories, you can find documentation source code in the `docs` or `site` subdirectories. diff --git a/README.md b/README.md index 6143086f8..32acb02de 100644 --- a/README.md +++ b/README.md @@ -4,25 +4,21 @@ [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](https://github.com/nginxinc/template-repository/main/CODE_OF_CONDUCT.md) ![Commercial Support](https://badgen.net/badge/support/commercial/green?icon=awesome) - - # NGINX documentation +This repository contains the user documentation for NGINX's products, as well as the requirements to build and publish the documentation website. + +Documentation is written in [Markdown](https://daringfireball.net/projects/markdown/basics), then transformed into HTML using the [Hugo](https://gohugo.io/) static site generator. + If you want to contribute to [F5 NGINX documentation](https://docs.nginx.com), you've come to the right place. We've organized a series of README-type files to help you get started: - [Contributing](/CONTRIBUTING.md) describes how you can contribute to our documentation. - - [Contributing guidelines for experts](/CONTRIBUTING_DOCS.md) describes how you can contribute (and check your work) with Hugo, our static site generator - [Code of Conduct](/CODE_OF_CONDUCT.md) describes expectations in the NGINX open source community. - [License](/LICENSE) shows the license associated with work on this repository. - [Security](/SECURITY.md) describes the procedures we would like you to follow if you find a security issue. - [Support](/SUPPORT.md) lists how you can get support as a customer or a community member. -## Explanation - -This repository contains user documentation for NGINX's products, as well as the requirements for linting, building, and publishing the documentation. - -Our documentation is written in Markdown, specifically the [Goldmark](https://github.com/yuin/goldmark) Markdown parser. -We build our docs using [Hugo](https://gohugo.io) and host them in custom URLs on Azure. +You may also find the [documentation folder](/documentation/) for the repository interesting: it's where we store our process information. ## License @@ -30,7 +26,6 @@ We build our docs using [Hugo](https://gohugo.io) and host them in custom URLs o © [F5, Inc.](https://www.f5.com/) 2025 - ## Credits - [The Good Docs Project](https://www.thegooddocsproject.dev/), whose templates we've adapted for our use. diff --git a/_banners/agent-v3-release.md b/_banners/agent-v3-release.md index 9c42a7e6a..87bd0021a 100644 --- a/_banners/agent-v3-release.md +++ b/_banners/agent-v3-release.md @@ -1,7 +1,8 @@ {{< banner "notice" "NGINX Agent 3.0 is now available" >}} +The documentation in this section is for **NGINX Agent version 2.x**. For NGINX Agent 3.x content visit the [NGINX One Console documentation]({{< ref "/nginx-one/agent/" >}}) -F5 NGINX One Console and NGINX Instance Manager (NIM) do not currently support Agent 3.x. If you are using NGINX One Console or NGINX Instance Manager in your environment, upgrade to the latest Agent 2.x version by following the [Upgrade NGINX Agent](/nginx-agent/installation-upgrade/upgrade/) guide. +F5 NGINX Instance Manager (NIM) does not currently support NGINX Agent 3.x. NGINX Instance Manager customers can upgrade to the latest NGINX Agent 2.x version by following the [Upgrade NGINX Agent](/nginx-agent/installation-upgrade/upgrade/) guide. Please see the [Technical specifications](/nginx-agent/technical-specifications/) for product compatibility. diff --git a/config/_default/config.toml b/config/_default/config.toml index faf409f46..54c29d430 100644 --- a/config/_default/config.toml +++ b/config/_default/config.toml @@ -7,19 +7,19 @@ pygmentsUseClasses = true enableGitInfo = true [permalinks] - agent = '/nginx-agent/:sections[1:]/:filename' - amplify = '/nginx-amplify/:sections[1:]/:filename' - controller = '/nginx-controller/:sections[1:]/:filename' - mesh = '/nginx-service-mesh/:sections[1:]/:filename' - modsec-waf = '/nginx-waf/:sections[1:]/:filename' - nap-dos = '/nginx-app-protect-dos/:sections[1:]/:filename' - nap-waf = '/nginx-app-protect-waf/:sections[1:]/:filename' - nginxaas = '/nginxaas/azure/:sections[1:]/:filename' - ngf = '/nginx-gateway-fabric/:sections[1:]/:filename' - nic = '/nginx-ingress-controller/:sections[1:]/:filename' - nim = '/nginx-instance-manager/:sections[1:]/:filename' - nms = '/nginx-management-suite/:sections[1:]/:filename' - unit = '/nginx-unit/:sections[1:]/:filename' + agent = '/nginx-agent/:sections[1:]/:contentbasename' + amplify = '/nginx-amplify/:sections[1:]/:contentbasename' + controller = '/nginx-controller/:sections[1:]/:contentbasename' + mesh = '/nginx-service-mesh/:sections[1:]/:contentbasename' + modsec-waf = '/nginx-waf/:sections[1:]/:contentbasename' + nap-dos = '/nginx-app-protect-dos/:sections[1:]/:contentbasename' + nap-waf = '/nginx-app-protect-waf/:sections[1:]/:contentbasename' + nginxaas = '/nginxaas/azure/:sections[1:]/:contentbasename' + ngf = '/nginx-gateway-fabric/:sections[1:]/:contentbasename' + nic = '/nginx-ingress-controller/:sections[1:]/:contentbasename' + nim = '/nginx-instance-manager/:sections[1:]/:contentbasename' + nms = '/nginx-management-suite/:sections[1:]/:contentbasename' + unit = '/nginx-unit/:sections[1:]/:contentbasename' [caches] [caches.modules] diff --git a/config/production/config.toml b/config/production/config.toml index b367a4d63..f6b653af3 100644 --- a/config/production/config.toml +++ b/config/production/config.toml @@ -11,7 +11,7 @@ enableGitInfo = true useSessionStorage = false [privacy.instagram] disable = true - [privacy.twitter] + [privacy.x] disable = false enableDNT = true simple = false diff --git a/content/_index.md b/content/_index.md index d6816edad..8370b5f87 100644 --- a/content/_index.md +++ b/content/_index.md @@ -1,4 +1,57 @@ --- title: NGINX Product Documentation description: Learn how to deliver, manage, and protect your applications using F5 NGINX products. ---- \ No newline at end of file +--- + +## NGINX Product Documentation +Learn how to deliver, manage, and protect your applications using F5 NGINX products. + +{{}} + {{}} + {{}} + Monitor your infrastructure, address security vulnerabilities, and assess the health of your NGINX fleet, all from a single console. + {{}} + {{}} + The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway. + {{}} + {{}} + Track and control NGINX Open Source and NGINX Plus instances. + {{}} + {{}} + Kubernetes traffic management with API gateway, identity, and observability features. + {{}} + {{}} + Next generation Kubernetes connectivity using the Gateway API. + {{}} + {{}} + The open source all-in-one load balancer, content cache, and web server + {{}} + {{}} + A daemon providing observability data and remote configuration for NGINX Open Source and NGINX Plus instances + {{}} + {{}} + Stay compliant with your NGINX subscription licenses and see how you can use NGINX One to build secure, scalable, and high-performing applications and APIs. + {{}} + {{}} + + {{}} + {{}} + Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs + {{}} + {{}} + Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs + {{}} + {{}} + + {{}} + {{}} + Infrastructure-as-a-Service (IaaS) version of NGINX Plus for your Microsoft Azure application stack + {{}} + {{}} + + {{}} + {{}} + Dynamic app server that can run beside NGINX, NGINX Plus, or on its own + {{}} + {{}} +{{}} \ No newline at end of file diff --git a/content/agent/_index.md b/content/agent/_index.md index 35cc98e98..f850a86ee 100644 --- a/content/agent/_index.md +++ b/content/agent/_index.md @@ -9,4 +9,50 @@ cascade: start-date: 2025-05-29 end-date: 2025-09-09 md: /_banners/agent-v3-release.md +# The subtitle displays directly underneath the heading of a given page +nd-subtitle: +# Indicates that this is a custom landing page +nd-landing-page: true +# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this +nd-content-type: landing-page +# Intended for internal catalogue and search, case sensitive: +# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit +nd-product: Agent --- + +## About + +NGINX Agent is a companion daemon for your NGINX Open Source or NGINX Plus instance. It enables remote management of NGINX +configurations, collection and reporting of real-time NGINX performance and operating system metrics, and notifications of NGINX events. + +[//]: # "This initial section introduces the product to a reader: give a short 1-2 sentence summary of what the product does and its value to the reader." +[//]: # "Name specific functionality it provides: avoid ambiguous descriptions such as 'enables efficiency', focus on what makes it unique." + +## Featured content +[//]: # "You can add a maximum of three cards: any extra will not display." +[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid." +[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature." + +{{}} + {{}} + {{}} + Learn everything you need to know about NGINX Agent + {{}} + + + {{}} + Install NGINX Agent and run a mock control plane + {{}} + {{}} +{{}} + +{{}} + {{}} + {{}} + {{}} + {{}} + {{}} + {{}} + {{}} + {{}} +{{}} \ No newline at end of file diff --git a/content/agent/overview.md b/content/agent/about.md similarity index 94% rename from content/agent/overview.md rename to content/agent/about.md index 289b6ebab..19434fbb2 100644 --- a/content/agent/overview.md +++ b/content/agent/about.md @@ -1,16 +1,15 @@ --- -title: Overview +title: About draft: false weight: 100 toc: true -docs: DOCS-1091 -type: -- how-to +nd-docs: DOCS-1091 +nd-content-type: how-to --- ## Overview -NGINX Agent is a companion daemon for your NGINX Open Source or NGINX Plus instance. It enables: +NGINX Agent version 2 is a companion daemon for your NGINX Open Source or NGINX Plus instance. It enables: - Remote management of NGINX configurations - Collection and reporting of real-time NGINX performance and operating system metrics @@ -47,7 +46,6 @@ For NGINX Agent to work properly with an NGINX Plus instance, the API needs to b NGINX Agent allows a gRPC connected control system to register a listener for a specific event. The control mechanism is then invoked when NGINX Agent sends an associated system signal. The source of a notification can be either the NGINX instance or NGINX Agent itself. Here's a list of currently supported events: -{{< raw-html>}}
{{}} {{}} | Event | Description | | -------------------------------- | -------------------------------------------- | @@ -64,6 +62,6 @@ NGINX Agent allows a gRPC connected control system to register a listener for a | CONFIG_ROLLBACK_SUCCESS_MESSAGE | Successfully rolled back NGINX configuration | | CONFIG_ROLLBACK_FAILURE_MESSAGE | Failed to roll back NGINX configuration | {{}} -{{< raw-html>}}
{{}} + diff --git a/content/agent/changelog.md b/content/agent/changelog.md index b0f79ce37..666c29286 100644 --- a/content/agent/changelog.md +++ b/content/agent/changelog.md @@ -1,286 +1,10 @@ --- -title: "Changelog" +title: Changelog +toc: false +url: /agent/changelog weight: 1200 toc: true -docs: "DOCS-1093" +nd-docs: "DOCS-1093" --- -{{< note >}}You can find the full changelog, contributor list and assets for NGINX Agent in the [GitHub repository](https://github.com/nginx/agent/releases).{{< /note >}} - -See the list of supported Operating Systems and architectures in the [Technical Specifications]({{< relref "./technical-specifications.md" >}}). - ---- -## Release [v2.40.0](https://github.com/nginx/agent/releases/tag/v2.40.0) - -### 🌟 Highlights - -- The source code for the [NGINX Agent documentation](https://docs.nginx.com/nginx-agent/) has moved to the [NGINX Documentation](https://github.com/nginx/documentation/) repository. We invite you to [contribute](https://github.com/nginx/documentation/blob/main/CONTRIBUTING.md), improve the Agent docs and report any issues you find in the documentation repository. - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Lua config apply by [@oliveromahony](https://github.com/oliveromahony) in [#963](https://github.com/nginx/agent/pull/963) -- Fix release workflow by [@dhurley](https://github.com/dhurley) in [#991](https://github.com/nginx/agent/pull/991) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Docs: updating links from /nginx-management-suite/nim to /nginx-instance-manager by [@nginx-aoife](https://github.com/nginx-aoife) in [#927](https://github.com/nginx/agent/pull/927) -- Autodeploy main docs to production by [@nginx-jack](https://github.com/nginx-jack) in [#924](https://github.com/nginx/agent/pull/924) -- docs: remove docs by [@JTorreG](https://github.com/JTorreG) in [#976](https://github.com/nginx/agent/pull/976) -- Add a docs page to explain NGINX Agent features by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#941](https://github.com/nginx/agent/pull/941) -- docs: Fix NGINX install link and dockerfile section by [@JTorreG](https://github.com/JTorreG) in [#928](https://github.com/nginx/agent/pull/928) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- Fail release job if packages fail to publish by [@dhurley](https://github.com/dhurley) in [#923](https://github.com/nginx/agent/pull/923) -- Update performance test Dockerfile to use NGINX R32 by [@dhurley](https://github.com/dhurley) in [#937](https://github.com/nginx/agent/pull/937) -- Updated golang.org/x/net version by [@oliveromahony](https://github.com/oliveromahony) in [#954](https://github.com/nginx/agent/pull/954) -- Update performance test dependencies by [@dhurley](https://github.com/dhurley) in [#984](https://github.com/nginx/agent/pull/984) -- Refactor integration tests by [@dhurley](https://github.com/dhurley) in [#985](https://github.com/nginx/agent/pull/985) -- Update dependencies by [@dhurley](https://github.com/dhurley) in [#98](https://github.com/nginx/agent/pull/98) -- Updated the crypto library version by [@oliveromahony](https://github.com/oliveromahony) in [#947](https://github.com/nginx/agent/pull/947) - ---- -## Release [v2.39.0](https://github.com/nginx/agent/releases/tag/v2.39.0) - -### 🌟 Highlights - -- Remove official docker images & move testing images to test folder by [@aphralG](https://github.com/aphralG) in [#838](https://github.com/nginx/agent/pull/838) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Race conditions fixes by [@oliveromahony](https://github.com/oliveromahony) in [#810](https://github.com/nginx/agent/pull/810) -- fix r30 pipeline failures by [@oliveromahony](https://github.com/oliveromahony) in [#844](https://github.com/nginx/agent/pull/844) -- Fixed make target pointing at wrong Dockerfile and renamed others to be consistent by [@oliveromahony](https://github.com/oliveromahony) in [#857](https://github.com/nginx/agent/pull/857) -- Fix broken links causing deployment failures by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#863](https://github.com/nginx/agent/pull/863) -- Fix NGINX OSS integration tests by [@dhurley](https://github.com/dhurley) in [#888](https://github.com/nginx/agent/pull/888) -- Fix docs docker failing without git context by [@nginx-jack](https://github.com/nginx-jack) in [#892](https://github.com/nginx/agent/pull/892) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Add automatic changelog generation in release workflow by [@spencerugbo](https://github.com/spencerugbo) in [#784](https://github.com/nginx/agent/pull/784) -- Add CLA bot workflow by [@lucacome](https://github.com/lucacome) in [#828](https://github.com/nginx/agent/pull/828) -- Refactor docker images by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#841](https://github.com/nginx/agent/pull/841) -- Docs: Add hugo version check and theme update to Makefile by [@nginx-jack](https://github.com/nginx-jack) in [#869](https://github.com/nginx/agent/pull/869) -- Change casing of docs makefile to Makefile by [@nginx-jack](https://github.com/nginx-jack) in [#884](https://github.com/nginx/agent/pull/884) -- docs: enableGitInfo config and docs-action bump by [@nginx-jack](https://github.com/nginx-jack) in [#886](https://github.com/nginx/agent/pull/886) -- Change go version to latest go 1.23.2 by [@oliveromahony](https://github.com/oliveromahony) in [#889](https://github.com/nginx/agent/pull/889) -- Remove link to github dockerfiles by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#897](https://github.com/nginx/agent/pull/897) -- Docs: Update link to 3rd party site by [@nginx-aoife](https://github.com/nginx-aoife) in [#898](https://github.com/nginx/agent/pull/898) -- Update the changelog for v2.38 by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#901](https://github.com/nginx/agent/pull/901) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- Set log level to debug for inetegration tests by [@aphralG](https://github.com/aphralG) in [#826](https://github.com/nginx/agent/pull/826) -- updated runc dependency highlighted in security scan scan by [@oliveromahony](https://github.com/oliveromahony) in [#842](https://github.com/nginx/agent/pull/842) -- Update CODEOWNERS by [@oCHRISo](https://github.com/oCHRISo) in [#851](https://github.com/nginx/agent/pull/851) -- Check version command output by [@aphralG](https://github.com/aphralG) in [#853](https://github.com/nginx/agent/pull/853) -- Bump NGINX plus go client version from v1 to v2 by [@dhurley](https://github.com/dhurley) in [#879](https://github.com/nginx/agent/pull/879) -- Allowlist Error Messages by [@aphralG](https://github.com/aphralG) in [#907](https://github.com/nginx/agent/pull/907) - ---- -## Release [v2.38.0](https://github.com/nginx/agent/releases/tag/v2.38.0) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Fix broken URLS in docs by [@nginx-aoife](https://github.com/nginx-aoife) in [#796](https://github.com/nginx/agent/pull/796) -- fix name of deprecated flag by [@aphralG](https://github.com/aphralG) in [#811](https://github.com/nginx/agent/pull/811) -- Fix make image targets by [@dhurley](https://github.com/dhurley) in [#812](https://github.com/nginx/agent/pull/812) -- Fix debian oss image by [@dhurley](https://github.com/dhurley) in [#819](https://github.com/nginx/agent/pull/819) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- docs: update GPG keys by [@Jcahilltorre](https://github.com/Jcahilltorre) in [#776](https://github.com/nginx/agent/pull/776) -- Add new docker images to v2 pipeline for integration testing by [@oliveromahony](https://github.com/oliveromahony) in [#756](https://github.com/nginx/agent/pull/756) -- Update website changelog for v2.37.0 by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#790](https://github.com/nginx/agent/pull/790) -- Pass on custom error log path at the time of validating config by [@achawla2012](https://github.com/achawla2012) in [#774](https://github.com/nginx/agent/pull/774) -- Remove blocking calls in metrics framework by [@oliveromahony](https://github.com/oliveromahony) in [#788](https://github.com/nginx/agent/pull/788) -- Update broken URL in installation-plus.md by [@nginx-aoife](https://github.com/nginx-aoife) in [#808](https://github.com/nginx/agent/pull/808) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- add new plus docker images to v2 pipeline by [@aphralG](https://github.com/aphralG) in [#779](https://github.com/nginx/agent/pull/779) -- Add MaxRecvMsgSize and MaxSendMsgSize to client and server options by [@oliveromahony](https://github.com/oliveromahony) in [#795](https://github.com/nginx/agent/pull/795) -- added leak tests for agent v2 by [@oliveromahony](https://github.com/oliveromahony) in [#807](https://github.com/nginx/agent/pull/807) - ---- -## Release [v2.37.0](https://github.com/nginx/agent/releases/tag/v2.37.0) - -### πŸš€ Features - -This release introduces the following new features: - -- feat: Update the changelog by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#753](https://github.com/nginx/agent/pull/753) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Prevent writing outside allowed directories list from a config payload with actions by [@oliveromahony](https://github.com/oliveromahony) in [#766](https://github.com/nginx/agent/pull/766) -- The letter v is now always prepended to output of -v by [@olli-holmala](https://github.com/olli-holmala) in [#751](https://github.com/nginx/agent/pull/751) -- Fix backoff to drop Metrics Reports from buffer after max_elapsed_time has been reached by [@oliveromahony](https://github.com/oliveromahony) in [#752](https://github.com/nginx/agent/pull/752) -- Fix Post Install Script Issues by [@spencerugbo](https://github.com/spencerugbo) in [#739](https://github.com/nginx/agent/pull/739) -- docs: fix github links in changelog by [@Jcahilltorre](https://github.com/Jcahilltorre) in [#770](https://github.com/nginx/agent/pull/770) -- Fix post install script for when no nginx instance is installed by [@dhurley](https://github.com/dhurley) in [#773](https://github.com/nginx/agent/pull/773) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Upgrade prometheus exporter version to latest by [@oliveromahony](https://github.com/oliveromahony) in [#749](https://github.com/nginx/agent/pull/749) -- Add badges for Go version, release, license, contributions, and Slack… by [@oCHRISo](https://github.com/oCHRISo) in [#763](https://github.com/nginx/agent/pull/763) -- Add instructions for Amazon Linux 2023 by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#759](https://github.com/nginx/agent/pull/759) -- Add docs-build-push github workflow by [@nginx-jack](https://github.com/nginx-jack) in [#765](https://github.com/nginx/agent/pull/765) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- Increase timeout period for collecting metrics by [@oliveromahony](https://github.com/oliveromahony) in [#755](https://github.com/nginx/agent/pull/755) - ---- -## Release [v2.36.1](https://github.com/nginx/agent/releases/tag/v2.36.1) - -### 🌟 Highlights - -- Upgrade crossplane version to prevent Agent from rolling back in the case of valid NGINX configurations by [@oliveromahony](https://github.com/oliveromahony) in [#746](https://github.com/nginx/agent/pull/746) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- Added version regex to parse the logs to see if matches vsemvar format by [@oliveromahony](https://github.com/oliveromahony) in [#747](https://github.com/nginx/agent/pull/747) - ---- -## Release [v2.36.0](https://github.com/nginx/agent/releases/tag/v2.36.0) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Fix incorrect bold tag in heading by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#715](https://github.com/nginx/agent/pull/715) -- URL fix for building docker image in README.md by [@y82](https://github.com/y82) in [#720](https://github.com/nginx/agent/pull/720) -- Fix for version by [@oliveromahony](https://github.com/oliveromahony) in [#732](https://github.com/nginx/agent/pull/732) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- More flexible container images for the official images by [@oliveromahony](https://github.com/oliveromahony) in [#729](https://github.com/nginx/agent/pull/729) -- Update configuration examples by [@nginx-seanmoloney](https://github.com/nginx-seanmoloney) in [#731](https://github.com/nginx/agent/pull/731) -- updated github.com/rs/cors version by [@oliveromahony](https://github.com/oliveromahony) in [#735](https://github.com/nginx/agent/pull/735) -- docs: update changelog by [@Jcahilltorre](https://github.com/Jcahilltorre) in [#736](https://github.com/nginx/agent/pull/736) -- Upgrade crossplane by [@oliveromahony](https://github.com/oliveromahony) in [#737](https://github.com/nginx/agent/pull/737) - ---- -## Release [v2.35.1](https://github.com/nginx/agent/releases/tag/v2.35.1) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- fix: add deduplication for the same ssl cert metadata by [@mattdesmarais](https://github.com/mattdesmarais) [@oliveromahony](https://github.com/oliveromahony) in [#716](https://github.com/nginx/agent/pull/716) -- Fix release workflow by [@dhurley](https://github.com/dhurley) in [#724](https://github.com/nginx/agent/pull/724) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Update environment variables from NMS to NGINX_AGENT by [@spencerugbo](https://github.com/spencerugbo) in [#710](https://github.com/nginx/agent/pull/710) -- Update the flag & environment table callouts by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#712](https://github.com/nginx/agent/pull/712) -- updated golang version to 1.22 by [@oliveromahony](https://github.com/oliveromahony) in [#717](https://github.com/nginx/agent/pull/717) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- More detailed test for env variables migration by [@oliveromahony](https://github.com/oliveromahony) in [#709](https://github.com/nginx/agent/pull/709) - ---- -## Release [v2.35.0](https://github.com/nginx/agent/releases/tag/v2.35.0) - -### 🌟 Highlights - -- R32 operating system support parity by [@oliveromahony](https://github.com/oliveromahony) in [#708](https://github.com/nginx/agent/pull/708) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Change environment prefix from nms to nginx_agent by [@spencerugbo](https://github.com/spencerugbo) in [#706](https://github.com/nginx/agent/pull/706) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Consolidated CLI flag and Env Var sections by [@travisamartin](https://github.com/travisamartin) in [#701](https://github.com/nginx/agent/pull/701) -- Add Ubuntu Noble 24.04 LTS support by [@Dean-Coakley](https://github.com/Dean-Coakley) in [#682](https://github.com/nginx/agent/pull/682) - ---- -## Release [v2.34.1](https://github.com/nginx/agent/releases/tag/v2.34.1) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- Fix metrics reporter retry logic by [@dhurley](https://github.com/dhurley) in [#700](https://github.com/nginx/agent/pull/700) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- Update changelog for release 2.34 by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#693](https://github.com/nginx/agent/pull/693) - ---- -## Release [v2.34.0](https://github.com/nginx/agent/releases/tag/v2.34.0) - -### 🌟 Highlights - -- Bump the version of net package in golang by [@oliveromahony](https://github.com/oliveromahony) in [#645](https://github.com/nginx/agent/pull/645) - -- Add health check endpoint by [@dhurley](https://github.com/dhurley) in [#665](https://github.com/nginx/agent/pull/665) - -- Add pending health status by [@dhurley](https://github.com/dhurley) in [#672](https://github.com/nginx/agent/pull/672) - -### πŸ› Bug Fixes - -In this release we have resolved the following issues: - -- fix: fix titles case by [@Jcahilltorre](https://github.com/Jcahilltorre) in [#674](https://github.com/nginx/agent/pull/674) -- Fix oracle linux integration test by [@dhurley](https://github.com/dhurley) in [#676](https://github.com/nginx/agent/pull/676) - -### πŸ“ Documentation - -We have made the following updates to the documentation: - -- chore: add 2.33.0 changelog by [@Jcahilltorre](https://github.com/Jcahilltorre) in [#622](https://github.com/nginx/agent/pull/622) -- Change environment variable list to table with CLI references by [@ADubhlaoich](https://github.com/ADubhlaoich) in [#689](https://github.com/nginx/agent/pull/689) -- Add health checks documentation by [@dhurley](https://github.com/dhurley) in [#673](https://github.com/nginx/agent/pull/673) - -### πŸ”¨ Maintenance - -We have made the following maintenance-related minor changes: - -- Keep looking for master process by [@spencerugbo](https://github.com/spencerugbo) in [#617](https://github.com/nginx/agent/pull/617) -- Bump docker dependency to version v24.0.9 by [@dhurley](https://github.com/dhurley) in [#626](https://github.com/nginx/agent/pull/626) -- Bump the version of github.com/opencontainers/runc dependency by [@dhurley](https://github.com/dhurley) in [#657](https://github.com/nginx/agent/pull/657) -- Remove unnecessary freebsd logic for finding process executable by [@dhurley](https://github.com/dhurley) in [#668](https://github.com/nginx/agent/pull/668) -- Add additional checks in chunking functionality by [@dhurley](https://github.com/dhurley) in [#671](https://github.com/nginx/agent/pull/671) - + \ No newline at end of file diff --git a/content/agent/community.md b/content/agent/community.md new file mode 100644 index 000000000..932fb492b --- /dev/null +++ b/content/agent/community.md @@ -0,0 +1,20 @@ +--- +title: Community and contribution +toc: true +weight: 600 +nd-docs: DOCS-1884 +--- + +Discover the various ways you can participate in the F5 NGINX Agent project: + +## Community + +- Have questions or ideas to discuss? Join the conversation about NGINX Agent in the [NGINX Community Forum](https://community.nginx.org/). + +## Contribute + +Get involved with the project by contributing! Please see our [contributing guide](https://github.com/nginx/agent/blob/main/CONTRIBUTING.md) for details. + +## License + +[Apache License, Version 2.0](https://github.com/nginx/agent/blob/main/LICENSE) diff --git a/content/agent/configuration/_index.md b/content/agent/configuration/_index.md index 1c0c90128..ca784b6eb 100644 --- a/content/agent/configuration/_index.md +++ b/content/agent/configuration/_index.md @@ -1,6 +1,10 @@ --- -title: Configuration -description: Learn how to configure NGINX Agent. -weight: 400 +title: "Configuration" +weight: "400" url: /nginx-agent/configuration/ +cascade: + logo: NGINX-product-icon.png + layout: agent-v2-migration --- + +Learn how to configure NGINX Agent. \ No newline at end of file diff --git a/content/agent/configuration/configuration-overview.md b/content/agent/configuration/configuration-overview.md index 51e724fa2..41086bd8a 100644 --- a/content/agent/configuration/configuration-overview.md +++ b/content/agent/configuration/configuration-overview.md @@ -3,9 +3,8 @@ title: Basic configuration draft: false weight: 100 toc: true -docs: DOCS-1229 -type: -- how-to +nd-docs: DOCS-1229 +nd-content-type: how-to --- The following sections explain how to configure NGINX Agent using configuration files, CLI flags, and environment variables. @@ -50,7 +49,7 @@ server: # host of the control plane host: grpcPort: 443 - backoff: # note: default values are prepopulated + backoff: # note: default values are prepopulated initial_interval: 100ms # Add the appropriate duration value here, for example, "100ms" for 100 milliseconds, "5s" for 5 seconds, "1m" for 1 minute, "1h" for 1 hour randomization_factor: 0.10 # Add the appropriate float value here, for example, 0.10 multiplier: 1.5 # Add the appropriate float value here, for example, 1.5 @@ -88,7 +87,7 @@ metrics: report_interval: 1m collection_interval: 15s mode: aggregated - backoff: # note: default values are prepopulated + backoff: # note: default values are prepopulated initial_interval: 100ms # Add the appropriate duration value here, for example, "100ms" for 100 milliseconds, "5s" for 5 seconds, "1m" for 1 minute, "1h" for 1 hour randomization_factor: 0.10 # Add the appropriate float value here, for example, 0.10 multiplier: 1.5 # Add the appropriate float value here, for example, 1.5 @@ -170,9 +169,9 @@ nginx-agent ### CLI Flags and Environment Variables -{{< warning >}} +{{< warning >}} -Before version 2.35.0, the environment variables were prefixed with `NMS_` instead of `NGINX_AGENT_`. +Before version 2.35.0, the environment variables were prefixed with `NMS_` instead of `NGINX_AGENT_`. If you are upgrading from an older version, update your configuration accordingly. @@ -220,9 +219,9 @@ If you are upgrading from an older version, update your configuration accordingl
{{}} -Use the `--config-dirs` command-line option, or the `config_dirs` key in the `nginx-agent.conf` file, to identify the directories NGINX Agent can read from or write to. This setting also defines the location to which you can upload config files when using a control plane. +Use the `--config-dirs` command-line option, or the `config_dirs` key in the `nginx-agent.conf` file, to identify the directories NGINX Agent can read from or write to. This setting also defines the location to which you can upload config files when using a control plane. -NGINX Agent cannot write to directories outside the specified location when updating a config and cannot upload files to directories outside of the configured location. +NGINX Agent cannot write to directories outside the specified location when updating a config and cannot upload files to directories outside of the configured location. NGINX Agent follows NGINX configuration directives to file paths outside the designated directories and reads certificates' metadata. NGINX Agent uses the following directives: diff --git a/content/agent/configuration/configure-nginx-agent-features.md b/content/agent/configuration/configure-nginx-agent-features.md deleted file mode 100644 index 486059eb4..000000000 --- a/content/agent/configuration/configure-nginx-agent-features.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Features configuration -draft: false -weight: 150 -toc: true -type: -- how-to -docs: DOCS-1678 ---- - -## Overview - -This guide describes the F5 NGINX Agent features, and how to enable and disable features using the NGINX Agent configuration file. - -## Before you begin - -Before you start, make sure that you have: - -- NGINX Agent installed in your system. -- Access to the NGINX Agent configuration file. - - -## Features - -The following table lists the NGINX Agent features. - -{{}} -| **Feature Name** | **Description** | **Default/Non-default** | -| ------------- | ------------- | ------------- | -| registration | Registering the NGINX Agent with the management plane.| Default | -| nginx-config-async | Enable the publishing and uploading of NGINX configurations from the management plane.| Default | -| metrics | Enable collecting of NGINX metrics.| Default | -| metrics-throttle | Batch metrics before sending.| Non-default | -| metrics-sender | Reports metrics over the gRPC connection.| Non-default | -| dataplane-status | Report the health of the NGINX Instance.| Default | -| process-watcher | Observe changes to the NGINX process.| Default | -| file-watcher | Observe changes to the NGINX configuration or any changes to files on disk.| Default | -| activity-events | Send NGINX or NGINX Agent related events to the management plane.| Default | -| agent-api | Enable the NGINX Agent REST API.| Default | -{{}} - -## Use Cases - -### Enable metrics only -1. **Access the NGINX Instance:** SSH to the virtual machine/server where NGINX Agent is running. - -``` - ssh user@your-nginx-instance -``` - -2. **Edit NGINX Agent configuration:** - -``` - sudo vim /etc/nginx-agent/nginx-agent.conf -``` - -3. **Add Features section:** Add the following yaml to the end of the file: - -``` - features: - - metrics - - metrics-throttle - - dataplane-status -``` - -4. **Restart the NGINX Agent service:** Restart the NGINX Agent service to enable changes. - -Once the steps have been completed, users will be able to view metrics data being sent but will not have the capability to push NGINX configuration changes. - -### Enable the publishing of NGINX configurations and disable the collection of metrics. -1. **Access the NGINX Instance:** SSH to the virtual machine/server where NGINX Agent is running. - -``` - ssh user@your-nginx-instance -``` - -2. **Edit NGINX Agent configuration:** - -``` - sudo vim /etc/nginx-agent/nginx-agent.conf -``` - -3. **Add Features section:** Add the following yaml to the end of the file: - -``` - features: - - nginx-config-async - - dataplane-status - - file-watcher -``` - -4. **Restart the NGINX Agent service:** Restart the NGINX Agent service to enable changes. - -Once the steps have been completed, users will be able to publish NGINX configurations but metrics data will not be collected by the NGINX Agent. - diff --git a/content/agent/configuration/configure-nginx-agent-group.md b/content/agent/configuration/configure-nginx-agent-group.md index 47e6f15e0..bf3f1d0f7 100644 --- a/content/agent/configuration/configure-nginx-agent-group.md +++ b/content/agent/configuration/configure-nginx-agent-group.md @@ -1,11 +1,10 @@ --- -title: Add NGINX users to nginx-agent Group +title: "Add NGINX users to nginx-agent group" draft: false weight: 300 toc: true -docs: DOCS-933 -type: -- how-to +nd-docs: DOCS-933 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/configuration/encrypt-communication.md b/content/agent/configuration/encrypt-communication.md index a7cf75134..6a1503cf6 100644 --- a/content/agent/configuration/encrypt-communication.md +++ b/content/agent/configuration/encrypt-communication.md @@ -2,7 +2,7 @@ title: Encrypt communication toc: true weight: 200 -docs: DOCS-802 +nd-docs: DOCS-802 --- ## Overview diff --git a/content/agent/configuration/health-checks.md b/content/agent/configuration/health-checks.md index 16a9bf53d..ef087c9d5 100644 --- a/content/agent/configuration/health-checks.md +++ b/content/agent/configuration/health-checks.md @@ -3,9 +3,8 @@ title: Health checks draft: false weight: 400 toc: true -type: -- how-to -docs: DOCS-1677 +nd-content-type: how-to +nd-docs: DOCS-1677 --- ## Overview diff --git a/content/agent/contribute/_index.md b/content/agent/contribute/_index.md deleted file mode 100644 index a11203387..000000000 --- a/content/agent/contribute/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Contribute -description: Learn about the NGINX Agent community and contribute to the project. -weight: 500 -url: /nginx-agent/contribute/ ---- diff --git a/content/agent/contribute/community.md b/content/agent/contribute/community.md deleted file mode 100644 index da54b13b0..000000000 --- a/content/agent/contribute/community.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Community and contribution -draft: false -weight: 100 -toc: true -docs: DOCS-1087 -type: -- how-to ---- - -# Community - -- Our [Slack channel #nginx-agent](https://nginxcommunity.slack.com/), is the go-to place to start asking questions and sharing your thoughts. - -- Our [GitHub issues page](https://github.com/nginx/agent/issues) offers space for a more technical discussion at your own pace. - -# Contribute - -Get involved with the project by contributing! Please see our [contributing guide](https://github.com/nginx/agent/blob/main/CONTRIBUTING.md) for details. - -# License - -[Apache License, Version 2.0](https://github.com/nginx/agent/blob/main/LICENSE) diff --git a/content/agent/contribute/dev-environment-setup.md b/content/agent/contribute/dev-environment-setup.md index 7f75df9d8..72827ceba 100644 --- a/content/agent/contribute/dev-environment-setup.md +++ b/content/agent/contribute/dev-environment-setup.md @@ -1,64 +1,61 @@ --- -title: Development environment setup -draft: false -weight: 200 +title: "Development environment setup" toc: true -docs: DOCS-1088 -type: -- how-to +nd-docs: DOCS-1088 +nd-content-type: how-to --- ## Overview -Learn how to setup a Development Environment for NGINX Agent. +This page describes how to configure a development environment for F5 NGINX Agent. -## Select an Operating System +While most Linux or FreeBSD operating systems can be used to contribute to the NGINX Agent project, the following steps have been designed for Ubuntu. -While most Linux or FreeBSD operating systems can be used to contribute to the NGINX Agent project, the following steps have been designed for Ubuntu. Ubuntu is packaged with most libraries required to build and run NGINX Agent, and is the recommended platform for NGINX Agent development. +Ubuntu is the recommended operating system for development, as it comes with most packages requires to build and run NGINX Agent. -## Install NGINX +## Before you begin -Follow the steps in the [Installation]({{< ref "/agent/installation-upgrade/" >}}) section to download, install, and run NGINX and NGINX Agent. +To begin this task, you will require the following: -## Clone the NGINX Agent Repository +- A [working NGINX Agent instance]({{< ref "/nginx-one/agent/install-upgrade/" >}}). +- A [Go installation](https://go.dev/dl/) of version 1.22.2 or newer. +- A [Protocol Buffer Compiler](https://grpc.io/docs/protoc-installation/) installation. -Using your preferred method, clone the NGINX Agent repository into your development directory. See [Cloning a GitHub Repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) for additional help. +You will also need a copy of the NGINX Agent repository, which you can clone using `git`: -## Installing Prerequisite Packages +```shell +git clone git@github.com:nginx/agent.git +``` + +Read [Cloning a repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) for more information + +Follow the steps in the [Installation]({{< ref "/nginx-one/agent/install-upgrade/" >}}) topic to install NGINX Agent. + +## Install prerequisite packages Depending on the operating system distribution, it may be necessary to install the following packages in order to build NGINX Agent. Change to the NGINX Agent source directory: -```bash +```shell cd /agent ``` Install Make: -```bash +```shell sudo apt install make ``` -NGINX Agent is written in Go. You may [download Go](https://go.dev/doc/install) and follow installation instructions on the same page or run: -```bash -sudo apt install golang-go -``` - -Install Protoc: -```bash -sudo apt install -y protobuf-compiler -``` - Install NGINX Agent tools and dependencies: Before starting development on NGINX Agent, it is important to download and install the necessary tool and dependencies required by NGINX Agent. You can do this by running the following `make` command: -```bash +```shell make install-tools deps ``` -## Building NGINX Agent from Source Code +## Build NGINX Agent from source code Run the following commands to build and run NGINX Agent: -```bash +```shell make build sudo make run ``` diff --git a/content/agent/contribute/start-mock-interface.md b/content/agent/contribute/start-mock-interface.md new file mode 100644 index 000000000..9b338d09f --- /dev/null +++ b/content/agent/contribute/start-mock-interface.md @@ -0,0 +1,91 @@ +--- +title: Start mock control plane interface +toc: true +weight: 300 +nd-docs: DOCS-000 +draft: true +--- + +This document describes how to configure and run F5 NGINX Agent using a mock interface ("control plane") for NGINX Agent to report to. + +The mock interface is useful when developing NGINX Agent, as it allows you to view what metrics are being reported. + +## Before you begin + +To begin this task, you will require the following: + +- A [working NGINX Agent instance]({{< ref "/nginx-one/agent/install-upgrade/" >}}). +- A [Go installation](https://go.dev/dl/) of version 1.22.2 or newer. +- A [go-swagger](https://goswagger.io/go-swagger/install/) installation. + +You will also need a copy of the NGINX Agent repository, which you can clone using `git`: + +```shell +git clone git@github.com:nginx/agent.git +``` + +Read [Cloning a repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository) for more information. + +## Start the gRPC mock control plane + +Start the mock control plane by running the following command from the `agent` source code root directory: + +```shell +go run sdk/examples/server.go +``` +```text +INFO[0000] http listening at 54790 # mock control plane port +INFO[0000] grpc listening at 54789 # grpc control plane port which NGINX Agent will report to +``` + +The mock control plane can use either gRPC or REST protocols to communicate with NGINX Agent. + +To enable them, view the [Enable gRPC and REST interfaces]({{< ref "/agent/how-to/enable-interfaces.md" >}}) topic. + +## Launch Swagger UI + +To launch the Swagger UI for the REST interface run the following command: + +```shell +make launch-swagger-ui +``` + +## Start NGINX Agent + +Open another terminal window and start NGINX Agent. Issue the following command from the `agent` source code root directory. + +```shell +sudo make run +``` +```text +WARN[0000] Log level is info +INFO[0000] setting displayName to XXX +INFO[0000] NGINX Agent at with pid 12345, clientID=XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX name=XXX +INFO[0000] NginxBinary initializing +INFO[0000] Commander initializing +INFO[0000] Comms initializing +INFO[0000] OneTimeRegistration initializing +INFO[0000] Registering XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX +INFO[0000] Metrics initializing +INFO[0000] MetricsThrottle initializing +INFO[0000] DataPlaneStatus initializing +INFO[0000] MetricsThrottle waiting for report ready +INFO[0000] Metrics waiting for handshake to be completed +INFO[0000] ProcessWatcher initializing +INFO[0000] Extensions initializing +INFO[0000] FileWatcher initializing +INFO[0000] FileWatchThrottle initializing +INFO[0001] Events initializing +INFO[0001] OneTimeRegistration completed +``` + +Open a web browser to view the mock control plane at [http://localhost:54790](http://localhost:54790). The following links will be shown in the web interface: + +- **registered** - shows registration information of the data plane +- **nginxes** - lists the nginx instances on the data plane +- **configs** - shows the protobuf payload for NGINX configuration sent to the management plane +- **configs/chunked** - shows the split-up payloads sent to the management plane +- **configs/raw** - shows the actual configuration as it would live on the data plane +- **metrics** - shows a buffer of metrics sent to the management plane (similar to what will be sent back in the REST API) + +For more NGINX Agent use cases, refer to the [NGINX Agent SDK examples](https://github.com/nginx/agent/tree/main/sdk/examples). \ No newline at end of file diff --git a/content/agent/installation-upgrade/_index.md b/content/agent/installation-upgrade/_index.md index 1d84d3ebc..d17ef4d5d 100644 --- a/content/agent/installation-upgrade/_index.md +++ b/content/agent/installation-upgrade/_index.md @@ -2,5 +2,8 @@ title: Installation and upgrade description: Learn how to install, upgrade, and uninstall NGINX Agent. weight: 300 -url: /nginx-agent/installation-upgrade/ +url: /nginx-agent/v2/installation-upgrade/ +cascade: + logo: NGINX-product-icon.png + type: agent-v2-migration --- diff --git a/content/agent/installation-upgrade/container-environments/_index.md b/content/agent/installation-upgrade/container-environments/_index.md index 35c6aa73f..bc1eeddd7 100644 --- a/content/agent/installation-upgrade/container-environments/_index.md +++ b/content/agent/installation-upgrade/container-environments/_index.md @@ -2,5 +2,8 @@ title: Container environments description: Learn how to build and run NGINX Agent docker images. weight: 800 -ur: /nginx-agent/installation-upgrade/container-environments/ +url: /nginx-agent/v2/installation-upgrade/container-environments/ +cascade: + logo: NGINX-product-icon.png + type: agent-v2-migration --- diff --git a/content/agent/installation-upgrade/container-environments/docker-images.md b/content/agent/installation-upgrade/container-environments/docker-images.md index d12f94e5e..f21c23929 100644 --- a/content/agent/installation-upgrade/container-environments/docker-images.md +++ b/content/agent/installation-upgrade/container-environments/docker-images.md @@ -3,9 +3,8 @@ title: Build container images draft: false weight: 100 toc: true -docs: DOCS-1410 -type: -- how-to +nd-docs: DOCS-1410 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/container-environments/docker-support.md b/content/agent/installation-upgrade/container-environments/docker-support.md index 2f9c5eafc..1a57cafab 100644 --- a/content/agent/installation-upgrade/container-environments/docker-support.md +++ b/content/agent/installation-upgrade/container-environments/docker-support.md @@ -3,8 +3,8 @@ title: Container support and troubleshooting draft: false toc: true weight: 200 -docs: DOCS-909 -type: +nd-docs: DOCS-909 +nd-content-type: - task --- @@ -12,7 +12,7 @@ type: The NGINX Agent repository includes [Dockerfiles](https://github.com/nginx/agent/tree/main/scripts/docker) that can be used to [build custom container images]({{< ref "/agent/installation-upgrade/container-environments/docker-images.md" >}}). Images are created with an NGINX Open Source or NGINX Plus instance and are available for various operating systems. -See the [Technical Specifications]({{< ref "/agent/technical-specifications.md#container-support" >}}) for a list of supported operationg systems. +See the [Technical Specifications]({{< ref "/agent/technical-specifications.md" >}}) for a list of supported operationg systems. NGINX Agent running in a container has some limitations that need to be considered, and are listed below. diff --git a/content/agent/installation-upgrade/getting-started.md b/content/agent/installation-upgrade/getting-started.md index e3dc9f3a2..c7ee427af 100644 --- a/content/agent/installation-upgrade/getting-started.md +++ b/content/agent/installation-upgrade/getting-started.md @@ -3,9 +3,8 @@ title: Getting started draft: false weight: 100 toc: true -docs: DOCS-1089 -type: -- how-to +nd-docs: DOCS-1089 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/installation-github.md b/content/agent/installation-upgrade/installation-github.md index 282f1e8d9..d1cbbb2d6 100644 --- a/content/agent/installation-upgrade/installation-github.md +++ b/content/agent/installation-upgrade/installation-github.md @@ -3,9 +3,8 @@ title: Installation from GitHub release draft: false weight: 200 toc: true -docs: DOCS-1090 -type: -- how-to +nd-docs: DOCS-1090 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/installation-oss.md b/content/agent/installation-upgrade/installation-oss.md index 92c3a3306..ab4016d08 100644 --- a/content/agent/installation-upgrade/installation-oss.md +++ b/content/agent/installation-upgrade/installation-oss.md @@ -3,9 +3,8 @@ title: Installation from NGINX repository draft: false weight: 300 toc: true -docs: DOCS-1216 -type: -- how-to +nd-docs: DOCS-1216 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/installation-plus.md b/content/agent/installation-upgrade/installation-plus.md index 6ee2482d4..add1272dc 100644 --- a/content/agent/installation-upgrade/installation-plus.md +++ b/content/agent/installation-upgrade/installation-plus.md @@ -3,9 +3,8 @@ title: Installation from NGINX Plus repository draft: false weight: 400 toc: true -docs: DOCS-1217 -type: -- how-to +nd-docs: DOCS-1217 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/installation-unprivileged.md b/content/agent/installation-upgrade/installation-unprivileged.md index 137bdf752..4bf90c9f1 100644 --- a/content/agent/installation-upgrade/installation-unprivileged.md +++ b/content/agent/installation-upgrade/installation-unprivileged.md @@ -2,8 +2,10 @@ title: Run without root privileges weight: 450 toc: true -type: how-to +nd-content-type: + - how-to product: Agent +nd-docs: DOCS-1781 --- ## Overview diff --git a/content/agent/installation-upgrade/uninstall.md b/content/agent/installation-upgrade/uninstall.md index 2f783dbb6..56db538f0 100644 --- a/content/agent/installation-upgrade/uninstall.md +++ b/content/agent/installation-upgrade/uninstall.md @@ -3,9 +3,8 @@ title: Uninstall NGINX Agent package draft: false weight: 700 toc: true -docs: DOCS-1230 -type: -- how-to +nd-docs: DOCS-1230 +nd-content-type: how-to --- ## Overview diff --git a/content/agent/installation-upgrade/upgrade.md b/content/agent/installation-upgrade/upgrade.md index cd11db359..f942db01f 100644 --- a/content/agent/installation-upgrade/upgrade.md +++ b/content/agent/installation-upgrade/upgrade.md @@ -3,9 +3,8 @@ title: Upgrade NGINX Agent package draft: false weight: 600 toc: true -docs: DOCS-1227 -type: -- how-to +nd-docs: DOCS-1227 +nd-content-type: how-to --- ## Overview @@ -39,48 +38,48 @@ To upgrade NGINX Agent, follow these steps: sudo apt-get install -y --only-upgrade nginx-agent -o Dpkg::Options::="--force-confold" ``` -## Upgrade NGINX Agent to a Specific Version +## Upgrade NGINX Agent to a Specific Version -To upgrade NGINX Agent to a specific **v2.x version**, follow these steps: +To upgrade NGINX Agent to a specific **v2.x version**, follow these steps: -#### Steps to Upgrade: +#### Steps to Upgrade: 1. Open an SSH connection to the server running NGINX Agent and log in. -1. Back up the following files and directories to ensure you can restore the environment in case of issues during the upgrade: +1. Back up the following files and directories to ensure you can restore the environment in case of issues during the upgrade: - `/etc/nginx-agent` - Any `config_dirs` directory specified in `/etc/nginx-agent/nginx-agent.conf`. -1. Perform the version-controlled upgrade. +1. Perform the version-controlled upgrade. - Debian, Ubuntu, Deb-Based - + ```shell sudo apt-get update sudo apt-get install -y nginx-agent= -o Dpkg::Options::="--force-confold" ``` - - Example (to upgrade to version 2.41.1~noble): - + + Example (to upgrade to version 2.41.1~noble): + ```shell sudo apt-get install -y nginx-agent=2.41.1~noble -o Dpkg::Options::="--force-confold" ``` - - CentOS, RHEL, RPM-Based - + - CentOS, RHEL, RPM-Based + ```shell sudo yum install -y nginx-agent- ``` - - Example (to upgrade to version `2.41.1`): - + + Example (to upgrade to version `2.41.1`): + ```shell sudo yum install -y nginx-agent-2.41.1 ``` -1. Verify the installed version: - +1. Verify the installed version: + ```shell sudo nginx-agent --version ``` diff --git a/content/agent/support.md b/content/agent/support.md new file mode 100644 index 000000000..363925c75 --- /dev/null +++ b/content/agent/support.md @@ -0,0 +1,21 @@ +--- +title: Support +weight: 800 +toc: false +nd-content-type: reference +product: Agent +nd-docs: DOCS-1883 +--- + +## Support policy +F5 NGINX Agent adheres to the support policy detailed in the following knowledge base article: [K000140156](https://my.f5.com/manage/s/article/K000140156). + + +## Contact F5 Support + +For questions and/or assistance with installing, troubleshooting, or using NGINX Agent, contact support via the [MyF5 Customer Portal](https://account.f5.com/myf5). + +## Community support + +- If you experience issues with NGINX Agent, please [open an issue in GitHub](https://github.com/nginx/agent/issues/new). +- If you have any suggestions or feature requests, please [open an idea in GitHub discussions](https://github.com/nginx/agent/discussions). diff --git a/content/agent/technical-specifications.md b/content/agent/technical-specifications.md index 149b08df9..b4273c922 100644 --- a/content/agent/technical-specifications.md +++ b/content/agent/technical-specifications.md @@ -1,23 +1,21 @@ --- -title: Technical specifications -draft: false -weight: 200 +title: "Technical specifications" +weight: 100 toc: true -docs: DOCS-1092 -type: -- how-to +nd-docs: DOCS-1092 +nd-content-type: how-to --- -## Overview +This document describes the requirements for NGINX Agent version 2. This document provides technical specifications for NGINX Agent. It includes information on supported distributions, deployment environments, NGINX versions, sizing recommendations, and logging. -## NGINX Agent v3.0 Compatibility +## NGINX Agent 3.0 Compatibility {{< bootstrap-table "table table-striped table-bordered" >}} | NGINX Product | Agent Version | |------------------------------|----------------| | **NGINX One Console** | 2.x | -| **NGINX Gateway Fabric** | 3.x | +| **NGINX Gateway Fabric** | 3.x | | **NGINX Plus** | 2.x, 3.x | | **NGINX Ingress Controller** | 2.x | | **NGINX Instance Manager** | 2.x | @@ -28,21 +26,21 @@ This document provides technical specifications for NGINX Agent. It includes inf NGINX Agent can run in most environments. We support the following distributions: {{< bootstrap-table "table table-striped table-bordered" >}} -| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2 | Debian | -|-|-----------|--------------|--------------|----------------|--------| -|**Version**|8
9 | 3.18
3.19
3.20
3.21| 2023| LTS| 11
12| -|**Architecture**| x86_84
aarch64| x86_64
aarch64 | x86_64
aarch64 | x86_64
aarch64 | x86_64
aarch64 | +| | AlmaLinux | Alpine Linux | Amazon Linux | Amazon Linux 2 | CentOS | Debian | +|-|-----------|--------------|--------------|----------------|--------|--------| +|**Version**|8
9 | 3.16
3.17
3.18
3.19| 2023| LTS| 7.4+| 11
12| +|**Architecture**| x86_84
aarch64| x86_64
aarch64 | x86_64
aarch64 | x86_64
aarch64 | x86_64
aarch64 | x86_64
aarch64 | {{< /bootstrap-table >}} {{< bootstrap-table "table table-striped table-bordered" >}} | |FreeBSD | Oracle Linux | Red Hat
Enterprise Linux
(RHEL) | Rocky Linux | SUSE Linux
Enterprise Server
(SLES) | Ubuntu | |-|--------|--------------|---------------------------------|-------------|-------------------------------------|--------| -|**Version**|13
14|8.1+
9|8.1+
9.0+|8
9|15 SP2|20.04 LTS
22.04 LTS
24.04 LTS| +|**Version**|13
14|7.4+
8.1+
9|7.4+
8.1+
9.0+|8
9|12 SP5
15 SP2|20.04 LTS
22.04 LTS| |**Architecture**|amd64|x86_64|x86_64
aarch64|x86_64
aarch64|x86_64|x86_64
aarch64| {{< /bootstrap-table >}} -## Supported Deployment Environments +## Supported deployment environments NGINX Agent can be deployed in the following environments: @@ -51,12 +49,12 @@ NGINX Agent can be deployed in the following environments: - Public Cloud: AWS, Google Cloud Platform, and Microsoft Azure - Virtual Machine -## Supported NGINX Versions +## Supported NGINX versions NGINX Agent works with all supported versions of NGINX Open Source and NGINX Plus. -## Sizing Recommendations +## Sizing recommendations Minimum system sizing recommendations for NGINX Agent: {{< bootstrap-table "table table-striped table-bordered" >}} diff --git a/content/amplify/additional-resources.md b/content/amplify/additional-resources.md index 554e6c8b3..f794475ce 100644 --- a/content/amplify/additional-resources.md +++ b/content/amplify/additional-resources.md @@ -2,7 +2,7 @@ title: Other NGINX Amplify Resources weight: 899 toc: true -docs: DOCS-977 +nd-docs: DOCS-977 --- If you are interested in learning more about F5 NGINX Amplify, visit the [NGINX Amplify Resources Page](https://amplify.nginx.com/docs/), where you will find links to: diff --git a/content/amplify/changelog.md b/content/amplify/changelog.md index d965086f0..b39e69e95 100644 --- a/content/amplify/changelog.md +++ b/content/amplify/changelog.md @@ -3,7 +3,7 @@ title: Changelog description: These release notes list and describe the new features, enhancements, and resolved issues in F5 NGINX Amplify weight: 900 toc: true -docs: DOCS-1691 +nd-docs: DOCS-1691 --- ## Sept 21, 2023 diff --git a/content/amplify/faq/general.md b/content/amplify/faq/general.md index 5aab8c8f2..53d0775bd 100644 --- a/content/amplify/faq/general.md +++ b/content/amplify/faq/general.md @@ -3,7 +3,7 @@ title: General description: General questions about F5 NGINX Amplify weight: 10 toc: true -docs: DOCS-956 +nd-docs: DOCS-956 --- ### What Is F5 NGINX Amplify? diff --git a/content/amplify/faq/metrics-and-metadata.md b/content/amplify/faq/metrics-and-metadata.md index ea7820bd5..f91ae8dd8 100644 --- a/content/amplify/faq/metrics-and-metadata.md +++ b/content/amplify/faq/metrics-and-metadata.md @@ -3,7 +3,7 @@ title: NGINX Amplify Metrics and Metadata description: Questions about F5 NGINX Amplify's Metrics and Metadata weight: 40 toc: true -docs: DOCS-957 +nd-docs: DOCS-957 --- ### What Data Does F5 NGINX Amplify Agent Gather? diff --git a/content/amplify/faq/nginx-amplify-agent.md b/content/amplify/faq/nginx-amplify-agent.md index f6965a94b..eec52dc82 100644 --- a/content/amplify/faq/nginx-amplify-agent.md +++ b/content/amplify/faq/nginx-amplify-agent.md @@ -3,7 +3,7 @@ title: NGINX Amplify Agent description: Questions about F5 NGINX Amplify Agent weight: 20 toc: true -docs: DOCS-958 +nd-docs: DOCS-958 --- ### What Operating Systems are Supported? diff --git a/content/amplify/faq/user-interface.md b/content/amplify/faq/user-interface.md index 26277afee..5bad6022b 100644 --- a/content/amplify/faq/user-interface.md +++ b/content/amplify/faq/user-interface.md @@ -3,7 +3,7 @@ title: NGINX Amplify User Interface description: Questions about F5 NGINX Amplify's User Interface weight: 30 toc: true -docs: DOCS-959 +nd-docs: DOCS-959 --- ### What Browsers are Supported? diff --git a/content/amplify/known-issues.md b/content/amplify/known-issues.md index bf5ea989c..38b7db320 100644 --- a/content/amplify/known-issues.md +++ b/content/amplify/known-issues.md @@ -3,7 +3,7 @@ title: Known Issues weight: 1000 description: List of known issues in the latest release of F5 NGINX Amplify toc: true -docs: DOCS-1692 +nd-docs: DOCS-1692 --- {{}} diff --git a/content/amplify/metrics-metadata/metrics-overview.md b/content/amplify/metrics-metadata/metrics-overview.md index 6a6b34f2c..8a1970ed4 100644 --- a/content/amplify/metrics-metadata/metrics-overview.md +++ b/content/amplify/metrics-metadata/metrics-overview.md @@ -3,7 +3,7 @@ title: Metrics and Metadata Overview description: Learn about the metrics and metadata F5 NGINX Amplify collects. weight: 10 toc: true -docs: DOCS-972 +nd-docs: DOCS-972 --- Most metrics are collected by F5 NGINX Amplify Agent without requiring the user to perform any additional setup. For troubleshooting, see [Troubleshooting Metrics Collection]({{< ref "/amplify/nginx-amplify-agent/troubleshooting-metrics-collection.md" >}}). diff --git a/content/amplify/metrics-metadata/nginx-metrics.md b/content/amplify/metrics-metadata/nginx-metrics.md index 34971aab6..fd0e5e61c 100644 --- a/content/amplify/metrics-metadata/nginx-metrics.md +++ b/content/amplify/metrics-metadata/nginx-metrics.md @@ -3,7 +3,7 @@ title: NGINX Metrics description: List of NGINX Metrics weight: 30 toc: true -docs: DOCS-973 +nd-docs: DOCS-973 --- ## HTTP Connections and Requests @@ -48,7 +48,7 @@ docs: DOCS-973 ``` Type: gauge, integer - Description: Number of currently active requests (reading and writing). + Description: Number of currently active requests (reading and writing). Number of requests reading headers or writing responses to clients. Source: stub_status (or NGINX Plus status API) ``` @@ -127,7 +127,7 @@ docs: DOCS-973 ``` Type: counter, integer - Description: Number of requests finalized with status code 499 which is + Description: Number of requests finalized with status code 499 which is logged when the client closes the connection. Source: access.log ``` @@ -213,7 +213,7 @@ docs: DOCS-973 ``` Type: gauge, integer - Description: Hard limit on the number of file descriptors as seen + Description: Hard limit on the number of file descriptors as seen by NGINX worker processes. ``` diff --git a/content/amplify/metrics-metadata/os-metrics.md b/content/amplify/metrics-metadata/os-metrics.md index 6a204d0df..7de32fcb0 100644 --- a/content/amplify/metrics-metadata/os-metrics.md +++ b/content/amplify/metrics-metadata/os-metrics.md @@ -3,7 +3,7 @@ title: OS Metrics description: List of OS Metrics weight: 20 toc: true -docs: DOCS-974 +nd-docs: DOCS-974 --- ## System Metrics diff --git a/content/amplify/metrics-metadata/other-metrics.md b/content/amplify/metrics-metadata/other-metrics.md index 83b583573..2241f57e4 100644 --- a/content/amplify/metrics-metadata/other-metrics.md +++ b/content/amplify/metrics-metadata/other-metrics.md @@ -3,7 +3,7 @@ title: Other Metrics description: Learn about other metrics used by F5 NGINX Amplify weight: 40 toc: true -docs: DOCS-975 +nd-docs: DOCS-975 --- {{< note >}}Monitoring PHP-FPM and MySQL metrics is only supported by F5 NGINX Amplify Agent.{{< /note >}} diff --git a/content/amplify/nginx-amplify-agent/amplify-agent-overview.md b/content/amplify/nginx-amplify-agent/amplify-agent-overview.md index 235fb15cd..51cc08ccb 100644 --- a/content/amplify/nginx-amplify-agent/amplify-agent-overview.md +++ b/content/amplify/nginx-amplify-agent/amplify-agent-overview.md @@ -3,7 +3,7 @@ title: NGINX Amplify Agent Overview description: Learn about F5 NGINX Amplify Agent. weight: 1 toc: true -docs: DOCS-960 +nd-docs: DOCS-960 --- F5 NGINX Amplify Agent is a compact application written in Python. Its role is to collect various metrics and metadata and send them securely to the backend for storage and visualization. diff --git a/content/amplify/nginx-amplify-agent/configuration-analysis.md b/content/amplify/nginx-amplify-agent/configuration-analysis.md index 0110f4a9b..0c227c3a9 100644 --- a/content/amplify/nginx-amplify-agent/configuration-analysis.md +++ b/content/amplify/nginx-amplify-agent/configuration-analysis.md @@ -3,7 +3,7 @@ title: NGINX Configuration Analysis description: Learn about F5 NGINX Amplify Agent's configuration analysis feature. weight: 600 toc: true -docs: DOCS-961 +nd-docs: DOCS-961 --- F5 NGINX Amplify Agent can automatically find all relevant NGINX configuration files, parse them, extract their logical structure, and send the associated JSON data to the Amplify backend for further analysis and reporting. For more information on configuration analysis, please see the [Analyzer]({{< ref "/amplify/user-interface/analyzer.md" >}})) documentation. diff --git a/content/amplify/nginx-amplify-agent/configuring-metric-collection.md b/content/amplify/nginx-amplify-agent/configuring-metric-collection.md index b3bf29981..311967d69 100644 --- a/content/amplify/nginx-amplify-agent/configuring-metric-collection.md +++ b/content/amplify/nginx-amplify-agent/configuring-metric-collection.md @@ -3,7 +3,7 @@ title: Configuring NGINX for Metric Collection description: Learn how to configure NGINX Instances to collect data. weight: 400 toc: true -docs: DOCS-963 +nd-docs: DOCS-963 --- To monitor an NGINX instance, F5 NGINX Amplify Agent must [find the relevant NGINX master process]({{< ref "/amplify/nginx-amplify-agent/detecting-monitoring-instances" >}}) and determine its key characteristics. diff --git a/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md b/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md index 1df04cd92..85508a998 100644 --- a/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md +++ b/content/amplify/nginx-amplify-agent/detecting-monitoring-instances.md @@ -3,7 +3,7 @@ title: Detecting and Monitoring NGINX Instances description: Learn how F5 NGINX Amplify Agent detects NGINX Instances. weight: 300 toc: true -docs: DOCS-962 +nd-docs: DOCS-962 --- F5 NGINX Amplify Agent is capable of detecting several types of NGINX instances: diff --git a/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md index b8d5e3f41..572725403 100644 --- a/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md +++ b/content/amplify/nginx-amplify-agent/install/configuring-amplify-agent.md @@ -3,7 +3,7 @@ title: Configuring NGINX Amplify Agent description: Learn how to configure F5 NGINX Amplify Agent. weight: 300 toc: true -docs: DOCS-967 +nd-docs: DOCS-967 --- F5 NGINX Amplify Agent keeps its configuration in `/etc/amplify-agent/agent.conf`. The NGINX Amplify Agent configuration is a text-based file. diff --git a/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md index dea514179..1dcbb9241 100644 --- a/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md +++ b/content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md @@ -3,7 +3,7 @@ title: Install NGINX Amplify Agent description: Learn how to install F5 NGINX Amplify Agent. weight: 100 toc: true -docs: DOCS-968 +nd-docs: DOCS-968 --- To use F5 NGINX Amplify to monitor your infrastructure, you need to install NGINX Amplify Agent on each system you wish to monitor. diff --git a/content/amplify/nginx-amplify-agent/install/uninstalling-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/uninstalling-amplify-agent.md index 341d5d1bb..702c0ff87 100644 --- a/content/amplify/nginx-amplify-agent/install/uninstalling-amplify-agent.md +++ b/content/amplify/nginx-amplify-agent/install/uninstalling-amplify-agent.md @@ -3,7 +3,7 @@ title: Uninstall NGINX Amplify Agent description: Learn how to uninstall F5 NGINX Amplify Agent. weight: 400 toc: true -docs: DOCS-969 +nd-docs: DOCS-969 --- To completely delete a previously monitored object, perform the following steps: diff --git a/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md b/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md index a616bccdf..e7c0f2c57 100644 --- a/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md +++ b/content/amplify/nginx-amplify-agent/install/updating-amplify-agent.md @@ -3,7 +3,7 @@ title: Update NGINX Amplify Agent description: Learn how to update F5 NGINX Amplify Agent. weight: 200 toc: true -docs: DOCS-970 +nd-docs: DOCS-970 --- {{< important >}} diff --git a/content/amplify/nginx-amplify-agent/install/using-amplify-agent-docker.md b/content/amplify/nginx-amplify-agent/install/using-amplify-agent-docker.md index 6b979affb..ee91d9b50 100644 --- a/content/amplify/nginx-amplify-agent/install/using-amplify-agent-docker.md +++ b/content/amplify/nginx-amplify-agent/install/using-amplify-agent-docker.md @@ -3,7 +3,7 @@ title: Use NGINX Amplify Agent with Docker description: Learn how to use F5 NGINX Amplify Agent with Docker. weight: 500 toc: true -docs: DOCS-971 +nd-docs: DOCS-971 --- You can use F5 NGINX Amplify Agent in a Docker environment. Although it's still work-in-progress, NGINX Amplify Agent can collect most of the metrics and send them over to the Amplify backend in either "standalone" or "aggregate" mode. The standalone mode of operation is the simplest one, with a separate "host" created for each Docker container. Alternatively, the metrics from NGINX Amplify Agents running in different containers can be aggregated on a "per-image" basis β€” this is the aggregate mode of deploying NGINX Amplify Agent with Docker. diff --git a/content/amplify/nginx-amplify-agent/metadata-metrics-collection.md b/content/amplify/nginx-amplify-agent/metadata-metrics-collection.md index 0263c68f6..b5ea87f65 100644 --- a/content/amplify/nginx-amplify-agent/metadata-metrics-collection.md +++ b/content/amplify/nginx-amplify-agent/metadata-metrics-collection.md @@ -3,7 +3,7 @@ title: Metadata and Metrics Collection description: Learn how F5 NGINX Amplify Agent collects data. weight: 200 toc: true -docs: DOCS-964 +nd-docs: DOCS-964 --- F5 NGINX Amplify Agent collects the following types of data: diff --git a/content/amplify/nginx-amplify-agent/source-code.md b/content/amplify/nginx-amplify-agent/source-code.md index 4730d4d2c..6aa36975e 100644 --- a/content/amplify/nginx-amplify-agent/source-code.md +++ b/content/amplify/nginx-amplify-agent/source-code.md @@ -3,7 +3,7 @@ title: NGINX Amplify Agent Source Code description: Learn where to find F5 NGINX Amplify Agent's source code. weight: 700 toc: true -docs: DOCS-965 +nd-docs: DOCS-965 --- F5 NGINX Amplify Agent is an open source application. It is licensed under the [2-clause BSD license](https://github.com/nginxinc/nginx-amplify-agent/blob/master/LICENSE), and is available here: diff --git a/content/amplify/nginx-amplify-agent/troubleshooting-metrics-collection.md b/content/amplify/nginx-amplify-agent/troubleshooting-metrics-collection.md index 5501b2fbe..d15fbe0f9 100644 --- a/content/amplify/nginx-amplify-agent/troubleshooting-metrics-collection.md +++ b/content/amplify/nginx-amplify-agent/troubleshooting-metrics-collection.md @@ -3,7 +3,7 @@ title: Troubleshooting Metrics Collection description: Learn what to check if F5 NGINX Amplify Agent isn't reporting metrics. weight: 500 toc: true -docs: DOCS-966 +nd-docs: DOCS-966 --- After you [install and start]({{< ref "/amplify/nginx-amplify-agent/install/installing-amplify-agent" >}}) F5 NGINX Amplify Agent, it should start reporting right away, pushing aggregated data to the Amplify backend at regular 1 minute intervals. It'll take about a minute for a new system to appear in the Amplify web interface. diff --git a/content/amplify/overview/overview-main-components.md b/content/amplify/overview/overview-main-components.md index 3ae2416ee..ecb453b6e 100644 --- a/content/amplify/overview/overview-main-components.md +++ b/content/amplify/overview/overview-main-components.md @@ -3,7 +3,7 @@ title: Overview and Main Components description: Learn about F5 NGINX Amplify and its main components. weight: 10 toc: true -docs: DOCS-976 +nd-docs: DOCS-976 --- ## What Is F5 NGINX Amplify? diff --git a/content/amplify/user-interface/account-settings.md b/content/amplify/user-interface/account-settings.md index bef423f0b..d39312e95 100644 --- a/content/amplify/user-interface/account-settings.md +++ b/content/amplify/user-interface/account-settings.md @@ -3,7 +3,7 @@ title: Account Settings description: Learn about the Account settings for the User Interface. weight: 70 toc: true -docs: DOCS-978 +nd-docs: DOCS-978 --- The **Account** option in the user menu at the top right corner of the user interface povides access to several user settings. diff --git a/content/amplify/user-interface/alerts.md b/content/amplify/user-interface/alerts.md index f89818d48..490cc6eb7 100644 --- a/content/amplify/user-interface/alerts.md +++ b/content/amplify/user-interface/alerts.md @@ -3,7 +3,7 @@ title: Alerts description: Learn about the Alerts page of the User Interface. weight: 60 toc: false -docs: DOCS-979 +nd-docs: DOCS-979 --- The **Alerts** page describes the configuration of the alert rules used to notify you of any anomalies in the behavior of your systems. diff --git a/content/amplify/user-interface/analyzer.md b/content/amplify/user-interface/analyzer.md index 054790cdd..40ce6d0b5 100644 --- a/content/amplify/user-interface/analyzer.md +++ b/content/amplify/user-interface/analyzer.md @@ -3,7 +3,7 @@ title: Analyzer description: Learn about the Analyzer page of the User Interface. weight: 50 toc: false -docs: DOCS-980 +nd-docs: DOCS-980 --- F5 NGINX Amplify Agent parses NGINX configuration files and transmits them to the backend component for further analysis. NGINX Amplify offers configuration recommendations to help improve the performance, reliability, and security of your applications. With well-thought-out and detailed recommendations, you’ll know exactly where the problem is, why it is a problem, and how to fix it. diff --git a/content/amplify/user-interface/dashboards.md b/content/amplify/user-interface/dashboards.md index eef3fcd73..24dd0814d 100644 --- a/content/amplify/user-interface/dashboards.md +++ b/content/amplify/user-interface/dashboards.md @@ -3,7 +3,7 @@ title: Dashboards description: Learn about the Dashboards page of the User Interface. weight: 40 toc: false -docs: DOCS-981 +nd-docs: DOCS-981 --- You can create your own dashboards populated with highly customizable graphs of NGINX and system-level metrics. diff --git a/content/amplify/user-interface/graphs.md b/content/amplify/user-interface/graphs.md index 701138cb7..d33421876 100644 --- a/content/amplify/user-interface/graphs.md +++ b/content/amplify/user-interface/graphs.md @@ -3,7 +3,7 @@ title: Graphs description: Learn about the Graphs page of the User Interface. weight: 20 toc: false -docs: DOCS-982 +nd-docs: DOCS-982 --- On the **Graphs** page, you can find a collection of predefined graphs. Here you can see an overview of the key metric stats, such as CPU, memory, and disk usage for all your systems. diff --git a/content/amplify/user-interface/inventory.md b/content/amplify/user-interface/inventory.md index f57cc399a..dc7e4d198 100644 --- a/content/amplify/user-interface/inventory.md +++ b/content/amplify/user-interface/inventory.md @@ -3,7 +3,7 @@ title: Inventory description: Learn about the Inventory page of the User Interface. weight: 30 toc: false -docs: DOCS-983 +nd-docs: DOCS-983 --- You can access the inventory by selecting the first icon on the top menu. The inventory gives an overview of the systems that are being monitored. When F5 NGINX Amplify Agent is running and reporting on a new system, it's listed in the system index on the left side of the user interface and in the **Inventory** section. diff --git a/content/amplify/user-interface/overview.md b/content/amplify/user-interface/overview.md index 5fbb45d7e..02437219d 100644 --- a/content/amplify/user-interface/overview.md +++ b/content/amplify/user-interface/overview.md @@ -3,7 +3,7 @@ title: Overview description: Learn about the Overview page of the User Interface. weight: 10 toc: true -docs: DOCS-984 +nd-docs: DOCS-984 --- The Overview page is designed to provide a quick summary of the state of your NGINX infrastructure. Here you can quickly check the total sum of HTTP 5xx errors over the past 24 hours and compare it to the previous 24 hours. diff --git a/content/controller/admin-guides/backup-restore/backup-restore-cluster-config.md b/content/controller/admin-guides/backup-restore/backup-restore-cluster-config.md index 93dfdad4b..146217e3b 100644 --- a/content/controller/admin-guides/backup-restore/backup-restore-cluster-config.md +++ b/content/controller/admin-guides/backup-restore/backup-restore-cluster-config.md @@ -1,7 +1,7 @@ --- description: Learn how to back up your F5 NGINX Controller cluster configuration and encryption keys. -docs: DOCS-247 +nd-docs: DOCS-247 title: Back Up & Restore Cluster Config and Encryption Keys toc: true weight: 97 diff --git a/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md b/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md index f4cdadd2f..a1d53cf56 100644 --- a/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md +++ b/content/controller/admin-guides/backup-restore/backup-restore-embedded-config-db.md @@ -1,7 +1,7 @@ --- description: Learn how to back up and restore the embedded F5 NGINX Controller config database. -docs: DOCS-248 +nd-docs: DOCS-248 title: Back Up & Restore an Embedded Config Database toc: true weight: 98 diff --git a/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md b/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md index 983ec1321..bc2adbeeb 100644 --- a/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md +++ b/content/controller/admin-guides/backup-restore/backup-restore-external-config-db.md @@ -1,7 +1,7 @@ --- description: Learn how to back up and restore the external F5 NGINX Controller config database. -docs: DOCS-249 +nd-docs: DOCS-249 title: Back Up & Restore an External Config Database toc: true weight: 99 diff --git a/content/controller/admin-guides/backup-restore/backup-restore-metrics-db.md b/content/controller/admin-guides/backup-restore/backup-restore-metrics-db.md index bce77e9f2..bd372ded2 100644 --- a/content/controller/admin-guides/backup-restore/backup-restore-metrics-db.md +++ b/content/controller/admin-guides/backup-restore/backup-restore-metrics-db.md @@ -1,6 +1,6 @@ --- description: Learn how to back up and restore the F5 NGINX Controller analytics database. -docs: DOCS-250 +nd-docs: DOCS-250 title: Back Up & Restore the Analytics Database toc: true weight: 100 diff --git a/content/controller/admin-guides/config-agent/about-controller-agent.md b/content/controller/admin-guides/config-agent/about-controller-agent.md index 3976422ab..2ab44950d 100644 --- a/content/controller/admin-guides/config-agent/about-controller-agent.md +++ b/content/controller/admin-guides/config-agent/about-controller-agent.md @@ -1,6 +1,6 @@ --- description: Learn about the NGINX Controller Agent. -docs: DOCS-508 +nd-docs: DOCS-508 title: Get to Know the F5 NGINX Controller Agent toc: true weight: 100 diff --git a/content/controller/admin-guides/config-agent/configure-metrics-collection.md b/content/controller/admin-guides/config-agent/configure-metrics-collection.md index 492cbd5e1..6fadc382c 100644 --- a/content/controller/admin-guides/config-agent/configure-metrics-collection.md +++ b/content/controller/admin-guides/config-agent/configure-metrics-collection.md @@ -1,7 +1,7 @@ --- description: Contains instructions for setting up the F5 NGINX Controller Agent to collect metrics for NGINX Plus instances. -docs: DOCS-509 +nd-docs: DOCS-509 title: Set up Metrics Collection toc: true weight: 120 diff --git a/content/controller/admin-guides/config-agent/configure-the-agent.md b/content/controller/admin-guides/config-agent/configure-the-agent.md index 37a7d5c7b..468755759 100644 --- a/content/controller/admin-guides/config-agent/configure-the-agent.md +++ b/content/controller/admin-guides/config-agent/configure-the-agent.md @@ -1,6 +1,6 @@ --- description: Customize the F5 NGINX Controller Agent configuration. -docs: DOCS-510 +nd-docs: DOCS-510 title: Configure the NGINX Controller Agent toc: true weight: 110 diff --git a/content/controller/admin-guides/config-agent/use-agent-with-docker.md b/content/controller/admin-guides/config-agent/use-agent-with-docker.md index 3c5980a2b..12a1786b8 100644 --- a/content/controller/admin-guides/config-agent/use-agent-with-docker.md +++ b/content/controller/admin-guides/config-agent/use-agent-with-docker.md @@ -1,6 +1,6 @@ --- description: Learn how to use the F5 NGINX Controller Agent in a Docker environment. -docs: DOCS-511 +nd-docs: DOCS-511 title: Use the NGINX Controller Agent with Docker toc: true weight: 200 diff --git a/content/controller/admin-guides/install/agent-restart.md b/content/controller/admin-guides/install/agent-restart.md index 103b35573..acc3e9173 100644 --- a/content/controller/admin-guides/install/agent-restart.md +++ b/content/controller/admin-guides/install/agent-restart.md @@ -1,7 +1,7 @@ --- description: How to start, stop, and verify the state of the F5 NGINX Controller Agent service. -docs: DOCS-251 +nd-docs: DOCS-251 title: Manage the NGINX Controller Agent Service toc: true weight: 210 diff --git a/content/controller/admin-guides/install/get-n-plus-cert-and-key.md b/content/controller/admin-guides/install/get-n-plus-cert-and-key.md index 48a9ecef5..55a141570 100644 --- a/content/controller/admin-guides/install/get-n-plus-cert-and-key.md +++ b/content/controller/admin-guides/install/get-n-plus-cert-and-key.md @@ -1,7 +1,7 @@ --- description: How to download the F5 NGINX Plus nginx.crt and nginx.key files using the NGINX Controller API. -docs: DOCS-252 +nd-docs: DOCS-252 title: Download the NGINX Plus Cert and Key Bundle toc: true weight: 105 diff --git a/content/controller/admin-guides/install/install-agent-non-root.md b/content/controller/admin-guides/install/install-agent-non-root.md index 51934094a..7d4dd31bf 100644 --- a/content/controller/admin-guides/install/install-agent-non-root.md +++ b/content/controller/admin-guides/install/install-agent-non-root.md @@ -1,6 +1,6 @@ --- description: How to install the F5 NGINX Controller Agent to run as a non-root user. -docs: DOCS-253 +nd-docs: DOCS-253 title: Install NGINX Controller Agent for Non-root Users toc: true weight: 205 diff --git a/content/controller/admin-guides/install/install-for-controller.md b/content/controller/admin-guides/install/install-for-controller.md index b359e637d..bd104db9f 100644 --- a/content/controller/admin-guides/install/install-for-controller.md +++ b/content/controller/admin-guides/install/install-for-controller.md @@ -1,7 +1,7 @@ --- description: Take the steps in this guide to deploy F5 NGINX App Protect WAF as a datapath instance for use with NGINX Controller. -docs: DOCS-645 +nd-docs: DOCS-645 title: Using NGINX App Protect WAF with NGINX Controller toc: true weight: 500 diff --git a/content/controller/admin-guides/install/install-nginx-controller-agent.md b/content/controller/admin-guides/install/install-nginx-controller-agent.md index 594f865c1..2ee592106 100644 --- a/content/controller/admin-guides/install/install-nginx-controller-agent.md +++ b/content/controller/admin-guides/install/install-nginx-controller-agent.md @@ -1,6 +1,6 @@ --- description: How to install, upgrade, and uninstall the F5 Controller Agent. -docs: DOCS-254 +nd-docs: DOCS-254 title: Install NGINX Controller Agent toc: true weight: 150 diff --git a/content/controller/admin-guides/install/install-nginx-controller-rhel-8.md b/content/controller/admin-guides/install/install-nginx-controller-rhel-8.md index 82d4e9651..34431a5a2 100644 --- a/content/controller/admin-guides/install/install-nginx-controller-rhel-8.md +++ b/content/controller/admin-guides/install/install-nginx-controller-rhel-8.md @@ -1,7 +1,7 @@ --- description: This guide explains how to prepare your RHEL 8 system to install F5 NGINX Controller and the NGINX Controller Agent. -docs: DOCS-342 +nd-docs: DOCS-342 title: Install NGINX Controller on RHEL 8 (experimental) toc: true weight: 200 diff --git a/content/controller/admin-guides/install/install-nginx-controller.md b/content/controller/admin-guides/install/install-nginx-controller.md index d6d6eb972..0607d2240 100644 --- a/content/controller/admin-guides/install/install-nginx-controller.md +++ b/content/controller/admin-guides/install/install-nginx-controller.md @@ -1,6 +1,6 @@ --- description: This guide explains how to install and update F5 NGINX Controller. -docs: DOCS-255 +nd-docs: DOCS-255 title: Install NGINX Controller toc: true weight: 120 diff --git a/content/controller/admin-guides/install/nginx-controller-tech-specs.md b/content/controller/admin-guides/install/nginx-controller-tech-specs.md index 1940cf75d..39b8a7da6 100644 --- a/content/controller/admin-guides/install/nginx-controller-tech-specs.md +++ b/content/controller/admin-guides/install/nginx-controller-tech-specs.md @@ -1,6 +1,6 @@ --- description: Guidelines and recommendations for configuring F5 NGINX Controller. -docs: DOCS-256 +nd-docs: DOCS-256 title: NGINX Controller Tech Specs toc: true weight: 100 diff --git a/content/controller/admin-guides/install/resilient-cluster-aws.md b/content/controller/admin-guides/install/resilient-cluster-aws.md index f544492e6..240c0edc5 100644 --- a/content/controller/admin-guides/install/resilient-cluster-aws.md +++ b/content/controller/admin-guides/install/resilient-cluster-aws.md @@ -1,7 +1,7 @@ --- description: This guide explains how to deploy F5 NGINX Controller as a multi-node resilient cluster on AWS. -docs: DOCS-257 +nd-docs: DOCS-257 title: Deploy NGINX Controller as a Resilient Cluster on AWS toc: true weight: 310 diff --git a/content/controller/admin-guides/install/resilient-cluster-private-cloud.md b/content/controller/admin-guides/install/resilient-cluster-private-cloud.md index 22cc5e1db..cb2339eb0 100644 --- a/content/controller/admin-guides/install/resilient-cluster-private-cloud.md +++ b/content/controller/admin-guides/install/resilient-cluster-private-cloud.md @@ -1,7 +1,7 @@ --- description: This guide explains how to deploy F5 NGINX Controller as a multi-node resilient cluster on a private cloud. -docs: DOCS-258 +nd-docs: DOCS-258 title: Deploy NGINX Controller as a Resilient Cluster on a Private Cloud toc: true weight: 300 diff --git a/content/controller/admin-guides/install/try-nginx-controller-app-sec.md b/content/controller/admin-guides/install/try-nginx-controller-app-sec.md index 74b41240b..ecba8d0f9 100644 --- a/content/controller/admin-guides/install/try-nginx-controller-app-sec.md +++ b/content/controller/admin-guides/install/try-nginx-controller-app-sec.md @@ -1,7 +1,7 @@ --- description: This quick-start tutorial shows you how to get started using F5 NGINX Controller with the Application Security Add-on. -docs: DOCS-259 +nd-docs: DOCS-259 title: Trial NGINX Controller with App Security toc: true weight: 115 diff --git a/content/controller/admin-guides/install/try-nginx-controller.md b/content/controller/admin-guides/install/try-nginx-controller.md index c5565c412..dd2883d56 100644 --- a/content/controller/admin-guides/install/try-nginx-controller.md +++ b/content/controller/admin-guides/install/try-nginx-controller.md @@ -1,7 +1,7 @@ --- description: This quick-start tutorial shows you how to get started using F5 NGINX Controller with NGINX Plus. -docs: DOCS-260 +nd-docs: DOCS-260 title: Trial NGINX Controller with NGINX Plus toc: true weight: 110 diff --git a/content/controller/admin-guides/install/using-helper-script.md b/content/controller/admin-guides/install/using-helper-script.md index 2a880d7ce..382332f63 100644 --- a/content/controller/admin-guides/install/using-helper-script.md +++ b/content/controller/admin-guides/install/using-helper-script.md @@ -1,7 +1,7 @@ --- description: Learn how to update F5 NGINX Controller installation settings and manage the NGINX Controller service using the helper.sh script. -docs: DOCS-261 +nd-docs: DOCS-261 title: Update NGINX Controller Settings with helper.sh toc: true weight: 200 diff --git a/content/controller/analytics/alerts/about-alerts.md b/content/controller/analytics/alerts/about-alerts.md index c870c9a75..af1813eba 100644 --- a/content/controller/analytics/alerts/about-alerts.md +++ b/content/controller/analytics/alerts/about-alerts.md @@ -1,6 +1,6 @@ --- description: Learn about NGINX Controller Alerts and Notifications. -docs: DOCS-520 +nd-docs: DOCS-520 title: About Alerts toc: true weight: 100 diff --git a/content/controller/analytics/alerts/manage-alerts.md b/content/controller/analytics/alerts/manage-alerts.md index de167234f..839506968 100644 --- a/content/controller/analytics/alerts/manage-alerts.md +++ b/content/controller/analytics/alerts/manage-alerts.md @@ -1,6 +1,6 @@ --- description: Learn how to view, add, mute, and delete Alerts. -docs: DOCS-521 +nd-docs: DOCS-521 title: Manage Alerts toc: true weight: 200 diff --git a/content/controller/analytics/alerts/manage-registered-emails.md b/content/controller/analytics/alerts/manage-registered-emails.md index 81131b9da..6a0bb6bbf 100644 --- a/content/controller/analytics/alerts/manage-registered-emails.md +++ b/content/controller/analytics/alerts/manage-registered-emails.md @@ -1,7 +1,7 @@ --- description: Learn how to manage the email addresses that receive automatic alert notifications. -docs: DOCS-522 +nd-docs: DOCS-522 title: Manage Registered Email Addresses toc: true weight: 310 diff --git a/content/controller/analytics/alerts/service-now-notifications.md b/content/controller/analytics/alerts/service-now-notifications.md index 8e857b14e..fe4ca3c43 100644 --- a/content/controller/analytics/alerts/service-now-notifications.md +++ b/content/controller/analytics/alerts/service-now-notifications.md @@ -1,6 +1,6 @@ --- description: Set up Alerts Integration with ServiceNow. Deprecated in v3.13. -docs: DOCS-523 +nd-docs: DOCS-523 title: ServiceNow Alerts Integration toc: true weight: 600 diff --git a/content/controller/analytics/catalogs/dimensions.md b/content/controller/analytics/catalogs/dimensions.md index db1629c2d..4ed5ea5b4 100644 --- a/content/controller/analytics/catalogs/dimensions.md +++ b/content/controller/analytics/catalogs/dimensions.md @@ -1,7 +1,7 @@ --- description: Information about all of the Dimensions collected by F5 NGINX Controller Agent. -docs: DOCS-524 +nd-docs: DOCS-524 title: NGINX Controller Dimensions Catalog toc: false weight: 20 diff --git a/content/controller/analytics/catalogs/metrics.md b/content/controller/analytics/catalogs/metrics.md index 3e457a0a9..ff4c9b25b 100644 --- a/content/controller/analytics/catalogs/metrics.md +++ b/content/controller/analytics/catalogs/metrics.md @@ -1,7 +1,7 @@ --- description: Information about all of the Metrics collected by F5 NGINX Controller Agent. -docs: DOCS-525 +nd-docs: DOCS-525 title: NGINX Controller Metrics Catalog toc: false weight: 20 diff --git a/content/controller/analytics/dashboards/application-health-score.md b/content/controller/analytics/dashboards/application-health-score.md index 5ec0bd4f0..1a4940ffd 100644 --- a/content/controller/analytics/dashboards/application-health-score.md +++ b/content/controller/analytics/dashboards/application-health-score.md @@ -1,6 +1,6 @@ --- description: View and understand the Application Health Score for your application. -docs: DOCS-526 +nd-docs: DOCS-526 title: Understanding the Application Health Score toc: true weight: 20 diff --git a/content/controller/analytics/dashboards/custom-dashboards.md b/content/controller/analytics/dashboards/custom-dashboards.md index 8a4913194..a7593369d 100644 --- a/content/controller/analytics/dashboards/custom-dashboards.md +++ b/content/controller/analytics/dashboards/custom-dashboards.md @@ -1,6 +1,6 @@ --- description: Create custom dashboards to view custom graphs. -docs: DOCS-527 +nd-docs: DOCS-527 title: Create Custom Dashboards toc: true weight: 20 diff --git a/content/controller/analytics/dashboards/overview-dashboard.md b/content/controller/analytics/dashboards/overview-dashboard.md index c16a87cc3..e3c9c2073 100644 --- a/content/controller/analytics/dashboards/overview-dashboard.md +++ b/content/controller/analytics/dashboards/overview-dashboard.md @@ -1,7 +1,7 @@ --- description: Learn about the Dashboards that displays cumulative metrics for your NGINX Instances. -docs: DOCS-528 +nd-docs: DOCS-528 title: Analytics Overview toc: true weight: 10 diff --git a/content/controller/analytics/data-explorer/how-to-use.md b/content/controller/analytics/data-explorer/how-to-use.md index 2d9129225..2efebdc8a 100644 --- a/content/controller/analytics/data-explorer/how-to-use.md +++ b/content/controller/analytics/data-explorer/how-to-use.md @@ -1,7 +1,7 @@ --- description: Use the Data Explorer to examine the metrics that F5 NGINX Controller collects. -docs: DOCS-529 +nd-docs: DOCS-529 title: How To Use the Data Explorer toc: true weight: 20 diff --git a/content/controller/analytics/events/view-events.md b/content/controller/analytics/events/view-events.md index 39babcac8..a2baabfbe 100644 --- a/content/controller/analytics/events/view-events.md +++ b/content/controller/analytics/events/view-events.md @@ -1,6 +1,6 @@ --- description: View the audit log of system and user actions. -docs: DOCS-530 +nd-docs: DOCS-530 title: View Events toc: true weight: 20 diff --git a/content/controller/analytics/forwarders/forward-analytics-to-datadog.md b/content/controller/analytics/forwarders/forward-analytics-to-datadog.md index 93527425e..852b44b7b 100644 --- a/content/controller/analytics/forwarders/forward-analytics-to-datadog.md +++ b/content/controller/analytics/forwarders/forward-analytics-to-datadog.md @@ -1,6 +1,6 @@ --- description: How to forward Analytics data to Datadog. -docs: DOCS-531 +nd-docs: DOCS-531 title: Forward Analytics Data to Datadog toc: true weight: 100 diff --git a/content/controller/analytics/forwarders/forward-analytics-to-otlp.md b/content/controller/analytics/forwarders/forward-analytics-to-otlp.md index ea705f2d9..838073a53 100644 --- a/content/controller/analytics/forwarders/forward-analytics-to-otlp.md +++ b/content/controller/analytics/forwarders/forward-analytics-to-otlp.md @@ -1,6 +1,6 @@ --- description: How to forward Analytics Metrics to OpenTelemetry Collector. -docs: DOCS-532 +nd-docs: DOCS-532 title: Forward Analytics Metrics to OpenTelemetry Collector toc: true weight: 201 diff --git a/content/controller/analytics/forwarders/forward-analytics-to-splunk.md b/content/controller/analytics/forwarders/forward-analytics-to-splunk.md index 81d2cfcd2..5c48c0e73 100644 --- a/content/controller/analytics/forwarders/forward-analytics-to-splunk.md +++ b/content/controller/analytics/forwarders/forward-analytics-to-splunk.md @@ -1,6 +1,6 @@ --- description: How to forward Analytics data to Splunk. -docs: DOCS-533 +nd-docs: DOCS-533 title: Forward Analytics Data to Splunk toc: true weight: 200 diff --git a/content/controller/analytics/forwarders/forward-analytics-to-syslog.md b/content/controller/analytics/forwarders/forward-analytics-to-syslog.md index 669046a4d..f135c3322 100644 --- a/content/controller/analytics/forwarders/forward-analytics-to-syslog.md +++ b/content/controller/analytics/forwarders/forward-analytics-to-syslog.md @@ -1,6 +1,6 @@ --- description: How to forward Analytics Events to Syslog. -docs: DOCS-534 +nd-docs: DOCS-534 title: Forward Analytics Events to Syslog toc: true weight: 201 diff --git a/content/controller/analytics/metrics/metrics-api.md b/content/controller/analytics/metrics/metrics-api.md index 29f5cef7b..867c62308 100644 --- a/content/controller/analytics/metrics/metrics-api.md +++ b/content/controller/analytics/metrics/metrics-api.md @@ -1,7 +1,7 @@ --- description: Tips and tricks for using the Metrics API query parameters to refine your data. -docs: DOCS-535 +nd-docs: DOCS-535 title: Using the Metrics API toc: true weight: 50 diff --git a/content/controller/analytics/metrics/overview-metrics-metadata.md b/content/controller/analytics/metrics/overview-metrics-metadata.md index cec6969a1..72e0382a6 100644 --- a/content/controller/analytics/metrics/overview-metrics-metadata.md +++ b/content/controller/analytics/metrics/overview-metrics-metadata.md @@ -1,7 +1,7 @@ --- description: Understanding how the F5 NGINX Controller Agent collects and reports metrics and metadata. -docs: DOCS-536 +nd-docs: DOCS-536 title: 'Overview: Metrics and Metadata' toc: true weight: 20 diff --git a/content/controller/analytics/metrics/overview-traffic-metrics.md b/content/controller/analytics/metrics/overview-traffic-metrics.md index b1d871a6d..7df193b20 100644 --- a/content/controller/analytics/metrics/overview-traffic-metrics.md +++ b/content/controller/analytics/metrics/overview-traffic-metrics.md @@ -1,6 +1,6 @@ --- description: Understanding how traffic metrics are collected, aggregated, and reported. -docs: DOCS-537 +nd-docs: DOCS-537 title: 'Overview: Traffic Metrics' toc: true weight: 100 diff --git a/content/controller/analytics/metrics/view-traffic-metrics.md b/content/controller/analytics/metrics/view-traffic-metrics.md index b63268ff9..055658de3 100644 --- a/content/controller/analytics/metrics/view-traffic-metrics.md +++ b/content/controller/analytics/metrics/view-traffic-metrics.md @@ -1,6 +1,6 @@ --- description: How to view the traffic metrics gathered by NGINX Controller Analytics. -docs: DOCS-538 +nd-docs: DOCS-538 title: View Traffic Metrics toc: true weight: 150 diff --git a/content/controller/analytics/view-app-security-analytics.md b/content/controller/analytics/view-app-security-analytics.md index c26533250..2d9407d5b 100644 --- a/content/controller/analytics/view-app-security-analytics.md +++ b/content/controller/analytics/view-app-security-analytics.md @@ -1,6 +1,6 @@ --- description: How to view App Security Analytics. -docs: DOCS-539 +nd-docs: DOCS-539 title: View App Security Analytics toc: true weight: 500 diff --git a/content/controller/api-management/manage-apis.md b/content/controller/api-management/manage-apis.md index a16e213ac..1ee149fb0 100644 --- a/content/controller/api-management/manage-apis.md +++ b/content/controller/api-management/manage-apis.md @@ -1,7 +1,7 @@ --- description: Use the F5 NGINX Controller API Manager to add APIs and control how your APIs are exposed and consumed. -docs: DOCS-569 +nd-docs: DOCS-569 title: Manage Your APIs toc: true weight: 110 diff --git a/content/controller/api-management/manage-dev-portals.md b/content/controller/api-management/manage-dev-portals.md index 3caa8b685..6bf5fdc68 100644 --- a/content/controller/api-management/manage-dev-portals.md +++ b/content/controller/api-management/manage-dev-portals.md @@ -1,6 +1,6 @@ --- description: Learn how to create and manage Developer Portals for your API documentation. -docs: DOCS-570 +nd-docs: DOCS-570 title: Manage Developer Portals toc: true weight: 120 diff --git a/content/controller/api/overview.md b/content/controller/api/overview.md index c5812a63e..1610f6021 100644 --- a/content/controller/api/overview.md +++ b/content/controller/api/overview.md @@ -1,6 +1,6 @@ --- description: Provides information about the F5 NGINX Controller API. -docs: DOCS-343 +nd-docs: DOCS-343 layout: docs title: API Overview toc: true diff --git a/content/controller/api/reference/ctlr-adc-api.md b/content/controller/api/reference/ctlr-adc-api.md index 4683b5e48..e1226fa0f 100644 --- a/content/controller/api/reference/ctlr-adc-api.md +++ b/content/controller/api/reference/ctlr-adc-api.md @@ -1,7 +1,7 @@ --- description: Represents the state of the F5 NGINX Controller Application Delivery REST API. -docs: DOCS-1280 +nd-docs: DOCS-1280 type: - reference doctypes: diff --git a/content/controller/api/reference/ctlr-analytics-api.md b/content/controller/api/reference/ctlr-analytics-api.md index b01f0fdbf..b1d69e9bb 100644 --- a/content/controller/api/reference/ctlr-analytics-api.md +++ b/content/controller/api/reference/ctlr-analytics-api.md @@ -1,6 +1,6 @@ --- description: Represents the state of the F5 NGINX Controller Analytics REST API. -docs: DOCS-1279 +nd-docs: DOCS-1279 type: - reference doctypes: diff --git a/content/controller/api/reference/ctlr-apim-api.md b/content/controller/api/reference/ctlr-apim-api.md index b4dfa40ce..0b673cb8d 100644 --- a/content/controller/api/reference/ctlr-apim-api.md +++ b/content/controller/api/reference/ctlr-apim-api.md @@ -1,6 +1,6 @@ --- description: Represents the state of the F5 NGINX Controller API Management REST API. -docs: DOCS-1281 +nd-docs: DOCS-1281 type: - reference doctypes: diff --git a/content/controller/api/reference/ctlr-platform-api.md b/content/controller/api/reference/ctlr-platform-api.md index c999e18d1..d64ad61f5 100644 --- a/content/controller/api/reference/ctlr-platform-api.md +++ b/content/controller/api/reference/ctlr-platform-api.md @@ -1,6 +1,6 @@ --- description: Represents the state of the F5 NGINX Controller Platform REST API. -docs: DOCS-1278 +nd-docs: DOCS-1278 doctypes: - reference type: redoc diff --git a/content/controller/app-delivery/about-app-delivery.md b/content/controller/app-delivery/about-app-delivery.md index e63b24722..81e50b6fb 100644 --- a/content/controller/app-delivery/about-app-delivery.md +++ b/content/controller/app-delivery/about-app-delivery.md @@ -1,6 +1,6 @@ --- description: Learn about F5 NGINX Controller Application Delivery concepts. -docs: DOCS-474 +nd-docs: DOCS-474 title: About Application Delivery toc: true weight: 100 diff --git a/content/controller/app-delivery/about-caching.md b/content/controller/app-delivery/about-caching.md index e4b39ef17..3a58056ad 100644 --- a/content/controller/app-delivery/about-caching.md +++ b/content/controller/app-delivery/about-caching.md @@ -1,7 +1,7 @@ --- description: Learn how F5 NGINX Controller handles caching configurations and what NGINX cache directives are supported. -docs: DOCS-339 +nd-docs: DOCS-339 title: About Caching toc: true weight: 200 diff --git a/content/controller/app-delivery/about-snippets.md b/content/controller/app-delivery/about-snippets.md index 8afb6b974..21eb1e83b 100644 --- a/content/controller/app-delivery/about-snippets.md +++ b/content/controller/app-delivery/about-snippets.md @@ -1,5 +1,5 @@ --- -docs: DOCS-340 +nd-docs: DOCS-340 title: About Snippets toc: true weight: 300 diff --git a/content/controller/app-delivery/deploy-simple-app.md b/content/controller/app-delivery/deploy-simple-app.md index 999742480..37e36fe58 100644 --- a/content/controller/app-delivery/deploy-simple-app.md +++ b/content/controller/app-delivery/deploy-simple-app.md @@ -1,6 +1,6 @@ --- description: Overview of the steps required to deploy a simple App. -docs: DOCS-477 +nd-docs: DOCS-477 title: Deploy a Simple Application toc: true weight: 400 diff --git a/content/controller/app-delivery/manage-apps.md b/content/controller/app-delivery/manage-apps.md index da56c055d..1462c8f25 100644 --- a/content/controller/app-delivery/manage-apps.md +++ b/content/controller/app-delivery/manage-apps.md @@ -1,6 +1,6 @@ --- description: Create, view, and edit Apps and Components. -docs: DOCS-478 +nd-docs: DOCS-478 title: Manage Apps & Components toc: true weight: 300 diff --git a/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md b/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md index 12105faae..f701a423d 100644 --- a/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md +++ b/content/controller/app-delivery/security/concepts/app-sec-default-policy-original.md @@ -1,7 +1,7 @@ --- description: Learn about the default protections provided by F5 NGINX Controller App Security. -docs: DOCS-479 +nd-docs: DOCS-479 title: Default WAF Policy toc: true weight: 200 diff --git a/content/controller/app-delivery/security/concepts/app-sec-metrics.md b/content/controller/app-delivery/security/concepts/app-sec-metrics.md index 99ce76f41..fe7798b33 100644 --- a/content/controller/app-delivery/security/concepts/app-sec-metrics.md +++ b/content/controller/app-delivery/security/concepts/app-sec-metrics.md @@ -1,7 +1,7 @@ --- description: Learn about the F5 NGINX Controller Application Security metrics and events. -docs: DOCS-480 +nd-docs: DOCS-480 title: App Security Metrics toc: true weight: 400 diff --git a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md index 2441867ff..f14497b08 100644 --- a/content/controller/app-delivery/security/concepts/bring-your-own-policy.md +++ b/content/controller/app-delivery/security/concepts/bring-your-own-policy.md @@ -1,7 +1,7 @@ --- description: Learn how to use your own F5 NGINX App Protect WAF policies with NGINX Controller. -docs: DOCS-481 +nd-docs: DOCS-481 title: Bring Your Own WAF Policy toc: true weight: 300 diff --git a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md index 761e2f779..9933ec89a 100644 --- a/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md +++ b/content/controller/app-delivery/security/concepts/extend-app-security-snippets.md @@ -1,7 +1,7 @@ --- description: Learn how to extend your App Security configurations using F5 NGINX Controller Snippets. -docs: DOCS-338 +nd-docs: DOCS-338 title: Extend App Security with Snippets toc: true weight: 400 diff --git a/content/controller/app-delivery/security/concepts/what-is-waf.md b/content/controller/app-delivery/security/concepts/what-is-waf.md index 51e8214ae..3aede1a1a 100644 --- a/content/controller/app-delivery/security/concepts/what-is-waf.md +++ b/content/controller/app-delivery/security/concepts/what-is-waf.md @@ -1,6 +1,6 @@ --- description: Overview of the App Security module's WAF feature. -docs: DOCS-483 +nd-docs: DOCS-483 title: About App Security toc: true weight: 100 diff --git a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md index e2b31f6e4..29fbc7280 100644 --- a/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md +++ b/content/controller/app-delivery/security/tutorials/add-app-security-with-waf.md @@ -1,6 +1,6 @@ --- description: How to add F5 NGINX Controller App Security to your applications. -docs: DOCS-484 +nd-docs: DOCS-484 title: Manage App Security toc: true weight: 100 diff --git a/content/controller/app-delivery/security/tutorials/set-waf-monitor-mode.md b/content/controller/app-delivery/security/tutorials/set-waf-monitor-mode.md index aa4788632..616aa7070 100644 --- a/content/controller/app-delivery/security/tutorials/set-waf-monitor-mode.md +++ b/content/controller/app-delivery/security/tutorials/set-waf-monitor-mode.md @@ -1,7 +1,7 @@ --- description: How to use F5 NGINX Controller App Security to monitor or block security violations. -docs: DOCS-485 +nd-docs: DOCS-485 title: Set Up App Security Monitor Mode toc: true weight: 200 diff --git a/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md b/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md index 87de7192e..0a28a751e 100644 --- a/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md +++ b/content/controller/app-delivery/security/tutorials/tune-waf-for-app.md @@ -1,6 +1,6 @@ --- description: How to tune WAF for your App. -docs: DOCS-486 +nd-docs: DOCS-486 title: Manage WAF Tuning for App Components toc: true weight: 300 diff --git a/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md b/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md index dc043934d..6249fe5b9 100644 --- a/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md +++ b/content/controller/app-delivery/security/tutorials/using-rbac-with-app-security.md @@ -1,6 +1,6 @@ --- description: How to use Role Based Access Control with App Security. -docs: DOCS-845 +nd-docs: DOCS-845 title: Using RBAC with the App Security Add-On toc: true weight: 400 diff --git a/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md b/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md index ae20f8d92..2bdafffd0 100644 --- a/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md +++ b/content/controller/app-delivery/security/tutorials/view-app-security-analytics.md @@ -1,6 +1,6 @@ --- description: How to view App Security Analytics. -docs: DOCS-487 +nd-docs: DOCS-487 title: View App Security Analytics toc: true weight: 500 diff --git a/content/controller/infrastructure/instances/add-aws-instance.md b/content/controller/infrastructure/instances/add-aws-instance.md index 1f558cc5a..fc8dacba6 100644 --- a/content/controller/infrastructure/instances/add-aws-instance.md +++ b/content/controller/infrastructure/instances/add-aws-instance.md @@ -1,6 +1,6 @@ --- description: Learn how to deploy an AWS F5 NGINX instance using NGINX Controller. -docs: DOCS-768 +nd-docs: DOCS-768 title: Add an AWS NGINX Instance toc: true weight: 30 diff --git a/content/controller/infrastructure/instances/add-azure-instance.md b/content/controller/infrastructure/instances/add-azure-instance.md index a537cee78..c5b222733 100644 --- a/content/controller/infrastructure/instances/add-azure-instance.md +++ b/content/controller/infrastructure/instances/add-azure-instance.md @@ -1,6 +1,6 @@ --- description: Learn how to deploy an Azure NGINX instance using F5 NGINX Controller. -docs: DOCS-769 +nd-docs: DOCS-769 title: Add an Azure NGINX Instance toc: true weight: 35 diff --git a/content/controller/infrastructure/instances/add-nap-instance.md b/content/controller/infrastructure/instances/add-nap-instance.md index 6a18eb991..9d6c5f63f 100644 --- a/content/controller/infrastructure/instances/add-nap-instance.md +++ b/content/controller/infrastructure/instances/add-nap-instance.md @@ -1,7 +1,7 @@ --- description: Learn how to register an F5 NGINX App Protect instance with NGINX Controller for use with the ADC module. -docs: DOCS-770 +nd-docs: DOCS-770 title: Add an NGINX App Protect Instance toc: true weight: 20 diff --git a/content/controller/infrastructure/instances/add-vsphere-instance.md b/content/controller/infrastructure/instances/add-vsphere-instance.md index 1a2ae31eb..30ec206ed 100644 --- a/content/controller/infrastructure/instances/add-vsphere-instance.md +++ b/content/controller/infrastructure/instances/add-vsphere-instance.md @@ -1,6 +1,6 @@ --- description: Learn how to deploy a vSphere NGINX instance using F5 NGINX Controller. -docs: DOCS-771 +nd-docs: DOCS-771 title: Add a vSphere NGINX Instance toc: true weight: 35 diff --git a/content/controller/infrastructure/instances/analyzer.md b/content/controller/infrastructure/instances/analyzer.md index 2afeaf0e3..b98aecdc4 100644 --- a/content/controller/infrastructure/instances/analyzer.md +++ b/content/controller/infrastructure/instances/analyzer.md @@ -1,6 +1,6 @@ --- description: View graphs and system reports for your Instances. -docs: DOCS-772 +nd-docs: DOCS-772 title: View Performance Reports for Your Instances toc: true weight: 60 diff --git a/content/controller/infrastructure/instances/graphs.md b/content/controller/infrastructure/instances/graphs.md index 96d4e7440..a2d43805c 100644 --- a/content/controller/infrastructure/instances/graphs.md +++ b/content/controller/infrastructure/instances/graphs.md @@ -1,6 +1,6 @@ --- description: View key metrics for all of your monitored systems. -docs: DOCS-773 +nd-docs: DOCS-773 title: View System Metrics Graphs toc: true weight: 70 diff --git a/content/controller/infrastructure/instances/ha-data-plane.md b/content/controller/infrastructure/instances/ha-data-plane.md index 7420a7e59..2d7c1e757 100644 --- a/content/controller/infrastructure/instances/ha-data-plane.md +++ b/content/controller/infrastructure/instances/ha-data-plane.md @@ -1,7 +1,7 @@ --- description: Learn how to configure a high-availability data plane for your apps in on-premises deployments using F5 NGINX Controller, NGINX Plus, and keepalived. -docs: DOCS-774 +nd-docs: DOCS-774 title: Set Up Data Plane High Availability toc: true weight: 40 diff --git a/content/controller/infrastructure/instances/manage-containerized-instances.md b/content/controller/infrastructure/instances/manage-containerized-instances.md index 83329e067..68a4796be 100644 --- a/content/controller/infrastructure/instances/manage-containerized-instances.md +++ b/content/controller/infrastructure/instances/manage-containerized-instances.md @@ -1,7 +1,7 @@ --- description: How to set up Kubernetes-native API Gateways using Instance Groups (requires the API Management module). -docs: DOCS-775 +nd-docs: DOCS-775 title: Manage Containerized Instances toc: true weight: 15 diff --git a/content/controller/infrastructure/instances/manage-instance-templates.md b/content/controller/infrastructure/instances/manage-instance-templates.md index cb55716d2..5af936c72 100644 --- a/content/controller/infrastructure/instances/manage-instance-templates.md +++ b/content/controller/infrastructure/instances/manage-instance-templates.md @@ -1,6 +1,6 @@ --- description: Create and manage templates for your F5 NGINX Plus instances. -docs: DOCS-776 +nd-docs: DOCS-776 title: Manage Your Instance Templates toc: true weight: 50 diff --git a/content/controller/infrastructure/instances/manage-instances.md b/content/controller/infrastructure/instances/manage-instances.md index 402215ce1..9042b12c5 100644 --- a/content/controller/infrastructure/instances/manage-instances.md +++ b/content/controller/infrastructure/instances/manage-instances.md @@ -1,6 +1,6 @@ --- description: Use the Instance Overview page to view and manage your F5 NGINX Instances. -docs: DOCS-777 +nd-docs: DOCS-777 title: Manage Your NGINX Instances toc: true weight: 10 diff --git a/content/controller/infrastructure/locations/manage-locations.md b/content/controller/infrastructure/locations/manage-locations.md index e9bfa813d..d9dbd175c 100644 --- a/content/controller/infrastructure/locations/manage-locations.md +++ b/content/controller/infrastructure/locations/manage-locations.md @@ -1,6 +1,6 @@ --- description: Create and manage Locations for your F5 NGINX Instances. -docs: DOCS-778 +nd-docs: DOCS-778 title: Manage Locations toc: true weight: 10 diff --git a/content/controller/platform/about/get-controller-version.md b/content/controller/platform/about/get-controller-version.md index 32df5daf1..39cd5840c 100644 --- a/content/controller/platform/about/get-controller-version.md +++ b/content/controller/platform/about/get-controller-version.md @@ -1,6 +1,6 @@ --- description: How to look up the version details for F5 NGINX Controller and its components. -docs: DOCS-780 +nd-docs: DOCS-780 title: Look Up Version Information toc: true weight: 130 diff --git a/content/controller/platform/about/what-is-controller.md b/content/controller/platform/about/what-is-controller.md index 8f3089c4b..fa5ee4c8e 100644 --- a/content/controller/platform/about/what-is-controller.md +++ b/content/controller/platform/about/what-is-controller.md @@ -1,6 +1,6 @@ --- description: Overview of F5 NGINX Controller. -docs: DOCS-781 +nd-docs: DOCS-781 title: Get to Know NGINX Controller toc: true weight: 100 diff --git a/content/controller/platform/access-management/manage-active-directory-auth-provider.md b/content/controller/platform/access-management/manage-active-directory-auth-provider.md index b5ef6a79d..8eeedb348 100644 --- a/content/controller/platform/access-management/manage-active-directory-auth-provider.md +++ b/content/controller/platform/access-management/manage-active-directory-auth-provider.md @@ -1,7 +1,7 @@ --- description: Set up Active Directory authentication for F5 NGINX Controller using OIDC with Microsoft Entra or LDAP, LDAPs, and StartTLS with Windows Active Directory. -docs: DOCS-782 +nd-docs: DOCS-782 title: Configure Active Directory Integration toc: true weight: 10 diff --git a/content/controller/platform/access-management/manage-roles.md b/content/controller/platform/access-management/manage-roles.md index bffb8654e..166fb8e77 100644 --- a/content/controller/platform/access-management/manage-roles.md +++ b/content/controller/platform/access-management/manage-roles.md @@ -1,6 +1,6 @@ --- description: Create and manage Roles and Role Groups. -docs: DOCS-783 +nd-docs: DOCS-783 title: Manage Roles and Role Groups toc: true weight: 30 diff --git a/content/controller/platform/access-management/manage-users.md b/content/controller/platform/access-management/manage-users.md index fa3f8b087..4ff0d6fd0 100644 --- a/content/controller/platform/access-management/manage-users.md +++ b/content/controller/platform/access-management/manage-users.md @@ -1,6 +1,6 @@ --- description: Create and manage User resources. -docs: DOCS-784 +nd-docs: DOCS-784 title: Manage Users toc: true weight: 20 diff --git a/content/controller/platform/integrations/aws-integration.md b/content/controller/platform/integrations/aws-integration.md index 9d4a2e0e9..98f44a9eb 100644 --- a/content/controller/platform/integrations/aws-integration.md +++ b/content/controller/platform/integrations/aws-integration.md @@ -1,6 +1,6 @@ --- description: Integrate F5 NGINX Controller with Amazon Web Services. -docs: DOCS-785 +nd-docs: DOCS-785 title: AWS Integration toc: true weight: 20 diff --git a/content/controller/platform/integrations/big-ip-self-service.md b/content/controller/platform/integrations/big-ip-self-service.md index adb9e1d0b..66acd46c5 100644 --- a/content/controller/platform/integrations/big-ip-self-service.md +++ b/content/controller/platform/integrations/big-ip-self-service.md @@ -1,6 +1,6 @@ --- description: Integrate F5 NGINX Controller with a BIG-IP cluster. -docs: DOCS-786 +nd-docs: DOCS-786 title: BIG-IP Integration toc: true weight: 20 diff --git a/content/controller/platform/integrations/datadog-integration.md b/content/controller/platform/integrations/datadog-integration.md index 18f41e82b..47ceb8bc8 100644 --- a/content/controller/platform/integrations/datadog-integration.md +++ b/content/controller/platform/integrations/datadog-integration.md @@ -1,6 +1,6 @@ --- description: Create a Datadog Integration for F5 NGINX Controller. -docs: DOCS-564 +nd-docs: DOCS-564 title: Datadog Integration weight: 30 --- diff --git a/content/controller/platform/integrations/otlp-integration.md b/content/controller/platform/integrations/otlp-integration.md index 95f66b7a0..4f898317e 100644 --- a/content/controller/platform/integrations/otlp-integration.md +++ b/content/controller/platform/integrations/otlp-integration.md @@ -1,6 +1,6 @@ --- description: Create an OpenTelemetry Protocol (OTLP) Integration for F5 NGINX Controller. -docs: DOCS-565 +nd-docs: DOCS-565 title: OTLP Integration weight: 30 --- diff --git a/content/controller/platform/integrations/splunk-integration.md b/content/controller/platform/integrations/splunk-integration.md index 81bcdd06a..5ae9b7b8f 100644 --- a/content/controller/platform/integrations/splunk-integration.md +++ b/content/controller/platform/integrations/splunk-integration.md @@ -1,5 +1,5 @@ --- -docs: DOCS-566 +nd-docs: DOCS-566 title: Splunk Integration weight: 40 --- diff --git a/content/controller/platform/integrations/syslog-integration.md b/content/controller/platform/integrations/syslog-integration.md index 939dff7c2..00f5787ce 100644 --- a/content/controller/platform/integrations/syslog-integration.md +++ b/content/controller/platform/integrations/syslog-integration.md @@ -1,5 +1,5 @@ --- -docs: DOCS-567 +nd-docs: DOCS-567 title: Syslog Integration weight: 30 --- diff --git a/content/controller/platform/licensing-controller.md b/content/controller/platform/licensing-controller.md index d302723bd..a1b5c8602 100644 --- a/content/controller/platform/licensing-controller.md +++ b/content/controller/platform/licensing-controller.md @@ -1,6 +1,6 @@ --- description: Follow these steps to license your F5 NGINX Controller. -docs: DOCS-787 +nd-docs: DOCS-787 title: License NGINX Controller toc: true weight: 120 diff --git a/content/controller/platform/maintenance/changing-ip-address.md b/content/controller/platform/maintenance/changing-ip-address.md index 5377f8752..8d4cf28a2 100644 --- a/content/controller/platform/maintenance/changing-ip-address.md +++ b/content/controller/platform/maintenance/changing-ip-address.md @@ -1,6 +1,6 @@ --- description: Learn how to safely change the management IP of F5 NGINX Controller. -docs: DOCS-779 +nd-docs: DOCS-779 title: Changing the IP address toc: true weight: 135 diff --git a/content/controller/platform/manage-cluster.md b/content/controller/platform/manage-cluster.md index c187e0c3e..b5e2bf6ef 100644 --- a/content/controller/platform/manage-cluster.md +++ b/content/controller/platform/manage-cluster.md @@ -1,7 +1,7 @@ --- description: Learn how to add and manage additional F5 NGINX Controller nodes to create a resilient cluster. -docs: DOCS-788 +nd-docs: DOCS-788 title: Manage Your Cluster toc: true weight: 140 diff --git a/content/controller/releases/adc/adc-release-notes-3.20.1.md b/content/controller/releases/adc/adc-release-notes-3.20.1.md index 3d3d02852..d9ee49128 100644 --- a/content/controller/releases/adc/adc-release-notes-3.20.1.md +++ b/content/controller/releases/adc/adc-release-notes-3.20.1.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-362 +nd-docs: DOCS-362 title: Release Notes 3.20.1 toc: true weight: 99 diff --git a/content/controller/releases/adc/adc-release-notes-3.20.md b/content/controller/releases/adc/adc-release-notes-3.20.md index eeb4b45ac..9c446f0af 100644 --- a/content/controller/releases/adc/adc-release-notes-3.20.md +++ b/content/controller/releases/adc/adc-release-notes-3.20.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-363 +nd-docs: DOCS-363 title: Release Notes 3.20.0 toc: true weight: 100 diff --git a/content/controller/releases/adc/adc-release-notes-3.21.md b/content/controller/releases/adc/adc-release-notes-3.21.md index 1f8fdacc4..6356e2b1b 100644 --- a/content/controller/releases/adc/adc-release-notes-3.21.md +++ b/content/controller/releases/adc/adc-release-notes-3.21.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-364 +nd-docs: DOCS-364 title: Release Notes 3.21.0 toc: true weight: 98 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.1.md b/content/controller/releases/adc/adc-release-notes-3.22.1.md index be4725b06..1edfce2a2 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.1.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.1.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-834 +nd-docs: DOCS-834 title: Release Notes 3.22.1 toc: true weight: 96 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.2.md b/content/controller/releases/adc/adc-release-notes-3.22.2.md index 5c34ef08d..be60921c1 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.2.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.2.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-844 +nd-docs: DOCS-844 title: Release Notes 3.22.2 toc: true weight: 95 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.3.md b/content/controller/releases/adc/adc-release-notes-3.22.3.md index 2e5b929a0..f2cd355dd 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.3.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.3.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-903 +nd-docs: DOCS-903 title: Release Notes 3.22.3 toc: true weight: 94 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.4.md b/content/controller/releases/adc/adc-release-notes-3.22.4.md index d9a643241..b3e57e438 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.4.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.4.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-904 +nd-docs: DOCS-904 title: Release Notes 3.22.4 toc: true weight: 93 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.5.md b/content/controller/releases/adc/adc-release-notes-3.22.5.md index 1a2d67d64..62d7320f4 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.5.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.5.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-945 +nd-docs: DOCS-945 title: Release Notes 3.22.5 toc: true weight: 92 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.6.md b/content/controller/releases/adc/adc-release-notes-3.22.6.md index 75d6bd8ac..ccc955ea1 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.6.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.6.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-1086 +nd-docs: DOCS-1086 title: Release Notes 3.22.6 toc: true weight: 91 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.7.md b/content/controller/releases/adc/adc-release-notes-3.22.7.md index a1883fb55..4c6c304d9 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.7.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.7.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-1388 +nd-docs: DOCS-1388 title: Release Notes 3.22.7 toc: true weight: 90 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.8.md b/content/controller/releases/adc/adc-release-notes-3.22.8.md index 43d27fea1..2b5615851 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.8.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.8.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-1128 +nd-docs: DOCS-1128 title: Release Notes 3.22.8 toc: true weight: 89 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.9.md b/content/controller/releases/adc/adc-release-notes-3.22.9.md index 7a073233a..dc2273c0a 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.9.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.9.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-1341 +nd-docs: DOCS-1341 title: Release Notes 3.22.9 toc: true weight: 88 diff --git a/content/controller/releases/adc/adc-release-notes-3.22.md b/content/controller/releases/adc/adc-release-notes-3.22.md index 3aa65aa56..c6766cdb9 100644 --- a/content/controller/releases/adc/adc-release-notes-3.22.md +++ b/content/controller/releases/adc/adc-release-notes-3.22.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller Application Delivery Module. -docs: DOCS-833 +nd-docs: DOCS-833 title: Release Notes 3.22.0 toc: true weight: 97 diff --git a/content/controller/releases/apim/apim-release-notes-3.18.1.md b/content/controller/releases/apim/apim-release-notes-3.18.1.md index daa7f82d4..95a88a006 100644 --- a/content/controller/releases/apim/apim-release-notes-3.18.1.md +++ b/content/controller/releases/apim/apim-release-notes-3.18.1.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-365 +nd-docs: DOCS-365 title: Release Notes 3.18.1 toc: true weight: 99 diff --git a/content/controller/releases/apim/apim-release-notes-3.18.md b/content/controller/releases/apim/apim-release-notes-3.18.md index 4e165a625..c76b7d9ab 100644 --- a/content/controller/releases/apim/apim-release-notes-3.18.md +++ b/content/controller/releases/apim/apim-release-notes-3.18.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-366 +nd-docs: DOCS-366 title: Release Notes 3.18.0 toc: true weight: 100 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.1.md b/content/controller/releases/apim/apim-release-notes-3.19.1.md index 6bb063f3e..a1861b9f2 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.1.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.1.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-367 +nd-docs: DOCS-367 title: Release Notes 3.19.1 toc: true weight: 96 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.2.md b/content/controller/releases/apim/apim-release-notes-3.19.2.md index 8767ed6f3..02d25e6f8 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.2.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.2.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-368 +nd-docs: DOCS-368 title: Release Notes 3.19.2 toc: true weight: 95 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.3.md b/content/controller/releases/apim/apim-release-notes-3.19.3.md index 111d667e4..58766df89 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.3.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.3.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-887 +nd-docs: DOCS-887 title: Release Notes 3.19.3 toc: true weight: 94 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.4.md b/content/controller/releases/apim/apim-release-notes-3.19.4.md index a836bb66f..6ac037e35 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.4.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.4.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-888 +nd-docs: DOCS-888 title: Release Notes 3.19.4 toc: true weight: 93 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.5.md b/content/controller/releases/apim/apim-release-notes-3.19.5.md index 2a8d44b63..f426e942b 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.5.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.5.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-1113 +nd-docs: DOCS-1113 title: Release Notes 3.19.5 toc: true weight: 92 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.6.md b/content/controller/releases/apim/apim-release-notes-3.19.6.md index caa74a837..cc69889cd 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.6.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.6.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-1282 +nd-docs: DOCS-1282 title: Release Notes 3.19.6 toc: true weight: 91 diff --git a/content/controller/releases/apim/apim-release-notes-3.19.md b/content/controller/releases/apim/apim-release-notes-3.19.md index d443b7f00..fb1077f9b 100644 --- a/content/controller/releases/apim/apim-release-notes-3.19.md +++ b/content/controller/releases/apim/apim-release-notes-3.19.md @@ -1,7 +1,7 @@ --- description: These release notes contain information about new features, improvements, known issues, and bug fixes in the NGINX Controller API Management Module. -docs: DOCS-369 +nd-docs: DOCS-369 title: Release Notes 3.19.0 toc: true weight: 97 diff --git a/content/controller/releases/release-notes.md b/content/controller/releases/release-notes.md index f5d74c780..139e644d2 100644 --- a/content/controller/releases/release-notes.md +++ b/content/controller/releases/release-notes.md @@ -1,7 +1,7 @@ --- description: Learn about the new features, enhancements, resolved issues, and known issues in F5 NGINX Controller. -docs: DOCS-370 +nd-docs: DOCS-370 title: NGINX Controller v3.0.0–3.18.3 toc: true weight: 10 diff --git a/content/controller/services/available-policies.md b/content/controller/services/available-policies.md index e8d81dbea..17b49ec6f 100644 --- a/content/controller/services/available-policies.md +++ b/content/controller/services/available-policies.md @@ -1,6 +1,6 @@ --- description: Learn about the policies available for use in the F5 NGINX Controller. -docs: DOCS-568 +nd-docs: DOCS-568 title: Learn About Policies toc: true weight: 130 diff --git a/content/controller/services/manage-certs.md b/content/controller/services/manage-certs.md index 32fcf9bc1..d87d72aab 100644 --- a/content/controller/services/manage-certs.md +++ b/content/controller/services/manage-certs.md @@ -1,6 +1,6 @@ --- description: Create, apply, and mange Certs to use with your environments. -docs: DOCS-371 +nd-docs: DOCS-371 title: Manage Certs toc: true weight: 120 diff --git a/content/controller/services/manage-environments.md b/content/controller/services/manage-environments.md index c381c88b6..5ffa5a3f6 100644 --- a/content/controller/services/manage-environments.md +++ b/content/controller/services/manage-environments.md @@ -1,6 +1,6 @@ --- description: Create and manage environments to use with your apps, gateways, and certs. -docs: DOCS-372 +nd-docs: DOCS-372 title: Manage Environments toc: true weight: 100 diff --git a/content/controller/services/manage-gateways.md b/content/controller/services/manage-gateways.md index 2eb87b8ec..e99d66ae9 100644 --- a/content/controller/services/manage-gateways.md +++ b/content/controller/services/manage-gateways.md @@ -1,6 +1,6 @@ --- description: Create, view, and edit Gateways. -docs: DOCS-373 +nd-docs: DOCS-373 title: Manage Gateways toc: true weight: 120 diff --git a/content/controller/services/manage-identity-providers.md b/content/controller/services/manage-identity-providers.md index 3df64f6d7..e234ca0e5 100644 --- a/content/controller/services/manage-identity-providers.md +++ b/content/controller/services/manage-identity-providers.md @@ -1,6 +1,6 @@ --- description: Create and Manage Identity Providers. -docs: DOCS-571 +nd-docs: DOCS-571 title: Manage Identity Providers toc: true weight: 140 diff --git a/content/controller/services/overview.md b/content/controller/services/overview.md index a073c6a04..caf809da7 100644 --- a/content/controller/services/overview.md +++ b/content/controller/services/overview.md @@ -1,7 +1,7 @@ --- description: Learn about the common tasks and resources that are required to deploy and manage Services using F5 NGINX Controller. -docs: DOCS-374 +nd-docs: DOCS-374 title: Set Up NGINX Controller Services toc: true weight: 10 diff --git a/content/controller/support/contact-support.md b/content/controller/support/contact-support.md index c526b6fed..f440bac71 100644 --- a/content/controller/support/contact-support.md +++ b/content/controller/support/contact-support.md @@ -1,6 +1,6 @@ --- description: Contact information and knowledge resources for F5 NGINX Support. -docs: DOCS-375 +nd-docs: DOCS-375 title: Where to Go for Support toc: true weight: 10 diff --git a/content/controller/support/troubleshooting-controller.md b/content/controller/support/troubleshooting-controller.md index 09cf2eac5..3f0c11e05 100644 --- a/content/controller/support/troubleshooting-controller.md +++ b/content/controller/support/troubleshooting-controller.md @@ -1,7 +1,7 @@ --- description: Steps to take to investigate and fix issues with F5 NGINX Controller and the Controller Agent. -docs: DOCS-376 +nd-docs: DOCS-376 title: Troubleshoot NGINX Controller and the Controller Agent toc: true weight: 100 diff --git a/content/controller/support/troubleshooting-forwarders.md b/content/controller/support/troubleshooting-forwarders.md index ce2ae120f..235579408 100644 --- a/content/controller/support/troubleshooting-forwarders.md +++ b/content/controller/support/troubleshooting-forwarders.md @@ -1,6 +1,6 @@ --- description: Steps to take to investigate and fix issues with data forwarders. -docs: DOCS-377 +nd-docs: DOCS-377 title: Troubleshoot Data Forwarders toc: true weight: 200 diff --git a/content/includes/acm/about/global-policies.md b/content/includes/acm/about/global-policies.md index 6d4e66500..5c5c47df3 100644 --- a/content/includes/acm/about/global-policies.md +++ b/content/includes/acm/about/global-policies.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1283 +nd-docs: DOCS-1283 --- The following table shows the available Global Policies you can use when creating a new cluster. diff --git a/content/includes/acm/how-to/policies-proxy-cluster-intro.md b/content/includes/acm/how-to/policies-proxy-cluster-intro.md index 066e5d1bf..d109bfcf3 100644 --- a/content/includes/acm/how-to/policies-proxy-cluster-intro.md +++ b/content/includes/acm/how-to/policies-proxy-cluster-intro.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1285 +nd-docs: DOCS-1285 --- In API Connectivity Manager, you can apply cluster policies to API Gateways and Developer Portals to further enhance their configuration to meet your requirements. A proxy cluster is a group of instances configured as API Gateways or Developer Portals. Any cluster policy will apply to all instances in a group. diff --git a/content/includes/acm/how-to/policies-proxy-intro.md b/content/includes/acm/how-to/policies-proxy-intro.md index 79053568f..63f57ba84 100644 --- a/content/includes/acm/how-to/policies-proxy-intro.md +++ b/content/includes/acm/how-to/policies-proxy-intro.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1286 +nd-docs: DOCS-1286 --- In API Connectivity Manager, you can apply policies to an API Gateway to further enhance their configuration to meet your requirements. diff --git a/content/includes/acm/openapi-support.md b/content/includes/acm/openapi-support.md index 382b55d4e..1d4393653 100644 --- a/content/includes/acm/openapi-support.md +++ b/content/includes/acm/openapi-support.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1188 +nd-docs: DOCS-1188 --- {{< note >}}API Connectivity Manager supports the [OpenAPI Specification version 3.0 and 3.1](https://swagger.io/specification/). If your spec uses the 2.0 standard, you must convert it before uploading it.{{< /note >}} diff --git a/content/includes/acm/webui-acm-login.md b/content/includes/acm/webui-acm-login.md index ce33502dc..bd38ca740 100644 --- a/content/includes/acm/webui-acm-login.md +++ b/content/includes/acm/webui-acm-login.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1189 +nd-docs: DOCS-1189 --- In a web browser, go to the FQDN for your NGINX Instance Manager host and log in. Then, from the Launchpad menu, select **API Connectivity Manager**. diff --git a/content/includes/agent/about.md b/content/includes/agent/about.md new file mode 100644 index 000000000..abca6d4bb --- /dev/null +++ b/content/includes/agent/about.md @@ -0,0 +1,43 @@ +--- +docs: +files: + - content/agent/about.md + - content/nginx-one/agent/overview/about.md +--- + +F5 NGINX Agent is a lightweight companion daemon designed to work with NGINX One and enable remote management of NGINX instances. It also gathers performance metrics from NGINX and transmits them to the NGINX One Console for enhanced monitoring and control. + +## Key features + +Enable Access to key NGINX One use cases: + + - Seamlessly integrates with essential NGINX One functionality, simplifying access to its core use cases and + enhancing operational workflows. + - [Connects NGINX instances to NGINX One Console]({{< ref "/nginx-one/agent/install-upgrade/install-from-oss-repo.md#connect-an-instance-to-nginx-one-console" >}}) + +Real-time observability into NGINX One data plane instances: + + - Provides live monitoring and actionable insights into the performance, status, and health of NGINX One data plane + instances, improving decision-making and operational efficiency. + - NGINX Agent supports [OpenTelemetry](https://opentelemetry.io/) and the ability to + [export the metrics data]({{< ref "/nginx-one/agent/metrics/configure-otel-metrics.md" >}}) for use in other applications. + + + +### Configuration management + +- NGINX Agent provides an interface that enables users to deploy configuration changes to NGINX instances from a + centralized management plane. +- Additionally, NGINX Agent verifies that the configuration changes are successfully applied to NGINX instances. + +### Metrics collection + +NGINX Agent comes pre-packaged with an embedded OpenTelemetry Collector. This embedded collector gathers vital performance +and health metrics for both NGINX and the underlying instance it operates on. + +For example, it tracks key metrics such as active connections, requests per second, HTTP status codes, and response times. +Additionally, it collects system-level data, including CPU usage, memory consumption, and disk I/O. These insights provide +deep observability into NGINX's behavior, enabling teams to troubleshoot issues effectively, optimize performance, and +maintain high availability. + +By default, the OpenTelemetry Collector is configured to send metrics to NGINX One Console. \ No newline at end of file diff --git a/content/includes/agent/architecture.md b/content/includes/agent/architecture.md new file mode 100644 index 000000000..d09a138be --- /dev/null +++ b/content/includes/agent/architecture.md @@ -0,0 +1,22 @@ +--- +docs: +files: + - content/agent/about.md + - content/nginx-one/agent/overview/about.md +--- + +The figure shows: + +- An NGINX instance running on bare metal, virtual machine or container +- NGINX One Cloud Console includes: + + - Command Server to manage NGINX configurations, push new/updated configuration files remotely, and perform integrity tests. + - OpenTelemetry (OTel) Receiver that receives observability data from connected Agent instances. + +- An NGINX Agent process running on the NGINX instance. NGINX Agent is responsible for: + + - Watching, applying, validating, automatically roll back to last good configuration if issues are detected. + - Embedding an OpenTelemetry Collector, collecting metrics from NGINX processes, host system performance data, then securely passing metric data to NGINX One Cloud Console. + +- Collection and monitoring of host metrics (CPU usage, Memory utilization, Disk I/O) by the Agent OTel collector. +- Collected data is made available on NGINX One Cloud Console for monitoring, alerting, troubleshooting, and capacity planning purposes. diff --git a/content/includes/agent/installation/install-agent-api.md b/content/includes/agent/installation/install-agent-api.md index 15009d21f..5474f995b 100644 --- a/content/includes/agent/installation/install-agent-api.md +++ b/content/includes/agent/installation/install-agent-api.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1031 +nd-docs: DOCS-1031 files: - content/nim/nginx-app-protect/setup-waf-config-management.md --- diff --git a/content/includes/agent/installation/manually-connect-to-console.md b/content/includes/agent/installation/manually-connect-to-console.md new file mode 100644 index 000000000..dc00015bd --- /dev/null +++ b/content/includes/agent/installation/manually-connect-to-console.md @@ -0,0 +1,42 @@ +--- +docs: +files: + - content/nginx-one/agent/install-upgrade/install-from-github.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +If you have installed NGINX Agent manually, you will need to connect it to the +NGINX One Console to manage your NGINX instances. + +1. Ensure NGINX Agent is installed + + ```shell + nginx-agent -v + ``` + +1. Locate the NGINX Agent Configuration File: + + ```shell + /etc/nginx-agent/nginx-agent.conf + ``` + +1. Open the NGINX Agent configuration file in a text editor like vim: + + ```shell + sudo vim /etc/nginx-agent/nginx-agent.conf + ``` + +1. Uncomment the command block, and set the token to your data plane key +1. Save the changes and close the editor +1. Restart the NGINX Agent service: + + ```shell + sudo systemctl restart nginx-agent + ``` + +1. Check the Agent log for `"Agent Connected"` + + ```shell + sudo cat /var/log/nginx-agent/agent.log | grep "Agent connected" + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-alpine.md b/content/includes/agent/installation/oss/oss-alpine.md new file mode 100644 index 000000000..41f4d734a --- /dev/null +++ b/content/includes/agent/installation/oss/oss-alpine.md @@ -0,0 +1,73 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo apk add openssl curl ca-certificates + ``` + +1. To set up the apk repository for `nginx-agent` packages, run the following command: + + ```shell + printf "%s%s%s\n" \ + "http://packages.nginx.org/nginx-agent/alpine/v" \ + `grep -o -E '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | sudo tee -a /etc/apk/repositories + ``` + +1. Next, import an official NGINX signing key so apk can verify the package's +authenticity. Fetch the key: + + ```shell + curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub + ``` + +1. Verify that downloaded file contains the proper key: + + ```shell + openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout + ``` + + The output should contain the following modulus: + + ``` + Public-Key: (2048 bit) + Modulus: + 00:fe:14:f6:0a:1a:b8:86:19:fe:cd:ab:02:9f:58: + 2f:37:70:15:74:d6:06:9b:81:55:90:99:96:cc:70: + 5c:de:5b:e8:4c:b2:0c:47:5b:a8:a2:98:3d:11:b1: + f6:7d:a0:46:df:24:23:c6:d0:24:52:67:ba:69:ab: + 9a:4a:6a:66:2c:db:e1:09:f1:0d:b2:b0:e1:47:1f: + 0a:46:ac:0d:82:f3:3c:8d:02:ce:08:43:19:d9:64: + 86:c4:4e:07:12:c0:5b:43:ba:7d:17:8a:a3:f0:3d: + 98:32:b9:75:66:f4:f0:1b:2d:94:5b:7c:1c:e6:f3: + 04:7f:dd:25:b2:82:a6:41:04:b7:50:93:94:c4:7c: + 34:7e:12:7c:bf:33:54:55:47:8c:42:94:40:8e:34: + 5f:54:04:1d:9e:8c:57:48:d4:b0:f8:e4:03:db:3f: + 68:6c:37:fa:62:14:1c:94:d6:de:f2:2b:68:29:17: + 24:6d:f7:b5:b3:18:79:fd:31:5e:7f:4c:be:c0:99: + 13:cc:e2:97:2b:dc:96:9c:9a:d0:a7:c5:77:82:67: + c9:cb:a9:e7:68:4a:e1:c5:ba:1c:32:0e:79:40:6e: + ef:08:d7:a3:b9:5d:1a:df:ce:1a:c7:44:91:4c:d4: + 99:c8:88:69:b3:66:2e:b3:06:f1:f4:22:d7:f2:5f: + ab:6d + Exponent: 65537 (0x10001) + ``` + +1. Finally, move the key to apk trusted keys storage: + + ```shell + sudo mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/ + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo apk add nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-amazon-linux.md b/content/includes/agent/installation/oss/oss-amazon-linux.md new file mode 100644 index 000000000..3a3f326b8 --- /dev/null +++ b/content/includes/agent/installation/oss/oss-amazon-linux.md @@ -0,0 +1,34 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo yum install yum-utils procps + ``` + +1. To set up the yum repository for Amazon Linux 2, create a file with name +`/etc/yum.repos.d/nginx-agent.repo` with the following contents: + + ```ini + [nginx-agent] + name=nginx agent repo + baseurl=http://packages.nginx.org/nginx-agent/amzn2/$releasever/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo yum install nginx-agent + ``` + +1. When prompted to accept the GPG key, verify that the fingerprint matches +`573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, and if so, accept it. \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-debian.md b/content/includes/agent/installation/oss/oss-debian.md new file mode 100644 index 000000000..1d8913352 --- /dev/null +++ b/content/includes/agent/installation/oss/oss-debian.md @@ -0,0 +1,52 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring + ``` + +1. Import an official nginx signing key so apt can verify the packages authenticity. + Fetch the key: + + ```shell + curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ + | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + ``` + +1. Verify that the downloaded file contains the proper key: + + ```shell + gpg --dry-run --quiet --no-keyring \ + --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg + ``` + + The output should contain the full fingerprint `573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62` + as follows: + + ``` + pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] + 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + uid nginx signing key + ``` + + {{< important >}}If the fingerprint is different, remove the file.{{< /important >}} + +1. Add the `nginx-agent` repository: + + ```shell + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + http://packages.nginx.org/nginx-agent/debian/ `lsb_release -cs` agent" \ | sudo tee /etc/apt/sources.list.d/nginx-agent.list + ``` + +1. To install `nginx-agent`, run the following commands: + + ```shell + sudo apt update + sudo apt install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-freebsd.md b/content/includes/agent/installation/oss/oss-freebsd.md new file mode 100644 index 000000000..31014d5e1 --- /dev/null +++ b/content/includes/agent/installation/oss/oss-freebsd.md @@ -0,0 +1,23 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. To setup the pkg repository create a file with name `/etc/pkg/nginx-agent.conf` +with the following content: + + ```none + nginx-agent: { + URL: pkg+http://packages.nginx.org/nginx-agent/freebsd/${ABI}/latest + ENABLED: true + MIRROR_TYPE: SRV + } + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo pkg install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-rhel.md b/content/includes/agent/installation/oss/oss-rhel.md new file mode 100644 index 000000000..50ae65222 --- /dev/null +++ b/content/includes/agent/installation/oss/oss-rhel.md @@ -0,0 +1,33 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo yum install yum-utils + ``` + +1. To set up the yum repository, create a file with name `/etc/yum.repos.d/nginx-agent.repo` +with the following contents: + + ```ini + [nginx-agent] + name=nginx agent repo + baseurl=http://packages.nginx.org/nginx-agent/centos/$releasever/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo yum install nginx-agent + ``` + + When prompted to accept the GPG key, verify that the fingerprint matches `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, and if so, accept it. \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-sles.md b/content/includes/agent/installation/oss/oss-sles.md new file mode 100644 index 000000000..d6e41c15d --- /dev/null +++ b/content/includes/agent/installation/oss/oss-sles.md @@ -0,0 +1,52 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo zypper install curl ca-certificates gpg2 gawk + ``` + +1. To set up the zypper repository for `nginx-agent` packages, run the following command: + + ```shell + sudo zypper addrepo --gpgcheck --refresh --check \ + 'http://packages.nginx.org/nginx-agent/sles/$releasever_major' nginx-agent + ``` + +1. Next, import an official NGINX signing key so `zypper`/`rpm` can verify the +package's authenticity. Fetch the key: + + ```shell + curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key + ``` + +1. Verify that the downloaded file contains the proper key: + + ```shell + gpg --with-fingerprint --dry-run --quiet --no-keyring --import --import-options import-show /tmp/nginx_signing.key + ``` + +1. The output should contain the full fingerprint `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62` as follows: + + ``` + pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] + 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 + uid nginx signing key + ``` + +1. Finally, import the key to the rpm database: + + ```shell + sudo rpmkeys --import /tmp/nginx_signing.key + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo zypper install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-ubuntu.md b/content/includes/agent/installation/oss/oss-ubuntu.md new file mode 100644 index 000000000..b1f5127c9 --- /dev/null +++ b/content/includes/agent/installation/oss/oss-ubuntu.md @@ -0,0 +1,50 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md +--- + +1. Install the prerequisites: + + ```shell + sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring + ``` + +1. Import an official nginx signing key so apt can verify the packages authenticity. Fetch the key: + + ```shell + curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ + | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + ``` + +1. Verify that the downloaded file contains the proper key: + + ```shell + gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg + ``` + + The output should contain the full fingerprint `573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62` as follows: + + ``` + pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] + 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 + uid nginx signing key + ``` + + {{< important >}}If the fingerprint is different, remove the file.{{< /important >}} + +1. Add the nginx agent repository: + + ```shell + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + http://packages.nginx.org/nginx-agent/ubuntu/ `lsb_release -cs` agent" \ + | sudo tee /etc/apt/sources.list.d/nginx-agent.list + ``` + +1. To install `nginx-agent`, run the following commands: + + ```shell + sudo apt update + sudo apt install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-alpine.md b/content/includes/agent/installation/plus/plus-alpine.md new file mode 100644 index 000000000..6b07cae37 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-alpine.md @@ -0,0 +1,83 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/apk/` directory: + + ```shell + sudo cp nginx-repo.key /etc/apk/cert.key + sudo cp nginx-repo.crt /etc/apk/cert.pem + ``` + +1. Install the prerequisites: + + ```shell + sudo apk add openssl curl ca-certificates + ``` + +1. To set up the apk repository for `nginx-agent` packages, run the following + command: + + ```shell + printf "%s%s%s\n" \ + "https://pkgs.nginx.com/nginx-agent/alpine/v" \ + `grep -o -E '^[0-9]+\.[0-9]+' /etc/alpine-release` \ + "/main" \ + | sudo tee -a /etc/apk/repositories + ``` + +1. Next, import an official NGINX signing key so apk can verify the package's authenticity. Fetch the key: + + ```shell + curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub + ``` + +1. Verify that downloaded file contains the proper key: + + ```shell + openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout + ``` + + The output should contain the following modulus: + + ```none + Public-Key: (2048 bit) + Modulus: + 00:fe:14:f6:0a:1a:b8:86:19:fe:cd:ab:02:9f:58: + 2f:37:70:15:74:d6:06:9b:81:55:90:99:96:cc:70: + 5c:de:5b:e8:4c:b2:0c:47:5b:a8:a2:98:3d:11:b1: + f6:7d:a0:46:df:24:23:c6:d0:24:52:67:ba:69:ab: + 9a:4a:6a:66:2c:db:e1:09:f1:0d:b2:b0:e1:47:1f: + 0a:46:ac:0d:82:f3:3c:8d:02:ce:08:43:19:d9:64: + 86:c4:4e:07:12:c0:5b:43:ba:7d:17:8a:a3:f0:3d: + 98:32:b9:75:66:f4:f0:1b:2d:94:5b:7c:1c:e6:f3: + 04:7f:dd:25:b2:82:a6:41:04:b7:50:93:94:c4:7c: + 34:7e:12:7c:bf:33:54:55:47:8c:42:94:40:8e:34: + 5f:54:04:1d:9e:8c:57:48:d4:b0:f8:e4:03:db:3f: + 68:6c:37:fa:62:14:1c:94:d6:de:f2:2b:68:29:17: + 24:6d:f7:b5:b3:18:79:fd:31:5e:7f:4c:be:c0:99: + 13:cc:e2:97:2b:dc:96:9c:9a:d0:a7:c5:77:82:67: + c9:cb:a9:e7:68:4a:e1:c5:ba:1c:32:0e:79:40:6e: + ef:08:d7:a3:b9:5d:1a:df:ce:1a:c7:44:91:4c:d4: + 99:c8:88:69:b3:66:2e:b3:06:f1:f4:22:d7:f2:5f: + ab:6d + Exponent: 65537 (0x10001) + ``` + +1. Finally, move the key to apk trusted keys storage: + + ```shell + sudo mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/ + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo apk add nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-amazon-linux.md b/content/includes/agent/installation/plus/plus-amazon-linux.md new file mode 100644 index 000000000..505c5c910 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-amazon-linux.md @@ -0,0 +1,50 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the `nginx-repo.crt` and `nginx-repo.key` files to the `/etc/ssl/nginx/` + directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Install the prerequisites: + + ```shell + sudo yum install yum-utils procps ca-certificates + ``` + +1. To set up the yum repository for Amazon Linux 2, create a file with name + `/etc/yum.repos.d/nginx-agent.repo` with the following contents: + + ```ini + [nginx-agent] + name=nginx-agent repo + baseurl=https://pkgs.nginx.com/nginx-agent/amzn2/$releasever/$basearch + sslclientcert=/etc/ssl/nginx/nginx-repo.crt + sslclientkey=/etc/ssl/nginx/nginx-repo.key + gpgcheck=0 + enabled=1 + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo yum install nginx-agent + ``` + +1. When prompted to accept the GPG key, verify that the fingerprint matches + `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, and if so, accept it. \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-debian.md b/content/includes/agent/installation/plus/plus-debian.md new file mode 100644 index 000000000..81e453656 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-debian.md @@ -0,0 +1,50 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/ssl/nginx/` directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Install the prerequisites: + + ```shell + sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring + ``` + +1. Add the `nginx-agent` repository: + + ```shell + echo "deb https://pkgs.nginx.com/nginx-agent/debian/ `lsb_release -cs` agent" \ + | sudo tee /etc/apt/sources.list.d/nginx-agent.list + ``` + +1. Create apt configuration `/etc/apt/apt.conf.d/90pkgs-nginx`: + + ```conf + Acquire::https::pkgs.nginx.com::Verify-Peer "true"; + Acquire::https::pkgs.nginx.com::Verify-Host "true"; + Acquire::https::pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt"; + Acquire::https::pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key"; + ``` + +1. To install `nginx-agent`, run the following commands: + + ```shell + sudo apt update + sudo apt install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-freebsd.md b/content/includes/agent/installation/plus/plus-freebsd.md new file mode 100644 index 000000000..3cb6442e8 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-freebsd.md @@ -0,0 +1,52 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/ssl/nginx/` directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Install the prerequisite `ca_root_nss` package: + + ```shell + sudo pkg install ca_root_nss + ``` + +1. To setup the pkg repository create a file with name `/etc/pkg/nginx-agent.conf` +with the following content: + + ```none + nginx-agent: { + URL: pkg+https://pkgs.nginx.com/nginx-agent/freebsd/${ABI}/latest + ENABLED: yes + MIRROR_TYPE: SRV + } + ``` + +1. Add the following lines to the `/usr/local/etc/pkg.conf` file: + + ```conf + PKG_ENV: { SSL_NO_VERIFY_PEER: "1", + SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", + SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo pkg install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-rhel.md b/content/includes/agent/installation/plus/plus-rhel.md new file mode 100644 index 000000000..8db68e5aa --- /dev/null +++ b/content/includes/agent/installation/plus/plus-rhel.md @@ -0,0 +1,55 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/ssl/nginx/` directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Install the prerequisites: + + ```shell + sudo yum install yum-utils procps + ``` + +1. Set up the yum repository by creating the file `nginx-agent.repo` in + `/etc/yum.repos.d`, for example using `vi`: + + ```shell + sudo vi /etc/yum.repos.d/nginx-agent.repo + ``` + +1. Add the following lines to `nginx-agent.repo`: + + ```ini + [nginx-agent] + name=nginx agent repo + baseurl=https://pkgs.nginx.com/nginx-agent/centos/$releasever/$basearch/ + sslclientcert=/etc/ssl/nginx/nginx-repo.crt + sslclientkey=/etc/ssl/nginx/nginx-repo.key + gpgcheck=0 + enabled=1 + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo yum install nginx-agent + ``` + + When prompted to accept the GPG key, verify that the fingerprint matches + `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62`, and if so, accept it. \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-sles.md b/content/includes/agent/installation/plus/plus-sles.md new file mode 100644 index 000000000..d9e1cd3f0 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-sles.md @@ -0,0 +1,75 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download + your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/ssl/nginx/` directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Create a file bundle of the certificate and key: + + ```shell + cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt + ``` + +1. Install the prerequisites: + + ```shell + sudo zypper install curl ca-certificates gpg2 gawk + ``` + +1. To set up the zypper repository for `nginx-agent` packages, run the following + command: + + ```shell + sudo zypper addrepo --refresh --check \ + 'https://pkgs.nginx.com/nginx-agent/sles/$releasever_major?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer' nginx-agent + ``` + +1. Next, import an official NGINX signing key so `zypper`/`rpm` can verify the + package's authenticity. Fetch the key: + + ```shell + curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key + ``` + +1. Verify that the downloaded file contains the proper key: + + ```shell + gpg --with-fingerprint --dry-run --quiet --no-keyring --import --import-options import-show /tmp/nginx_signing.key + ``` + +1. The output should contain the full fingerprint + `573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62` as follows: + + ```none + pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] + 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 + uid nginx signing key + ``` + +1. Finally, import the key to the rpm database: + + ```shell + sudo rpmkeys --import /tmp/nginx_signing.key + ``` + +1. To install `nginx-agent`, run the following command: + + ```shell + sudo zypper install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-ubuntu.md b/content/includes/agent/installation/plus/plus-ubuntu.md new file mode 100644 index 000000000..e14f84ee7 --- /dev/null +++ b/content/includes/agent/installation/plus/plus-ubuntu.md @@ -0,0 +1,55 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +1. Create the `/etc/ssl/nginx` directory: + + ```shell + sudo mkdir -p /etc/ssl/nginx + ``` + +1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download your `nginx-repo.crt` and `nginx-repo.key` files. + +1. Copy the files to the `/etc/ssl/nginx/` directory: + + ```shell + sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ + ``` + +1. Install the prerequisites: + + ```shell + sudo apt-get install apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring + ``` + +1. Download and add [NGINX signing key](https://cs.nginx.com/static/keys/nginx_signing.key): + + ```shell + wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + ``` + +1. Create `apt` configuration `/etc/apt/apt.conf.d/90pkgs-nginx`: + + ```conf + Acquire::https::pkgs.nginx.com::Verify-Peer "true"; + Acquire::https::pkgs.nginx.com::Verify-Host "true"; + Acquire::https::pkgs.nginx.com::SslCert "/etc/ssl/nginx/nginx-repo.crt"; + Acquire::https::pkgs.nginx.com::SslKey "/etc/ssl/nginx/nginx-repo.key"; + ``` + +1. Add the `nginx-agent` repository: + + ```shell + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/nginx-agent/ubuntu/ `lsb_release -cs` agent" \ + | sudo tee /etc/apt/sources.list.d/nginx-agent.list + ``` + +1. To install `nginx-agent`, run the following commands: + + ```shell + sudo apt update + sudo apt install nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/prerequisites.md b/content/includes/agent/installation/prerequisites.md new file mode 100644 index 000000000..9a91bf9cb --- /dev/null +++ b/content/includes/agent/installation/prerequisites.md @@ -0,0 +1,13 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-github.md + - content/agent/install-upgrade/install-from-oss-repo.md + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +- You must use one of the [supported operating system and architectures]({{< ref "/nginx-one/agent/overview/tech-specs.md#supported-distributions" >}}) +- The user running the NGINX Agent installation must have the same privileges as +the main NGINX process. We recommend **not** running NGINX or NGINX Agent as the root user. \ No newline at end of file diff --git a/content/includes/agent/installation/start-stop-agent.md b/content/includes/agent/installation/start-stop-agent.md new file mode 100644 index 000000000..fdbbbce62 --- /dev/null +++ b/content/includes/agent/installation/start-stop-agent.md @@ -0,0 +1,27 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-github.md + - content/agent/install-upgrade/install-from-oss-repo.md + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +To start NGINX Agent on `systemd` systems, run the following command: + +```shell +sudo systemctl start nginx-agent +``` + +To enable NGINX Agent to start on boot, run the following command: + +```shell +sudo systemctl enable nginx-agent +``` + +To stop NGINX Agent, run the following command: + +```shell +sudo systemctl stop nginx-agent +``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-alpine.md b/content/includes/agent/installation/uninstall/uninstall-alpine.md new file mode 100644 index 000000000..47e6e8d7c --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-alpine.md @@ -0,0 +1,20 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX agent: + +1. Stop NGINX agent: + + ```shell + sudo rc-service nginx-agent stop + ``` + +1. To uninstall NGINX agent, run the following command: + + ```shell + sudo apk del nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md new file mode 100644 index 000000000..8fc2c7eab --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md @@ -0,0 +1,20 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX agent: + +1. Stop NGINX agent: + + ```shell + sudo systemctl stop nginx-agent + ``` + +1. To uninstall NGINX agent, run the following command: + + ```shell + sudo yum remove nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-debian.md b/content/includes/agent/installation/uninstall/uninstall-debian.md new file mode 100644 index 000000000..5a25674d5 --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-debian.md @@ -0,0 +1,22 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX Agent: + +1. Stop NGINX Agent: + + ```shell + sudo systemctl stop nginx-agent + ``` + +1. To uninstall NGINX Agent, run the following command: + + ```shell + sudo apt-get remove nginx-agent + ``` + + {{< note >}} The `apt-get remove ` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge `. {{< /note >}} \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-freebsd.md b/content/includes/agent/installation/uninstall/uninstall-freebsd.md new file mode 100644 index 000000000..ef18d978b --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-freebsd.md @@ -0,0 +1,20 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX agent: + +1. Stop NGINX agent: + + ```shell + sudo service nginx-agent stop + ``` + +1. To uninstall NGINX agent, run the following command: + + ```shell + sudo pkg delete nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-rhel.md b/content/includes/agent/installation/uninstall/uninstall-rhel.md new file mode 100644 index 000000000..4d0a01405 --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-rhel.md @@ -0,0 +1,20 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX Agent: + +1. Stop NGINX Agent: + + ```shell + sudo systemctl stop nginx-agent + ``` + +1. To uninstall NGINX Agent, run the following command: + + ```shell + sudo yum remove nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-sles.md b/content/includes/agent/installation/uninstall/uninstall-sles.md new file mode 100644 index 000000000..c46fef3d9 --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-sles.md @@ -0,0 +1,20 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX Agent: + +1. Stop NGINX agent: + + ```shell + sudo systemctl stop nginx-agent + ``` + +1. To uninstall NGINX agent, run the following command: + + ```shell + sudo zypper remove nginx-agent + ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md new file mode 100644 index 000000000..5a25674d5 --- /dev/null +++ b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md @@ -0,0 +1,22 @@ +--- +docs: +files: + - content/agent/install-upgrade/uninstall.md + - content/nginx-one/agent/install-upgrade/uninstall.md +--- + +Complete the following steps on each host where you've installed NGINX Agent: + +1. Stop NGINX Agent: + + ```shell + sudo systemctl stop nginx-agent + ``` + +1. To uninstall NGINX Agent, run the following command: + + ```shell + sudo apt-get remove nginx-agent + ``` + + {{< note >}} The `apt-get remove ` command will remove the package from your system, while keeping the associated configuration files for possible future use. If you want to completely remove the package and all of its configuration files, you should use `apt-get purge `. {{< /note >}} \ No newline at end of file diff --git a/content/includes/agent/installation/update-container.md b/content/includes/agent/installation/update-container.md new file mode 100644 index 000000000..a974cfbce --- /dev/null +++ b/content/includes/agent/installation/update-container.md @@ -0,0 +1,24 @@ +--- +docs: +files: + - content/agent/install-upgrade/update.md + - content/nginx-one/agent/install-upgrade/update.md +--- + +To migrate NGINX Agent containers, we provide a script to convert NGINX Agent v2 config files to NGINX Agent v3 config files: [NGINX Agent Config Upgrade Script](https://github.com/nginx/agent/blob/v3/scripts/packages/upgrade-agent-config.sh) + +To upgrade the configuration, you can follow this example: + +```shell +wget https://raw.githubusercontent.com/nginx/agent/refs/heads/v3/scripts/packages/upgrade-agent-config.sh +./upgrade-agent-config.sh --v2-config-file=./nginx-agent-v2.conf --v3-config-file=nginx-agent-v3.conf +``` + +If your NGINX Agent container was previously a member of a config sync group, then your NGINX Agent config must be manually updated to add the config sync group label. +See [Add Config Sync Group]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}) for more information. + +### Rolling back from NGINX Agent v3 to v2 + +If you need to roll back your environment to NGINX Agent v2, the upgrade process creates a backup of the NGINX Agent v2 config in the file `/etc/nginx-agent/nginx-agent-v2-backup.conf`. + +Replace the contents of `/etc/nginx-agent/nginx-agent.conf` with the contents of `/etc/nginx-agent/nginx-agent-v2-backup.conf` and then reinstall an older version of NGINX Agent. \ No newline at end of file diff --git a/content/includes/agent/installation/update.md b/content/includes/agent/installation/update.md new file mode 100644 index 000000000..6b6834ae7 --- /dev/null +++ b/content/includes/agent/installation/update.md @@ -0,0 +1,43 @@ +--- +docs: +files: + - content/agent/install-upgrade/update.md + - content/nginx-one/agent/install-upgrade/update.md +--- + + +{{< note >}} If you are using a version **older than NGINX Agent v2.31.0**, you must stop NGINX Agent before updating: + + - `sudo systemctl stop nginx-agent` + +And start it again after the update: + + - `sudo systemctl start nginx-agent` +{{< /note >}} + +Follow the steps below to update NGINX Agent to the latest version. +The same steps apply if you are **upgrading from NGINX Agent v2 to NGINX Agent v3**. + +1. Open an SSH connection to the server where you've installed NGINX Agent. + +1. Make a backup copy of the following locations to ensure that you can successfully recover if the upgrade does not complete + successfully: + + - `/etc/nginx-agent` + - Every configuration directory specfied in `/etc/nginx-agent/nginx-agent.conf` as a `config_dirs` value + +1. Install the updated version of NGINX Agent: + + - CentOS, RHEL, RPM-Based + + ```shell + sudo yum -y makecache + sudo yum update -y nginx-agent + ``` + + - Debian, Ubuntu, Deb-Based + + ```shell + sudo apt-get update + sudo apt-get install -y --only-upgrade nginx-agent -o Dpkg::Options::="--force-confold" + ``` diff --git a/content/includes/agent/installation/verify-agent.md b/content/includes/agent/installation/verify-agent.md new file mode 100644 index 000000000..77facea04 --- /dev/null +++ b/content/includes/agent/installation/verify-agent.md @@ -0,0 +1,21 @@ +--- +docs: +files: + - content/agent/install-upgrade/install-from-github.md + - content/agent/install-upgrade/install-from-oss-repo.md + - content/agent/install-upgrade/install-from-plus-repo.md + - content/nginx-one/agent/install-upgrade/install-from-oss-repo.md + - content/nginx-one/agent/install-upgrade/install-from-plus-repo.md +--- + +Once you have installed NGINX Agent, you can verify that it is running with the +following command: + +```shell +sudo systemctl status nginx-agent +``` + +To check the version installed, run the following command: +```shell +sudo nginx-agent -v +``` \ No newline at end of file diff --git a/content/includes/agent/tech-specs.md b/content/includes/agent/tech-specs.md new file mode 100644 index 000000000..129745c66 --- /dev/null +++ b/content/includes/agent/tech-specs.md @@ -0,0 +1,23 @@ +--- +docs: +files: + - content/agent/tech-specs.md + - content/nginx-one/agent/overview/tech-specs.md +--- + +NGINX Agent is designed to operate efficiently on any system that meets the standard +hardware requirements for running NGINX Plus itself. This ensures compatibility, stability, +and performance aligned with the NGINX core platform: + +### Supported distributions + +{{< include "nginx-plus/supported-distributions.md" >}} + +To see the detailed technical specifications for NGINX Plus, refer to the official +[NGINX Plus documentation]({{< ref "/nginx/technical-specs.md" >}}). + + +### Recommended hardware + +For recommended hardware, see the +[Sizing guide for deploying NGINX Plus on bare metal servers](https://www.f5.com/pdf/deployment-guide/Sizing-Guide-for-Deploying-NGINX-Plus-on-Bare-Metal-Servers-2019-11-09.pdf). \ No newline at end of file diff --git a/content/includes/agent/v3-available.md b/content/includes/agent/v3-available.md new file mode 100644 index 000000000..66e5baff6 --- /dev/null +++ b/content/includes/agent/v3-available.md @@ -0,0 +1,12 @@ +--- +docs: +files: + - content/nginx-one/agent/overview/about.md + - content/nginx-one/agent/changelog.md +--- + +{{}} +NGINX Agent v3.0 is a major release that introduces new features and enhancements. + +Visit our [Update]({{< ref "/nginx-one/agent/install-upgrade/update.md" >}}) guide to install the latest version in your environment. +{{}} \ No newline at end of file diff --git a/content/includes/controller/apim-rn-preamble.md b/content/includes/controller/apim-rn-preamble.md index fbd0ea643..85429019e 100644 --- a/content/includes/controller/apim-rn-preamble.md +++ b/content/includes/controller/apim-rn-preamble.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1306 +nd-docs: DOCS-1306 --- We encourage you to install the latest version of the NGINX Controller APIM module to take advantage of the newest features and updates. diff --git a/content/includes/installation/access-web-ui.md b/content/includes/installation/access-web-ui.md index 4f0199cc7..d51fe6f73 100644 --- a/content/includes/installation/access-web-ui.md +++ b/content/includes/installation/access-web-ui.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1241 +nd-docs: DOCS-1241 --- To access the NGINX Instance Manager web interface, open a web browser and go to `https://`, replacing `` with the Fully Qualified Domain Name of your NGINX Instance Manager host. diff --git a/content/includes/installation/add-nms-repo.md b/content/includes/installation/add-nms-repo.md index eac86faa7..05639f135 100644 --- a/content/includes/installation/add-nms-repo.md +++ b/content/includes/installation/add-nms-repo.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1243 +nd-docs: DOCS-1243 --- Select the tab matching your Linux distribution, then follow the instructions to add the NGINX Instance Manager repository. @@ -41,7 +41,7 @@ Add the NGINX Instance Manager repository: ```shell wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \ | gpg --dearmor \ - | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null ``` 2. Add the NGINX Instance Manager repository: diff --git a/content/includes/installation/add-ports-agent-selinux.md b/content/includes/installation/add-ports-agent-selinux.md new file mode 100644 index 000000000..27c8e3429 --- /dev/null +++ b/content/includes/installation/add-ports-agent-selinux.md @@ -0,0 +1,17 @@ +--- +docs: +files: + - content/nginx-one/agent/configure-instance-reporting/configure-selinux.md + - content/nim/system-configuration/configure-selinux.md + - content/nms/nginx-agent/install-nginx-agent.md +--- + +Make sure to add external ports to the firewall exception list. + +To allow external ports outside the HTTPD context, run: + +```bash +sudo setsebool -P httpd_can_network_connect 1 +``` + +{{}}For more information, see [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/).{{}} \ No newline at end of file diff --git a/content/includes/installation/agent-selinux.md b/content/includes/installation/agent-selinux.md deleted file mode 100644 index 4a8cf0741..000000000 --- a/content/includes/installation/agent-selinux.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -docs: DOCS-1403 ---- - -```bash -sudo semodule -n -i /usr/share/selinux/packages/nginx_agent.pp -sudo /usr/sbin/load_policy -sudo restorecon -R /usr/bin/nginx-agent -sudo restorecon -R /var/log/nginx-agent -sudo restorecon -R /etc/nginx-agent -``` diff --git a/content/includes/installation/enable-agent-selinux.md b/content/includes/installation/enable-agent-selinux.md new file mode 100644 index 000000000..482ee61c1 --- /dev/null +++ b/content/includes/installation/enable-agent-selinux.md @@ -0,0 +1,23 @@ +--- +docs: +files: + - content/nginx-one/agent/configure-instance-reporting/configure-selinux.md + - content/nim/system-configuration/configure-selinux.md + - content/nms/nginx-agent/install-nginx-agent.md +--- + +The following SELinux files are added when you install the NGINX Agent package: + +- `/usr/share/selinux/packages/nginx_agent.pp` - loadable binary policy module +- `/usr/share/selinux/devel/include/contrib/nginx_agent.if` - interface definitions file +- `/usr/share/man/man8/nginx_agent_selinux.8.gz` - policy man page + +To load the NGINX Agent policy, run the following commands as root: + +```bash +sudo semodule -n -i /usr/share/selinux/packages/nginx_agent.pp +sudo /usr/sbin/load_policy +sudo restorecon -R /usr/bin/nginx-agent +sudo restorecon -R /var/log/nginx-agent +sudo restorecon -R /etc/nginx-agent +``` diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md index e2b41be4c..6cea14a5c 100644 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md +++ b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1308 +nd-docs: DOCS-1308 --- The `values.yaml` file within the `nginx-devportal` Helm chart contains the deployment configuration for the Developer Portal. diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md index a7f7d99ac..1d7358f1e 100644 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md +++ b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1309 +nd-docs: DOCS-1309 --- When deploying the Developer Portal using a helm chart, you can configure TLS to secure communication between the NGINX API Gateway and backend API service. diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md index 694a88c1d..b14932a4e 100644 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md +++ b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1311 +nd-docs: DOCS-1311 --- You can use an embedded PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a [PersistentVolumeClaim (PVC)](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for storage of the the PostgreSQL data files. Access between the backend API service and the database is secured using auto-generated client TLS certificates. diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md index a2acc97df..54bdc7396 100644 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md +++ b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1307 +nd-docs: DOCS-1307 --- You can use an external PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. Access between the backend API service and the database can be secured using TLS server certificates and optional client TLS certificates. diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md index 2edd94094..d1a4b970a 100644 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md +++ b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1312 +nd-docs: DOCS-1312 --- You can use an SQLite database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a [PersistentVolumeClaim (PVC)](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for storage of the SQLite data files. diff --git a/content/includes/installation/nms-prerequisites.md b/content/includes/installation/nms-prerequisites.md index da6a17fd7..db01872ea 100644 --- a/content/includes/installation/nms-prerequisites.md +++ b/content/includes/installation/nms-prerequisites.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1242 +nd-docs: DOCS-1242 --- {{< important >}} diff --git a/content/includes/installation/optional-installation-steps.md b/content/includes/installation/optional-installation-steps.md index d8051f7d3..71674e85b 100644 --- a/content/includes/installation/optional-installation-steps.md +++ b/content/includes/installation/optional-installation-steps.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1030 +nd-docs: DOCS-1030 --- The following steps may be necessary depending on your installation configuration. diff --git a/content/includes/installation/secure-installation.md b/content/includes/installation/secure-installation.md index 35a08c963..509d72e65 100644 --- a/content/includes/installation/secure-installation.md +++ b/content/includes/installation/secure-installation.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1405 +nd-docs: DOCS-1405 --- To ensure that your NGINX Instance Manager deployment remains secure, follow the recommendations in this section: diff --git a/content/includes/nap-waf/build-from-official-nginx-image.md b/content/includes/nap-waf/build-from-official-nginx-image.md index 9946fefd5..e6b0e4c8d 100644 --- a/content/includes/nap-waf/build-from-official-nginx-image.md +++ b/content/includes/nap-waf/build-from-official-nginx-image.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1509" +nd-docs: "DOCS-1509" --- {{< note >}} diff --git a/content/includes/nap-waf/build-nginx-image-cmd.md b/content/includes/nap-waf/build-nginx-image-cmd.md index fcb89d363..4e7e2387f 100644 --- a/content/includes/nap-waf/build-nginx-image-cmd.md +++ b/content/includes/nap-waf/build-nginx-image-cmd.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1512" +nd-docs: "DOCS-1512" --- {{< note >}} diff --git a/content/includes/nap-waf/bundles-volume-mount.md b/content/includes/nap-waf/bundles-volume-mount.md index c42242fee..c65050849 100644 --- a/content/includes/nap-waf/bundles-volume-mount.md +++ b/content/includes/nap-waf/bundles-volume-mount.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1511" +nd-docs: "DOCS-1511" --- To work with custom policy and logging profile bundles, these files must be accessible to the `waf-config-mgr` container. diff --git a/content/includes/nap-waf/concept/apreload.md b/content/includes/nap-waf/concept/apreload.md index cfd5f6fd0..2da2e366c 100644 --- a/content/includes/nap-waf/concept/apreload.md +++ b/content/includes/nap-waf/concept/apreload.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- apreload is a tool that can update that can update the NGINX App Protect WAF configuration without having to reload NGINX if only the App Protect configuration is changed and the `nginx.conf` file remains unchanged. apreload does not affect the existing NGINX reload process and it functions in the same manner as before. diff --git a/content/includes/nap-waf/concept/attack-signatures.md b/content/includes/nap-waf/concept/attack-signatures.md index dbdf294b7..1b56c1a9b 100644 --- a/content/includes/nap-waf/concept/attack-signatures.md +++ b/content/includes/nap-waf/concept/attack-signatures.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- Attack signatures are rules or patterns that identify attack sequences or classes of attacks on a web application and its components. You can apply attack signatures to both requests and responses. App Protect includes predefined attack signatures to protect your application against all attack types identified by the system. \ No newline at end of file diff --git a/content/includes/nap-waf/concept/basic-config-default-policy.md b/content/includes/nap-waf/concept/basic-config-default-policy.md index fc56a65c7..3854b5a45 100644 --- a/content/includes/nap-waf/concept/basic-config-default-policy.md +++ b/content/includes/nap-waf/concept/basic-config-default-policy.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- The base template is the common starting point to any policy you write. The default policy just reflects that template without any further modifications, thus we use the terms **base template** and **default policy** interchangeably. The default policy appears as follows diff --git a/content/includes/nap-waf/concept/external-references.md b/content/includes/nap-waf/concept/external-references.md index 5de006331..d0c2cdf31 100644 --- a/content/includes/nap-waf/concept/external-references.md +++ b/content/includes/nap-waf/concept/external-references.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- External references in policy are defined as any code blocks that can be used as part of the policy without being explicitly pasted within the policy file. This means that you can have a set of pre-defined configurations for parts of the policy, and you can incorporate them as part of the policy by simply referencing them. This would save a lot of overhead having to concentrate everything into a single policy file. diff --git a/content/includes/nap-waf/concept/global-directives.md b/content/includes/nap-waf/concept/global-directives.md index 46dd8852c..d3b998312 100644 --- a/content/includes/nap-waf/concept/global-directives.md +++ b/content/includes/nap-waf/concept/global-directives.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- Global configuration consists of a series of `nginx.conf` directives at the `http` context controlling aspects that are not specific to a specific application. diff --git a/content/includes/nap-waf/concept/graphql-profile.md b/content/includes/nap-waf/concept/graphql-profile.md index da2e0bc23..c23175f8d 100644 --- a/content/includes/nap-waf/concept/graphql-profile.md +++ b/content/includes/nap-waf/concept/graphql-profile.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- The GraphQL Profile defines the GraphQL properties that are enforced by the security policy. diff --git a/content/includes/nap-waf/concept/grpc-logging.md b/content/includes/nap-waf/concept/grpc-logging.md index b4c7c826d..bcce1d690 100644 --- a/content/includes/nap-waf/concept/grpc-logging.md +++ b/content/includes/nap-waf/concept/grpc-logging.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- Security log for gRPC requests has unique fields: `uri`, `grpc_method`, and `grpc_service`. Also, since the content of gRPC requests is binary (Protocol Buffers), it is better transferred in Base64 encoding. Hence, it is recommended to use the `headers` and `request_body_base64` fields instead of the `request` field. A new predefined log format called `grpc` should be used in all gRPC locations that also use policies with gRPC Content Profiles. diff --git a/content/includes/nap-waf/config/common/additional-config-options.md b/content/includes/nap-waf/config/common/additional-config-options.md index 80e253d6c..d9bdd6b10 100644 --- a/content/includes/nap-waf/config/common/additional-config-options.md +++ b/content/includes/nap-waf/config/common/additional-config-options.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1552" +nd-docs: "DOCS-1552" --- #### XFF Headers and Trust diff --git a/content/includes/nap-waf/config/common/additional-policy-features.md b/content/includes/nap-waf/config/common/additional-policy-features.md index 190c24a06..ce5395a0e 100644 --- a/content/includes/nap-waf/config/common/additional-policy-features.md +++ b/content/includes/nap-waf/config/common/additional-policy-features.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1592" +nd-docs: "DOCS-1592" --- {{}} diff --git a/content/includes/nap-waf/config/common/anti-automation.md b/content/includes/nap-waf/config/common/anti-automation.md index 229037e39..93459aaba 100644 --- a/content/includes/nap-waf/config/common/anti-automation.md +++ b/content/includes/nap-waf/config/common/anti-automation.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1575" +nd-docs: "DOCS-1575" --- Anti Automation provides basic bot protection by detecting bot signatures and clients that falsely claim to be browsers or search engines. The `bot-defense` section in the policy is enabled by default. Anti Automation encompasses both Bot Signatures and Header Anomalies, each of which can be disabled separately. diff --git a/content/includes/nap-waf/config/common/associating-graphql-profiles.md b/content/includes/nap-waf/config/common/associating-graphql-profiles.md index 60b86bfa8..6956777bc 100644 --- a/content/includes/nap-waf/config/common/associating-graphql-profiles.md +++ b/content/includes/nap-waf/config/common/associating-graphql-profiles.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1607" +nd-docs: "DOCS-1607" --- The last step is to associate the GraphQL profiles with the URLs. As with JSON and XML profiles, in order for a GraphQL Profile to become effective, it has to be associated with a URL that represents the service. Add the GraphQL profile name which you defined previously under the GraphQL profiles in the name field. For example, here we have defined two GraphQL profiles with the "name": "Default" and "My Custom Profile" under the urlContentProfiles. Later we also associated these profiles in "graphql-profiles". diff --git a/content/includes/nap-waf/config/common/associating-profiles-urls.md b/content/includes/nap-waf/config/common/associating-profiles-urls.md index 4afe9e486..32759a008 100644 --- a/content/includes/nap-waf/config/common/associating-profiles-urls.md +++ b/content/includes/nap-waf/config/common/associating-profiles-urls.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1555" +nd-docs: "DOCS-1555" --- As with JSON and XML profiles, in order for a gRPC Content Profile to become effective, it has to be associated with a URL that represents the service. However, in the sample policy above, the profile was apparently not associated with any URL and yet the profile is active. How did this happen? By setting `associateUrls` with `true`, App Protect **implicitly** creates the URL based on the package and service name as defined in the IDL file and associates the profile with that URL. In this example, the URL is `/myorg.services.photo_album/*`. Note it is a wildcard URL so that all methods in this service match it in its suffix; for example `/myorg.services.photo_album/get_photos` represents the `get_photos` RPC method. diff --git a/content/includes/nap-waf/config/common/attack-types.md b/content/includes/nap-waf/config/common/attack-types.md index fff386874..520850bd6 100644 --- a/content/includes/nap-waf/config/common/attack-types.md +++ b/content/includes/nap-waf/config/common/attack-types.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1570" +nd-docs: "DOCS-1570" --- Each signature, factory or user-defined, and violation has an **Attack Type**, the attack vector it protects from. When you create a user-defined signature you associate it with the most appropriate attack type from the list below. If you do not find an Attack Type that matches the threat for which your signature was written, use `Other Application Activity` Attack Type. Attach Types are also useful as part of the filter in user-defined signature **sets**. diff --git a/content/includes/nap-waf/config/common/basic-signature-sets-included-in-app-protect.md b/content/includes/nap-waf/config/common/basic-signature-sets-included-in-app-protect.md index ebdf79117..43d69be2d 100644 --- a/content/includes/nap-waf/config/common/basic-signature-sets-included-in-app-protect.md +++ b/content/includes/nap-waf/config/common/basic-signature-sets-included-in-app-protect.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1568" +nd-docs: "DOCS-1568" --- These signatures sets are included but are not part of the default template. diff --git a/content/includes/nap-waf/config/common/bidirectional-streaming-overview.md b/content/includes/nap-waf/config/common/bidirectional-streaming-overview.md index 950cf9c7b..f55ad2820 100644 --- a/content/includes/nap-waf/config/common/bidirectional-streaming-overview.md +++ b/content/includes/nap-waf/config/common/bidirectional-streaming-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1565" +nd-docs: "DOCS-1565" --- A gRPC service can have a stream of messages on each side: client, server, or both. Bidirectional Streaming leverages HTTP/2 streaming capability, namely the ability to send multiple gRPC messages from either side ended by the message having the `END_STREAM` flag set to 1. diff --git a/content/includes/nap-waf/config/common/clickjacking-protection.md b/content/includes/nap-waf/config/common/clickjacking-protection.md index 3bde2ddca..c73c94b8e 100644 --- a/content/includes/nap-waf/config/common/clickjacking-protection.md +++ b/content/includes/nap-waf/config/common/clickjacking-protection.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1611" +nd-docs: "DOCS-1611" --- Clickjacking refers to a technique used by malicious actors to embed remote website content into their malicious websites, tricking the end users to click on the embedded frames triggering actions the users were not aware of, such as liking a certain Facebook page or giving a restaurant a 5 star rating. To protect against such attacks, NGINX App Protect WAF uses the `X-Frame-Options` header capabilities. The `X-Frame-Options` header is injected by NGINX App Protect WAF to indicate to the browser whether it should embed the content or not. Please note that this additional layer of security is available only in browsers that support the `X-Frame-Options` headers. diff --git a/content/includes/nap-waf/config/common/configure-client-authorization.md b/content/includes/nap-waf/config/common/configure-client-authorization.md index 1fdd8cf30..81388383d 100644 --- a/content/includes/nap-waf/config/common/configure-client-authorization.md +++ b/content/includes/nap-waf/config/common/configure-client-authorization.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1571" +nd-docs: "DOCS-1571" --- ```nginx diff --git a/content/includes/nap-waf/config/common/configure-nginx-mirror.md b/content/includes/nap-waf/config/common/configure-nginx-mirror.md index a50e33357..1a5f75833 100644 --- a/content/includes/nap-waf/config/common/configure-nginx-mirror.md +++ b/content/includes/nap-waf/config/common/configure-nginx-mirror.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1561" +nd-docs: "DOCS-1561" --- ```nginx diff --git a/content/includes/nap-waf/config/common/configure-njs.md b/content/includes/nap-waf/config/common/configure-njs.md index 8e5949b18..266180b6a 100644 --- a/content/includes/nap-waf/config/common/configure-njs.md +++ b/content/includes/nap-waf/config/common/configure-njs.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1579" +nd-docs: "DOCS-1579" --- ```nginx diff --git a/content/includes/nap-waf/config/common/configure-ranges.md b/content/includes/nap-waf/config/common/configure-ranges.md index 73f5773cd..1e13c9e84 100644 --- a/content/includes/nap-waf/config/common/configure-ranges.md +++ b/content/includes/nap-waf/config/common/configure-ranges.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1544" +nd-docs: "DOCS-1544" --- ```nginx diff --git a/content/includes/nap-waf/config/common/configure-slice.md b/content/includes/nap-waf/config/common/configure-slice.md index 07b4f0ab2..413a113bf 100644 --- a/content/includes/nap-waf/config/common/configure-slice.md +++ b/content/includes/nap-waf/config/common/configure-slice.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1613" +nd-docs: "DOCS-1613" --- ```nginx diff --git a/content/includes/nap-waf/config/common/configure-static-location.md b/content/includes/nap-waf/config/common/configure-static-location.md index a1f4d39e6..750905c70 100644 --- a/content/includes/nap-waf/config/common/configure-static-location.md +++ b/content/includes/nap-waf/config/common/configure-static-location.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1581" +nd-docs: "DOCS-1581" --- ```nginx diff --git a/content/includes/nap-waf/config/common/csrf-protection.md b/content/includes/nap-waf/config/common/csrf-protection.md index 9720eaada..f17fd9dd0 100644 --- a/content/includes/nap-waf/config/common/csrf-protection.md +++ b/content/includes/nap-waf/config/common/csrf-protection.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1590" +nd-docs: "DOCS-1590" --- CSRF (Cross-Site Request Forgery) is an attack vector in which the victim user that visits a sensitive site such as a bank account, is lured to click on a malicious link attempting a fraudulent operation on that sensitive site. The link may be sent over email or in a hidden frame in another site. NGINX App Protect WAF provides protection against CSRF attacks by validating the Origin header for AJAX POST requests (default configuration). diff --git a/content/includes/nap-waf/config/common/custom-log-configuration.md b/content/includes/nap-waf/config/common/custom-log-configuration.md index e24115d26..59a231191 100644 --- a/content/includes/nap-waf/config/common/custom-log-configuration.md +++ b/content/includes/nap-waf/config/common/custom-log-configuration.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1585" +nd-docs: "DOCS-1585" --- A new directive `app_protect_custom_log_attribute` will be added to the `nginx.conf` file. You can set this directive at all scopes: http, server and location. The setting at the location scope overrides the setting in the server and/or http scopes and the server scope overrides the http scope. The `app_protect_custom_log_attribute` directive syntax will consist of a **name/value** or **key/value** pair i.e. "app_protect_custom_log_attribute ". diff --git a/content/includes/nap-waf/config/common/custom-log-errors-warnings.md b/content/includes/nap-waf/config/common/custom-log-errors-warnings.md index c0a0f521d..b9684fee0 100644 --- a/content/includes/nap-waf/config/common/custom-log-errors-warnings.md +++ b/content/includes/nap-waf/config/common/custom-log-errors-warnings.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1560" +nd-docs: "DOCS-1560" --- An error message "`app_protect_custom_log_attribute` directive is invalid" will be displayed in the Security Log if the below conditions are met: diff --git a/content/includes/nap-waf/config/common/custom-log-logging-reporting.md b/content/includes/nap-waf/config/common/custom-log-logging-reporting.md index 3497a3ccb..0e2ba3e01 100644 --- a/content/includes/nap-waf/config/common/custom-log-logging-reporting.md +++ b/content/includes/nap-waf/config/common/custom-log-logging-reporting.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1609" +nd-docs: "DOCS-1609" --- When `app_protect_custom_log_attribute` is assigned to a particular location/server/http context, it will appear in the `json_log` field as a new JSON property called "customLogAttributes" at the top level. The property will not appear if no `app_protect_custom_log_attribute` directive was assigned. diff --git a/content/includes/nap-waf/config/common/custom-log-overview.md b/content/includes/nap-waf/config/common/custom-log-overview.md index 20015b968..3ae13b711 100644 --- a/content/includes/nap-waf/config/common/custom-log-overview.md +++ b/content/includes/nap-waf/config/common/custom-log-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1614" +nd-docs: "DOCS-1614" --- Custom dimensions log entries feature refers to the new configuration in NGINX App Protect WAF, where the new directive called `app_protect_custom_log_attribute` is assigned to a particular location or server or http level in the `nginx.conf` file. The need is to be able to add custom identifiers to the respective location and/or server and identify requests in the Security Log by those identifiers. diff --git a/content/includes/nap-waf/config/common/custom-log-things-to-remember.md b/content/includes/nap-waf/config/common/custom-log-things-to-remember.md index 46a472e88..97e18eae5 100644 --- a/content/includes/nap-waf/config/common/custom-log-things-to-remember.md +++ b/content/includes/nap-waf/config/common/custom-log-things-to-remember.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1589" +nd-docs: "DOCS-1589" --- The `app_protect_custom_log_attribute` directive has a few limitations which should be kept in mind while configuring this directive: diff --git a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md index 4e5d8398e..7c7e7a847 100644 --- a/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md +++ b/content/includes/nap-waf/config/common/deny-allow-never-log-lists.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1604" +nd-docs: "DOCS-1604" --- It is possible to define IP addresses or ranges for which the traffic will always be allowed or denied or never logged despite the rest of the configuration settings in the policy. diff --git a/content/includes/nap-waf/config/common/detect-base64-string-values.md b/content/includes/nap-waf/config/common/detect-base64-string-values.md index 7ab9b1e2a..56e58f6a7 100644 --- a/content/includes/nap-waf/config/common/detect-base64-string-values.md +++ b/content/includes/nap-waf/config/common/detect-base64-string-values.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1563" +nd-docs: "DOCS-1563" --- The Detect Base64 feature allows NGINX App Protect WAF to detect whether values in string fields in gRPC payload are Base64 encoded. When a value is detected as Base64 encoded NGINX App Protect WAF will enforce the configured signatures on the decoded value __and__ on the original value. diff --git a/content/includes/nap-waf/config/common/detect-base64.md b/content/includes/nap-waf/config/common/detect-base64.md index 28a89ba16..c80861c63 100644 --- a/content/includes/nap-waf/config/common/detect-base64.md +++ b/content/includes/nap-waf/config/common/detect-base64.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1593" +nd-docs: "DOCS-1593" --- The Detect Base64 feature allows NGINX App Protect WAF to detect whether values in headers, cookies, and parameters are Base64 encoded. When an entity is detected as Base64 encoded NGINX App Protect WAF will enforce the configured signatures on the decoded value, instead of on the original value. diff --git a/content/includes/nap-waf/config/common/disallow-application-use-geolocation.md b/content/includes/nap-waf/config/common/disallow-application-use-geolocation.md index 6ba14cc0d..9d605a922 100644 --- a/content/includes/nap-waf/config/common/disallow-application-use-geolocation.md +++ b/content/includes/nap-waf/config/common/disallow-application-use-geolocation.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1547" +nd-docs: "DOCS-1547" --- For applications protected by app protect, you can use Geolocation enforcement to restrict or allow application use in specific countries. You can adjust the lists of which countries or locations are allowed or disallowed in a app protect security policy. If the user tries to access the web application from a location that is not allowed, the `VIOL_GEOLOCATION` violation will be triggered. By default, all locations are allowed, and the alarm and block flags are enabled. diff --git a/content/includes/nap-waf/config/common/disallowed-file-types.md b/content/includes/nap-waf/config/common/disallowed-file-types.md index f253018dd..a2466410d 100644 --- a/content/includes/nap-waf/config/common/disallowed-file-types.md +++ b/content/includes/nap-waf/config/common/disallowed-file-types.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1556" +nd-docs: "DOCS-1556" --- The following file types are disallowed by default: diff --git a/content/includes/nap-waf/config/common/do-nothing-and-user-defined-parameters.md b/content/includes/nap-waf/config/common/do-nothing-and-user-defined-parameters.md index 570801a7d..5627e1b85 100644 --- a/content/includes/nap-waf/config/common/do-nothing-and-user-defined-parameters.md +++ b/content/includes/nap-waf/config/common/do-nothing-and-user-defined-parameters.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1586" +nd-docs: "DOCS-1586" --- The do-nothing in urlContentProfiles allows the user to avoid inspecting or parsing the content in a policy, and instead handle the request's header according to the specifications outlined in the security policy. diff --git a/content/includes/nap-waf/config/common/enforcer-cookie-settings.md b/content/includes/nap-waf/config/common/enforcer-cookie-settings.md index 27e5857a5..0b66474af 100644 --- a/content/includes/nap-waf/config/common/enforcer-cookie-settings.md +++ b/content/includes/nap-waf/config/common/enforcer-cookie-settings.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1608" +nd-docs: "DOCS-1608" --- NGINX App Protect WAF generates its own cookies and adds them on top of the application cookies. diff --git a/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md b/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md index bcdb34373..f485fcb9a 100644 --- a/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md +++ b/content/includes/nap-waf/config/common/evasion-techniques-subviolations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1542" +nd-docs: "DOCS-1542" --- The following table specifies the Evasion Techniques sub-violation settings. All are supported in NGINX App Protect WAF. diff --git a/content/includes/nap-waf/config/common/filetypes-and-responses.md b/content/includes/nap-waf/config/common/filetypes-and-responses.md index 51624683c..c65c0aa33 100644 --- a/content/includes/nap-waf/config/common/filetypes-and-responses.md +++ b/content/includes/nap-waf/config/common/filetypes-and-responses.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1617" +nd-docs: "DOCS-1617" --- A user can enable/disable specific file types in the policy. diff --git a/content/includes/nap-waf/config/common/first-match-principle.md b/content/includes/nap-waf/config/common/first-match-principle.md index 309f7dd2e..60caf2f69 100644 --- a/content/includes/nap-waf/config/common/first-match-principle.md +++ b/content/includes/nap-waf/config/common/first-match-principle.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1572" +nd-docs: "DOCS-1572" --- The policy enforcement operates on the **first match** principle. This principle is applied when multiple conditions match or are similar, indicating that any incoming requests that match the first condition will be processed. In the following example, the "override_rules_example2" policy uses two override rules: "this_rule_will_match" and "non_matching_rule". Since both conditions match, the first match principle will be applied, and requests with "api" in the URI will be processed. It will reference an external policy file named "NginxStrictPolicy.json" to override the current policy. . diff --git a/content/includes/nap-waf/config/common/geolocation-override-rules.md b/content/includes/nap-waf/config/common/geolocation-override-rules.md index d35f33d28..56394ded4 100644 --- a/content/includes/nap-waf/config/common/geolocation-override-rules.md +++ b/content/includes/nap-waf/config/common/geolocation-override-rules.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1567" +nd-docs: "DOCS-1567" --- The below example represents a security policy for a web application. The policy named as "override_rule_example" is based on a template called "POLICY_TEMPLATE_NGINX_BASE." The policy is set to operate in "blocking" mode, which means it will prevent certain activities. diff --git a/content/includes/nap-waf/config/common/geolocation-overview.md b/content/includes/nap-waf/config/common/geolocation-overview.md index 44c0b29a6..4cf2e1833 100644 --- a/content/includes/nap-waf/config/common/geolocation-overview.md +++ b/content/includes/nap-waf/config/common/geolocation-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1615" +nd-docs: "DOCS-1615" --- Geolocation refers to the process of assessing or determining the geographic location of an object. This feature helps in identifying the geographic location of a client or web application user. diff --git a/content/includes/nap-waf/config/common/graphql-advanced-config.md b/content/includes/nap-waf/config/common/graphql-advanced-config.md index 51e62e079..30221b397 100644 --- a/content/includes/nap-waf/config/common/graphql-advanced-config.md +++ b/content/includes/nap-waf/config/common/graphql-advanced-config.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1551" +nd-docs: "DOCS-1551" --- The below sections provides details about enabling GraphQL with advanced configuration. diff --git a/content/includes/nap-waf/config/common/graphql-define-url-settings.md b/content/includes/nap-waf/config/common/graphql-define-url-settings.md index 76541f335..9a4e59b5b 100644 --- a/content/includes/nap-waf/config/common/graphql-define-url-settings.md +++ b/content/includes/nap-waf/config/common/graphql-define-url-settings.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1588" +nd-docs: "DOCS-1588" --- The second step to configure GraphQL is to define the URL settings. Set the values for "isAllowed": **true**, "name": **/graphql** in the URLs section, which means URLs with **/graphql** name are permitted. This path will be used for all GraphQL API requests. diff --git a/content/includes/nap-waf/config/common/graphql-overview.md b/content/includes/nap-waf/config/common/graphql-overview.md index db60fb1cd..f06189e83 100644 --- a/content/includes/nap-waf/config/common/graphql-overview.md +++ b/content/includes/nap-waf/config/common/graphql-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1595" +nd-docs: "DOCS-1595" --- GraphQL is an API technology that has grown rapidly in recent years and is continuing to gain traction. GraphQL is a query language designed for APIs to use in the development of client applications that access large data sets with intricate relations among themselves. It provides an intuitive application and flexible syntax for describing data requirements.
diff --git a/content/includes/nap-waf/config/common/graphql-response-pages.md b/content/includes/nap-waf/config/common/graphql-response-pages.md index 511058ef9..73ed50f16 100644 --- a/content/includes/nap-waf/config/common/graphql-response-pages.md +++ b/content/includes/nap-waf/config/common/graphql-response-pages.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1557" +nd-docs: "DOCS-1557" --- A GraphQL error response page is returned when a request is blocked. This GraphQL response page, like other blocking response pages, can be customized, but the GraphQL JSON syntax must be preserved for them to be displayed correctly. The default page returns the GraphQL status code Blocking Response Page (BRP) and a short JSON error message which includes the support ID. diff --git a/content/includes/nap-waf/config/common/graphql-security.md b/content/includes/nap-waf/config/common/graphql-security.md index 2342ca0f9..067eb4833 100644 --- a/content/includes/nap-waf/config/common/graphql-security.md +++ b/content/includes/nap-waf/config/common/graphql-security.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1566" +nd-docs: "DOCS-1566" --- Securing GraphQL APIs with NGINX App Protect WAF involves using WAF to monitor and protect against security threats and attacks. GraphQL, like REST, is usually [served over HTTP](http://graphql.org/learn/serving-over-http/), using GET and POST requests and a proprietary [query language](https://graphql.org/learn/schema/#the-query-and-mutation-types). It is prone to the typical Web APIs security vulnerabilities, such as injection attacks, Denial of Service (DoS) attacks and abuse of flawed authorization. diff --git a/content/includes/nap-waf/config/common/graphql-violations.md b/content/includes/nap-waf/config/common/graphql-violations.md index 0045ec2c1..288fa29a4 100644 --- a/content/includes/nap-waf/config/common/graphql-violations.md +++ b/content/includes/nap-waf/config/common/graphql-violations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1578" +nd-docs: "DOCS-1578" --- NGINX App Protect WAF introduces four new violations specific to GraphQL: `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY` and `VIOL_GRAPHQL_ERROR_RESPONSE`.
diff --git a/content/includes/nap-waf/config/common/grpc-bidirectional-stream-enforcement.md b/content/includes/nap-waf/config/common/grpc-bidirectional-stream-enforcement.md index d8d14d0f6..468da8b55 100644 --- a/content/includes/nap-waf/config/common/grpc-bidirectional-stream-enforcement.md +++ b/content/includes/nap-waf/config/common/grpc-bidirectional-stream-enforcement.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1606" +nd-docs: "DOCS-1606" --- #### Client Request Flow diff --git a/content/includes/nap-waf/config/common/grpc-content-profiles.md b/content/includes/nap-waf/config/common/grpc-content-profiles.md index 2f5ec344c..dbdffe203 100644 --- a/content/includes/nap-waf/config/common/grpc-content-profiles.md +++ b/content/includes/nap-waf/config/common/grpc-content-profiles.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1616" +nd-docs: "DOCS-1616" --- The gRPC Content Profile contains all the definitions for protecting a gRPC service. It is similar in nature to the **JSON and XML profiles** handling JSON and XML traffic respectively. Roughly it includes: diff --git a/content/includes/nap-waf/config/common/grpc-handling-slow-post-attacks.md b/content/includes/nap-waf/config/common/grpc-handling-slow-post-attacks.md index 1a7189010..78c430827 100644 --- a/content/includes/nap-waf/config/common/grpc-handling-slow-post-attacks.md +++ b/content/includes/nap-waf/config/common/grpc-handling-slow-post-attacks.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1599" +nd-docs: "DOCS-1599" --- Slow POST attack mitigation - A client sending messages very slowly for a long time may be cut off by resetting the connection. diff --git a/content/includes/nap-waf/config/common/grpc-message-compression.md b/content/includes/nap-waf/config/common/grpc-message-compression.md index 7fdf1b923..ff28c8674 100644 --- a/content/includes/nap-waf/config/common/grpc-message-compression.md +++ b/content/includes/nap-waf/config/common/grpc-message-compression.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1574" +nd-docs: "DOCS-1574" --- Currently, Message Compression is not supported. Therefore, a violation `VIOL_GRPC_MALFORMED` will be raised and the connection will be blocked if a compressed message is sent. \ No newline at end of file diff --git a/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md b/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md index a9de83d0e..dac89ee48 100644 --- a/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md +++ b/content/includes/nap-waf/config/common/grpc-protection-unary-traffic.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1558" +nd-docs: "DOCS-1558" --- gRPC is a remote API standard and is an alternative to OpenAPI. If your applications expose gRPC APIs, NGINX App Protect WAF can protect them by parsing the messages; making sure they comply with the API definition; and enforcing security restrictions - such as size limits, detecting attack signatures, threat campaigns, and suspicious metacharacters in message string field values. diff --git a/content/includes/nap-waf/config/common/grpc-response-pages.md b/content/includes/nap-waf/config/common/grpc-response-pages.md index 14529e719..11f7efc51 100644 --- a/content/includes/nap-waf/config/common/grpc-response-pages.md +++ b/content/includes/nap-waf/config/common/grpc-response-pages.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1597" +nd-docs: "DOCS-1597" --- A gRPC error response page is returned when a request is blocked. The default page returns gRPC status code `UNKNOWN` (numeric value of 2) and a short textual message that includes the support ID. You can customize any of these two by configuring a custom gRPC response page in your policy. diff --git a/content/includes/nap-waf/config/common/grpc-server-reflection.md b/content/includes/nap-waf/config/common/grpc-server-reflection.md index 0d27f1f8e..e8cab8f9e 100644 --- a/content/includes/nap-waf/config/common/grpc-server-reflection.md +++ b/content/includes/nap-waf/config/common/grpc-server-reflection.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1610" +nd-docs: "DOCS-1610" --- [gRPC Server Reflection](https://grpc.github.io/grpc/core/md_doc_server_reflection_tutorial.html) provides information about publicly-accessible gRPC services on a server, and assists clients at runtime to construct RPC requests and responses without precompiled service information. gRPC Server reflection is not currently supported in App Protect. If Server Reflection support is required, App Protect must be disabled on the reflection URIs by adding a location block such as this: diff --git a/content/includes/nap-waf/config/common/grpc-size-limits.md b/content/includes/nap-waf/config/common/grpc-size-limits.md index bb9439081..407f6cb2c 100644 --- a/content/includes/nap-waf/config/common/grpc-size-limits.md +++ b/content/includes/nap-waf/config/common/grpc-size-limits.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1619" +nd-docs: "DOCS-1619" --- The maximum total request size is applied to each message on its own, rather than to the total stream messages. By default, the maximum gRPC message size is 4MB. diff --git a/content/includes/nap-waf/config/common/grpc-slow-post-attacks.md b/content/includes/nap-waf/config/common/grpc-slow-post-attacks.md index 744878c1c..55dc41ed9 100644 --- a/content/includes/nap-waf/config/common/grpc-slow-post-attacks.md +++ b/content/includes/nap-waf/config/common/grpc-slow-post-attacks.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1637" +nd-docs: "DOCS-1637" --- A Slow POST attack or Slow HTTP POST attack is a type of denial of service attack. The attacker sends a legitimate HTTP POST request with the header Content-Length specified. The attacker then proceeds to send this content slowly. The server establishes a connection to the client and keeps it open to receive the request that it thinks is legitimate. diff --git a/content/includes/nap-waf/config/common/grpc-violations.md b/content/includes/nap-waf/config/common/grpc-violations.md index 9eb2d75bf..e93bac516 100644 --- a/content/includes/nap-waf/config/common/grpc-violations.md +++ b/content/includes/nap-waf/config/common/grpc-violations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1562" +nd-docs: "DOCS-1562" --- There are three violations that are specific to gRPC. They are all enabled in the default policy. See also the [Violations](#violations) section. diff --git a/content/includes/nap-waf/config/common/handling-xml-and-json-content.md b/content/includes/nap-waf/config/common/handling-xml-and-json-content.md index 32285a4e2..a8a54c409 100644 --- a/content/includes/nap-waf/config/common/handling-xml-and-json-content.md +++ b/content/includes/nap-waf/config/common/handling-xml-and-json-content.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1545" +nd-docs: "DOCS-1545" --- #### XML and JSON Content Profiles diff --git a/content/includes/nap-waf/config/common/http-compliance-subviolations.md b/content/includes/nap-waf/config/common/http-compliance-subviolations.md index 77f6f144d..c9482ea62 100644 --- a/content/includes/nap-waf/config/common/http-compliance-subviolations.md +++ b/content/includes/nap-waf/config/common/http-compliance-subviolations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1576" +nd-docs: "DOCS-1576" --- The following table specifies the HTTP Compliance sub-violation settings. All are supported in NGINX App Protect WAF, but not all are enabled in the default App Protect security template. The table specifies which. Some of the checks are enforced by NGINX Plus and App Protect only gets a notification. **Note:** In this case, the request is **always** blocked regardless of the App Protect policy. diff --git a/content/includes/nap-waf/config/common/important-things-override-rules.md b/content/includes/nap-waf/config/common/important-things-override-rules.md index dd17232f5..c065639cb 100644 --- a/content/includes/nap-waf/config/common/important-things-override-rules.md +++ b/content/includes/nap-waf/config/common/important-things-override-rules.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1549" +nd-docs: "DOCS-1549" --- Here are some key points to remember regarding the Override Rules feature: diff --git a/content/includes/nap-waf/config/common/json-web-token-overview.md b/content/includes/nap-waf/config/common/json-web-token-overview.md index 9e5ee5741..76cf116ba 100644 --- a/content/includes/nap-waf/config/common/json-web-token-overview.md +++ b/content/includes/nap-waf/config/common/json-web-token-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1550" +nd-docs: "DOCS-1550" --- JSON Web Token (JWT) is a compact and self-contained way to represent information between two parties in a JSON (JavaScript Object Notation) format and is commonly used for authentication and authorization. With NGINX App Protect now it is possible to control access to its application using JWT validation. NGINX App Protect WAF validates the authenticity and well-formedness of JWTs coming from a client, denying access to the service exclusively when the validation process fails. JWT is mainly used for API access. diff --git a/content/includes/nap-waf/config/common/json-web-tokens-attack-sigs.md b/content/includes/nap-waf/config/common/json-web-tokens-attack-sigs.md index 76e8255a2..4ad55d12e 100644 --- a/content/includes/nap-waf/config/common/json-web-tokens-attack-sigs.md +++ b/content/includes/nap-waf/config/common/json-web-tokens-attack-sigs.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1602" +nd-docs: "DOCS-1602" --- Attack signatures are detected within the JSON values of the token, i.e. the header and claims parts, but not on the digital signature part of the token. The detection of signatures, and specifically which signatures are recognized, depends on the configuration entity within the Policy. Typically, this configuration entity is the Authorization HTTP header or else, the header or parameter entity configured as the location of the token in the access profile. diff --git a/content/includes/nap-waf/config/common/json-web-tokens-other-references.md b/content/includes/nap-waf/config/common/json-web-tokens-other-references.md index e07b94a20..c79eb0dd0 100644 --- a/content/includes/nap-waf/config/common/json-web-tokens-other-references.md +++ b/content/includes/nap-waf/config/common/json-web-tokens-other-references.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1573" +nd-docs: "DOCS-1573" --- For more information about JSON Web Token (JWT) see below reference links: diff --git a/content/includes/nap-waf/config/common/json-web-tokens-violation-rating.md b/content/includes/nap-waf/config/common/json-web-tokens-violation-rating.md index f0ef872b8..67875b1b9 100644 --- a/content/includes/nap-waf/config/common/json-web-tokens-violation-rating.md +++ b/content/includes/nap-waf/config/common/json-web-tokens-violation-rating.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1584" +nd-docs: "DOCS-1584" --- The default violation rating is set to the level of **5** regardless of any violation. Any changes to these violation settings here will override the default settings. The details regarding logs will be recorded in the security log. All violations will be disabled on upgrade. diff --git a/content/includes/nap-waf/config/common/json-web-tokens-violations.md b/content/includes/nap-waf/config/common/json-web-tokens-violations.md index c161e93b4..b04d82780 100644 --- a/content/includes/nap-waf/config/common/json-web-tokens-violations.md +++ b/content/includes/nap-waf/config/common/json-web-tokens-violations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1594" +nd-docs: "DOCS-1594" --- NGINX App Protect WAF introduces three new violations specific to JWT: `VIOL_ACCESS_INVALID`, `VIOL_ACCESS_MISSING` and `VIOL_ACCESS_MALFORMED`. diff --git a/content/includes/nap-waf/config/common/modifying-configurations.md b/content/includes/nap-waf/config/common/modifying-configurations.md index 41341a7ad..557d97eae 100644 --- a/content/includes/nap-waf/config/common/modifying-configurations.md +++ b/content/includes/nap-waf/config/common/modifying-configurations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1591" +nd-docs: "DOCS-1591" --- What we have been seeing so far has been related to making changes by actually overriding specific configuration values. What would happen in the case we wanted to remove a specific configuration entity from the policy. For example, let's say we have added file types "aaa", "bbb", and "ccc", and now we wish to remove "bbb" from the list of disallowed file types. Deleting this entity from the declarative configuration file will simply mean that this entity will be left intact when the policy is rebuilt, meaning that the entity is still in the disallowed file types list. To resolve such situations, we have a `modifications` section where we can force modification where otherwise it is not possible using direct declarative configuration. diff --git a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md index 54db35538..f1f28bb0c 100644 --- a/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md +++ b/content/includes/nap-waf/config/common/nginx-app-protect-waf-terminology.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1605" +nd-docs: "DOCS-1605" --- This guide assumes that you have some familiarity with various Layer 7 (L7) Hypertext Transfer Protocol (HTTP) concepts, such as Uniform Resource Identifier (URI)/Uniform Resource Locator (URL), method, header, cookie, status code, request, response, and parameters. diff --git a/content/includes/nap-waf/config/common/override-rules-errors-warnings.md b/content/includes/nap-waf/config/common/override-rules-errors-warnings.md index d0795f339..cea216022 100644 --- a/content/includes/nap-waf/config/common/override-rules-errors-warnings.md +++ b/content/includes/nap-waf/config/common/override-rules-errors-warnings.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1600" +nd-docs: "DOCS-1600" --- #### Missing Policy Name diff --git a/content/includes/nap-waf/config/common/override-rules-logging-reporting.md b/content/includes/nap-waf/config/common/override-rules-logging-reporting.md index 814d95b17..250065b66 100644 --- a/content/includes/nap-waf/config/common/override-rules-logging-reporting.md +++ b/content/includes/nap-waf/config/common/override-rules-logging-reporting.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1583" +nd-docs: "DOCS-1583" --- If a request matches an override rule, the `json_log` field will include a new block named 'overrideRule'. However, if no rules match the request, the log will not contain any related information. When the 'actionType' flag is set to "replace-policy", the 'originalPolicyName' field in the log will reflect the name of the original policy name (the one that contains override rules), and the `policy_name` field will reflect the policy that was enforced. diff --git a/content/includes/nap-waf/config/common/override-rules-overview.md b/content/includes/nap-waf/config/common/override-rules-overview.md index d67e14240..59d547719 100644 --- a/content/includes/nap-waf/config/common/override-rules-overview.md +++ b/content/includes/nap-waf/config/common/override-rules-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1553" +nd-docs: "DOCS-1553" --- The **Override Rules** feature allows overriding of the **default policy** settings. Each override rule consists of a condition followed by changes to the original policy applied to requests that meet the respective condition. This feature provides the ability to include the override rules within a declarative policy such that all incoming requests are verified against those rules. diff --git a/content/includes/nap-waf/config/common/parameters-and-user-defined-urls.md b/content/includes/nap-waf/config/common/parameters-and-user-defined-urls.md index de4214a29..53aa7f98d 100644 --- a/content/includes/nap-waf/config/common/parameters-and-user-defined-urls.md +++ b/content/includes/nap-waf/config/common/parameters-and-user-defined-urls.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1618" +nd-docs: "DOCS-1618" --- When configuring handling of parameters, it is a bit different from other configurations we have dealt with earlier, where we enable a violation and configure its details. With parameters, there are a number of independent violations that need to be enabled on their own, as well as a parameter section to define further customization. The full list of parameter violations can be extracted from the above violation list. diff --git a/content/includes/nap-waf/config/common/partial-masking-of-data.md b/content/includes/nap-waf/config/common/partial-masking-of-data.md index 207e04921..86769895e 100644 --- a/content/includes/nap-waf/config/common/partial-masking-of-data.md +++ b/content/includes/nap-waf/config/common/partial-masking-of-data.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1559" +nd-docs: "DOCS-1559" --- Here is an example showing partial masking on custom patterns. Custom patterns are specified in `customPatternsList`, number of unmasked leading and trailing characters are defined in `firstCustomCharactersToExpose` and `lastCustomCharactersToExpose` parameters. diff --git a/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md b/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md index ca16dc85f..59d7b39cb 100644 --- a/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md +++ b/content/includes/nap-waf/config/common/policy-authoring-and-tuning.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1564" +nd-docs: "DOCS-1564" --- The policy JSON file specifies the settings that are different from the base template, such as enabling more signatures, disabling some violations, adding server technologies, etc. These will be shown in the next sections. diff --git a/content/includes/nap-waf/config/common/policy-configuration.md b/content/includes/nap-waf/config/common/policy-configuration.md index 9ef118bdc..a58c4464e 100644 --- a/content/includes/nap-waf/config/common/policy-configuration.md +++ b/content/includes/nap-waf/config/common/policy-configuration.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1548" +nd-docs: "DOCS-1548" --- The NGINX App Protect WAF ships with two reference policies, both with a default enforcement mode set to Blocking: diff --git a/content/includes/nap-waf/config/common/protocol-buffers-supported-version.md b/content/includes/nap-waf/config/common/protocol-buffers-supported-version.md index c71632671..1e17edc7d 100644 --- a/content/includes/nap-waf/config/common/protocol-buffers-supported-version.md +++ b/content/includes/nap-waf/config/common/protocol-buffers-supported-version.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1598" +nd-docs: "DOCS-1598" --- The supported Protocol Buffer version is 3 i.e. only proto3 is supported. Version 2 is not supported. Hence any obsolete feature of version 2, such as message extensions in the IDL files, will be rejected. IDL files that have the `syntax = "proto2";` statement is also rejected. \ No newline at end of file diff --git a/content/includes/nap-waf/config/common/signature-sets-in-default-policy.md b/content/includes/nap-waf/config/common/signature-sets-in-default-policy.md index 0beb9f005..39fe22e09 100644 --- a/content/includes/nap-waf/config/common/signature-sets-in-default-policy.md +++ b/content/includes/nap-waf/config/common/signature-sets-in-default-policy.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1587" +nd-docs: "DOCS-1587" --- The following signature sets are included in the default policy. Most of the sets are defined by the Attack Type they protect from. In all sets the **Alarm** flag is enabled and **Block** disabled except High Accuracy Signatures, which are set to **blocked** (`block` parameter is enabled). diff --git a/content/includes/nap-waf/config/common/signature-sets.md b/content/includes/nap-waf/config/common/signature-sets.md index 4afb8fe65..fb07dca5e 100644 --- a/content/includes/nap-waf/config/common/signature-sets.md +++ b/content/includes/nap-waf/config/common/signature-sets.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1580" +nd-docs: "DOCS-1580" --- The default and strict policies include and enable common signature sets, which are categorized groups of [signatures](#attack-signatures-overview) applied to the policy. However, you may wish to modify the list of signature sets and their logging and enforcement settings via the `signature-sets` array property. There are several ways to configure the enforced signature sets. diff --git a/content/includes/nap-waf/config/common/signature-settings.md b/content/includes/nap-waf/config/common/signature-settings.md index 9f2121af7..39fff1ce4 100644 --- a/content/includes/nap-waf/config/common/signature-settings.md +++ b/content/includes/nap-waf/config/common/signature-settings.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1554" +nd-docs: "DOCS-1554" --- {{}} diff --git a/content/includes/nap-waf/config/common/supported-violations.md b/content/includes/nap-waf/config/common/supported-violations.md index bf1b4c882..7fcf200b5 100644 --- a/content/includes/nap-waf/config/common/supported-violations.md +++ b/content/includes/nap-waf/config/common/supported-violations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1582" +nd-docs: "DOCS-1582" --- The following violations are supported and can be enabled by turning on the **alarm** and/or **block** flags. @@ -31,39 +31,39 @@ The following violations are supported and can be enabled by turning on the **al |VIOL_GRAPHQL_FORMAT | GraphQL format data does not comply with format settings | Alarm & Block | This violation will be issued when the GraphQL profile settings are not satisfied, for example the length is too long, depth is too deep, a specific value is too long or too many batched queries.
The violation details will note what happened and the found length, depth or which value is too long and by what.
The depth violation is not learnable. The reason is that we don't know the actual depth of the query - we stop parsing at the max depth.
Note that the values will be used on the variables JSON part as well as the query. In a way, we can see these values as a JSON profile attributes just for the variables. | | |VIOL_GRAPHQL_INTROSPECTION_QUERY| GraphQL introspection Query | Alarm & Block | This violation will be issued when an introspection query was seen. | | |VIOL_GRAPHQL_ERROR_RESPONSE | GraphQL Error Response | Alarm & Block | GraphQL disallowed pattern in response. | | -|VIOL_GRPC_FORMAT | gRPC data does not comply with format settings | Alarm | The system checks that the request contains gRPC content and complies with the various request limits within the defense configuration in the security policy's gRPC Content Profile. Enforces valid gRPC requests and protects the server from Protocol Buffers parser attacks. This violation is generated when a gRPC request does not meet restrictive conditions in the gRPC Content Profile, such as the message length or existence of unknown fields. | | -|VIOL_GRPC_MALFORMED | Malformed gRPC data | Alarm & Block | The system checks that the request contains gRPC content that is well-formed. Enforces parsable gRPC requests. | | -|VIOL_GRPC_METHOD | Illegal gRPC method | Alarm | The system checks that the gRPC service method invoked matches one of the methods defined in the IDL file. The violation is triggered if the method does not appear there. | | -|VIOL_HEADER_LENGTH | Illegal header length | Alarm | The system checks that the request includes a total HTTP header length that does not exceed the length specified in the security policy. | The actual size in default policy is 4 KB | -|VIOL_HEADER_METACHAR | Illegal meta character in header | Alarm | The system checks that the values of all headers within the request only contain meta characters defined as allowed in the security policy. | | -|VIOL_HTTP_PROTOCOL | HTTP protocol compliance failed | Alarm | This category contains a list of validation checks that the system performs on HTTP requests to ensure that the requests are formatted properly. | | -|VIOL_HTTP_RESPONSE_STATUS | Illegal HTTP response status | Alarm | The server response contains an HTTP status code that is not defined as valid in the security policy. | | -|VIOL_JSON_FORMAT | JSON data does not comply with format settings | Alarm | The system checks that the request contains JSON content and complies with the various request limits within the defense configuration in the security policy's JSON profile. Enforces valid JSON requests and protects the server from JSON parser attacks. This violation is generated when a problem is detected in a JSON request, generally checking the message according to boundaries such as the message's size and meta characters in parameter value. | Controlled from the default JSON profile. | -|VIOL_JSON_MALFORMED | Malformed JSON data | Alarm & Block | The system checks that the request contains JSON content that is well-formed. Enforces parsable JSON requests. | | -|VIOL_JSON_SCHEMA | JSON data does not comply with JSON schema | Alarm | The system checks that the incoming request contains JSON data that matches the schema file that is part of a JSON profile configured in the security policy. Enforces proper JSON requests defined by the schema. | | -|VIOL_MANDATORY_PARAMETER | Mandatory parameter is missing | Alarm | The system checks that parameter marked as mandatory exists in the request. | | -|VIOL_MANDATORY_REQUEST_BODY | Mandatory request body is missing | Alarm | The system checks that the body exists in the request | | -|VIOL_METHOD | Illegal method | Alarm | The system checks that the request references an HTTP request method that is found in the security policy. Enforces desired HTTP methods; GET and POST are always allowed. | These HTTP methods are supported:
  • GET
  • HEAD
  • POST
  • PUT
  • PATCH
  • DELETE
  • OPTIONS
| -|VIOL_PARAMETER | Illegal parameter | Alarm | The system checks that every parameter in the request is defined in the security policy. | | -|VIOL_PARAMETER_ARRAY_VALUE | Illegal parameter array value | Alarm | The value of an item in an array parameter is not according to the defined data type. | | -|VIOL_PARAMETER_DATA_TYPE | Illegal parameter data type | Alarm | The system checks that the request contains a parameter whose data type matches the data type defined in the security policy. The data types that this violation applies to are integer, email, and phone. | | -|VIOL_PARAMETER_EMPTY_VALUE | Illegal empty parameter value | Alarm | The system checks that the request contains a parameter whose value is not empty when it must contain a value. | | -|VIOL_PARAMETER_LOCATION | Illegal parameter location | Alarm | The parameter was found in a different location than it was configured in the policy. | | -|VIOL_PARAMETER_MULTIPART_NULL_VALUE | Null in multi-part parameter value | Disabled | The system checks that the multi-part request has a parameter value that does not contain the NULL character (0x00). If a multipart parameter with binary content type contains NULL in its value, the Enforcer issues this violation. The exceptions to this are:
  • If that parameter is configured in the policy as `Ignore value`.
  • If that parameter is configured in the security policy as `user-input file-upload`.
  • If the parameter has a content-type that contains the string 'XML' and the parameter value contains a valid UTF16 encoded XML document (the encoding is valid). In this case NULL is allowed as it is part of the UTF16 encoding.
| | -|VIOL_PARAMETER_NAME_METACHAR | Illegal meta character in parameter name | Alarm | The system checks that all parameter names within the incoming request only contain meta characters defined as allowed in the security policy. | | -|VIOL_PARAMETER_NUMERIC_VALUE | Illegal parameter numeric value | Alarm | The system checks that the incoming request contains a parameter whose value is in the range of decimal or integer values defined in the security policy. | | -|VIOL_PARAMETER_REPEATED | Illegal repeated parameter name | Alarm | Detected multiple parameters of the same name in a single HTTP request. | | -|VIOL_PARAMETER_STATIC_VALUE | Illegal static parameter value | Alarm | The system checks that the request contains a static parameter whose value is defined in the security policy. Prevents static parameter change. NGINX App Protect WAF can be configured to block parameter values that are not in a predefined list. Parameters can be defined on each of the following levels: file type, URL, and flow. Each parameter can be one of the following types: explicit or wildcard. | | -|VIOL_PARAMETER_VALUE_BASE64 | Illegal Base64 value | Alarm | The system checks that the value is a valid Base64 string. If the value is indeed Base64, the system decodes this value and continues with its security checks. | | -|VIOL_PARAMETER_VALUE_LENGTH | Illegal parameter value length | Alarm | The system checks that the request contains a parameter whose value length (in bytes) matches the value length defined in the security policy. | | -|VIOL_PARAMETER_VALUE_METACHAR | Illegal meta character in value | Alarm | The system checks that all parameter values, XML element/attribute values, or JSON values within the request only contain meta characters defined as allowed in the security policy. Enforces proper input values. In case of a violation, the reported value represents the decimal ASCII value (metachar_index), or, in case of using "json_log" the hexadecimal ASCII value (metachar) of the violating character. | | -|VIOL_PARAMETER_VALUE_REGEXP | Parameter value does not comply with regular expression | Alarm | The system checks that the request contains an alphanumeric parameter value that matches the expected pattern specified by the regular-expression field for that parameter. Prevents HTTP requests which do not comply with a defined pattern. NGINX App Protect WAF lets you set up a regular expression to block requests where a parameter value does not match the regular expression. | | -|VIOL_POST_DATA_LENGTH | Illegal POST data length | Alarm | The system checks that the request contains POST data whose length does not exceed the acceptable length specified in the security policy. | In * file type entity. This check is disabled by default. | -|VIOL_QUERY_STRING_LENGTH | Illegal query string length | Alarm | The system checks that the request contains a query string whose length does not exceed the acceptable length specified in the security policy. | In * file type entity. Actual size is 2 KB. | -|VIOL_RATING_THREAT | Request is likely a threat | Alarm & Block | The combination of violations in this request determined that the request is likely to be a threat. | For VR = 4 or 5 | -|VIOL_RATING_NEED_EXAMINATION | Request needs further examination | Disabled | The combination of violations could not determine whether the request is a threat or violations are false positives thus requiring more examination. | For VR = 3 | -|VIOL_REQUEST_LENGTH | Illegal request length | Alarm | The system checks that the request length does not exceed the acceptable length specified in the security policy per the requested file type. | In * file type entity. This check is disabled by default. | -|VIOL_REQUEST_MAX_LENGTH | Request length exceeds defined buffer size | Alarm & Block| The system checks that the request length is not larger than the maximum memory buffer size. Note that this protects NGINX App Protect WAF from consuming too much memory across all security policies which are active on the device. | Default is 10MB | +|VIOL_GRPC_FORMAT | gRPC data does not comply with format settings | Alarm | The system checks that the request contains gRPC content and complies with the various request limits within the defense configuration in the security policy's gRPC Content Profile. Enforces valid gRPC requests and protects the server from Protocol Buffers parser attacks. This violation is generated when a gRPC request does not meet restrictive conditions in the gRPC Content Profile, such as the message length or existence of unknown fields. | | +|VIOL_GRPC_MALFORMED | Malformed gRPC data | Alarm & Block | The system checks that the request contains gRPC content that is well-formed. Enforces parsable gRPC requests. | | +|VIOL_GRPC_METHOD | Illegal gRPC method | Alarm | The system checks that the gRPC service method invoked matches one of the methods defined in the IDL file. The violation is triggered if the method does not appear there. | | +|VIOL_HEADER_LENGTH | Illegal header length | Alarm | The system checks that the request includes a total HTTP header length that does not exceed the length specified in the security policy. | The actual size in default policy is 4 KB | +|VIOL_HEADER_METACHAR | Illegal meta character in header | Alarm | The system checks that the values of all headers within the request only contain meta characters defined as allowed in the security policy. | | +|VIOL_HTTP_PROTOCOL | HTTP protocol compliance failed | Alarm | This category contains a list of validation checks that the system performs on HTTP requests to ensure that the requests are formatted properly. | | +|VIOL_HTTP_RESPONSE_STATUS | Illegal HTTP response status | Alarm | The server response contains an HTTP status code that is not defined as valid in the security policy. | | +|VIOL_JSON_FORMAT | JSON data does not comply with format settings | Alarm | The system checks that the request contains JSON content and complies with the various request limits within the defense configuration in the security policy's JSON profile. Enforces valid JSON requests and protects the server from JSON parser attacks. This violation is generated when a problem is detected in a JSON request, generally checking the message according to boundaries such as the message's size and meta characters in parameter value. | Controlled from the default JSON profile. | +|VIOL_JSON_MALFORMED | Malformed JSON data | Alarm & Block | The system checks that the request contains JSON content that is well-formed. Enforces parsable JSON requests. | | +|VIOL_JSON_SCHEMA | JSON data does not comply with JSON schema | Alarm | The system checks that the incoming request contains JSON data that matches the schema file that is part of a JSON profile configured in the security policy. Enforces proper JSON requests defined by the schema. | | +|VIOL_MANDATORY_PARAMETER | Mandatory parameter is missing | Alarm | The system checks that parameter marked as mandatory exists in the request. | | +|VIOL_MANDATORY_REQUEST_BODY | Mandatory request body is missing | Alarm | The system checks that the body exists in the request | | +|VIOL_METHOD | Illegal method | Alarm | The system checks that the request references an HTTP request method that is found in the security policy. Enforces desired HTTP methods; GET and POST are always allowed. | These HTTP methods are supported:
  • GET
  • HEAD
  • POST
  • PUT
  • PATCH
  • DELETE
  • OPTIONS
| +|VIOL_PARAMETER | Illegal parameter | Alarm | The system checks that every parameter in the request is defined in the security policy. | | +|VIOL_PARAMETER_ARRAY_VALUE | Illegal parameter array value | Alarm | The value of an item in an array parameter is not according to the defined data type. | | +|VIOL_PARAMETER_DATA_TYPE | Illegal parameter data type | Alarm | The system checks that the request contains a parameter whose data type matches the data type defined in the security policy. The data types that this violation applies to are integer, email, and phone. | | +|VIOL_PARAMETER_EMPTY_VALUE | Illegal empty parameter value | Alarm | The system checks that the request contains a parameter whose value is not empty when it must contain a value. | | +|VIOL_PARAMETER_LOCATION | Illegal parameter location | Alarm | The parameter was found in a different location than it was configured in the policy. | | +|VIOL_PARAMETER_MULTIPART_NULL_VALUE | Null in multi-part parameter value | Disabled | The system checks that the multi-part request has a parameter value that does not contain the NULL character (0x00). If a multipart parameter with binary content type contains NULL in its value, the Enforcer issues this violation. The exceptions to this are:
  • If that parameter is configured in the policy as `Ignore value`.
  • If that parameter is configured in the security policy as `user-input file-upload`.
  • If the parameter has a content-type that contains the string 'XML' and the parameter value contains a valid UTF16 encoded XML document (the encoding is valid). In this case NULL is allowed as it is part of the UTF16 encoding.
| | +|VIOL_PARAMETER_NAME_METACHAR | Illegal meta character in parameter name | Alarm | The system checks that all parameter names within the incoming request only contain meta characters defined as allowed in the security policy. | | +|VIOL_PARAMETER_NUMERIC_VALUE | Illegal parameter numeric value | Alarm | The system checks that the incoming request contains a parameter whose value is in the range of decimal or integer values defined in the security policy. | | +|VIOL_PARAMETER_REPEATED | Illegal repeated parameter name | Alarm | Detected multiple parameters of the same name in a single HTTP request. | | +|VIOL_PARAMETER_STATIC_VALUE | Illegal static parameter value | Alarm | The system checks that the request contains a static parameter whose value is defined in the security policy. Prevents static parameter change. NGINX App Protect WAF can be configured to block parameter values that are not in a predefined list. Parameters can be defined on each of the following levels: file type, URL, and flow. Each parameter can be one of the following types: explicit or wildcard. | | +|VIOL_PARAMETER_VALUE_BASE64 | Illegal Base64 value | Alarm | The system checks that the value is a valid Base64 string. If the value is indeed Base64, the system decodes this value and continues with its security checks. | | +|VIOL_PARAMETER_VALUE_LENGTH | Illegal parameter value length | Alarm | The system checks that the request contains a parameter whose value length (in bytes) matches the value length defined in the security policy. | | +|VIOL_PARAMETER_VALUE_METACHAR | Illegal meta character in value | Alarm | The system checks that all parameter values, XML element/attribute values, or JSON values within the request only contain meta characters defined as allowed in the security policy. Enforces proper input values. In case of a violation, the reported value represents the decimal ASCII value (metachar_index), or, in case of using "json_log" the hexadecimal ASCII value (metachar) of the violating character. | | +|VIOL_PARAMETER_VALUE_REGEXP | Parameter value does not comply with regular expression | Alarm | The system checks that the request contains an alphanumeric parameter value that matches the expected pattern specified by the regular-expression field for that parameter. Prevents HTTP requests which do not comply with a defined pattern. NGINX App Protect WAF lets you set up a regular expression to block requests where a parameter value does not match the regular expression. | | +|VIOL_POST_DATA_LENGTH | Illegal POST data length | Alarm | The system checks that the request contains POST data whose length does not exceed the acceptable length specified in the security policy. | In * file type entity. This check is disabled by default. | +|VIOL_QUERY_STRING_LENGTH | Illegal query string length | Alarm | The system checks that the request contains a query string whose length does not exceed the acceptable length specified in the security policy. | In * file type entity. Actual size is 2 KB. | +|VIOL_RATING_THREAT | Request is likely a threat | Alarm & Block | The combination of violations in this request determined that the request is likely to be a threat. | For VR = 4 or 5 | +|VIOL_RATING_NEED_EXAMINATION | Request needs further examination | Disabled | The combination of violations could not determine whether the request is a threat or violations are false positives thus requiring more examination. | For VR = 3 | +|VIOL_REQUEST_LENGTH | Illegal request length | Alarm | The system checks that the request length does not exceed the acceptable length specified in the security policy per the requested file type. | In * file type entity. This check is disabled by default. | +|VIOL_REQUEST_MAX_LENGTH | Request length exceeds defined buffer size | Alarm & Block| The system checks that the request length is not larger than the maximum memory buffer size. Note that this protects NGINX App Protect WAF from consuming too much memory across all security policies which are active on the device. | Default is 10MB | |VIOL_RULE | Actionable override rule was triggered. | Disabled |A policy override rule with an action was triggered.| | |VIOL_THREAT_CAMPAIGN | Threat Campaign detected | Alarm & Block | The system examines the HTTP message for known threat campaigns by matching it against known attack patterns. | | |VIOL_URL | Illegal URL | Alarm | The system checks that the requested URL is configured as a valid URL, or not configured as an invalid URL, within the security policy. | | diff --git a/content/includes/nap-waf/config/common/time-based-sig-config.md b/content/includes/nap-waf/config/common/time-based-sig-config.md index 1c636970c..6c5427e39 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-config.md +++ b/content/includes/nap-waf/config/common/time-based-sig-config.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1491 +nd-docs: DOCS-1491 --- A new property known as `stagingCertificationDatetime` is added to `signature-settings` section. All signatures that were created or modified in a signature update that is later than that time are in staging while all the rest are enforced and not in staging. diff --git a/content/includes/nap-waf/config/common/time-based-sig-enforce-mod-sig.md b/content/includes/nap-waf/config/common/time-based-sig-enforce-mod-sig.md index f7994084d..cfd8d0534 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-enforce-mod-sig.md +++ b/content/includes/nap-waf/config/common/time-based-sig-enforce-mod-sig.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1495 +nd-docs: DOCS-1495 --- All signatures are considered to be in staging if their creation or modification time is later than the `stagingCertificationDatetime`. diff --git a/content/includes/nap-waf/config/common/time-based-sig-latest-cert-time.md b/content/includes/nap-waf/config/common/time-based-sig-latest-cert-time.md index 8e4841a36..01af06ac1 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-latest-cert-time.md +++ b/content/includes/nap-waf/config/common/time-based-sig-latest-cert-time.md @@ -1,9 +1,9 @@ --- -docs: DOCS-1490 +nd-docs: DOCS-1490 --- The latest signatures certification time is the timestamp (in date-time ISO format) as the time the signatures in the policy are considered as β€œtrusted” by the user and separates enforced signatures from signatures in staging. -When this value is not defined and the staging flag is enabled, it means that all the signatures in the policy are in staging. If the signature was added to the policy but was created and last modified before the certification date-time then it will not be in staging. +When this value is not defined and the staging flag is enabled, it means that all the signatures in the policy are in staging. If the signature was added to the policy but was created and last modified before the certification date-time then it will not be in staging. A signature is considered new if it was introduced by a recent signature update that was applied to the respective policy. Note that signatures that were added later to the policy (by adding a new signature set) are not considered new unless they were added in the recent signature update. These signatures will not be in staging. \ No newline at end of file diff --git a/content/includes/nap-waf/config/common/time-based-sig-log-report.md b/content/includes/nap-waf/config/common/time-based-sig-log-report.md index b340c819e..bd7711a9b 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-log-report.md +++ b/content/includes/nap-waf/config/common/time-based-sig-log-report.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1494 +nd-docs: DOCS-1494 --- Time-based Signature will be logged and reported in the Security log without blocking the request as discussed in the above section. @@ -7,7 +7,7 @@ Time-based Signature will be logged and reported in the Security log without blo Security log will have the following new fields under the enforcementState: - The Violation Rating if there was no staging - `ratingIncludingViolationsInStaging` - The `stagingCertificationDatetime` from the policy -- The specific staging state of the signature +- The specific staging state of the signature - The `lastUpdateTime` of the signature - for the user to be able to determine why the signature was (or was not) in staging. ```json diff --git a/content/includes/nap-waf/config/common/time-based-sig-new-policy.md b/content/includes/nap-waf/config/common/time-based-sig-new-policy.md index b1ec698a5..23a19ee97 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-new-policy.md +++ b/content/includes/nap-waf/config/common/time-based-sig-new-policy.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1493 +nd-docs: DOCS-1493 --- When a new policy is deployed, the user prefers to have all its signatures present in the staging environment. To facilitate this, the `performStaging` flag is configured to true at the signature settings level. \ No newline at end of file diff --git a/content/includes/nap-waf/config/common/time-based-sig-overview.md b/content/includes/nap-waf/config/common/time-based-sig-overview.md index 30970d3ba..e3b89949f 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-overview.md +++ b/content/includes/nap-waf/config/common/time-based-sig-overview.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1498 +nd-docs: DOCS-1498 --- When new attack signatures are introduced in an App Protect policy, the policy is tested in a staging environment first before being promoted to production. However, in some instances where it is challenging to replicate real traffic accurately in the staging environment, the detection of genuine attacks becomes difficult. There can be false positives and expose the application to attacks. For such cases, we need to deploy the new signatures in staging environment in β€œstaging” mode. diff --git a/content/includes/nap-waf/config/common/time-based-sig-update-sig.md b/content/includes/nap-waf/config/common/time-based-sig-update-sig.md index 557b2ec5a..191dfdc52 100644 --- a/content/includes/nap-waf/config/common/time-based-sig-update-sig.md +++ b/content/includes/nap-waf/config/common/time-based-sig-update-sig.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1492 +nd-docs: DOCS-1492 --- After applying a signature update (F5 or user-defined), and assuming the update creation time is later than the previous signature update applied to the policy (in other words, the signatures are upgraded, not downgraded), then all the signatures that were affected by the update (created or modified) are automatically put in staging. That's because their modification time is newer than the current `stagingCertificationDatetime`. Signatures that were not affected by the update will **not** be in staging. \ No newline at end of file diff --git a/content/includes/nap-waf/config/common/types-of-openapi-references.md b/content/includes/nap-waf/config/common/types-of-openapi-references.md index c04f0c2c2..8316e15fc 100644 --- a/content/includes/nap-waf/config/common/types-of-openapi-references.md +++ b/content/includes/nap-waf/config/common/types-of-openapi-references.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1636" +nd-docs: "DOCS-1636" --- There are different ways of referencing OpenAPI Specification files. The configuration is similar to [External References](#external-references). diff --git a/content/includes/nap-waf/config/common/types-of-references.md b/content/includes/nap-waf/config/common/types-of-references.md index 44c116c73..dfc5403c3 100644 --- a/content/includes/nap-waf/config/common/types-of-references.md +++ b/content/includes/nap-waf/config/common/types-of-references.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1601" +nd-docs: "DOCS-1601" --- There are different implementations based on the type of references that are being made. diff --git a/content/includes/nap-waf/config/common/unsupported-configuration.md b/content/includes/nap-waf/config/common/unsupported-configuration.md index edc358d1d..b378143df 100644 --- a/content/includes/nap-waf/config/common/unsupported-configuration.md +++ b/content/includes/nap-waf/config/common/unsupported-configuration.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1569" +nd-docs: "DOCS-1569" --- There are some NGINX features that don't work well with NGINX App Protect WAF. Modules that use subrequest do not work when calling or being called from a scope that contains `app_protect_enable on`. Other modules that expect to receive the Range header (Slice for example) are also unsupported in the same scope as `app_protect_enable on`. For example, the following configuration is unsupported, but in the examples above you can find examples of work arounds for these features. diff --git a/content/includes/nap-waf/config/common/user-defined-browser-control.md b/content/includes/nap-waf/config/common/user-defined-browser-control.md index 788ee9d8a..90ffce2c3 100644 --- a/content/includes/nap-waf/config/common/user-defined-browser-control.md +++ b/content/includes/nap-waf/config/common/user-defined-browser-control.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1543" +nd-docs: "DOCS-1543" --- The User-Defined Browser Control feature allows a user to define new custom browsers, and create a list of allowed or disallowed browsers (both user-defined and factory preset browsers) used by the client application. It mainly provides the opportunity: diff --git a/content/includes/nap-waf/config/common/user-defined-signature-sets.md b/content/includes/nap-waf/config/common/user-defined-signature-sets.md index 230bcb52f..f9c2f0a76 100644 --- a/content/includes/nap-waf/config/common/user-defined-signature-sets.md +++ b/content/includes/nap-waf/config/common/user-defined-signature-sets.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1596" +nd-docs: "DOCS-1596" --- NGINX App Protect WAF comes with pre-defined signatures and signature sets. Also, the user can create their own user-defined signatures (as we have seen above) as well as user-defined signature sets. User-defined Signature sets are suitable for organizing the sheer number of pre-defined and user-defined signatures into logical sets for better use in the policy. For pre-defined signatures, there are two ways of managing signature sets: manual addition of signatures using the signature unique IDs, or filtering signatures based on specific criteria, like request/response, risk level, accuracy level, attack type, systems, etc. For the user-defined signatures, signature IDs are automatically generated, and they cannot be used in manual addition of signatures. Therefore, only one way is possible: filtering based on tag, request/response, risk level, accuracy level, attack type, systems, etc. diff --git a/content/includes/nap-waf/config/common/user-defined-signatures.md b/content/includes/nap-waf/config/common/user-defined-signatures.md index 98c3dc4dc..f98ad16dd 100644 --- a/content/includes/nap-waf/config/common/user-defined-signatures.md +++ b/content/includes/nap-waf/config/common/user-defined-signatures.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1603" +nd-docs: "DOCS-1603" --- Another useful expansion to the customization capabilities is the ability to create user-defined signatures. This capability allows the user to define new signatures, configure how they behave in terms of enforcement, and categorize them in user-defined signature sets (using tags) for ease of management. diff --git a/content/includes/nap-waf/config/common/violations.md b/content/includes/nap-waf/config/common/violations.md index 38ddf9b57..7feaabc9d 100644 --- a/content/includes/nap-waf/config/common/violations.md +++ b/content/includes/nap-waf/config/common/violations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1577" +nd-docs: "DOCS-1577" --- App Protect violations are rated by the App Protect algorithms to help distinguish between attacks and potential false positive alerts. A violation rating is a numerical rating that our algorithms give to requests based on the presence of violation(s). Each violation type and severity contributes to the calculation of the final rating. The final rating then defines the action taken for the specific request. As per the default policy, any violation rating of 1, 2 and 3 will not cause the request to be blocked and only a log will be generated with **alerted** status. If the violation rating is 4 or 5, the request is blocked: a blocking page is displayed and a log generated for the transaction with **blocked** status. Violation ratings are displayed in the logs by default. \ No newline at end of file diff --git a/content/includes/nap-waf/default-conf-hostname.md b/content/includes/nap-waf/default-conf-hostname.md index 406d6b92e..9dc5316fb 100644 --- a/content/includes/nap-waf/default-conf-hostname.md +++ b/content/includes/nap-waf/default-conf-hostname.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1514" +nd-docs: "DOCS-1514" --- ```nginx diff --git a/content/includes/nap-waf/default-conf-localhost.md b/content/includes/nap-waf/default-conf-localhost.md index 24d2fb837..070afb43a 100644 --- a/content/includes/nap-waf/default-conf-localhost.md +++ b/content/includes/nap-waf/default-conf-localhost.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1515" +nd-docs: "DOCS-1515" --- ```nginx diff --git a/content/includes/nap-waf/download-certificates.md b/content/includes/nap-waf/download-certificates.md index 16dd460a0..f4d83ff12 100644 --- a/content/includes/nap-waf/download-certificates.md +++ b/content/includes/nap-waf/download-certificates.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1517" +nd-docs: "DOCS-1517" --- Log in to [My F5](https://my.f5.com) and download the following two files from your active NGINX App Protect WAF subscription: diff --git a/content/includes/nap-waf/how-to/bidirectional-configuration.md b/content/includes/nap-waf/how-to/bidirectional-configuration.md index f9db4a918..8ef9c6dd6 100644 --- a/content/includes/nap-waf/how-to/bidirectional-configuration.md +++ b/content/includes/nap-waf/how-to/bidirectional-configuration.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- The only configuration related to streaming is the IDL file or more specifically the `rpc` declaration. The keyword `stream` indicates that the message on the respective side is streaming.

For example: diff --git a/content/includes/nap-waf/nginx-conf-hostname-docker.md b/content/includes/nap-waf/nginx-conf-hostname-docker.md index f4e4dea4b..301738d44 100644 --- a/content/includes/nap-waf/nginx-conf-hostname-docker.md +++ b/content/includes/nap-waf/nginx-conf-hostname-docker.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1516" +nd-docs: "DOCS-1516" --- ```nginx diff --git a/content/includes/nap-waf/nginx-conf-localhost.md b/content/includes/nap-waf/nginx-conf-localhost.md index a87a5b16a..018bcba33 100644 --- a/content/includes/nap-waf/nginx-conf-localhost.md +++ b/content/includes/nap-waf/nginx-conf-localhost.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1518" +nd-docs: "DOCS-1518" --- ```nginx diff --git a/content/includes/nap-waf/setup-docker-registry.md b/content/includes/nap-waf/setup-docker-registry.md index fc2896154..9ace0cb63 100644 --- a/content/includes/nap-waf/setup-docker-registry.md +++ b/content/includes/nap-waf/setup-docker-registry.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1508" +nd-docs: "DOCS-1508" --- Configure Docker to interact with the F5 Container Registry at `private-registry.nginx.com`: diff --git a/content/includes/nap-waf/upgrade-recompile-warning.md b/content/includes/nap-waf/upgrade-recompile-warning.md index aeb993e2a..970b58e72 100644 --- a/content/includes/nap-waf/upgrade-recompile-warning.md +++ b/content/includes/nap-waf/upgrade-recompile-warning.md @@ -1,10 +1,10 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- {{< warning >}} -When upgrading, you must recompile all policy and log bundles using the latest WAF compiler. +When upgrading, you must recompile all policy and log bundles using the latest WAF compiler. Older bundles will be detected and disallowed. diff --git a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md b/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md index b22a14342..5979df586 100644 --- a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md +++ b/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1441" +nd-docs: "DOCS-1441" --- To avoid client service interruptions when upgrading NGINX Gateway Fabric, you can configure [`PreStop` hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) to delay terminating the NGINX Gateway Fabric pod, allowing the pod to complete certain actions before shutting down. This ensures a smooth upgrade without any downtime, also known as a zero downtime upgrade. diff --git a/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md b/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md index 8b2b3f473..6f21d5702 100644 --- a/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md +++ b/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1440" +nd-docs: "DOCS-1440" --- Set `terminationGracePeriodSeconds` to a value that is equal to or greater than the `sleep` duration specified in the `preStop` hook (default is `30`). This setting prevents Kubernetes from terminating the pod before before the `preStop` hook has completed running. diff --git a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md index 9ae213ed8..7820399a0 100644 --- a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md +++ b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md @@ -1,7 +1,7 @@ --- title: "Expose NGINX Gateway Fabric" weight: 300 -docs: "DOCS-1427" +nd-docs: "DOCS-1427" --- There are two options for accessing NGINX Gateway Fabric depending on the type of LoadBalancer service you chose during installation: diff --git a/content/includes/ngf/installation/helm/pulling-the-chart.md b/content/includes/ngf/installation/helm/pulling-the-chart.md index b82b2f809..e42fb7f6a 100644 --- a/content/includes/ngf/installation/helm/pulling-the-chart.md +++ b/content/includes/ngf/installation/helm/pulling-the-chart.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1439" +nd-docs: "DOCS-1439" --- ```shell diff --git a/content/includes/ngf/installation/install-gateway-api-experimental-features.md b/content/includes/ngf/installation/install-gateway-api-experimental-features.md index aa95d1eb9..aec27817e 100644 --- a/content/includes/ngf/installation/install-gateway-api-experimental-features.md +++ b/content/includes/ngf/installation/install-gateway-api-experimental-features.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- To use Gateway API experimental resources, the Gateway API resources from the experimental channel must be installed before deploying NGINX Gateway Fabric. Additionally, NGINX Gateway Fabric must have experimental features enabled. diff --git a/content/includes/ngf/installation/install-gateway-api-resources.md b/content/includes/ngf/installation/install-gateway-api-resources.md index 3932dad32..bab5a44bd 100644 --- a/content/includes/ngf/installation/install-gateway-api-resources.md +++ b/content/includes/ngf/installation/install-gateway-api-resources.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1438" +nd-docs: "DOCS-1438" --- {{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginx/nginx-gateway-fabric/blob/v{{< version-ngf >}}/README.md#technical-specifications). {{}} diff --git a/content/includes/ngf/installation/jwt-password-note.md b/content/includes/ngf/installation/jwt-password-note.md index 4cfeec8b9..6cc40d962 100644 --- a/content/includes/ngf/installation/jwt-password-note.md +++ b/content/includes/ngf/installation/jwt-password-note.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- {{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history: diff --git a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md index 0bfceec95..0ad007efa 100644 --- a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md +++ b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- {{< note >}} If you would rather pull the NGINX Plus image and push to a private registry, you can skip this specific step and instead follow [this step]({{< ref "/ngf/install/nginx-plus.md#pull-an-image-for-local-use" >}}). {{< /note >}} diff --git a/content/includes/ngf/installation/nginx-plus/download-jwt.md b/content/includes/ngf/installation/nginx-plus/download-jwt.md index d89c65a43..78ad1cbf8 100644 --- a/content/includes/ngf/installation/nginx-plus/download-jwt.md +++ b/content/includes/ngf/installation/nginx-plus/download-jwt.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md b/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md index 1a5beb474..be8a0b9f4 100644 --- a/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md +++ b/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- Place the JWT in a file called `license.jwt`. Create a Kubernetes Secret using the contents of the JWT file. diff --git a/content/includes/ngf/installation/uninstall-gateway-api-resources.md b/content/includes/ngf/installation/uninstall-gateway-api-resources.md index d5631d1f5..92a857ff6 100644 --- a/content/includes/ngf/installation/uninstall-gateway-api-resources.md +++ b/content/includes/ngf/installation/uninstall-gateway-api-resources.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1436" +nd-docs: "DOCS-1436" --- {{< warning >}} This will remove all corresponding custom resources in your entire cluster, across all namespaces. Double-check to make sure you don't have any custom resources you need to keep, and confirm that there are no other Gateway API implementations active in your cluster. {{}} diff --git a/content/includes/ngf/installation/upgrade-api-resources.md b/content/includes/ngf/installation/upgrade-api-resources.md index c8ad3d706..adaed0b1a 100644 --- a/content/includes/ngf/installation/upgrade-api-resources.md +++ b/content/includes/ngf/installation/upgrade-api-resources.md @@ -1,10 +1,10 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- To upgrade your Gateway API resources, take the following steps: -- Use [Technical specifications]({{< ref "/ngf/reference/technical-specifications.md" >}}) to verify your Gateway API resources are compatible with your NGINX Gateway Fabric version. +- Use [Technical specifications]({{< ref "/ngf/reference/technical-specifications.md" >}}) to verify your Gateway API resources are compatible with your NGINX Gateway Fabric version. - Review the [release notes](https://github.com/kubernetes-sigs/gateway-api/releases) for any important upgrade-specific information. To upgrade the Gateway API resources, run the following command: diff --git a/content/includes/nginx-one/add-file/new-ssl-bundle.md b/content/includes/nginx-one/add-file/new-ssl-bundle.md index 4ba76c690..c078213e5 100644 --- a/content/includes/nginx-one/add-file/new-ssl-bundle.md +++ b/content/includes/nginx-one/add-file/new-ssl-bundle.md @@ -2,7 +2,7 @@ docs: --- -First you can select the toggle to allow NGINX One Console to manaage the new certificate or bundle. +First you can select the toggle to allow NGINX One Console to manage the new certificate or bundle. In the screen that appears, you can add a certificate name. If you don't add a name, NGINX One will add a name for you, based on the expiration date for the certificate. diff --git a/content/includes/nginx-one/cloud-access-nginx.md b/content/includes/nginx-one/cloud-access-nginx.md new file mode 100644 index 000000000..7756edc80 --- /dev/null +++ b/content/includes/nginx-one/cloud-access-nginx.md @@ -0,0 +1,11 @@ +--- +files: + - content/nginx-one/secure-your-fleet/secure.md + - content/nginx-one/getting-started.md +--- + +Once you've logged in with your password, you should be able to see and select the NGINX One tile. + +1. Select the **NGINX One** tile +1. If needed, select **Enable Service** +1. After the service has been enables, select **Visit Service** to load NGINX One Console diff --git a/content/includes/nginx-one/cloud-access.md b/content/includes/nginx-one/cloud-access.md new file mode 100644 index 000000000..c50a1289b --- /dev/null +++ b/content/includes/nginx-one/cloud-access.md @@ -0,0 +1,11 @@ +--- +files: + - content/nginx-one/secure-your-fleet/secure.md + - content/nginx-one/getting-started.md +--- + +Confirm an F5 Distributed Cloud tenant has been provisioned for you. Log in to MyF5 and review your subscriptions. You should see within one of your subscriptions "Distributed Cloud". This could be in either an NGINX subscription or a Distributed Cloud. If the above does not appear in any of your subscriptions, reach out to either your F5 Account Team or Customer Success Manager. + +With access, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password when the tenant was created. The account name referenced in the E-Mail in bold is the tenant name. + +Navigate to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ to access F5 Distributed Cloud. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with a role providing permissions for NGINX One. diff --git a/content/includes/nginx-one/conf/nginx-agent-conf.md b/content/includes/nginx-one/conf/nginx-agent-conf.md new file mode 100644 index 000000000..0fcbc57ea --- /dev/null +++ b/content/includes/nginx-one/conf/nginx-agent-conf.md @@ -0,0 +1,22 @@ +--- +docs: DOCS-000 +files: + - content/nginx-one/getting-started.md + - content/nginx-one/agent/containers/run-agent-container.md +--- + +```yaml +command: + server: + host: "" # Command server host + port: 443 # Command server port + auth: + token: "" # Authentication token for the command server + tls: + skip_verify: false +``` + +Replace the placeholder values: + +- ``: The URL of your NGINX One Console instance, typically https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ . +- ``: Your Data Plane key. diff --git a/content/includes/nginx-one/install-nginx.md b/content/includes/nginx-one/install-nginx.md new file mode 100644 index 000000000..cfc3863bf --- /dev/null +++ b/content/includes/nginx-one/install-nginx.md @@ -0,0 +1,10 @@ +--- +files: + - content/nginx-one/secure-your-fleet/secure.md + - content/nginx-one/getting-started.md +--- + +If you need to set up an instance of NGINX, you can do so in one of the following ways: + +- Install [NGINX Open Source or NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/" >}}). You can use the linked guide to install NGINX in a Linux environment, in a VM or on bare-metal hardware. +- [Deploy NGINX and NGINX Plus with Docker]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md" >}}) with NGINX and the NGINX Agent installed. diff --git a/content/includes/nginx-one/staged-config-overview.md b/content/includes/nginx-one/staged-config-overview.md index 9d5a6fe35..f47aec5d5 100644 --- a/content/includes/nginx-one/staged-config-overview.md +++ b/content/includes/nginx-one/staged-config-overview.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 files: - content/nginx-one/how-to/staged-configs/add-staged-config.md - content/nginx-one/how-to/staged-configs/edit-staged-config.md diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md index 126379d99..4f082614c 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- To pin NGINX Plus to a specific version (for example, R33): diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md index 763f8f7d3..6e38a6922 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md @@ -1,11 +1,11 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- To pin NGINX Plus to a specific version (for example, R32): 1. Edit the `/etc/yum.repos.d/nginx-plus-7.4.repo` file. -1. Update the repository base URL to the desired version: +1. Update the repository base URL to the desired version: ```shell baseurl=https://pkgs.nginx.com/plus/R32/centos/7/$basearch/ diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md index 369a9ebb9..d970d82c2 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md @@ -1,11 +1,11 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- To pin NGINX Plus to a specific version (for example, R33): 1. Edit the `/etc/yum.repos.d/nginx-plus-8.repo` file. -1. Update the repository base URL to the desired version: +1. Update the repository base URL to the desired version: ```shell baseurl=https://pkgs.nginx.com/plus/R33/centos/8/$basearch/ diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md index 6085a8c7d..80b5571db 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md @@ -1,11 +1,11 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 --- To pin NGINX Plus to a specific version (for example, R33): 1. Edit the `/etc/yum.repos.d/plus-9.repo` file. -1. Update the repository base URL to the desired version: +1. Update the repository base URL to the desired version: ```shell baseurl=https://pkgs.nginx.com/plus/R33/centos/9/$basearch/ diff --git a/content/includes/nginx-plus/supported-distributions.md b/content/includes/nginx-plus/supported-distributions.md new file mode 100644 index 000000000..86439439b --- /dev/null +++ b/content/includes/nginx-plus/supported-distributions.md @@ -0,0 +1,20 @@ +--- +docs: +--- + +{{}} +| Distribution | Supported on R33 | Supported on R32 | +|-------------------------------------|-----------------------------------------------|-----------------------------------------------| +| AlmaLinux | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | +| Alpine Linux | 3.17 (x86_64, aarch64) **(deprecated)**
3.18 (x86_64, aarch64)
3.19 (x86_64, aarch64)
3.20 (x86_64, aarch64) **(new)** | 3.16 (x86_64, aarch64) **(deprecated)**
3.17 (x86_64, aarch64)
3.18 (x86_64, aarch64)
3.19 (x86_64, aarch64) | +| Amazon Linux | 2023 (x86_64, aarch64) | 2023 (x86_64, aarch64) | +| Amazon Linux 2 | LTS (x86_64, aarch64) | LTS (x86_64, aarch64) | +| CentOS | **Not supported** | 7.4+ (x86_64) **(deprecated)** | +| Debian | 11 (x86_64, aarch64)
12 (x86_64, aarch64) | 11 (x86_64, aarch64)
12 (x86_64, aarch64) | +| FreeBSD | 13 (amd64)
14 (amd64) | 13 (amd64)
14 (amd64) | +| Oracle Linux | 8.1+ (x86_64, aarch64)
9 (x86_64) | 7.4+ (x86_64) **(deprecated)**
8.1+ (x86_64, aarch64)
9 (x86_64) | +| Red Hat Enterprise Linux (RHEL) | 8.1+ (x86_64, aarch64)
9.0+ (x86_64, aarch64) | 7.4+ (x86_64) **(deprecated)**
8.1+ (x86_64, aarch64)
9.0+ (x86_64, aarch64) | +| Rocky Linux | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | +| SUSE Linux Enterprise Server (SLES) | 12 SP5 (x86_64) **(deprecated)**
15 SP2+ (x86_64) | 12 SP5 (x86_64)
15 SP2+ (x86_64) | +| Ubuntu | 20.04 LTS (x86_64, aarch64)
22.04 LTS (x86_64, aarch64)
24.04 LTS (x86_64, aarch64) | 20.04 LTS (x86_64, aarch64)
22.04 LTS (x86_64, aarch64)
24.04 LTS (x86_64, aarch64 **(new)** | +{{}} \ No newline at end of file diff --git a/content/includes/nginx-plus/usage-tracking/agentless-reporting.md b/content/includes/nginx-plus/usage-tracking/agentless-reporting.md index 0cbdce2f4..55af846c6 100644 --- a/content/includes/nginx-plus/usage-tracking/agentless-reporting.md +++ b/content/includes/nginx-plus/usage-tracking/agentless-reporting.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1408 +nd-docs: DOCS-1408 --- Since [Release 31]({{< ref "/nginx/releases.md#nginxplusrelease-31-r31" >}}), NGINX Plus provides a built-in support for reporting of your NGINX Plus instances to NGINX Instance Manager without the need of installing NGINX Agent or tuning HTTP Health checks. If you participate in the [F5 Flex Consumption Program](https://www.f5.com/products/get-f5/flex-consumption-program), you will no longer need to manually track your NGINX Plus instances. diff --git a/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md b/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md index 41caaa2d1..2f8a092b1 100644 --- a/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md +++ b/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1352 +nd-docs: DOCS-1352 --- To report your NGINX Ingress Controller clusters to F5, follow these steps: diff --git a/content/includes/nginx-plus/usage-tracking/http-health-check.md b/content/includes/nginx-plus/usage-tracking/http-health-check.md index 0a0e0a90d..7cf3e8cd6 100644 --- a/content/includes/nginx-plus/usage-tracking/http-health-check.md +++ b/content/includes/nginx-plus/usage-tracking/http-health-check.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1351 +nd-docs: DOCS-1351 --- You can track NGINX Plus instances using an [HTTP Health Check]({{< ref "nginx/admin-guide/load-balancer/http-health-check" >}}) without installing NGINX Agent. This involves updating the NGINX Plus configuration file. Follow these steps: diff --git a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md b/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md index 9779c6c38..855a4b90d 100644 --- a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md +++ b/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1354 +nd-docs: DOCS-1354 --- When you install NGINX Agent on an NGINX Plus instance, it will establish a connection with Instance Manager and begin transmitting usage data. diff --git a/content/includes/nginx-plus/usage-tracking/install-nim.md b/content/includes/nginx-plus/usage-tracking/install-nim.md index b5d048227..cdbb7f7b4 100644 --- a/content/includes/nginx-plus/usage-tracking/install-nim.md +++ b/content/includes/nginx-plus/usage-tracking/install-nim.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1355 +nd-docs: DOCS-1355 --- {{}}A separate license for NGINX Instance Manager is not required to track your NGINX product usage.{{}} diff --git a/content/includes/nginx-plus/usage-tracking/overview.md b/content/includes/nginx-plus/usage-tracking/overview.md index 85af6fb49..d903d54a1 100644 --- a/content/includes/nginx-plus/usage-tracking/overview.md +++ b/content/includes/nginx-plus/usage-tracking/overview.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1349 +nd-docs: DOCS-1349 --- Start by installing NGINX Instance Manager on a dedicated host. Then, configure your NGINX Plus systems to report back to Instance Manager. Once connected, you can easily view and report on your NGINX Plus inventory using the NGINX Instance Manager REST API or web interface. You can send these reports to your F5 contact as needed. diff --git a/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md b/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md index 9ddc0a2ef..4b63bbdfd 100644 --- a/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md +++ b/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1350 +nd-docs: DOCS-1350 --- Follow these steps to view and export the list of NGINX Plus instances that have successfully registered with Instance Manager: diff --git a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md index 67bc3f358..54e2cc824 100644 --- a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md +++ b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- If the diagnostic setting destination details included a storage account, logs show up in the storage container "insights-logs-nginxlogs" with the following format: `resourceID=//y=/m=/d=
/h=/PT1H.json` diff --git a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md index 8809a824d..418c8edfc 100644 --- a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md +++ b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- If the diagnostic setting destination details included a Logs Analytics workspace, logs show up in the table "NGXOperationLogs" with the following non-standard attributes: diff --git a/content/includes/nginxaas-azure/logging-config-access-logs.md b/content/includes/nginxaas-azure/logging-config-access-logs.md index 01fba8215..63e7c12ec 100644 --- a/content/includes/nginxaas-azure/logging-config-access-logs.md +++ b/content/includes/nginxaas-azure/logging-config-access-logs.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- NGINX access logs are disabled by default. You can enable access logs by adding **access_log** directives to your NGINX configuration to specify the location of the logs and formats. The log path should always be configured to be inside **/var/log/nginx**. diff --git a/content/includes/nginxaas-azure/logging-config-error-logs.md b/content/includes/nginxaas-azure/logging-config-error-logs.md index c27d8ace8..149a960ac 100644 --- a/content/includes/nginxaas-azure/logging-config-error-logs.md +++ b/content/includes/nginxaas-azure/logging-config-error-logs.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- By default, NGINXaaS for Azure puts the error log at **/var/log/nginx/error.log**. It includes messages with severity **error** and above. diff --git a/content/includes/nginxaas-azure/logging-limitations.md b/content/includes/nginxaas-azure/logging-limitations.md index a6b636d66..8e4f9722a 100644 --- a/content/includes/nginxaas-azure/logging-limitations.md +++ b/content/includes/nginxaas-azure/logging-limitations.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- 1. File-based logs must be configured to use the path **/var/log/nginx**. diff --git a/content/includes/nginxaas-azure/ncu-description.md b/content/includes/nginxaas-azure/ncu-description.md index 138b593e6..17c015e54 100644 --- a/content/includes/nginxaas-azure/ncu-description.md +++ b/content/includes/nginxaas-azure/ncu-description.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1476" +nd-docs: "DOCS-1476" --- An NGINX Capacity Unit (NCU) quantifies the capacity of an NGINX instance based on the underlying compute resources. This abstraction allows you to specify the desired capacity in NCUs without having to consider the regional hardware differences. diff --git a/content/includes/nginxaas-azure/ssl-tls-prerequisites.md b/content/includes/nginxaas-azure/ssl-tls-prerequisites.md index 1d95d498d..def7a9e97 100644 --- a/content/includes/nginxaas-azure/ssl-tls-prerequisites.md +++ b/content/includes/nginxaas-azure/ssl-tls-prerequisites.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- NGINXaaS natively integrates with [Azure Key Vault (AKV)](https://azure.microsoft.com/en-us/products/key-vault), so you can bring your own certificates and manage them in a centralized location. You will need: diff --git a/content/includes/nginxaas-azure/terraform-prerequisites.md b/content/includes/nginxaas-azure/terraform-prerequisites.md index a0267168b..aafb6908f 100644 --- a/content/includes/nginxaas-azure/terraform-prerequisites.md +++ b/content/includes/nginxaas-azure/terraform-prerequisites.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- - Confirm that you meet the [NGINXaaS Prerequisites]({{< ref "/nginxaas-azure/getting-started/prerequisites.md" >}}). diff --git a/content/includes/nginxaas-azure/terraform-resources.md b/content/includes/nginxaas-azure/terraform-resources.md index f45c36671..0a830ca19 100644 --- a/content/includes/nginxaas-azure/terraform-resources.md +++ b/content/includes/nginxaas-azure/terraform-resources.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- - [NGINXaaS Managed Identity Documentation]({{< ref "/nginxaas-azure/getting-started/managed-identity-portal.md" >}}) diff --git a/content/includes/nic/configuration/access-control.md b/content/includes/nic/configuration/access-control.md index fade2941c..769bfbabf 100644 --- a/content/includes/nic/configuration/access-control.md +++ b/content/includes/nic/configuration/access-control.md @@ -2,7 +2,7 @@ title: Deploy a Policy for access control weight: 900 toc: true -docs: DOCS-000 +nd-docs: DOCS-000 --- This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/configuration/virtualserver-and-virtualserverroute-resources.md" >}}). diff --git a/content/includes/nic/configuration/configuration-examples.md b/content/includes/nic/configuration/configuration-examples.md index 0a0e6e3bb..c49c0790e 100644 --- a/content/includes/nic/configuration/configuration-examples.md +++ b/content/includes/nic/configuration/configuration-examples.md @@ -1,5 +1,5 @@ --- -docs: DOCS-584 +nd-docs: DOCS-584 doctypes: - '' title: Configuration examples diff --git a/content/includes/nic/configuration/global-configuration/command-line-arguments.md b/content/includes/nic/configuration/global-configuration/command-line-arguments.md index 230345052..552bba1be 100644 --- a/content/includes/nic/configuration/global-configuration/command-line-arguments.md +++ b/content/includes/nic/configuration/global-configuration/command-line-arguments.md @@ -1,5 +1,5 @@ --- -docs: DOCS-585 +nd-docs: DOCS-585 doctypes: - '' title: Command-line arguments diff --git a/content/includes/nic/configuration/global-configuration/configmap-resource.md b/content/includes/nic/configuration/global-configuration/configmap-resource.md index afa0bcf17..28296e291 100644 --- a/content/includes/nic/configuration/global-configuration/configmap-resource.md +++ b/content/includes/nic/configuration/global-configuration/configmap-resource.md @@ -4,7 +4,7 @@ weight: 300 toc: true type: how-to product: NIC -docs: DOCS-586 +nd-docs: DOCS-586 --- When using F5 NGINX Ingress Controller, you can customize or fine tune NGINX behavior using ConfigMap resources. Examples include setting the number of worker processes or customizing the access log format. @@ -184,12 +184,12 @@ For more information, view the [VirtualServer and VirtualServerRoute resources]( Zone Sync enables the [ngx_stream_zone_sync_module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) in NGINX Ingress Controller when NGINX Plus is used. Multiple replicas are required to effectively utililise this functionality. More information is available in the [How NGINX Plus Performs Zone Synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync_details/) topic. -Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. +Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml). -{{< caution >}} -If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. +{{< caution >}} +If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC. {{< /caution >}} diff --git a/content/includes/nic/configuration/global-configuration/custom-templates.md b/content/includes/nic/configuration/global-configuration/custom-templates.md index 589ce5951..6bb99f87f 100644 --- a/content/includes/nic/configuration/global-configuration/custom-templates.md +++ b/content/includes/nic/configuration/global-configuration/custom-templates.md @@ -1,5 +1,5 @@ --- -docs: DOCS-587 +nd-docs: DOCS-587 doctypes: - '' title: Custom templates diff --git a/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md index 605ab301f..b5f88b689 100644 --- a/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md +++ b/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md @@ -1,5 +1,5 @@ --- -docs: DOCS-588 +nd-docs: DOCS-588 doctypes: - '' title: GlobalConfiguration resource diff --git a/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md b/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md index e1d9a120c..e291de510 100644 --- a/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md +++ b/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md @@ -1,5 +1,5 @@ --- -docs: DOCS-586 +nd-docs: DOCS-586 doctypes: - '' title: Management ConfigMap resource @@ -7,7 +7,7 @@ toc: true weight: 300 --- -When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. +When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. --- diff --git a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md b/content/includes/nic/configuration/global-configuration/reporting-resources-status.md index 8e36733eb..f2e72fb03 100644 --- a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md +++ b/content/includes/nic/configuration/global-configuration/reporting-resources-status.md @@ -1,5 +1,5 @@ --- -docs: DOCS-589 +nd-docs: DOCS-589 doctypes: - '' title: Reporting resource status diff --git a/content/includes/nic/configuration/host-and-listener-collisions.md b/content/includes/nic/configuration/host-and-listener-collisions.md index 502ef830c..3336bb21e 100644 --- a/content/includes/nic/configuration/host-and-listener-collisions.md +++ b/content/includes/nic/configuration/host-and-listener-collisions.md @@ -2,7 +2,7 @@ title: Host and Listener collisions toc: true weight: 800 -docs: DOCS-590 +nd-docs: DOCS-590 --- This document explains how F5 NGINX Ingress Controller handles host and listener collisions between resources. diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md index ecc12435f..952b8ebb1 100644 --- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -1,5 +1,5 @@ --- -docs: DOCS-591 +nd-docs: DOCS-591 doctypes: - '' title: Advanced configuration with Annotations diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md index 642d041ae..f31e7057b 100644 --- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md +++ b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md @@ -1,5 +1,5 @@ --- -docs: DOCS-592 +nd-docs: DOCS-592 doctypes: - '' title: Advanced configuration with Snippets @@ -7,9 +7,9 @@ toc: true weight: 400 --- -Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. +Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. -Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. +Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. @@ -27,7 +27,7 @@ Snippets have the following disadvantages: - *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources. - *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources. -{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}} +{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}} ## Using snippets @@ -68,7 +68,7 @@ spec: These snippets generate the following NGINX configuration: -{{< note >}} The example is shortened for conciseness. {{< /note >}} +{{< note >}} The example is shortened for conciseness. {{< /note >}} ```nginx server { diff --git a/content/includes/nic/configuration/ingress-resources/basic-configuration.md b/content/includes/nic/configuration/ingress-resources/basic-configuration.md index bd2c10d26..6884e42b5 100644 --- a/content/includes/nic/configuration/ingress-resources/basic-configuration.md +++ b/content/includes/nic/configuration/ingress-resources/basic-configuration.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: reference product: NIC -docs: DOCS-593 +nd-docs: DOCS-593 --- This document shows a basic Ingress resource definition for F5 NGINX Ingress Controller. It load balances requests for two services as part of a single application. @@ -93,9 +93,9 @@ NGINX Ingress Controller imposes the following restrictions on Ingress resources ## Advanced configuration -NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. +NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. -These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap. +These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap. The Ingress resource only allows you to use basic NGINX features: host and path-based routing and TLS termination. diff --git a/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md b/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md index 3e92b6403..e877c906a 100644 --- a/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md +++ b/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md @@ -1,5 +1,5 @@ --- -docs: DOCS-594 +nd-docs: DOCS-594 doctypes: - '' title: Cross-namespace configuration diff --git a/content/includes/nic/configuration/ingress-resources/custom-annotations.md b/content/includes/nic/configuration/ingress-resources/custom-annotations.md index 8bbd136b0..9cd6621de 100644 --- a/content/includes/nic/configuration/ingress-resources/custom-annotations.md +++ b/content/includes/nic/configuration/ingress-resources/custom-annotations.md @@ -1,5 +1,5 @@ --- -docs: DOCS-595 +nd-docs: DOCS-595 doctypes: - '' title: Custom annotations diff --git a/content/includes/nic/configuration/policy-resource.md b/content/includes/nic/configuration/policy-resource.md index 6ea2c8121..5de80b1c1 100644 --- a/content/includes/nic/configuration/policy-resource.md +++ b/content/includes/nic/configuration/policy-resource.md @@ -4,7 +4,7 @@ weight: 500 toc: true type: how-to product: NIC -docs: DOCS-596 +nd-docs: DOCS-596 --- The Policy resource allows you to configure features like access control and rate-limiting, which you can add to your [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/). @@ -201,7 +201,7 @@ The rate limit policy will only apply to requests that contain a JWT with the sp { "user_details": { "level": "premium" - }, + }, "sub": "client1" } ``` diff --git a/content/includes/nic/configuration/security.md b/content/includes/nic/configuration/security.md index ae2f9648f..7267eaa01 100644 --- a/content/includes/nic/configuration/security.md +++ b/content/includes/nic/configuration/security.md @@ -1,5 +1,5 @@ --- -docs: DOCS-597 +nd-docs: DOCS-597 doctypes: - '' title: Security recommendations diff --git a/content/includes/nic/configuration/transportserver-resource.md b/content/includes/nic/configuration/transportserver-resource.md index b725ea2e6..ea2f3c688 100644 --- a/content/includes/nic/configuration/transportserver-resource.md +++ b/content/includes/nic/configuration/transportserver-resource.md @@ -2,7 +2,7 @@ title: TransportServer resources toc: true weight: 600 -docs: DOCS-598 +nd-docs: DOCS-598 --- This document is reference material for the TransportServer resource used by F5 NGINX Ingress Controller. diff --git a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md index 1acd05b02..a129629ed 100644 --- a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md @@ -2,7 +2,7 @@ title: VirtualServer and VirtualServerRoute resources toc: true weight: 700 -docs: DOCS-599 +nd-docs: DOCS-599 --- This document is reference material for the VirtualServer and VirtualServerRoute resources used by F5 NGINX Ingress Controller. diff --git a/content/includes/nic/installation/create-common-resources.md b/content/includes/nic/installation/create-common-resources.md index 7cfe90e48..db3ef05ea 100644 --- a/content/includes/nic/installation/create-common-resources.md +++ b/content/includes/nic/installation/create-common-resources.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1464 +nd-docs: DOCS-1464 --- In this section, you'll create resources that most NGINX Ingress Controller installations require: diff --git a/content/includes/nic/installation/create-custom-resources.md b/content/includes/nic/installation/create-custom-resources.md index d7ad9ec27..dbdbf6065 100644 --- a/content/includes/nic/installation/create-custom-resources.md +++ b/content/includes/nic/installation/create-custom-resources.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1463 +nd-docs: DOCS-1463 --- To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. diff --git a/content/includes/nic/installation/deploy-controller.md b/content/includes/nic/installation/deploy-controller.md index 5723c73ae..7dcec97bd 100644 --- a/content/includes/nic/installation/deploy-controller.md +++ b/content/includes/nic/installation/deploy-controller.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1462 +nd-docs: DOCS-1462 --- You have two options for deploying NGINX Ingress Controller: diff --git a/content/includes/nic/installation/download-jwt.md b/content/includes/nic/installation/download-jwt.md index d89c65a43..78ad1cbf8 100644 --- a/content/includes/nic/installation/download-jwt.md +++ b/content/includes/nic/installation/download-jwt.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-000" +nd-docs: "DOCS-000" --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/nic/installation/jwt-password-note.md b/content/includes/nic/installation/jwt-password-note.md index 147c67af3..040a3e142 100644 --- a/content/includes/nic/installation/jwt-password-note.md +++ b/content/includes/nic/installation/jwt-password-note.md @@ -1,5 +1,5 @@ --- -docs: +nd-docs: --- {{< note >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history: diff --git a/content/includes/nic/installation/manifests/daemonset.md b/content/includes/nic/installation/manifests/daemonset.md index c19376eb2..ff9cb072b 100644 --- a/content/includes/nic/installation/manifests/daemonset.md +++ b/content/includes/nic/installation/manifests/daemonset.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1465 +nd-docs: DOCS-1465 --- For additional context on managing containers using Kubernetes DaemonSets, refer to the official Kubernetes [DaemonSets](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) documentation. diff --git a/content/includes/nic/installation/manifests/deployment.md b/content/includes/nic/installation/manifests/deployment.md index 3786a2256..1c0f4932f 100644 --- a/content/includes/nic/installation/manifests/deployment.md +++ b/content/includes/nic/installation/manifests/deployment.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1467 +nd-docs: DOCS-1467 --- For additional context on managing containers using Kubernetes Deployments, refer to the official Kubernetes [Deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) documentation. diff --git a/content/includes/nic/installation/manifests/verify-pods-are-running.md b/content/includes/nic/installation/manifests/verify-pods-are-running.md index 9f11fa7b0..79976859f 100644 --- a/content/includes/nic/installation/manifests/verify-pods-are-running.md +++ b/content/includes/nic/installation/manifests/verify-pods-are-running.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1466 +nd-docs: DOCS-1466 --- diff --git a/content/includes/nic/rbac/set-up-rbac.md b/content/includes/nic/rbac/set-up-rbac.md index a8bd5a176..eaf9a6c6f 100644 --- a/content/includes/nic/rbac/set-up-rbac.md +++ b/content/includes/nic/rbac/set-up-rbac.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1468 +nd-docs: DOCS-1468 --- {{}}To complete these steps you need admin access to your cluster. Refer to to your Kubernetes platform's documentation to set up admin access. For Google Kubernetes Engine (GKE), you can refer to their [Role-Based Access Control guide](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).{{}} diff --git a/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md b/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md index 6e94ced35..fd850214f 100644 --- a/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md +++ b/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1295 +nd-docs: DOCS-1295 --- To use basic authentication for API requests, include your base64-encoded credentials as a "Basic" token in the "Authorization" header. To create the base64-encoded credentials, run the following command: diff --git a/content/includes/nim/admin-guide/license/add-license-webui.md b/content/includes/nim/admin-guide/license/add-license-webui.md index 805615b34..709d58e38 100644 --- a/content/includes/nim/admin-guide/license/add-license-webui.md +++ b/content/includes/nim/admin-guide/license/add-license-webui.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1660" +nd-docs: "DOCS-1660" --- 1. Go to the FQDN of your NGINX Instance Manager host and log in. diff --git a/content/includes/nim/clickhouse/clickhouse-defaults.md b/content/includes/nim/clickhouse/clickhouse-defaults.md index 1848b75f7..0fcb4cfd8 100644 --- a/content/includes/nim/clickhouse/clickhouse-defaults.md +++ b/content/includes/nim/clickhouse/clickhouse-defaults.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1238 +nd-docs: DOCS-1238 files: - content/nim/system-configuration/configure-clickhouse.md - content/nim/deploy/vm-bare-metal/install-nim-manual.md diff --git a/content/includes/nim/decoupling/note-legacy-nms-references.md b/content/includes/nim/decoupling/note-legacy-nms-references.md index 2f2263f25..89c87b10e 100644 --- a/content/includes/nim/decoupling/note-legacy-nms-references.md +++ b/content/includes/nim/decoupling/note-legacy-nms-references.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1661" +nd-docs: "DOCS-1661" --- {{}}Some commands, file paths, and configuration references still use `nms` due to the ongoing transition from NGINX Management Suite (NMS) to NGINX Instance Manager (NIM). These will be updated in future releases.{{}} \ No newline at end of file diff --git a/content/includes/nim/disconnected/license-usage-offline-script.md b/content/includes/nim/disconnected/license-usage-offline-script.md index 6f3578cea..72a5e49e0 100644 --- a/content/includes/nim/disconnected/license-usage-offline-script.md +++ b/content/includes/nim/disconnected/license-usage-offline-script.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1662" +nd-docs: "DOCS-1662" ---
@@ -26,13 +26,13 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo echo "For Licensing in Disconnected Mode:" echo "$0 -j my-jwt.jwt -i -u admin -p -o report.zip -s initial" - echo + echo echo "For Usage Reporting in Disconnected Mode:" echo "$0 -j my-jwt.jwt -i -u admin -p -o report.zip -s telemetry" - echo - echo "Note: Since NGINX Instance Manager comes with self-signed certificates by default, the --insecure flag is set in this script to run specific Curl commands." + echo + echo "Note: Since NGINX Instance Manager comes with self-signed certificates by default, the --insecure flag is set in this script to run specific Curl commands." echo "You can alter this script if you wish to change from self-signed to verified certificates in Instance Manager." - echo + echo exit 1 fi diff --git a/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md b/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md index 327fd7f18..066afb1b8 100644 --- a/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md +++ b/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md @@ -1,5 +1,5 @@ --- -docs: "DOCS-1663" +nd-docs: "DOCS-1663" --- 1. Open the `/etc/nms/nms.conf` file and add the following in the `integrations:license` section: diff --git a/content/includes/nim/docker/docker-registry-login.md b/content/includes/nim/docker/docker-registry-login.md index 05de77a8a..961380426 100644 --- a/content/includes/nim/docker/docker-registry-login.md +++ b/content/includes/nim/docker/docker-registry-login.md @@ -1,12 +1,12 @@ --- -docs: "DOCS-1666" +nd-docs: "DOCS-1666" --- 1. Download your NGINX Instance Manager subscription's JSON Web Token from MyF5. You can use the same JSON Web Token as NGINX Plus in your MyF5 portal. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} -1. Open the JSON Web Token file you downloaded from [MyF5](https://my.f5.com/manage/s/subscriptions) and copy its contents. +1. Open the JSON Web Token file you downloaded from [MyF5](https://my.f5.com/manage/s/subscriptions) and copy its contents. {{}} Make sure there are **no extra characters or spaces** when copying the contents of the JWT token: they can invalidate the token and cause 401 errors during authentication.{{}} diff --git a/content/includes/nim/how-to-access-api-docs.md b/content/includes/nim/how-to-access-api-docs.md index 26a1e6d8a..4375880e2 100644 --- a/content/includes/nim/how-to-access-api-docs.md +++ b/content/includes/nim/how-to-access-api-docs.md @@ -1,5 +1,5 @@ --- -docs: DOCS-991 +nd-docs: DOCS-991 --- You can access the NGINX Instance Manager API documentation from the web interface: diff --git a/content/includes/nim/how-to-access-nim-api.md b/content/includes/nim/how-to-access-nim-api.md index d5af8cac6..66cea5c68 100644 --- a/content/includes/nim/how-to-access-nim-api.md +++ b/content/includes/nim/how-to-access-nim-api.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1050 +nd-docs: DOCS-1050 --- You can use tools like `curl` or [Postman](https://www.postman.com) to interact with the NGINX Instance Manager REST API. The API URL is `https:///api/[nim|platform]/`, and each request requires authentication. For more details on authentication options, see the [API Overview]({{< ref "/nim/fundamentals/api-overview.md" >}}). diff --git a/content/includes/nim/installation/install-script-flags/distribution.md b/content/includes/nim/installation/install-script-flags/distribution.md index 2d6c65cd3..7132ad0e0 100644 --- a/content/includes/nim/installation/install-script-flags/distribution.md +++ b/content/includes/nim/installation/install-script-flags/distribution.md @@ -10,5 +10,5 @@ files: To see the list of supported distributions, run: ```shell -grep '\-d distribution' install-nim-bundle.sh +install-nim-bundle.sh -l ``` \ No newline at end of file diff --git a/content/includes/nim/kubernetes/access-webui-helm.md b/content/includes/nim/kubernetes/access-webui-helm.md index 90c02e86c..76e22288e 100644 --- a/content/includes/nim/kubernetes/access-webui-helm.md +++ b/content/includes/nim/kubernetes/access-webui-helm.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1323 +nd-docs: DOCS-1323 --- You can access the NGINX Instance Manager web interface using the external IP address for the API Gateway. diff --git a/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md b/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md index 238bc2f31..ab9779cf4 100644 --- a/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md +++ b/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1324 +nd-docs: DOCS-1324 --- {{}} diff --git a/content/includes/nim/nap-waf/restart-nms-integrations.md b/content/includes/nim/nap-waf/restart-nms-integrations.md index bca3636f9..e0e0a7f64 100644 --- a/content/includes/nim/nap-waf/restart-nms-integrations.md +++ b/content/includes/nim/nap-waf/restart-nms-integrations.md @@ -1,5 +1,5 @@ --- -docs: DOCS-000 +nd-docs: DOCS-000 files: - content/nim/nginx-app-protect/setup-waf-config-management.md --- diff --git a/content/includes/nim/rbac/assign-roles-to-user-groups.md b/content/includes/nim/rbac/assign-roles-to-user-groups.md index 961de496a..9c3b03292 100644 --- a/content/includes/nim/rbac/assign-roles-to-user-groups.md +++ b/content/includes/nim/rbac/assign-roles-to-user-groups.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1301 +nd-docs: DOCS-1301 --- {{< call-out "important" "User groups require an OIDC identity provider" >}}User groups require an external identity provider configured for OpenID Connect (OIDC) authentication, as described in [Getting started with OIDC]({{< ref "/nim/admin-guide/authentication/oidc/getting-started.md" >}}). Users from an external identity provider cannot be assigned roles directly in NGINX Instance Manager. Instead, they inherit roles based on their group membership.{{< /call-out >}} diff --git a/content/includes/nim/rbac/assign-roles-to-users.md b/content/includes/nim/rbac/assign-roles-to-users.md index 4c50bb72c..040a4cf52 100644 --- a/content/includes/nim/rbac/assign-roles-to-users.md +++ b/content/includes/nim/rbac/assign-roles-to-users.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1025 +nd-docs: DOCS-1025 --- To assign roles to a user in NGINX Instance Manager, follow these steps: diff --git a/content/includes/nim/rbac/create-roles.md b/content/includes/nim/rbac/create-roles.md index 174ed3057..1fd1d37f8 100644 --- a/content/includes/nim/rbac/create-roles.md +++ b/content/includes/nim/rbac/create-roles.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1028 +nd-docs: DOCS-1028 --- Roles in NGINX Instance Manager are a critical part of [role-based access control (RBAC)]({{< ref "/nim/admin-guide/rbac/overview-rbac.md" >}}). By creating roles, you define the access levels and permissions for different user groups that correspond to groups in your Identity Provider (IdP). diff --git a/content/includes/nim/rbac/create-user-groups.md b/content/includes/nim/rbac/create-user-groups.md index 2504af468..9c9c1db12 100644 --- a/content/includes/nim/rbac/create-user-groups.md +++ b/content/includes/nim/rbac/create-user-groups.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1027 +nd-docs: DOCS-1027 --- {{< call-out "important" "Group names must match with your IdP" >}}To ensure that NGINX Instance Manager and your IdP work together seamlessly, group names must exactly match between the two systems. If the group names don’t match, the OIDC integration will fail, preventing users from accessing NGINX Instance Manager. For example, if you have a group called "app-developers" in your IdP, you must create a user group called "app-developers" in NGINX Instance Manager. The group claim must also be part of the token your IdP generates. Refer to your IdP's documentation for guidance on adding group claims.{{}} diff --git a/content/includes/nim/rbac/what-is-rbac.md b/content/includes/nim/rbac/what-is-rbac.md index c30034a9f..93fb5b72c 100644 --- a/content/includes/nim/rbac/what-is-rbac.md +++ b/content/includes/nim/rbac/what-is-rbac.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1179 +nd-docs: DOCS-1179 --- RBAC (Role-Based Access Control) is a security framework that provides access control based on roles assigned to users or user groups. This framework defines the roles and responsibilities of users within the system and restricts access to resources according to the user’s role. RBAC ensures only authorized users have access to specific resources and prevents unauthorized access. diff --git a/content/includes/nim/tech-specs/nim-app-protect-support.md b/content/includes/nim/tech-specs/nim-app-protect-support.md index cf6a03365..203e7c2ef 100644 --- a/content/includes/nim/tech-specs/nim-app-protect-support.md +++ b/content/includes/nim/tech-specs/nim-app-protect-support.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1068 +nd-docs: DOCS-1068 --- NGINX Instance Manager supports the following versions of [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect/): @@ -8,7 +8,7 @@ NGINX Instance Manager supports the following versions of [NGINX App Protect WAF | NGINX Instance Manager | NGINX App Protect WAF | |------------------------|------------------------------------| -| 2.17.0–2.19.2 | Release 4.8.0–4.14.0, 5.1.0–5.6.0 | +| 2.17.0–2.20.0 | Release 4.8.0–4.15.0, 5.1.0–5.7.0 | | 2.15.1–2.16.0 | Release 4.8.0–4.10.0 | | 2.14.1–2.15.0 | Release 4.4.0–4.7.0 | | 2.13.0–2.14.0 | Release 4.3.0–4.5.0 | diff --git a/content/includes/nim/tech-specs/security-data-plane-dependencies.md b/content/includes/nim/tech-specs/security-data-plane-dependencies.md index 9b841627a..010ad835b 100644 --- a/content/includes/nim/tech-specs/security-data-plane-dependencies.md +++ b/content/includes/nim/tech-specs/security-data-plane-dependencies.md @@ -1,5 +1,10 @@ The Security Monitoring module requires the following versions of [NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect/) and [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) for the **data plane**: +{{< note >}} +In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually. +From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed. +{{< /note >}} + {{}} | Security Monitoring | NGINX App Protect WAF | diff --git a/content/includes/nim/tech-specs/security-management-plane-dependencies.md b/content/includes/nim/tech-specs/security-management-plane-dependencies.md index e135ae6dc..25eb8f0fc 100644 --- a/content/includes/nim/tech-specs/security-management-plane-dependencies.md +++ b/content/includes/nim/tech-specs/security-management-plane-dependencies.md @@ -1,6 +1,8 @@ The Security Monitoring module requires the following versions of NGINX Instance Manager to be installed on the **management plane**. -{{< note >}}The Security Monitoring module doesn’t automatically install or upgrade NGINX Instance Manager. You’ll need to manually install or upgrade NGINX Instance Manager to a supported version. +{{< note >}} +In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually. +From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed. {{< /note >}} {{}} diff --git a/content/includes/nim/tech-specs/supported-distros.md b/content/includes/nim/tech-specs/supported-distros.md index 632059861..7ede72fc3 100644 --- a/content/includes/nim/tech-specs/supported-distros.md +++ b/content/includes/nim/tech-specs/supported-distros.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1071 +nd-docs: DOCS-1071 files: - content/nim/fundamentals/tech-specs.md --- diff --git a/content/includes/nim/tech-specs/supported-nginx-versions.md b/content/includes/nim/tech-specs/supported-nginx-versions.md index ddabfd9b2..9e13fa2ef 100644 --- a/content/includes/nim/tech-specs/supported-nginx-versions.md +++ b/content/includes/nim/tech-specs/supported-nginx-versions.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1075 +nd-docs: DOCS-1075 files: - content/nim/fundamentals/tech-specs.md --- diff --git a/content/includes/nim/templates/additional-templating-resources.md b/content/includes/nim/templates/additional-templating-resources.md index cd21b7d82..9eae64a38 100644 --- a/content/includes/nim/templates/additional-templating-resources.md +++ b/content/includes/nim/templates/additional-templating-resources.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1500 +nd-docs: DOCS-1500 ---
diff --git a/content/includes/nim/webui-nim-login.md b/content/includes/nim/webui-nim-login.md index 65b5bfd19..85bbf101d 100644 --- a/content/includes/nim/webui-nim-login.md +++ b/content/includes/nim/webui-nim-login.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1334 +nd-docs: DOCS-1334 --- In a web browser, go to the FQDN for your NGINX Instance Manager host and log in. Then, select **Instance Manager** from the Launchpad menu. diff --git a/content/includes/nms/services/platform-services.md b/content/includes/nms/services/platform-services.md index 33224eeea..4c9a58d6a 100644 --- a/content/includes/nms/services/platform-services.md +++ b/content/includes/nms/services/platform-services.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1186 +nd-docs: DOCS-1186 --- {{}} diff --git a/content/includes/security/jwt-password-note.md b/content/includes/security/jwt-password-note.md index d7c1640a3..69a32ad80 100644 --- a/content/includes/security/jwt-password-note.md +++ b/content/includes/security/jwt-password-note.md @@ -1,12 +1,12 @@ --- -docs: +nd-docs: --- {{}} To protect your system and data, follow these security practices: - + 1. **JWTs:** Treat JSON Web Tokens (JWTs) as sensitive data. Store them securely and delete them after use to prevent unauthorized access. - + 2. **Shell history:** Commands with JWTs or passwords are saved in plain text in your shell history. After running such commands, clear the history to protect credentials. For example: - Edit your shell history file (such as ~/.bash_history or ~/.zsh_history) to remove specific commands. - Use `history -c` to clear all shell history in bash or zsh. diff --git a/content/includes/security/rbac-intro.md b/content/includes/security/rbac-intro.md index 7122c1110..e45dce9c5 100644 --- a/content/includes/security/rbac-intro.md +++ b/content/includes/security/rbac-intro.md @@ -2,7 +2,7 @@ files: - content/nginx-one/rbac/overview.md - content/nim/admin-guide/rbac/overview-rbac.md -docs: DOCS-000 +nd-docs: DOCS-000 --- Role-based access control (RBAC) is a security system that governs access to resources within a software application. By assigning specific roles to users or groups, RBAC ensures that only authorized individuals have the ability to perform certain actions or access particular areas. diff --git a/content/includes/support/how-to-get-support.md b/content/includes/support/how-to-get-support.md index e03f3a791..570d29774 100644 --- a/content/includes/support/how-to-get-support.md +++ b/content/includes/support/how-to-get-support.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1225 +nd-docs: DOCS-1225 --- If you need additional assistance, refer to the following topics for guidance on how to contact Support and create a Support Package: diff --git a/content/mesh/about/architecture.md b/content/mesh/about/architecture.md index c5db8f34f..1d0fb6fc1 100644 --- a/content/mesh/about/architecture.md +++ b/content/mesh/about/architecture.md @@ -3,7 +3,7 @@ title: Architecture weight: 200 description: Learn about F5 NGINX Service Mesh Architecture. toc: true -docs: DOCS-676 +nd-docs: DOCS-676 type: - concept - reference diff --git a/content/mesh/about/mesh-tech-specs.md b/content/mesh/about/mesh-tech-specs.md index 737a6b493..7bcc87d8a 100644 --- a/content/mesh/about/mesh-tech-specs.md +++ b/content/mesh/about/mesh-tech-specs.md @@ -3,7 +3,7 @@ title: Technical Specifications weight: 110 description: Cluster requirements and F5 NGINX Service Mesh footprint. toc: true -docs: DOCS-677 +nd-docs: DOCS-677 type: - reference --- diff --git a/content/mesh/about/what-is-nsm.md b/content/mesh/about/what-is-nsm.md index 1b212f4e0..1ae385795 100644 --- a/content/mesh/about/what-is-nsm.md +++ b/content/mesh/about/what-is-nsm.md @@ -3,7 +3,7 @@ title: What is NGINX Service Mesh? weight: 100 description: Learn about F5 NGINX Service Mesh fundamentals. toc: true -docs: DOCS-678 +nd-docs: DOCS-678 type: - concept --- diff --git a/content/mesh/get-started/install/configuration.md b/content/mesh/get-started/install/configuration.md index 4c801a585..7d8605389 100644 --- a/content/mesh/get-started/install/configuration.md +++ b/content/mesh/get-started/install/configuration.md @@ -3,7 +3,7 @@ title: Configuration Options weight: 100 description: Learn about F5 NGINX Service Mesh features and deployment options. toc: true -docs: DOCS-679 +nd-docs: DOCS-679 type: - concept --- diff --git a/content/mesh/get-started/install/install-with-helm.md b/content/mesh/get-started/install/install-with-helm.md index d3c8154bc..e11f34b93 100644 --- a/content/mesh/get-started/install/install-with-helm.md +++ b/content/mesh/get-started/install/install-with-helm.md @@ -4,7 +4,7 @@ draft: false toc: true description: This guide explains how to install F5 NGINX Service Mesh using Helm. weight: 300 -docs: DOCS-680 +nd-docs: DOCS-680 type: - how-to --- diff --git a/content/mesh/get-started/install/install.md b/content/mesh/get-started/install/install.md index 4d6a4a5d4..a58a337e7 100644 --- a/content/mesh/get-started/install/install.md +++ b/content/mesh/get-started/install/install.md @@ -3,7 +3,7 @@ title: Install with nginx-meshctl draft: false toc: true weight: 200 -docs: DOCS-681 +nd-docs: DOCS-681 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/gke.md b/content/mesh/get-started/platform-setup/gke.md index 5ee197288..fd6e977c9 100644 --- a/content/mesh/get-started/platform-setup/gke.md +++ b/content/mesh/get-started/platform-setup/gke.md @@ -3,7 +3,7 @@ title: Google Kubernetes Engine description: Learn how to set up Google Kubernetes Engine (GKE) for use with F5 NGINX Service Mesh. toc: true -docs: DOCS-683 +nd-docs: DOCS-683 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/kubeadm.md b/content/mesh/get-started/platform-setup/kubeadm.md index 971db529a..6f892b73c 100644 --- a/content/mesh/get-started/platform-setup/kubeadm.md +++ b/content/mesh/get-started/platform-setup/kubeadm.md @@ -2,7 +2,7 @@ title: Kubeadm description: Learn how to set up Kubeadm for use with F5 NGINX Service Mesh. toc: true -docs: DOCS-684 +nd-docs: DOCS-684 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/kubespray.md b/content/mesh/get-started/platform-setup/kubespray.md index ee99ce369..24f49fead 100644 --- a/content/mesh/get-started/platform-setup/kubespray.md +++ b/content/mesh/get-started/platform-setup/kubespray.md @@ -2,7 +2,7 @@ title: Kubespray description: Learn how to set up Kubespray for use with F5 NGINX Service Mesh. toc: true -docs: DOCS-685 +nd-docs: DOCS-685 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/openshift.md b/content/mesh/get-started/platform-setup/openshift.md index b2cc39ce9..ba5bfb5c6 100644 --- a/content/mesh/get-started/platform-setup/openshift.md +++ b/content/mesh/get-started/platform-setup/openshift.md @@ -3,7 +3,7 @@ title: OpenShift description: Learn what is different in OpenShift, and the considerations a user must make. toc: true -docs: DOCS-689 +nd-docs: DOCS-689 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/persistent-storage.md b/content/mesh/get-started/platform-setup/persistent-storage.md index 06051f8ca..aa6310f39 100644 --- a/content/mesh/get-started/platform-setup/persistent-storage.md +++ b/content/mesh/get-started/platform-setup/persistent-storage.md @@ -4,7 +4,7 @@ description: Learn how to set up persistent storage for use with F5 NGINX Servic Mesh. weight: 101 toc: true -docs: DOCS-686 +nd-docs: DOCS-686 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/rke.md b/content/mesh/get-started/platform-setup/rke.md index 2e4bd98e0..f67b55d94 100644 --- a/content/mesh/get-started/platform-setup/rke.md +++ b/content/mesh/get-started/platform-setup/rke.md @@ -3,7 +3,7 @@ title: Rancher Kubernetes Engine description: Learn how to set up Rancher Kubernetes Engine (RKE) for use with F5 NGINX Service Mesh. toc: true -docs: DOCS-687 +nd-docs: DOCS-687 type: - how-to --- diff --git a/content/mesh/get-started/platform-setup/supported-platforms.md b/content/mesh/get-started/platform-setup/supported-platforms.md index 67f5b13a6..d5966a1d2 100644 --- a/content/mesh/get-started/platform-setup/supported-platforms.md +++ b/content/mesh/get-started/platform-setup/supported-platforms.md @@ -4,7 +4,7 @@ description: Find out which platforms are supported for use with F5 NGINX Servic Mesh. weight: 100 toc: true -docs: DOCS-688 +nd-docs: DOCS-688 --- ## Kubernetes diff --git a/content/mesh/get-started/uninstall/uninstall-with-helm.md b/content/mesh/get-started/uninstall/uninstall-with-helm.md index b2b2af62d..5df1a2085 100644 --- a/content/mesh/get-started/uninstall/uninstall-with-helm.md +++ b/content/mesh/get-started/uninstall/uninstall-with-helm.md @@ -4,7 +4,7 @@ draft: false toc: true description: This topic explains how to uninstall F5 NGINX Service Mesh using Helm. weight: 300 -docs: DOCS-699 +nd-docs: DOCS-699 type: - how-to --- diff --git a/content/mesh/get-started/uninstall/uninstall.md b/content/mesh/get-started/uninstall/uninstall.md index 32ae4838e..59c7f8149 100644 --- a/content/mesh/get-started/uninstall/uninstall.md +++ b/content/mesh/get-started/uninstall/uninstall.md @@ -3,7 +3,7 @@ title: Uninstall with nginx-meshctl draft: false toc: true weight: 200 -docs: DOCS-1481 +nd-docs: DOCS-1481 type: - how-to --- diff --git a/content/mesh/get-started/upgrade/upgrade-with-helm.md b/content/mesh/get-started/upgrade/upgrade-with-helm.md index 5519d9446..ad8cf6c73 100644 --- a/content/mesh/get-started/upgrade/upgrade-with-helm.md +++ b/content/mesh/get-started/upgrade/upgrade-with-helm.md @@ -4,7 +4,7 @@ draft: false toc: true description: This guide explains how to upgrade F5 NGINX Service Mesh using Helm. weight: 300 -docs: DOCS-700 +nd-docs: DOCS-700 type: - how-to --- diff --git a/content/mesh/get-started/upgrade/upgrade.md b/content/mesh/get-started/upgrade/upgrade.md index 5d1ac3e68..744974dec 100644 --- a/content/mesh/get-started/upgrade/upgrade.md +++ b/content/mesh/get-started/upgrade/upgrade.md @@ -4,7 +4,7 @@ draft: false toc: true description: This guide explains how to upgrade F5 NGINX Service Mesh using nginx-meshctl. weight: 200 -docs: DOCS-1482 +nd-docs: DOCS-1482 type: - how-to --- diff --git a/content/mesh/guides/inject-sidecar-proxy.md b/content/mesh/guides/inject-sidecar-proxy.md index 9ddd2d3bf..99f1d6a77 100644 --- a/content/mesh/guides/inject-sidecar-proxy.md +++ b/content/mesh/guides/inject-sidecar-proxy.md @@ -4,7 +4,7 @@ toc: true description: Learn about the configuration options for F5 NGINX Service Mesh sidecar proxy injection. weight: 10 -docs: DOCS-692 +nd-docs: DOCS-692 type: - how-to --- diff --git a/content/mesh/guides/monitoring-and-tracing.md b/content/mesh/guides/monitoring-and-tracing.md index dec5da3c0..b2ce80d04 100644 --- a/content/mesh/guides/monitoring-and-tracing.md +++ b/content/mesh/guides/monitoring-and-tracing.md @@ -4,7 +4,7 @@ toc: true description: Learn about the monitoring and tracing features available in F5 NGINX Service Mesh. weight: 20 -docs: DOCS-693 +nd-docs: DOCS-693 type: - how-to --- diff --git a/content/mesh/guides/private-registry.md b/content/mesh/guides/private-registry.md index 8d97f4565..821f86b43 100644 --- a/content/mesh/guides/private-registry.md +++ b/content/mesh/guides/private-registry.md @@ -3,7 +3,7 @@ title: Private Registry description: How to set up access to a private registry weight: 70 toc: true -docs: DOCS-694 +nd-docs: DOCS-694 type: - how-to --- diff --git a/content/mesh/guides/production-tuning.md b/content/mesh/guides/production-tuning.md index 15be7ee28..4dc90023d 100644 --- a/content/mesh/guides/production-tuning.md +++ b/content/mesh/guides/production-tuning.md @@ -2,7 +2,7 @@ title: Production Tuning weight: 80 toc: true -docs: DOCS-695 +nd-docs: DOCS-695 type: - how-to --- diff --git a/content/mesh/guides/prometheus-metrics.md b/content/mesh/guides/prometheus-metrics.md index 84a829ddf..2574e480d 100644 --- a/content/mesh/guides/prometheus-metrics.md +++ b/content/mesh/guides/prometheus-metrics.md @@ -3,7 +3,7 @@ title: Prometheus Metrics description: How to set up and view prometheus metrics for valuable workload insights weight: 40 toc: true -docs: DOCS-840 +nd-docs: DOCS-840 type: - how-to --- diff --git a/content/mesh/guides/secure-traffic-mtls.md b/content/mesh/guides/secure-traffic-mtls.md index 2bd7b30c9..ba6ca46fd 100644 --- a/content/mesh/guides/secure-traffic-mtls.md +++ b/content/mesh/guides/secure-traffic-mtls.md @@ -3,7 +3,7 @@ title: Secure Mesh Traffic using mTLS toc: true description: Learn about the mTLS options available in F5 NGINX Service Mesh. weight: 30 -docs: DOCS-696 +nd-docs: DOCS-696 type: - how-to --- diff --git a/content/mesh/guides/smi-traffic-metrics.md b/content/mesh/guides/smi-traffic-metrics.md index 6421adbcb..9c07ed559 100644 --- a/content/mesh/guides/smi-traffic-metrics.md +++ b/content/mesh/guides/smi-traffic-metrics.md @@ -3,7 +3,7 @@ title: SMI Traffic Metrics description: How to set up and view SMI traffic metrics weight: 50 toc: true -docs: DOCS-697 +nd-docs: DOCS-697 type: - how-to --- diff --git a/content/mesh/guides/smi-traffic-policies.md b/content/mesh/guides/smi-traffic-policies.md index 16bf93a3f..8053f5d9b 100644 --- a/content/mesh/guides/smi-traffic-policies.md +++ b/content/mesh/guides/smi-traffic-policies.md @@ -4,7 +4,7 @@ toc: true description: Learn about the traffic policies supported by F5 NGINX Service Mesh and how to configure them. weight: 60 -docs: DOCS-698 +nd-docs: DOCS-698 type: - how-to --- diff --git a/content/mesh/guides/v1alpha1-ratelimit.md b/content/mesh/guides/v1alpha1-ratelimit.md index 38735b6a3..dfc4e0d62 100644 --- a/content/mesh/guides/v1alpha1-ratelimit.md +++ b/content/mesh/guides/v1alpha1-ratelimit.md @@ -1,6 +1,6 @@ --- title: v1alpha1 RateLimit Documentation -docs: DOCS-701 +nd-docs: DOCS-701 description: v1alpha1 RateLimit documentation. --- @@ -53,10 +53,10 @@ The rate limit spec contains the following fields: Each Pod in the destination accepts the total rate defined in a rate limit policy. If a policy has a rate of 100 r/m, and the destination consists of 3 Pods, each Pod accepts 100 r/m. - + If a single rate limit policy contains multiple sources, the rate divides evenly amongst them. For example, a policy defined with - + ```yaml destination: name: destService @@ -65,7 +65,7 @@ The rate limit spec contains the following fields: - name: source2 rate: 100 r/m ``` - + would result in `destService` accepting 50 requests per minute from `source1`, and 50 requests per minute from `source2`, for a total rate of 100 requests per minute. If two separate policies are defined for the same destination, then the rate is not divided amongst the sources. diff --git a/content/mesh/reference/api-usage.md b/content/mesh/reference/api-usage.md index c68955b8e..558a693e8 100644 --- a/content/mesh/reference/api-usage.md +++ b/content/mesh/reference/api-usage.md @@ -3,7 +3,7 @@ title: NGINX Service Mesh API description: Instructions for interacting with the F5 NGINX Service Mesh API. toc: true weight: 200 -docs: DOCS-702 +nd-docs: DOCS-702 type: - reference --- diff --git a/content/mesh/reference/nginx-meshctl.md b/content/mesh/reference/nginx-meshctl.md index cf6f21812..46a68e55d 100644 --- a/content/mesh/reference/nginx-meshctl.md +++ b/content/mesh/reference/nginx-meshctl.md @@ -4,7 +4,7 @@ description: Man page and instructions for using the F5 NGINX Service Mesh CLI draft: false weight: 300 toc: true -docs: DOCS-704 +nd-docs: DOCS-704 type: - reference --- diff --git a/content/mesh/reference/permissions.md b/content/mesh/reference/permissions.md index ee54c919b..b4e9af739 100644 --- a/content/mesh/reference/permissions.md +++ b/content/mesh/reference/permissions.md @@ -3,7 +3,7 @@ title: NGINX Service Mesh Permissions weight: 100 draft: false toc: true -docs: DOCS-883 +nd-docs: DOCS-883 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.5.0.md b/content/mesh/releases/release-notes-0.5.0.md index 4a1f859df..b1428bf96 100644 --- a/content/mesh/releases/release-notes-0.5.0.md +++ b/content/mesh/releases/release-notes-0.5.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -500 -docs: DOCS-705 +nd-docs: DOCS-705 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.6.0.md b/content/mesh/releases/release-notes-0.6.0.md index e5cdabf49..015ae0ef6 100644 --- a/content/mesh/releases/release-notes-0.6.0.md +++ b/content/mesh/releases/release-notes-0.6.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -600 -docs: DOCS-706 +nd-docs: DOCS-706 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.7.0.md b/content/mesh/releases/release-notes-0.7.0.md index 82314c63d..4f09ce78f 100644 --- a/content/mesh/releases/release-notes-0.7.0.md +++ b/content/mesh/releases/release-notes-0.7.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -700 -docs: DOCS-707 +nd-docs: DOCS-707 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.8.0.md b/content/mesh/releases/release-notes-0.8.0.md index a7e25c1eb..e42c5934c 100644 --- a/content/mesh/releases/release-notes-0.8.0.md +++ b/content/mesh/releases/release-notes-0.8.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -800 -docs: DOCS-708 +nd-docs: DOCS-708 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.9.0.md b/content/mesh/releases/release-notes-0.9.0.md index 15e672b6e..e288cf92f 100644 --- a/content/mesh/releases/release-notes-0.9.0.md +++ b/content/mesh/releases/release-notes-0.9.0.md @@ -7,7 +7,7 @@ description: Release information for F5 GINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -900 -docs: DOCS-709 +nd-docs: DOCS-709 type: - reference --- diff --git a/content/mesh/releases/release-notes-0.9.1.md b/content/mesh/releases/release-notes-0.9.1.md index 64f893130..c16f5f20e 100644 --- a/content/mesh/releases/release-notes-0.9.1.md +++ b/content/mesh/releases/release-notes-0.9.1.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -901 -docs: DOCS-710 +nd-docs: DOCS-710 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.0.0.md b/content/mesh/releases/release-notes-1.0.0.md index bb042d2dc..c6b7d211c 100644 --- a/content/mesh/releases/release-notes-1.0.0.md +++ b/content/mesh/releases/release-notes-1.0.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1000 -docs: DOCS-711 +nd-docs: DOCS-711 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.0.1.md b/content/mesh/releases/release-notes-1.0.1.md index 3a34c347a..4075f2ffe 100644 --- a/content/mesh/releases/release-notes-1.0.1.md +++ b/content/mesh/releases/release-notes-1.0.1.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1001 -docs: DOCS-712 +nd-docs: DOCS-712 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.1.0.md b/content/mesh/releases/release-notes-1.1.0.md index 5eb066f52..52a5075b9 100644 --- a/content/mesh/releases/release-notes-1.1.0.md +++ b/content/mesh/releases/release-notes-1.1.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1100 -docs: DOCS-713 +nd-docs: DOCS-713 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.2.0.md b/content/mesh/releases/release-notes-1.2.0.md index b1cfbb9b0..d94655a4f 100644 --- a/content/mesh/releases/release-notes-1.2.0.md +++ b/content/mesh/releases/release-notes-1.2.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1200 -docs: DOCS-714 +nd-docs: DOCS-714 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.2.1.md b/content/mesh/releases/release-notes-1.2.1.md index 1515a829d..8ebe77cb5 100644 --- a/content/mesh/releases/release-notes-1.2.1.md +++ b/content/mesh/releases/release-notes-1.2.1.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1201 -docs: DOCS-715 +nd-docs: DOCS-715 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.3.0.md b/content/mesh/releases/release-notes-1.3.0.md index 94fd659fd..e4af48714 100644 --- a/content/mesh/releases/release-notes-1.3.0.md +++ b/content/mesh/releases/release-notes-1.3.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1300 -docs: DOCS-716 +nd-docs: DOCS-716 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.3.1.md b/content/mesh/releases/release-notes-1.3.1.md index b44e30f8a..561253f38 100644 --- a/content/mesh/releases/release-notes-1.3.1.md +++ b/content/mesh/releases/release-notes-1.3.1.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1301 -docs: DOCS-717 +nd-docs: DOCS-717 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.4.0.md b/content/mesh/releases/release-notes-1.4.0.md index f34791b3c..bfca72bfe 100644 --- a/content/mesh/releases/release-notes-1.4.0.md +++ b/content/mesh/releases/release-notes-1.4.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1400 -docs: DOCS-1488 +nd-docs: DOCS-1488 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.4.1.md b/content/mesh/releases/release-notes-1.4.1.md index 89cbbaaae..dc220dea2 100644 --- a/content/mesh/releases/release-notes-1.4.1.md +++ b/content/mesh/releases/release-notes-1.4.1.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1401 -docs: DOCS-1484 +nd-docs: DOCS-1484 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.5.0.md b/content/mesh/releases/release-notes-1.5.0.md index a203ae1d2..a17a2b63f 100644 --- a/content/mesh/releases/release-notes-1.5.0.md +++ b/content/mesh/releases/release-notes-1.5.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1500 -docs: DOCS-1487 +nd-docs: DOCS-1487 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.6.0.md b/content/mesh/releases/release-notes-1.6.0.md index 78269f6ca..77e9d4c4d 100644 --- a/content/mesh/releases/release-notes-1.6.0.md +++ b/content/mesh/releases/release-notes-1.6.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1600 -docs: DOCS-1486 +nd-docs: DOCS-1486 type: - reference --- diff --git a/content/mesh/releases/release-notes-1.7.0.md b/content/mesh/releases/release-notes-1.7.0.md index 83dad0860..d28676239 100644 --- a/content/mesh/releases/release-notes-1.7.0.md +++ b/content/mesh/releases/release-notes-1.7.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1700 -docs: DOCS-1483 +nd-docs: DOCS-1483 type: - reference --- diff --git a/content/mesh/releases/release-notes-2.0.0.md b/content/mesh/releases/release-notes-2.0.0.md index d9273f36d..64a49211d 100644 --- a/content/mesh/releases/release-notes-2.0.0.md +++ b/content/mesh/releases/release-notes-2.0.0.md @@ -7,7 +7,7 @@ description: Release information for F5 NGINX Service Mesh, a configurable, low communication among application infrastructure services using application programming interfaces (APIs). Lists of new features and known issues are provided. weight: -1800 -docs: DOCS-1485 +nd-docs: DOCS-1485 type: - reference --- diff --git a/content/mesh/support/contact-support.md b/content/mesh/support/contact-support.md index 132facbc9..17e6e5772 100644 --- a/content/mesh/support/contact-support.md +++ b/content/mesh/support/contact-support.md @@ -4,7 +4,7 @@ weight: 100 description: Learn where to go for F5 NGINX Service Mesh support. toc: true draft: false -docs: DOCS-718 +nd-docs: DOCS-718 type: - task --- diff --git a/content/mesh/tutorials/accesscontrol-walkthrough.md b/content/mesh/tutorials/accesscontrol-walkthrough.md index 8672082c8..0ea9af63e 100644 --- a/content/mesh/tutorials/accesscontrol-walkthrough.md +++ b/content/mesh/tutorials/accesscontrol-walkthrough.md @@ -3,7 +3,7 @@ title: "Services using Access Control" description: "This article provides a guide for using access control between services." weight: 130 toc: true -docs: "DOCS-719" +nd-docs: "DOCS-719" --- ## Overview diff --git a/content/mesh/tutorials/deploy-example-app.md b/content/mesh/tutorials/deploy-example-app.md index 771bdd8c4..bbe048c50 100644 --- a/content/mesh/tutorials/deploy-example-app.md +++ b/content/mesh/tutorials/deploy-example-app.md @@ -5,7 +5,7 @@ toc: true description: This topic provides a walkthrough of deploying an App with F5 NGINX Service Mesh. weight: 100 -docs: DOCS-720 +nd-docs: DOCS-720 type: - tutorial --- diff --git a/content/mesh/tutorials/kic/deploy-with-kic.md b/content/mesh/tutorials/kic/deploy-with-kic.md index 1176823f1..2d79bb40b 100644 --- a/content/mesh/tutorials/kic/deploy-with-kic.md +++ b/content/mesh/tutorials/kic/deploy-with-kic.md @@ -5,7 +5,7 @@ description: This topic describes how to install and use F5 NGINX Ingress Contro weight: 200 draft: false toc: true -docs: DOCS-721 +nd-docs: DOCS-721 type: - tutorial --- diff --git a/content/mesh/tutorials/kic/egress-walkthrough.md b/content/mesh/tutorials/kic/egress-walkthrough.md index e245e7d91..fda82ee11 100644 --- a/content/mesh/tutorials/kic/egress-walkthrough.md +++ b/content/mesh/tutorials/kic/egress-walkthrough.md @@ -4,7 +4,7 @@ description: This topic provides a walkthrough of how to securely route egress t through F5 NGINX Ingress Controller for Kubernetes with NGINX Service Mesh. weight: 210 toc: true -docs: DOCS-722 +nd-docs: DOCS-722 type: - tutorial --- diff --git a/content/mesh/tutorials/kic/ingress-udp-walkthrough.md b/content/mesh/tutorials/kic/ingress-udp-walkthrough.md index 303bcc959..4470a9f91 100644 --- a/content/mesh/tutorials/kic/ingress-udp-walkthrough.md +++ b/content/mesh/tutorials/kic/ingress-udp-walkthrough.md @@ -4,7 +4,7 @@ description: This topic describes the steps to deploy F5 NGINX Ingress Controlle for Kubernetes, to expose a UDP application within NGINX Service Mesh. weight: 230 toc: true -docs: DOCS-841 +nd-docs: DOCS-841 type: - tutorial --- diff --git a/content/mesh/tutorials/kic/ingress-walkthrough.md b/content/mesh/tutorials/kic/ingress-walkthrough.md index 3360add08..578095f64 100644 --- a/content/mesh/tutorials/kic/ingress-walkthrough.md +++ b/content/mesh/tutorials/kic/ingress-walkthrough.md @@ -4,7 +4,7 @@ description: This topic provides a walkthrough of deploying F5 NGINX Ingress Con for Kubernetes to expose an application within NGINX Service Mesh. weight: 220 toc: true -docs: DOCS-723 +nd-docs: DOCS-723 type: - tutorial --- diff --git a/content/mesh/tutorials/observability.md b/content/mesh/tutorials/observability.md index 7bc39dfbd..e555409ed 100644 --- a/content/mesh/tutorials/observability.md +++ b/content/mesh/tutorials/observability.md @@ -5,7 +5,7 @@ toc: true description: This topic provides a walkthrough of deploying F5 NGINX Service Mesh with basic observability components. weight: 90 -docs: DOCS-886 +nd-docs: DOCS-886 type: - tutorial --- diff --git a/content/mesh/tutorials/ratelimit-walkthrough.md b/content/mesh/tutorials/ratelimit-walkthrough.md index 812903586..9d8488846 100644 --- a/content/mesh/tutorials/ratelimit-walkthrough.md +++ b/content/mesh/tutorials/ratelimit-walkthrough.md @@ -4,7 +4,7 @@ description: Learn how to configure rate limiting between workloads. draft: false toc: true weight: 140 -docs: DOCS-724 +nd-docs: DOCS-724 type: - tutorial --- diff --git a/content/mesh/tutorials/trafficsplit-deployments.md b/content/mesh/tutorials/trafficsplit-deployments.md index b578c79e3..1a2a5018e 100644 --- a/content/mesh/tutorials/trafficsplit-deployments.md +++ b/content/mesh/tutorials/trafficsplit-deployments.md @@ -4,7 +4,7 @@ description: This topic provides a guide for using traffic splits with different strategies. weight: 110 toc: true -docs: DOCS-725 +nd-docs: DOCS-725 type: - tutorial --- diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md index 0c0e49a45..bf7cffa0d 100644 --- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md +++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging.md @@ -1,5 +1,5 @@ --- -docs: DOCS-726 +nd-docs: DOCS-726 title: Installing the NGINX ModSecurity WAF toc: true weight: 100 diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md index 9a688eb53..224acea09 100644 --- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md +++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs.md @@ -1,5 +1,5 @@ --- -docs: DOCS-727 +nd-docs: DOCS-727 title: Using the OWASP CRS with the NGINX ModSecurity WAF toc: true weight: 200 diff --git a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md index 3f29fa1de..2be3c5cef 100644 --- a/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md +++ b/content/modsec-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules.md @@ -1,5 +1,5 @@ --- -docs: DOCS-728 +nd-docs: DOCS-728 title: Using the ModSecurity Rules from Trustwave SpiderLabs with the NGINX ModSecurity WAF toc: true diff --git a/content/modsec-waf/technical-specs.md b/content/modsec-waf/technical-specs.md index 6342fde0e..47266a3d6 100644 --- a/content/modsec-waf/technical-specs.md +++ b/content/modsec-waf/technical-specs.md @@ -1,5 +1,5 @@ --- -docs: DOCS-729 +nd-docs: DOCS-729 title: Technical Specifications toc: true weight: 300 diff --git a/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md b/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md index 694beb930..a3eae476c 100644 --- a/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md +++ b/content/nap-dos/deployment-guide/installing-nginx-plus-with-dos-and-waf-on-amazon-web-services.md @@ -3,7 +3,7 @@ description: Install F5 NGINX Plus, NGINX App Protect WAF + DoS on Amazon Web Se (AWS), to provide sophisticated Layer 7 load balancing, Modern app security solution, behavioral DoS detection and mitigation that works seamlessly in DevOps environments for your apps running on CentOS, RHEL, Debian and Ubuntu Linux OS. -docs: DOCS-1204 +nd-docs: DOCS-1204 title: NGINX App Protect WAF + DoS AMIs on Amazon EC2 toc: true weight: 110 diff --git a/content/nap-dos/deployment-guide/learn-about-deployment.md b/content/nap-dos/deployment-guide/learn-about-deployment.md index 430fd9e2e..8fe7c9059 100644 --- a/content/nap-dos/deployment-guide/learn-about-deployment.md +++ b/content/nap-dos/deployment-guide/learn-about-deployment.md @@ -1,6 +1,6 @@ --- description: Learn about F5 NGINX App Protect DoS Deployment. -docs: DOCS-666 +nd-docs: DOCS-666 title: NGINX App Protect DoS Deployment toc: true weight: 100 @@ -33,7 +33,7 @@ NGINX App Protect DoS supports the following operating systems: - [Ubuntu 22.04 (Jammy)](#debian--ubuntu-installation) - [Ubuntu 24.04 (Noble)](#debian--ubuntu-installation) - [Alpine 3.15](#alpine-315x--317x--319x-installation) - (Deprecated starting from NGINX Plus R30) -- [Alpine 3.17](#alpine-315x--317x--319x-installation) - (Deprecated starting from NGINX Plus R34) +- [Alpine 3.17](#alpine-315x--317x--319x-installation) - (Deprecated starting from NGINX Plus R34) - [Alpine 3.19](#alpine-315x--317x--319x-installation) - [AmazonLinux 2023](#amazonlinux-linux-2023-installation) @@ -402,7 +402,7 @@ When deploying App Protect DoS on NGINX Plus take the following precautions to s ``` 1. {{< include "nginx-plus/install/create-dir-for-crt-key.md" >}} - + 1. {{< include "nginx-plus/install/create-dir-for-jwt.md" >}} 1. {{< include "licensing-and-reporting/download-jwt-crt-from-myf5.md" >}} @@ -2621,7 +2621,7 @@ ${DIR}/appprotect-dos-arb/install_appprotect-dos-arb.sh ## App Protect DoS eBPF manager ### Overview -The eBPF Manager is a powerful and efficient tool designed to simplify and secure the deployment of eBPF (Extended Berkeley Packet Filter) programs for advanced networking use cases. +The eBPF Manager is a powerful and efficient tool designed to simplify and secure the deployment of eBPF (Extended Berkeley Packet Filter) programs for advanced networking use cases. Its primary responsibilities include program installation and managing client interactions to enable real-time packet processing and mitigation solutions. ### CLI Options for Flexible Configuration @@ -2632,4 +2632,4 @@ The eBPF Manager comes with configurable command-line flags for ease of use and * gRPC UDS Ownership: * -u, --user : Set the user ownership for the gRPC Unix Domain Socket (UDS). Defaults to nginx. * -g, --group : Set the group ownership for the gRPC Unix Domain Socket (UDS). Defaults to nginx. - + diff --git a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md index 2d018750a..f1cca1a75 100644 --- a/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md +++ b/content/nap-dos/directives-and-policy/learn-about-directives-and-policy.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS Directives and Policy toc: true weight: 120 -docs: DOCS-667 +nd-docs: DOCS-667 --- ## Introduction diff --git a/content/nap-dos/monitoring/access-log.md b/content/nap-dos/monitoring/access-log.md index 61ef69359..296155491 100644 --- a/content/nap-dos/monitoring/access-log.md +++ b/content/nap-dos/monitoring/access-log.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Request Log Mechanism. -docs: DOCS-668 +nd-docs: DOCS-668 title: NGINX App Protect DoS Access Log Request Mechanism toc: true weight: 160 diff --git a/content/nap-dos/monitoring/live-activity-monitoring.md b/content/nap-dos/monitoring/live-activity-monitoring.md index bd9df7724..e28fb571b 100644 --- a/content/nap-dos/monitoring/live-activity-monitoring.md +++ b/content/nap-dos/monitoring/live-activity-monitoring.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Live Activity Monitoring. -docs: DOCS-1389 +nd-docs: DOCS-1389 title: NGINX App Protect DoS Live Activity Monitoring toc: true weight: 140 diff --git a/content/nap-dos/monitoring/operation-log.md b/content/nap-dos/monitoring/operation-log.md index 8439995da..2a12d5eaf 100644 --- a/content/nap-dos/monitoring/operation-log.md +++ b/content/nap-dos/monitoring/operation-log.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Operation Log. -docs: DOCS-669 +nd-docs: DOCS-669 title: NGINX App Protect DoS Operation Log toc: true weight: 180 diff --git a/content/nap-dos/monitoring/security-log.md b/content/nap-dos/monitoring/security-log.md index 6d2f3ce1a..642cde34e 100644 --- a/content/nap-dos/monitoring/security-log.md +++ b/content/nap-dos/monitoring/security-log.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Security Log. -docs: DOCS-670 +nd-docs: DOCS-670 title: NGINX App Protect DoS Security Log toc: true weight: 140 diff --git a/content/nap-dos/monitoring/types-of-logs.md b/content/nap-dos/monitoring/types-of-logs.md index ed0345d8b..0d6cc61ea 100644 --- a/content/nap-dos/monitoring/types-of-logs.md +++ b/content/nap-dos/monitoring/types-of-logs.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Logs Overview. -docs: DOCS-671 +nd-docs: DOCS-671 title: NGINX App Protect DoS Logs Overview toc: true weight: 130 diff --git a/content/nap-dos/releases/about-1.0.md b/content/nap-dos/releases/about-1.0.md index f4534665d..b3741d126 100644 --- a/content/nap-dos/releases/about-1.0.md +++ b/content/nap-dos/releases/about-1.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect 1.0 toc: true weight: 260 -docs: DOCS-672 +nd-docs: DOCS-672 --- Here you can find the release information for F5 NGINX App Protect DoS v1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-1.1.0.md b/content/nap-dos/releases/about-1.1.0.md index 8fc5bff2a..f853f5843 100644 --- a/content/nap-dos/releases/about-1.1.0.md +++ b/content/nap-dos/releases/about-1.1.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS Arbitrator 1.1.0 toc: true weight: 220 -docs: DOCS-673 +nd-docs: DOCS-673 --- Here you can find the release information for F5 NGINX App Protect DoS Arbitrator v1.1.0. diff --git a/content/nap-dos/releases/about-1.1.1.md b/content/nap-dos/releases/about-1.1.1.md index c9f90779e..173b8e1cd 100644 --- a/content/nap-dos/releases/about-1.1.1.md +++ b/content/nap-dos/releases/about-1.1.1.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS Arbitrator 1.1.1 toc: true weight: 115 -docs: DOCS-1205 +nd-docs: DOCS-1205 --- Here you can find the release information for F5 NGINX App Protect DoS Arbitrator v1.1.1. diff --git a/content/nap-dos/releases/about-1.2.0.md b/content/nap-dos/releases/about-1.2.0.md index 8b147d81e..ed606e4e0 100644 --- a/content/nap-dos/releases/about-1.2.0.md +++ b/content/nap-dos/releases/about-1.2.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS Arbitrator 1.2.0 toc: true weight: 61 -docs: DOCS-000 +nd-docs: DOCS-1782 --- Here you can find the release information for F5 NGINX App Protect DoS Arbitrator v1.2.0 diff --git a/content/nap-dos/releases/about-2.0.md b/content/nap-dos/releases/about-2.0.md index 76d9385e5..7fb5b9005 100644 --- a/content/nap-dos/releases/about-2.0.md +++ b/content/nap-dos/releases/about-2.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 2.0 toc: true weight: 220 -docs: DOCS-674 +nd-docs: DOCS-674 --- Here you can find the release information for F5 NGINX App Protect DoS v2.0. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-2.1.md b/content/nap-dos/releases/about-2.1.md index 0590e9624..462ba2bbe 100644 --- a/content/nap-dos/releases/about-2.1.md +++ b/content/nap-dos/releases/about-2.1.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 2.1 toc: true weight: 200 -docs: DOCS-831 +nd-docs: DOCS-831 --- Here you can find the release information for F5 NGINX App Protect DoS v2.1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-2.2.md b/content/nap-dos/releases/about-2.2.md index d18e23956..147cd6f51 100644 --- a/content/nap-dos/releases/about-2.2.md +++ b/content/nap-dos/releases/about-2.2.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 2.2 toc: true weight: 180 -docs: DOCS-839 +nd-docs: DOCS-839 --- Here you can find the release information for F5 NGINX App Protect DoS v2.2. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-2.3.md b/content/nap-dos/releases/about-2.3.md index 39e5ceb90..c98c7be28 100644 --- a/content/nap-dos/releases/about-2.3.md +++ b/content/nap-dos/releases/about-2.3.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 2.3 toc: true weight: 170 -docs: DOCS-856 +nd-docs: DOCS-856 --- Here you can find the release information for F5 NGINX App Protect DoS v2.3. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-2.4.md b/content/nap-dos/releases/about-2.4.md index a594409bd..bf8502638 100644 --- a/content/nap-dos/releases/about-2.4.md +++ b/content/nap-dos/releases/about-2.4.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 2.4 toc: true weight: 160 -docs: DOCS-890 +nd-docs: DOCS-890 --- Here you can find the release information for F5 NGINX App Protect DoS v2.4. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-3.0.md b/content/nap-dos/releases/about-3.0.md index c36756554..9310fa583 100644 --- a/content/nap-dos/releases/about-3.0.md +++ b/content/nap-dos/releases/about-3.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 3.0 toc: true weight: 150 -docs: DOCS-946 +nd-docs: DOCS-946 --- Here you can find the release information for F5 NGINX App Protect DoS v3.0. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-3.1.md b/content/nap-dos/releases/about-3.1.md index e3e7c6842..6c2311330 100644 --- a/content/nap-dos/releases/about-3.1.md +++ b/content/nap-dos/releases/about-3.1.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 3.1 toc: true weight: 140 -docs: DOCS-995 +nd-docs: DOCS-995 --- Here you can find the release information for F5 NGINX App Protect DoS v3.1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.0.md b/content/nap-dos/releases/about-4.0.md index 0616d3350..5dab6acfd 100644 --- a/content/nap-dos/releases/about-4.0.md +++ b/content/nap-dos/releases/about-4.0.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 4.0 toc: true weight: 120 -docs: DOCS-1115 +nd-docs: DOCS-1115 --- Here you can find the release information for F5 NGINX App Protect DoS v4.0. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.1.md b/content/nap-dos/releases/about-4.1.md index b14bcbd77..442e20563 100644 --- a/content/nap-dos/releases/about-4.1.md +++ b/content/nap-dos/releases/about-4.1.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 4.1 toc: true weight: 110 -docs: DOCS-1203 +nd-docs: DOCS-1203 --- Here you can find the release information for F5 NGINX App Protect DoS v4.1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.2.md b/content/nap-dos/releases/about-4.2.md index be4ee293b..03152db74 100644 --- a/content/nap-dos/releases/about-4.2.md +++ b/content/nap-dos/releases/about-4.2.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 4.2 toc: true weight: 100 -docs: DOCS-1254 +nd-docs: DOCS-1254 --- Here you can find the release information for F5 NGINX App Protect DoS v4.2. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.3.md b/content/nap-dos/releases/about-4.3.md index f571b0f47..5ae85ca28 100644 --- a/content/nap-dos/releases/about-4.3.md +++ b/content/nap-dos/releases/about-4.3.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 4.3 toc: true weight: 90 -docs: DOCS-1361 +nd-docs: DOCS-1361 --- Here you can find the release information for F5 NGINX App Protect DoS v4.3. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.4.md b/content/nap-dos/releases/about-4.4.md index d15c7b7b2..9bd7ac240 100644 --- a/content/nap-dos/releases/about-4.4.md +++ b/content/nap-dos/releases/about-4.4.md @@ -2,7 +2,7 @@ title: NGINX App Protect DoS 4.4 toc: true weight: 80 -docs: DOCS-1361 +nd-docs: DOCS-1785 --- Here you can find the release information for F5 NGINX App Protect DoS v4.4. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. diff --git a/content/nap-dos/releases/about-4.5.md b/content/nap-dos/releases/about-4.5.md index ac889021e..969d4e6b1 100644 --- a/content/nap-dos/releases/about-4.5.md +++ b/content/nap-dos/releases/about-4.5.md @@ -2,10 +2,10 @@ title: NGINX App Protect DoS 4.5 toc: true weight: 70 -docs: DOCS-000 +nd-docs: DOCS-1784 --- -Here you can find the release information for F5 NGINX App Protect DoS v4.5 +Here you can find the release information for F5 NGINX App Protect DoS v4.5 NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. @@ -24,8 +24,8 @@ NGINX App Protect DoS 4.5 adds support for NGINX Plus R33. - Support for NGINX Plus R33 - Add support for Alpine 3.19 - Add support for Ubuntu 24.04 -- Remove support for CentOS 7 / RHEL 7 -- *eBPF Manager - Privileged Process for Secure Command Handling* +- Remove support for CentOS 7 / RHEL 7 +- *eBPF Manager - Privileged Process for Secure Command Handling* This feature introduces the eBPF Manager, a process that securely handles eBPF commands on behalf of other processes. By allowing certain processes to operate without elevated privileges, it enhances system security. As part of this enhancement, NGINX now runs under a non-root user account, which is required for deploying specific security solutions. --- diff --git a/content/nap-dos/releases/about-4.6.md b/content/nap-dos/releases/about-4.6.md index c03e1e42a..b45af1e0d 100644 --- a/content/nap-dos/releases/about-4.6.md +++ b/content/nap-dos/releases/about-4.6.md @@ -2,10 +2,10 @@ title: NGINX App Protect DoS 4.6 toc: true weight: 60 -docs: DOCS-000 +nd-docs: DOCS-1783 --- -Here you can find the release information for F5 NGINX App Protect DoS v4.6 +Here you can find the release information for F5 NGINX App Protect DoS v4.6 NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications. @@ -21,7 +21,7 @@ April 1, 2025 - Support for NGINX Plus R34 - Add support for AmazonLinux 2023 -- Remove support for Alpine 3.17 +- Remove support for Alpine 3.17 - Bug fixes --- @@ -31,7 +31,7 @@ April 1, 2025 | Distribution name | Package file | |--------------------------|------------------------------------------------------| | Alpine 3.19 | _app-protect-dos-34+4.6.1-r1.apk_ | -| Amazon Linux 2023 | _app-protect-dos-34+4.6.1-1.amzn2023.ngx.x86_64.rpm_ | +| Amazon Linux 2023 | _app-protect-dos-34+4.6.1-1.amzn2023.ngx.x86_64.rpm_ | | RHEL 8 and Rocky Linux 8 | _app-protect-dos-34+4.6.1-1.el8.ngx.x86_64.rpm_ | | RHEL 9 | _app-protect-dos-34+4.6.1-1.el9.ngx.x86_64.rpm_ | | Debian 11 | _app-protect-dos_34+4.6.1-1\~bullseye_amd64.deb_ | diff --git a/content/nap-dos/troubleshooting-guide/how-to-troubleshoot.md b/content/nap-dos/troubleshooting-guide/how-to-troubleshoot.md index ed5b89c44..7ac06a6a7 100644 --- a/content/nap-dos/troubleshooting-guide/how-to-troubleshoot.md +++ b/content/nap-dos/troubleshooting-guide/how-to-troubleshoot.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect DoS Troubleshooting Guide. -docs: DOCS-675 +nd-docs: DOCS-675 title: NGINX App Protect DoS Troubleshooting Guide toc: true weight: 200 diff --git a/content/nap-waf/v4/admin-guide/install-nms.md b/content/nap-waf/v4/admin-guide/install-nms.md index ce95fd9e0..63b341b37 100644 --- a/content/nap-waf/v4/admin-guide/install-nms.md +++ b/content/nap-waf/v4/admin-guide/install-nms.md @@ -1,7 +1,7 @@ --- description: Learn how to get more from F5 NGINX App Protect WAF with the NGINX Management Suite Security Monitoring and Instance Manager modules. -docs: DOCS-1126 +nd-docs: DOCS-1126 title: Using NGINX App Protect WAF with NGINX Management Suite toc: true weight: 100 diff --git a/content/nap-waf/v4/admin-guide/install.md b/content/nap-waf/v4/admin-guide/install.md index d0781d810..67cfa0518 100644 --- a/content/nap-waf/v4/admin-guide/install.md +++ b/content/nap-waf/v4/admin-guide/install.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: how-to product: NAP-WAF -docs: DOCS-646 +nd-docs: DOCS-646 --- @@ -17,7 +17,7 @@ This guide explains how to deploy NGINX App Protect WAF as well as upgrade App P ### Using NGINX App Protect with NGINX Instance Manager NGINX Instance Manager provides centralized configuration management and visibility for your NGINX App Protect WAF fleet. -After completing the NGINX App Protect WAF installation, refer to the [NGINX Instance Manager Installation Guide](https://docs.nginx.com/nginx-instance-manager/deploy/) for the deployment instructions. +After completing the NGINX App Protect WAF installation, refer to the [NGINX Instance Manager Installation Guide](https://docs.nginx.com/nginx-instance-manager/deploy/) for the deployment instructions. ## Prerequisites @@ -237,8 +237,8 @@ If a user other than **nginx** is to be used, note the following: Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}} - - + + --- @@ -365,7 +365,7 @@ If a user other than **nginx** is to be used, note the following: ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` - + Verify the client is populating the database: ```shell @@ -375,7 +375,7 @@ If a user other than **nginx** is to be used, note the following: Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}} - + ## Debian Installation 1. If you already have NGINX packages in your system, back up your configs and logs: @@ -522,11 +522,11 @@ If a user other than **nginx** is to be used, note the following: ``` After installing the package, run the client: - + ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` - + Verify the client is populating the database: ```shell @@ -536,7 +536,7 @@ If a user other than **nginx** is to be used, note the following: Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}} - + {{< warning >}} Debian enables **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment. {{< /warning >}} @@ -665,11 +665,11 @@ If a user other than **nginx** is to be used, note the following: ``` After installing the package, run the client: - + ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` - + Verify the client is populating the database: ```shell @@ -807,7 +807,7 @@ If a user other than **nginx** is to be used, note the following: ``` After installing the package, run the client: - + ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` @@ -964,7 +964,7 @@ If a user other than **nginx** is to be used, note the following: ``` After installing the package, run the client: - + ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` @@ -978,7 +978,7 @@ If a user other than **nginx** is to be used, note the following: Update your policy to include the new configuration, then run [apreload]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#apreload" >}}) command to make changes take effect {{< note >}} For this capability to function properly, please follow the guidelines listed in the [configuration guide]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}){{< /note >}} - + {{< note >}} Ubuntu 20.04 / Ubuntu 22.04 / Ubuntu 24.04 activates **AppArmor** by default, but NGINX App Protect WAF will run in unconfined mode after being installed as it is shipped with no AppArmor profile. To benefit from AppArmor access control capabilities for NGINX App Protect WAF, you will have to write your own AppArmor profile for NGINX App Protect WAF executables found in `/opt/app_protect/bin` such that it best suits your environment. {{< /note >}} @@ -1069,13 +1069,13 @@ If a user other than **nginx** is to be used, note the following: /bin/su -s /bin/sh -c "/usr/share/ts/bin/bd-socket-plugin tmm_count 4 proc_cpuinfo_cpu_mhz 2000000 total_xml_memory 307200000 total_umu_max_size 3129344 sys_max_account_id 1024 no_static_config 2>&1 >> /var/log/app_protect/bd-socket-plugin.log &" nginx /usr/sbin/nginx -g 'daemon off;' ``` - + If you want to use IP intelligence feature (Available from versions 4.15.0 and above), add this additional line to your `entrypoint.sh` file: ```shell /opt/app_protect/bin/iprepd /etc/app_protect/tools/iprepd.cfg > ipi.log 2>&1 & ``` - + 7. Create a Docker image: - For Oracle Linux/Debian/Ubuntu/Alpine/Amazon Linux: @@ -1706,7 +1706,7 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 dnf install -y app-protect-compiler \ && dnf clean all \ && rm -rf /var/cache/dnf -``` +``` ### Oracle Linux 8 Converter Docker Deployment Example @@ -1925,7 +1925,7 @@ On a host with access to the NGINX App Protect WAF repository: apt-get update for i in $(apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances app-protect | grep "^\w" | sort -u); do apt-get download $i 2>>errors.txt; done ``` - + Only use if you want to install and use the IP intelligence feature: ```shell @@ -2815,7 +2815,7 @@ app-protect=27+3.1088.2-1~[OS_CODENAME] ## Upgrading App Protect to the latest version -### RHEL 8.1+ / RHEL 9+ / Oracle Linux 8.1+ +### RHEL 8.1+ / RHEL 9+ / Oracle Linux 8.1+ Upgrade the NGINX App Protect WAF to the latest 4.x version: diff --git a/content/nap-waf/v4/admin-guide/upgrade-nap-waf.md b/content/nap-waf/v4/admin-guide/upgrade-nap-waf.md index c29b4b765..43e115650 100644 --- a/content/nap-waf/v4/admin-guide/upgrade-nap-waf.md +++ b/content/nap-waf/v4/admin-guide/upgrade-nap-waf.md @@ -3,7 +3,7 @@ title: Upgrade NGINX App Protect WAF on Managed Instances description: How to Upgrade F5 NGINX App Protect WAF on managed NGINX instances weight: 300 toc: true -docs: DOCS-1198 +nd-docs: DOCS-1198 --- ## Overview diff --git a/content/nap-waf/v4/configuration-guide/configuration.md b/content/nap-waf/v4/configuration-guide/configuration.md index 6b3a9c2c0..a98931787 100644 --- a/content/nap-waf/v4/configuration-guide/configuration.md +++ b/content/nap-waf/v4/configuration-guide/configuration.md @@ -1,6 +1,6 @@ --- description: F5 NGINX App Protect WAF security features. -docs: DOCS-647 +nd-docs: DOCS-647 title: NGINX App Protect WAF Configuration Guide toc: true weight: 200 @@ -679,7 +679,7 @@ systematic, username/password combinations to discover legitimate authentication To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed login attempts reached a maximum threshold for a specific username or coming from a specific IP address. -In order to create a brute force configuration for a specific URL in NGINX App Protect you must first create a User-Defined URL, then a Login Page and finally define the URL element in the Brute Force configuration section. +In order to create a brute force configuration for a specific URL in NGINX App Protect you must first create a User-Defined URL, then a Login Page and finally define the URL element in the Brute Force configuration section. --- ### The User-Defined URL example diff --git a/content/nap-waf/v4/declarative-policy/policy.md b/content/nap-waf/v4/declarative-policy/policy.md index b5c71b808..10d28c6f1 100644 --- a/content/nap-waf/v4/declarative-policy/policy.md +++ b/content/nap-waf/v4/declarative-policy/policy.md @@ -2,7 +2,7 @@ title: NGINX App Protect WAF Declarative Policy toc: true weight: 300 -docs: DOCS-648 +nd-docs: DOCS-648 --- {{< include "nap-waf/policy.html" >}} diff --git a/content/nap-waf/v4/logging-overview/access-log.md b/content/nap-waf/v4/logging-overview/access-log.md index eaff647a6..bc9125538 100644 --- a/content/nap-waf/v4/logging-overview/access-log.md +++ b/content/nap-waf/v4/logging-overview/access-log.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect WAF Access Log Request Mechanism. -docs: DOCS-910 +nd-docs: DOCS-910 title: NGINX App Protect WAF Access Log toc: true weight: 550 diff --git a/content/nap-waf/v4/logging-overview/debug-logs.md b/content/nap-waf/v4/logging-overview/debug-logs.md index 154d95b5f..ef14ba848 100644 --- a/content/nap-waf/v4/logging-overview/debug-logs.md +++ b/content/nap-waf/v4/logging-overview/debug-logs.md @@ -1,6 +1,6 @@ --- description: Learn about the NGINX App Protect WAF Debug Log. -docs: DOCS-913 +nd-docs: DOCS-913 title: NGINX App Protect WAF Debug Log toc: true weight: 540 diff --git a/content/nap-waf/v4/logging-overview/logs-overview.md b/content/nap-waf/v4/logging-overview/logs-overview.md index 9e6ebdc5c..1ad2fd13d 100644 --- a/content/nap-waf/v4/logging-overview/logs-overview.md +++ b/content/nap-waf/v4/logging-overview/logs-overview.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect WAF Logs Overview. -docs: DOCS-911 +nd-docs: DOCS-911 title: NGINX App Protect WAF Logs Overview toc: true weight: 510 diff --git a/content/nap-waf/v4/logging-overview/operation-logs.md b/content/nap-waf/v4/logging-overview/operation-logs.md index bc51c423e..e84052974 100644 --- a/content/nap-waf/v4/logging-overview/operation-logs.md +++ b/content/nap-waf/v4/logging-overview/operation-logs.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect WAF Operation Log. -docs: DOCS-912 +nd-docs: DOCS-912 title: NGINX App Protect WAF Operation Log toc: true weight: 530 diff --git a/content/nap-waf/v4/logging-overview/security-log.md b/content/nap-waf/v4/logging-overview/security-log.md index d0211d06a..870950b77 100644 --- a/content/nap-waf/v4/logging-overview/security-log.md +++ b/content/nap-waf/v4/logging-overview/security-log.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect WAF Security Log. -docs: DOCS-915 +nd-docs: DOCS-915 title: NGINX App Protect WAF Security Log toc: true weight: 520 diff --git a/content/nap-waf/v4/releases/about-1.0.md b/content/nap-waf/v4/releases/about-1.0.md index a92eb466c..0d7ad81e4 100644 --- a/content/nap-waf/v4/releases/about-1.0.md +++ b/content/nap-waf/v4/releases/about-1.0.md @@ -4,7 +4,7 @@ weight: 1060 toc: true type: reference product: NAP-WAF -docs: DOCS-649 +nd-docs: DOCS-649 --- May 19, 2020 diff --git a/content/nap-waf/v4/releases/about-1.1.md b/content/nap-waf/v4/releases/about-1.1.md index 658adcae8..4799b4da9 100644 --- a/content/nap-waf/v4/releases/about-1.1.md +++ b/content/nap-waf/v4/releases/about-1.1.md @@ -4,7 +4,7 @@ weight: 1040 toc: true type: reference product: NAP-WAF -docs: DOCS-650 +nd-docs: DOCS-650 --- June 9, 2020 diff --git a/content/nap-waf/v4/releases/about-1.2.md b/content/nap-waf/v4/releases/about-1.2.md index ec7a3eb72..483b108a3 100644 --- a/content/nap-waf/v4/releases/about-1.2.md +++ b/content/nap-waf/v4/releases/about-1.2.md @@ -4,7 +4,7 @@ weight: 1020 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1791 --- June 30, 2020 diff --git a/content/nap-waf/v4/releases/about-1.3.md b/content/nap-waf/v4/releases/about-1.3.md index 949b826f0..9dc5f8788 100644 --- a/content/nap-waf/v4/releases/about-1.3.md +++ b/content/nap-waf/v4/releases/about-1.3.md @@ -4,7 +4,7 @@ weight: 1000 toc: true type: reference product: NAP-WAF -docs: DOCS-652 +nd-docs: DOCS-652 --- July 21, 2020 diff --git a/content/nap-waf/v4/releases/about-2.0.md b/content/nap-waf/v4/releases/about-2.0.md index 41d7edf01..af8deb50e 100644 --- a/content/nap-waf/v4/releases/about-2.0.md +++ b/content/nap-waf/v4/releases/about-2.0.md @@ -4,7 +4,7 @@ weight: 980 toc: true type: reference product: NAP-WAF -docs: DOCS-653 +nd-docs: DOCS-653 --- September 08, 2020 diff --git a/content/nap-waf/v4/releases/about-2.1.md b/content/nap-waf/v4/releases/about-2.1.md index 1043a365c..b06400d96 100644 --- a/content/nap-waf/v4/releases/about-2.1.md +++ b/content/nap-waf/v4/releases/about-2.1.md @@ -4,7 +4,7 @@ weight: 960 toc: true type: reference product: NAP-WAF -docs: DOCS-654 +nd-docs: DOCS-654 --- October 28, 2020 diff --git a/content/nap-waf/v4/releases/about-2.2.md b/content/nap-waf/v4/releases/about-2.2.md index b62160c1f..25664110f 100644 --- a/content/nap-waf/v4/releases/about-2.2.md +++ b/content/nap-waf/v4/releases/about-2.2.md @@ -4,7 +4,7 @@ weight: 940 toc: true type: reference product: NAP-WAF -docs: DOCS-655 +nd-docs: DOCS-655 --- December 09, 2020 diff --git a/content/nap-waf/v4/releases/about-2.3.md b/content/nap-waf/v4/releases/about-2.3.md index a3b527394..0b77716f3 100644 --- a/content/nap-waf/v4/releases/about-2.3.md +++ b/content/nap-waf/v4/releases/about-2.3.md @@ -4,7 +4,7 @@ weight: 920 toc: true type: reference product: NAP-WAF -docs: DOCS-656 +nd-docs: DOCS-656 --- December 30, 2020 diff --git a/content/nap-waf/v4/releases/about-3.0.md b/content/nap-waf/v4/releases/about-3.0.md index d8cb52787..d1a728e27 100644 --- a/content/nap-waf/v4/releases/about-3.0.md +++ b/content/nap-waf/v4/releases/about-3.0.md @@ -4,7 +4,7 @@ weight: 800 toc: true type: reference product: NAP-WAF -docs: DOCS-657 +nd-docs: DOCS-657 --- January 29, 2021 diff --git a/content/nap-waf/v4/releases/about-3.1.md b/content/nap-waf/v4/releases/about-3.1.md index 543004cba..ac627cc31 100644 --- a/content/nap-waf/v4/releases/about-3.1.md +++ b/content/nap-waf/v4/releases/about-3.1.md @@ -4,7 +4,7 @@ weight: 790 toc: true type: reference product: NAP-WAF -docs: DOCS-658 +nd-docs: DOCS-658 --- March 31, 2021 diff --git a/content/nap-waf/v4/releases/about-3.10.md b/content/nap-waf/v4/releases/about-3.10.md index 76bd2d094..b4ce69183 100644 --- a/content/nap-waf/v4/releases/about-3.10.md +++ b/content/nap-waf/v4/releases/about-3.10.md @@ -4,7 +4,7 @@ weight: 680 toc: true type: reference product: NAP-WAF -docs: DOCS-846 +nd-docs: DOCS-846 --- May 25, 2022 diff --git a/content/nap-waf/v4/releases/about-3.11.md b/content/nap-waf/v4/releases/about-3.11.md index fd7e40baf..72015ea43 100644 --- a/content/nap-waf/v4/releases/about-3.11.md +++ b/content/nap-waf/v4/releases/about-3.11.md @@ -4,7 +4,7 @@ weight: 660 toc: true type: reference product: NAP-WAF -docs: DOCS-891 +nd-docs: DOCS-891 --- June 28, 2022 diff --git a/content/nap-waf/v4/releases/about-3.12.2.md b/content/nap-waf/v4/releases/about-3.12.2.md index 579b98006..915e68336 100644 --- a/content/nap-waf/v4/releases/about-3.12.2.md +++ b/content/nap-waf/v4/releases/about-3.12.2.md @@ -4,7 +4,7 @@ weight: 620 toc: true type: reference product: NAP-WAF -docs: DOCS-988 +nd-docs: DOCS-988 --- November 17, 2022 diff --git a/content/nap-waf/v4/releases/about-3.12.md b/content/nap-waf/v4/releases/about-3.12.md index 80d60f15e..81ee0c65c 100644 --- a/content/nap-waf/v4/releases/about-3.12.md +++ b/content/nap-waf/v4/releases/about-3.12.md @@ -4,7 +4,7 @@ weight: 640 toc: true type: reference product: NAP-WAF -docs: DOCS-943 +nd-docs: DOCS-943 --- September 21, 2022 diff --git a/content/nap-waf/v4/releases/about-3.2.md b/content/nap-waf/v4/releases/about-3.2.md index 216030019..5abd54264 100644 --- a/content/nap-waf/v4/releases/about-3.2.md +++ b/content/nap-waf/v4/releases/about-3.2.md @@ -4,7 +4,7 @@ weight: 780 toc: true type: reference product: NAP-WAF -docs: DOCS-659 +nd-docs: DOCS-659 --- April 28, 2021 diff --git a/content/nap-waf/v4/releases/about-3.3.md b/content/nap-waf/v4/releases/about-3.3.md index 1321cf141..4ce5ac26b 100644 --- a/content/nap-waf/v4/releases/about-3.3.md +++ b/content/nap-waf/v4/releases/about-3.3.md @@ -4,7 +4,7 @@ weight: 770 toc: true type: reference product: NAP-WAF -docs: DOCS-660 +nd-docs: DOCS-660 --- July 7, 2021 diff --git a/content/nap-waf/v4/releases/about-3.4.md b/content/nap-waf/v4/releases/about-3.4.md index ae3880eed..1c2027f08 100644 --- a/content/nap-waf/v4/releases/about-3.4.md +++ b/content/nap-waf/v4/releases/about-3.4.md @@ -4,7 +4,7 @@ weight: 760 toc: true type: reference product: NAP-WAF -docs: DOCS-661 +nd-docs: DOCS-661 --- August 10, 2021 diff --git a/content/nap-waf/v4/releases/about-3.5.md b/content/nap-waf/v4/releases/about-3.5.md index 895f68c39..a21285446 100644 --- a/content/nap-waf/v4/releases/about-3.5.md +++ b/content/nap-waf/v4/releases/about-3.5.md @@ -4,7 +4,7 @@ weight: 750 toc: true type: reference product: NAP-WAF -docs: DOCS-662 +nd-docs: DOCS-662 --- September 6, 2021 diff --git a/content/nap-waf/v4/releases/about-3.6.md b/content/nap-waf/v4/releases/about-3.6.md index aff52b5b5..ba4d35512 100644 --- a/content/nap-waf/v4/releases/about-3.6.md +++ b/content/nap-waf/v4/releases/about-3.6.md @@ -4,7 +4,7 @@ weight: 740 toc: true type: reference product: NAP-WAF -docs: DOCS-663 +nd-docs: DOCS-663 --- October 13, 2021 diff --git a/content/nap-waf/v4/releases/about-3.7.md b/content/nap-waf/v4/releases/about-3.7.md index a9e4e2886..304d869c7 100644 --- a/content/nap-waf/v4/releases/about-3.7.md +++ b/content/nap-waf/v4/releases/about-3.7.md @@ -4,7 +4,7 @@ weight: 730 toc: true type: reference product: NAP-WAF -docs: DOCS-664 +nd-docs: DOCS-664 --- December 15, 2021 diff --git a/content/nap-waf/v4/releases/about-3.8.md b/content/nap-waf/v4/releases/about-3.8.md index 0511b6708..94acc1198 100644 --- a/content/nap-waf/v4/releases/about-3.8.md +++ b/content/nap-waf/v4/releases/about-3.8.md @@ -4,7 +4,7 @@ weight: 720 toc: true type: reference product: NAP-WAF -docs: DOCS-832 +nd-docs: DOCS-832 --- January 18, 2022 diff --git a/content/nap-waf/v4/releases/about-3.9.1.md b/content/nap-waf/v4/releases/about-3.9.1.md index e3356ba9f..7185041b9 100644 --- a/content/nap-waf/v4/releases/about-3.9.1.md +++ b/content/nap-waf/v4/releases/about-3.9.1.md @@ -4,7 +4,7 @@ weight: 700 toc: true type: reference product: NAP-WAF -docs: DOCS-842 +nd-docs: DOCS-842 --- March 9, 2022 diff --git a/content/nap-waf/v4/releases/about-3.9.md b/content/nap-waf/v4/releases/about-3.9.md index ffede02ad..73bd50c6c 100644 --- a/content/nap-waf/v4/releases/about-3.9.md +++ b/content/nap-waf/v4/releases/about-3.9.md @@ -4,7 +4,7 @@ weight: 710 toc: true type: reference product: NAP-WAF -docs: DOCS-838 +nd-docs: DOCS-838 --- February 15, 2022 diff --git a/content/nap-waf/v4/releases/about-4.0.md b/content/nap-waf/v4/releases/about-4.0.md index 61411fd29..e4c985f0d 100644 --- a/content/nap-waf/v4/releases/about-4.0.md +++ b/content/nap-waf/v4/releases/about-4.0.md @@ -4,7 +4,7 @@ weight: 410 toc: true type: reference product: NAP-WAF -docs: DOCS-994 +nd-docs: DOCS-994 --- November 29, 2022 diff --git a/content/nap-waf/v4/releases/about-4.1.md b/content/nap-waf/v4/releases/about-4.1.md index 63b806c94..e993f2425 100644 --- a/content/nap-waf/v4/releases/about-4.1.md +++ b/content/nap-waf/v4/releases/about-4.1.md @@ -4,7 +4,7 @@ weight: 400 toc: true type: reference product: NAP-WAF -docs: DOCS-1116 +nd-docs: DOCS-1116 --- January 31, 2023 diff --git a/content/nap-waf/v4/releases/about-4.10.md b/content/nap-waf/v4/releases/about-4.10.md index 8097546aa..7bdd5c45c 100644 --- a/content/nap-waf/v4/releases/about-4.10.md +++ b/content/nap-waf/v4/releases/about-4.10.md @@ -4,7 +4,7 @@ weight: 130 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1787 --- May 29, 2024 @@ -23,7 +23,7 @@ In this release, NGINX App Protect WAF supports NGINX Plus R32. #### App Protect -##### Alpine Linux 3.16 +##### Alpine Linux 3.16 - app-protect-32.5.48.0-r1.apk @@ -47,7 +47,7 @@ In this release, NGINX App Protect WAF supports NGINX Plus R32. - app-protect-32+5.48.0-1.el8.ngx.x86_64.rpm -##### RHEL 8.1+ +##### RHEL 8.1+ - app-protect-32+5.48.0-1.el8.ngx.x86_64.rpm diff --git a/content/nap-waf/v4/releases/about-4.11.md b/content/nap-waf/v4/releases/about-4.11.md index 438bd8c99..daf3c93ad 100644 --- a/content/nap-waf/v4/releases/about-4.11.md +++ b/content/nap-waf/v4/releases/about-4.11.md @@ -4,7 +4,7 @@ weight: 120 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1786 --- September 25, 2024 diff --git a/content/nap-waf/v4/releases/about-4.12.md b/content/nap-waf/v4/releases/about-4.12.md index e735023b9..61e77bb4c 100644 --- a/content/nap-waf/v4/releases/about-4.12.md +++ b/content/nap-waf/v4/releases/about-4.12.md @@ -4,7 +4,7 @@ weight: 110 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1788 --- November 19th, 2024 diff --git a/content/nap-waf/v4/releases/about-4.13.md b/content/nap-waf/v4/releases/about-4.13.md index b332f4aa9..e664466d3 100644 --- a/content/nap-waf/v4/releases/about-4.13.md +++ b/content/nap-waf/v4/releases/about-4.13.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1790 --- January 30th, 2025 diff --git a/content/nap-waf/v4/releases/about-4.14.md b/content/nap-waf/v4/releases/about-4.14.md index 89ff9875d..ef20b99f6 100644 --- a/content/nap-waf/v4/releases/about-4.14.md +++ b/content/nap-waf/v4/releases/about-4.14.md @@ -4,7 +4,7 @@ weight: 90 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1792 --- April 1st, 2025 diff --git a/content/nap-waf/v4/releases/about-4.15.md b/content/nap-waf/v4/releases/about-4.15.md index f56e4ac52..1dba23851 100644 --- a/content/nap-waf/v4/releases/about-4.15.md +++ b/content/nap-waf/v4/releases/about-4.15.md @@ -4,6 +4,7 @@ weight: 80 toc: true nd-content-type: reference nd-product: NAP-WAF +nd-docs: DOCS-1789 --- June 24th, 2025 @@ -11,7 +12,7 @@ June 24th, 2025 ## New features - Added support for [IP Intelligence]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-intelligence-configuration" >}}) -- Added support for Rocky Linux 9 +- Added support for Rocky Linux 9 - Added support for Override rules for [IP Address Lists]({{< ref "/nap-waf/v4/configuration-guide/configuration.md#ip-address-lists" >}}) ## Important notes @@ -25,7 +26,7 @@ June 24th, 2025 - 12527 - Remove CPAN - installed certs and source files - 11112 - Remove systemd/init.d leftovers in NAP WAF v5 pkgs - 12400 - Cookie attributes are not added to a TS cookie when there is more than one TS cookie -- 12498 - Undefined behavior when using huge XFF +- 12498 - Undefined behavior when using huge XFF - 12731 - Multiple clean_resp_reset internal error messages in logs when loading NAP ## Supported packages @@ -36,7 +37,7 @@ June 24th, 2025 | Amazon Linux 2023 | _app-protect-34+5.442.0-1.amzn2023.ngx.x86_64.rpm_ | | Debian 11 | _app-protect_34+5.442.0-1\~bullseye_amd64.deb_ | | Debian 12 | _app-protect_34+5.442.0-1\~bookworm_amd64.deb_ | -| Oracle Linux 8.1 | _app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm_ | +| Oracle Linux 8.1 | _app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm_ | | Ubuntu 22.04 | _app-protect_34+5.442.0-1\~jammy_amd64.deb_ | | Ubuntu 24.04 | _app-protect_34+5.442.0-1\~noble_amd64.deb_ | | RHEL 8 and Rocky Linux 8 | _app-protect-34+5.442.0-1.el8.ngx.x86_64.rpm_ | diff --git a/content/nap-waf/v4/releases/about-4.2.md b/content/nap-waf/v4/releases/about-4.2.md index ef9503d21..73d5d0f38 100644 --- a/content/nap-waf/v4/releases/about-4.2.md +++ b/content/nap-waf/v4/releases/about-4.2.md @@ -4,7 +4,7 @@ weight: 310 toc: true type: reference product: NAP-WAF -docs: DOCS-1172 +nd-docs: DOCS-1172 --- March 29, 2023 diff --git a/content/nap-waf/v4/releases/about-4.3.md b/content/nap-waf/v4/releases/about-4.3.md index d5f160777..a7820e169 100644 --- a/content/nap-waf/v4/releases/about-4.3.md +++ b/content/nap-waf/v4/releases/about-4.3.md @@ -4,7 +4,7 @@ weight: 210 toc: true type: reference product: NAP-WAF -docs: DOCS-1202 +nd-docs: DOCS-1202 --- May 2, 2023 diff --git a/content/nap-waf/v4/releases/about-4.4.md b/content/nap-waf/v4/releases/about-4.4.md index 47c0d4e34..98065a6d6 100644 --- a/content/nap-waf/v4/releases/about-4.4.md +++ b/content/nap-waf/v4/releases/about-4.4.md @@ -4,7 +4,7 @@ weight: 200 toc: true type: reference product: NAP-WAF -docs: DOCS-1252 +nd-docs: DOCS-1252 --- July 5, 2023 diff --git a/content/nap-waf/v4/releases/about-4.5.md b/content/nap-waf/v4/releases/about-4.5.md index 4ac361f74..752812849 100644 --- a/content/nap-waf/v4/releases/about-4.5.md +++ b/content/nap-waf/v4/releases/about-4.5.md @@ -4,7 +4,7 @@ weight: 190 toc: true type: reference product: NAP-WAF -docs: DOCS-1253 +nd-docs: DOCS-1253 --- August 15, 2023 diff --git a/content/nap-waf/v4/releases/about-4.6.md b/content/nap-waf/v4/releases/about-4.6.md index 100e4059f..9b71d7b58 100644 --- a/content/nap-waf/v4/releases/about-4.6.md +++ b/content/nap-waf/v4/releases/about-4.6.md @@ -4,7 +4,7 @@ weight: 180 toc: true type: reference product: NAP-WAF -docs: DOCS-1347 +nd-docs: DOCS-1347 --- October 17, 2023 diff --git a/content/nap-waf/v4/releases/about-4.7.md b/content/nap-waf/v4/releases/about-4.7.md index 62181c049..447cbb919 100644 --- a/content/nap-waf/v4/releases/about-4.7.md +++ b/content/nap-waf/v4/releases/about-4.7.md @@ -4,7 +4,7 @@ weight: 170 toc: true type: reference product: NAP-WAF -docs: DOCS-1360 +nd-docs: DOCS-1360 --- December 19, 2023 diff --git a/content/nap-waf/v4/releases/about-4.8.1.md b/content/nap-waf/v4/releases/about-4.8.1.md index ed85394d9..8a978fe6e 100644 --- a/content/nap-waf/v4/releases/about-4.8.1.md +++ b/content/nap-waf/v4/releases/about-4.8.1.md @@ -4,7 +4,7 @@ weight: 150 toc: true type: reference product: NAP-WAF -docs: DOCS-1477 +nd-docs: DOCS-1477 --- March 6, 2024 diff --git a/content/nap-waf/v4/releases/about-4.8.md b/content/nap-waf/v4/releases/about-4.8.md index 37efe6ae7..268dcd877 100644 --- a/content/nap-waf/v4/releases/about-4.8.md +++ b/content/nap-waf/v4/releases/about-4.8.md @@ -4,7 +4,7 @@ weight: 160 toc: true type: reference product: NAP-WAF -docs: DOCS-1391 +nd-docs: DOCS-1391 --- February 6, 2024 diff --git a/content/nap-waf/v4/releases/about-4.9.md b/content/nap-waf/v4/releases/about-4.9.md index 17b2af609..aeb44e88d 100644 --- a/content/nap-waf/v4/releases/about-4.9.md +++ b/content/nap-waf/v4/releases/about-4.9.md @@ -4,7 +4,7 @@ weight: 140 toc: true type: reference product: NAP-WAF -docs: DOCS-1478 +nd-docs: DOCS-1478 --- April 18, 2024 diff --git a/content/nap-waf/v4/troubleshooting-guide/troubleshooting.md b/content/nap-waf/v4/troubleshooting-guide/troubleshooting.md index f4971a732..cd5da81be 100644 --- a/content/nap-waf/v4/troubleshooting-guide/troubleshooting.md +++ b/content/nap-waf/v4/troubleshooting-guide/troubleshooting.md @@ -1,6 +1,6 @@ --- description: Learn about the F5 NGINX App Protect WAF Troubleshooting Guide. -docs: DOCS-665 +nd-docs: DOCS-665 title: NGINX App Protect WAF Troubleshooting Guide toc: true weight: 400 diff --git a/content/nap-waf/v5/admin-guide/compiler.md b/content/nap-waf/v5/admin-guide/compiler.md index ea0f28500..0e1a3564c 100644 --- a/content/nap-waf/v5/admin-guide/compiler.md +++ b/content/nap-waf/v5/admin-guide/compiler.md @@ -4,7 +4,7 @@ weight: 500 toc: true type: how-to product: NAP-WAF -docs: DOCS-1367 +nd-docs: DOCS-1367 --- ## Overview diff --git a/content/nap-waf/v5/admin-guide/deploy-on-docker.md b/content/nap-waf/v5/admin-guide/deploy-on-docker.md index a2f0e3821..a135e5a5f 100644 --- a/content/nap-waf/v5/admin-guide/deploy-on-docker.md +++ b/content/nap-waf/v5/admin-guide/deploy-on-docker.md @@ -4,7 +4,7 @@ weight: 500 toc: true type: how-to product: NAP-WAF -docs: DOCS-1365 +nd-docs: DOCS-1365 --- ## Prerequisites diff --git a/content/nap-waf/v5/admin-guide/deploy-with-helm.md b/content/nap-waf/v5/admin-guide/deploy-with-helm.md index 4a2eeb801..3d2c81e9e 100644 --- a/content/nap-waf/v5/admin-guide/deploy-with-helm.md +++ b/content/nap-waf/v5/admin-guide/deploy-with-helm.md @@ -4,6 +4,7 @@ weight: 300 toc: true type: how-to product: NAP-WAF +nd-docs: DOCS-1793 --- ## Overview @@ -38,7 +39,7 @@ Next, create a `Dockerfile` using one of the examples provided below. {{}} {{%tab name="Alpine Linux"%}} - + {{< include "nap-waf/config/v5/build-nginx-image-oss/build-alpine.md" >}} {{%/tab%}} @@ -85,7 +86,7 @@ You are ready to [Build the image](#build-image). {{}} {{%tab name="Alpine Linux"%}} - + {{< include "nap-waf/config/v5/build-nginx-image-plus/build-alpine.md" >}} {{%/tab%}} @@ -132,7 +133,7 @@ You are ready to [Build the image](#build-image). Next, push it to your private image repository, ensuring it's accessible to your Kubernetes cluster. ---- +--- ## Pull the chart diff --git a/content/nap-waf/v5/admin-guide/deploy-with-manifests.md b/content/nap-waf/v5/admin-guide/deploy-with-manifests.md index ded07b037..751c778c8 100644 --- a/content/nap-waf/v5/admin-guide/deploy-with-manifests.md +++ b/content/nap-waf/v5/admin-guide/deploy-with-manifests.md @@ -4,7 +4,7 @@ weight: 400 toc: true type: how-to product: NAP-WAF -docs: DOCS-1366 +nd-docs: DOCS-1366 --- ## Prerequisites @@ -457,8 +457,8 @@ spec: {{< include "/nap-waf/nap-k8s-readonly-paths.md" >}} ---- - +--- + ### Possible issues {{< include "/nap-waf/nap-k8s-readonly-issues.md" >}} diff --git a/content/nap-waf/v5/admin-guide/install.md b/content/nap-waf/v5/admin-guide/install.md index 7e1f05355..b6263a507 100644 --- a/content/nap-waf/v5/admin-guide/install.md +++ b/content/nap-waf/v5/admin-guide/install.md @@ -4,7 +4,7 @@ weight: 200 toc: true type: how-to product: NAP-WAF -docs: DOCS-1363 +nd-docs: DOCS-1363 --- ## Prerequisites @@ -39,7 +39,7 @@ Please follow these steps before you install either NGINX Open Source or NGINX P {{}} {{%tab name="Alpine Linux"%}} - + {{< include "nap-waf/config/v5/host-based-nginx-instructions/common-steps-with-alpine" >}} {{%/tab%}} diff --git a/content/nap-waf/v5/admin-guide/overview.md b/content/nap-waf/v5/admin-guide/overview.md index 127e600e2..4470b987b 100644 --- a/content/nap-waf/v5/admin-guide/overview.md +++ b/content/nap-waf/v5/admin-guide/overview.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: how-to product: NAP-WAF -docs: DOCS-1362 +nd-docs: DOCS-1362 --- ## Introduction diff --git a/content/nap-waf/v5/admin-guide/upgrade-nap-waf.md b/content/nap-waf/v5/admin-guide/upgrade-nap-waf.md index c5d688a9c..c7e1e6496 100644 --- a/content/nap-waf/v5/admin-guide/upgrade-nap-waf.md +++ b/content/nap-waf/v5/admin-guide/upgrade-nap-waf.md @@ -4,7 +4,7 @@ weight: 600 toc: true type: how-to product: NAP-WAF -docs: DOCS-1640 +nd-docs: DOCS-1640 --- ## Overview diff --git a/content/nap-waf/v5/configuration-guide/configuration.md b/content/nap-waf/v5/configuration-guide/configuration.md index f654d70ee..df837908e 100644 --- a/content/nap-waf/v5/configuration-guide/configuration.md +++ b/content/nap-waf/v5/configuration-guide/configuration.md @@ -1,7 +1,7 @@ --- description: This guide explains the F5 NGINX App Protect WAF security features and how to use them. -docs: DOCS-1368 +nd-docs: DOCS-1368 title: NGINX App Protect WAF Configuration Guide toc: true weight: 200 diff --git a/content/nap-waf/v5/declarative-policy/policy.md b/content/nap-waf/v5/declarative-policy/policy.md index 7b038b1f0..5ecdbefbb 100644 --- a/content/nap-waf/v5/declarative-policy/policy.md +++ b/content/nap-waf/v5/declarative-policy/policy.md @@ -3,7 +3,7 @@ description: '' title: NGINX App Protect WAF Declarative Policy toc: false weight: 300 -docs: DOCS-1644 +nd-docs: DOCS-1644 type: - reference --- diff --git a/content/nap-waf/v5/logging-overview/access-log.md b/content/nap-waf/v5/logging-overview/access-log.md index 5c7f0de2c..198a3c2ac 100644 --- a/content/nap-waf/v5/logging-overview/access-log.md +++ b/content/nap-waf/v5/logging-overview/access-log.md @@ -3,7 +3,7 @@ description: Learn about the F5 NGINX App Protect WAF Access Log Request Mechani title: NGINX App Protect WAF Access Log toc: true weight: 550 -docs: DOCS-1641 +nd-docs: DOCS-1641 type: - concept --- diff --git a/content/nap-waf/v5/logging-overview/logs-overview.md b/content/nap-waf/v5/logging-overview/logs-overview.md index 4b4c7b590..6c30a6e80 100644 --- a/content/nap-waf/v5/logging-overview/logs-overview.md +++ b/content/nap-waf/v5/logging-overview/logs-overview.md @@ -1,6 +1,6 @@ --- description: Learn the types of logs available in F5 NGINX App Protect WAF v5. -docs: DOCS-1374 +nd-docs: DOCS-1374 title: NGINX App Protect WAF Logs Overview toc: true weight: 1010 diff --git a/content/nap-waf/v5/logging-overview/security-log.md b/content/nap-waf/v5/logging-overview/security-log.md index e23f281c1..2b91b63b1 100644 --- a/content/nap-waf/v5/logging-overview/security-log.md +++ b/content/nap-waf/v5/logging-overview/security-log.md @@ -3,7 +3,7 @@ description: Learn about the F5 NGINX App Protect WAF Security Log. title: NGINX App Protect WAF Security Log toc: true weight: 520 -docs: DOCS-1642 +nd-docs: DOCS-1642 type: - concept --- diff --git a/content/nap-waf/v5/releases/about-5.0.md b/content/nap-waf/v5/releases/about-5.0.md index b27436767..fdbc765df 100644 --- a/content/nap-waf/v5/releases/about-5.0.md +++ b/content/nap-waf/v5/releases/about-5.0.md @@ -4,7 +4,7 @@ weight: 1000 toc: true type: reference product: NAP-WAF -docs: DOCS-1643 +nd-docs: DOCS-1643 --- March 19, 2024 diff --git a/content/nap-waf/v5/releases/about-5.1.md b/content/nap-waf/v5/releases/about-5.1.md index 77e5348f5..51f0e5324 100644 --- a/content/nap-waf/v5/releases/about-5.1.md +++ b/content/nap-waf/v5/releases/about-5.1.md @@ -4,7 +4,7 @@ weight: 900 toc: true type: reference product: NAP-WAF -docs: DOCS-1479 +nd-docs: DOCS-1479 --- April 18, 2024 diff --git a/content/nap-waf/v5/releases/about-5.2.md b/content/nap-waf/v5/releases/about-5.2.md index 388397e9b..670f9b4f7 100644 --- a/content/nap-waf/v5/releases/about-5.2.md +++ b/content/nap-waf/v5/releases/about-5.2.md @@ -4,7 +4,7 @@ weight: 890 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1796 --- May 29, 2024 diff --git a/content/nap-waf/v5/releases/about-5.3.md b/content/nap-waf/v5/releases/about-5.3.md index 4b5bb044d..344f49a2b 100644 --- a/content/nap-waf/v5/releases/about-5.3.md +++ b/content/nap-waf/v5/releases/about-5.3.md @@ -4,7 +4,7 @@ weight: 880 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1799 --- September 25, 2024 diff --git a/content/nap-waf/v5/releases/about-5.4.md b/content/nap-waf/v5/releases/about-5.4.md index 4417b6781..eb7312f10 100644 --- a/content/nap-waf/v5/releases/about-5.4.md +++ b/content/nap-waf/v5/releases/about-5.4.md @@ -4,7 +4,7 @@ weight: 870 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1798 --- November 19th, 2024 diff --git a/content/nap-waf/v5/releases/about-5.5.md b/content/nap-waf/v5/releases/about-5.5.md index 55f099321..2a3bf94a7 100644 --- a/content/nap-waf/v5/releases/about-5.5.md +++ b/content/nap-waf/v5/releases/about-5.5.md @@ -4,7 +4,7 @@ weight: 860 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1795 --- January 30th, 2025 diff --git a/content/nap-waf/v5/releases/about-5.6.md b/content/nap-waf/v5/releases/about-5.6.md index fb8f057a0..8c952dbaf 100644 --- a/content/nap-waf/v5/releases/about-5.6.md +++ b/content/nap-waf/v5/releases/about-5.6.md @@ -4,7 +4,7 @@ weight: 850 toc: true type: reference product: NAP-WAF -docs: DOCS-000 +nd-docs: DOCS-1797 --- April 1st, 2025 diff --git a/content/nap-waf/v5/releases/about-5.7.md b/content/nap-waf/v5/releases/about-5.7.md index 7ad69b20c..050cce97e 100644 --- a/content/nap-waf/v5/releases/about-5.7.md +++ b/content/nap-waf/v5/releases/about-5.7.md @@ -4,6 +4,7 @@ weight: 840 toc: true nd-content-type: reference nd-product: NAP-WAF +nd-docs: DOCS-1794 --- June 24th, 2025 @@ -11,9 +12,9 @@ June 24th, 2025 ## New features - Added support for [IP Intelligence]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#ip-intelligence-configuration" >}}) -- Added support for Rocky Linux 9 +- Added support for Rocky Linux 9 - Added support for Override rules for [IP Address Lists]({{< ref "/nap-waf/v5/configuration-guide/configuration.md#ip-address-lists" >}}) - + ## Important notes - Ubuntu 20.04 is no longer supported @@ -25,7 +26,7 @@ June 24th, 2025 - 12527 - Remove CPAN - installed certs and source files - 11112 - Remove systemd/init.d leftovers in NAP WAF v5 pkgs - 12400 - Cookie attributes are not added to a TS cookie when there is more than one TS cookie -- 12498 - Undefined behavior when using huge XFF +- 12498 - Undefined behavior when using huge XFF - 12731 - Multiple clean_resp_reset internal error messages in logs when loading NAP ## Supported packages diff --git a/content/nap-waf/v5/troubleshooting-guide/troubleshooting.md b/content/nap-waf/v5/troubleshooting-guide/troubleshooting.md index bbf4be2fb..8de5fd315 100644 --- a/content/nap-waf/v5/troubleshooting-guide/troubleshooting.md +++ b/content/nap-waf/v5/troubleshooting-guide/troubleshooting.md @@ -3,7 +3,7 @@ description: Learn about the F5 NGINX App Protect WAF Troubleshooting Guide. title: NGINX App Protect WAF Troubleshooting Guide toc: true weight: 400 -docs: DOCS-1645 +nd-docs: DOCS-1645 type: - concept --- diff --git a/content/ngf/changelog.md b/content/ngf/changelog.md index 5453d1b8f..4e16a7465 100644 --- a/content/ngf/changelog.md +++ b/content/ngf/changelog.md @@ -4,7 +4,7 @@ toc: true weight: 900 nd-content-type: reference nd-product: NGF -nd-docs: "DOCS-1359" +nd-docs: DOCS-1359 --- See the NGINX Gateway Fabric changelog page: diff --git a/content/ngf/get-started.md b/content/ngf/get-started.md index c6a03bd0c..83bd9029f 100644 --- a/content/ngf/get-started.md +++ b/content/ngf/get-started.md @@ -4,11 +4,11 @@ weight: 200 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1834 --- {{< important >}} -This document is for trying out NGINX Gateway Fabric, and not intended for a production environment. +This document is for trying out NGINX Gateway Fabric, and not intended for a production environment. For standard deployments, you should read the [Install NGINX Gateway Fabric]({{< ref "/ngf/install/" >}}) section. {{< /important >}} @@ -102,7 +102,7 @@ customresourcedefinition.apiextensions.k8s.io/referencegrants.gateway.networking ### Install the Helm chart -Use `helm` to install NGINX Gateway Fabric, specifying the NodePort configuration that will be set on the +Use `helm` to install NGINX Gateway Fabric, specifying the NodePort configuration that will be set on the NGINX Service when it is provisioned: ```shell diff --git a/content/ngf/how-to/control-plane-configuration.md b/content/ngf/how-to/control-plane-configuration.md index c7ca856b4..65a358784 100644 --- a/content/ngf/how-to/control-plane-configuration.md +++ b/content/ngf/how-to/control-plane-configuration.md @@ -4,7 +4,7 @@ weight: 400 toc: true type: how-to product: NGF -docs: DOCS-1416 +nd-docs: DOCS-1839 --- Learn how to dynamically update the NGINX Gateway Fabric control plane configuration. diff --git a/content/ngf/how-to/data-plane-configuration.md b/content/ngf/how-to/data-plane-configuration.md index 994a86faa..ff16d6e1e 100644 --- a/content/ngf/how-to/data-plane-configuration.md +++ b/content/ngf/how-to/data-plane-configuration.md @@ -4,7 +4,7 @@ weight: 500 toc: true type: how-to product: NGF -docs: DOCS-000 +nd-docs: DOCS-1838 --- Learn how to dynamically update the NGINX Gateway Fabric global data plane configuration. @@ -342,7 +342,7 @@ EOF ## Configure infrastructure-related settings -You can configure deployment and service settings for all data plane instances by editing the `NginxProxy` resource at the Gateway or GatewayClass level. These settings can also be specified under the `nginx` section in the Helm values file. You can edit things such as replicas, pod scheduling options, container resource limits, extra volume mounts, service types and load balancer settings. +You can configure deployment and service settings for all data plane instances by editing the `NginxProxy` resource at the Gateway or GatewayClass level. These settings can also be specified under the `nginx` section in the Helm values file. You can edit things such as replicas, pod scheduling options, container resource limits, extra volume mounts, service types and load balancer settings. The following command creates an `NginxProxy` resource with 2 replicas, sets `container.resources.requests` to 100m CPU and 128Mi memory, configures a 90 second `pod.terminationGracePeriodSeconds`, and sets the service type to `LoadBalancer` with IP `192.87.9.1` and AWS NLB annotation. diff --git a/content/ngf/how-to/scaling.md b/content/ngf/how-to/scaling.md index 22d181cdf..8e9961798 100644 --- a/content/ngf/how-to/scaling.md +++ b/content/ngf/how-to/scaling.md @@ -4,7 +4,7 @@ weight: 700 toc: true type: how-to product: NGF -docs: DOCS-0000 +nd-docs: DOCS-1840 --- This document describes how you can separately scale the NGINX Gateway Fabric control plane and data plane. @@ -14,7 +14,7 @@ It provides guidance on how to scale each plane effectively, and when you should ### Scaling the data plane -The data plane is the NGINX deployment that handles user traffic to backend applications. Every Gateway object created provisions its own NGINX deployment and configuration. +The data plane is the NGINX deployment that handles user traffic to backend applications. Every Gateway object created provisions its own NGINX deployment and configuration. You have two options for scaling the data plane: @@ -25,9 +25,9 @@ You have two options for scaling the data plane: Understanding when to increase replicas or create a new Gateway is key to managing traffic effectively. -Increasing data plane replicas is ideal when you need to handle more traffic without changing the configuration. +Increasing data plane replicas is ideal when you need to handle more traffic without changing the configuration. -For example, if you're routing traffic to `api.example.com` and notice an increase in load, you can scale the replicas from 1 to 5 to better distribute the traffic and reduce latency. +For example, if you're routing traffic to `api.example.com` and notice an increase in load, you can scale the replicas from 1 to 5 to better distribute the traffic and reduce latency. All replicas will share the same configuration from the Gateway used to set up the data plane, simplifying configuration management. @@ -45,15 +45,15 @@ Secondly, you can update the `NginxProxy` resource while NGINX is running to mod kubectl edit nginxproxies.gateway.nginx.org ngf-proxy-config -n nginx-gateway ``` -The alternate way to scale the data plane is by creating a new Gateway. This is beneficial when you need distinct configurations, isolation, or separate policies. +The alternate way to scale the data plane is by creating a new Gateway. This is beneficial when you need distinct configurations, isolation, or separate policies. -For example, if you're routing traffic to a new domain `admin.example.com` and require a different TLS certificate, stricter rate limits, or separate authentication policies, creating a new Gateway could be a good approach. +For example, if you're routing traffic to a new domain `admin.example.com` and require a different TLS certificate, stricter rate limits, or separate authentication policies, creating a new Gateway could be a good approach. It allows for safe experimentation with isolated configurations and makes it easier to enforce security boundaries and specific routing rules. ### Scaling the control plane -The control plane builds configuration based on defined Gateway API resources and sends that configuration to the NGINX data planes. With leader election enabled by default, the control plane can be scaled horizontally by running multiple replicas, although only the pod with leader lease can actively manage configuration status updates. +The control plane builds configuration based on defined Gateway API resources and sends that configuration to the NGINX data planes. With leader election enabled by default, the control plane can be scaled horizontally by running multiple replicas, although only the pod with leader lease can actively manage configuration status updates. Scaling the control plane can be beneficial in the following scenarios: @@ -70,11 +70,11 @@ To scale the control plane, use the `kubectl scale` command on the control plane When scaling the control plane, it's important to understand how status updates are handled for Gateway API resources. -All control plane pods can send NGINX configuration to the data planes. However, only the leader control plane pod is allowed to write status updates to Gateway API resources. +All control plane pods can send NGINX configuration to the data planes. However, only the leader control plane pod is allowed to write status updates to Gateway API resources. -If an NGINX instance connects to a non-leader pod, and an error occurs when applying the config, that error status will not be written to the Gateway object status. +If an NGINX instance connects to a non-leader pod, and an error occurs when applying the config, that error status will not be written to the Gateway object status. -To mitigate the potential for this issue, ensure that the number of NGINX data plane pods equals or exceeds the number of control plane pods. +To mitigate the potential for this issue, ensure that the number of NGINX data plane pods equals or exceeds the number of control plane pods. This increases the likelihood that at least one of the data planes is connected to the leader control plane pod. If an applied configuration has an error, the leader pod will be aware of it and status can still be written. diff --git a/content/ngf/how-to/upgrade-apps-without-downtime.md b/content/ngf/how-to/upgrade-apps-without-downtime.md index 71e570f0b..f8aeb5e9d 100644 --- a/content/ngf/how-to/upgrade-apps-without-downtime.md +++ b/content/ngf/how-to/upgrade-apps-without-downtime.md @@ -4,7 +4,7 @@ weight: 600 toc: true type: how-to product: NGF -docs: DOCS-1420 +nd-docs: DOCS-1841 --- Learn how to use NGINX Gateway Fabric to upgrade applications without downtime. diff --git a/content/ngf/install/deploy-data-plane.md b/content/ngf/install/deploy-data-plane.md index 114613026..dd7eaf598 100644 --- a/content/ngf/install/deploy-data-plane.md +++ b/content/ngf/install/deploy-data-plane.md @@ -4,7 +4,7 @@ weight: 600 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1854 --- ## Overview @@ -104,13 +104,13 @@ The NginxProxy custom resource can modify the provisioning of the Service object {{< note >}} Updating most Kubernetes related fields in NginxProxy will trigger a restart of the related resources. {{< /note >}} -An NginxProxy resource is created by default after deploying NGINX Gateway Fabric. This NginxProxy resource is attached to the GatewayClass (created on NGINX Gateway Fabric installation), and +An NginxProxy resource is created by default after deploying NGINX Gateway Fabric. This NginxProxy resource is attached to the GatewayClass (created on NGINX Gateway Fabric installation), and its settings are applied globally to all Gateways. Use `kubectl get` and `kubectl describe` to get some more information on the resource: ```shell -kubectl get nginxproxies -A +kubectl get nginxproxies -A ``` ```text NAMESPACE NAME AGE @@ -159,7 +159,7 @@ Under `Spec.Kubernetes` you can see a few things: - How many NGINX Deployment replicas are specified - The type of Service and external traffic policy -{{< note >}} Depending on installation configuration, the default NginxProxy settings may be slightly different from what is shown in the example. +{{< note >}} Depending on installation configuration, the default NginxProxy settings may be slightly different from what is shown in the example. For more information on NginxProxy and its configurable fields, see the [API reference]({{< ref "/ngf/reference/api.md" >}}). {{< /note >}} Modify the NginxProxy resource to change the type of Service. @@ -173,7 +173,7 @@ type: NodePort After saving the changes, use `kubectl get` on the service, and you should see the service type has changed to `LoadBalancer`. ```shell -kubectl get service cafe-nginx +kubectl get service cafe-nginx ``` ```text NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE @@ -184,7 +184,7 @@ cafe-nginx NodePort 10.96.172.204 80:32615/TCP 3h5m While the majority of configuration will happen on the NginxProxy resource, that is not always the case. Uniquely, if you want to set any annotations or labels on the NGINX Deployment or Service, you need to set those annotations on the Gateway which -provisioned them. +provisioned them. You can use `kubectl edit` on the Gateway and add the following to the `spec`: diff --git a/content/ngf/install/manifests.md b/content/ngf/install/manifests.md index 59ca928b5..af8324f4b 100644 --- a/content/ngf/install/manifests.md +++ b/content/ngf/install/manifests.md @@ -54,13 +54,13 @@ Deploying NGINX Gateway Fabric with Kubernetes manifests takes only a few steps. #### Stable release ```shell -kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml ``` #### Edge version ```shell -kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/main/deploy/crds.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/main/deploy/crds.yaml ``` ### Deploy NGINX Gateway Fabric diff --git a/content/ngf/install/nginx-plus.md b/content/ngf/install/nginx-plus.md index 4c7eb0e17..535b3bfac 100644 --- a/content/ngf/install/nginx-plus.md +++ b/content/ngf/install/nginx-plus.md @@ -4,7 +4,7 @@ weight: 300 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1853 --- ## Overview diff --git a/content/ngf/install/secure-certificates.md b/content/ngf/install/secure-certificates.md index 01283eabf..92b78bb85 100644 --- a/content/ngf/install/secure-certificates.md +++ b/content/ngf/install/secure-certificates.md @@ -4,13 +4,14 @@ weight: 100 toc: true nd-content-type: how-to nd-product: NGF +nd-docs: DOCS-1851 --- -By default, NGINX Gateway Fabric installs self-signed certificates to secure the connection between the NGINX Gateway Fabric control plane and the NGINX data plane pods. These certificates are created by a `cert-generator` job when NGINX Gateway Fabric is first installed. +By default, NGINX Gateway Fabric installs self-signed certificates to secure the connection between the NGINX Gateway Fabric control plane and the NGINX data plane pods. These certificates are created by a `cert-generator` job when NGINX Gateway Fabric is first installed. However, because these certificates are self-signed and will expire after 3 years, we recommend a solution such as [cert-manager](https://cert-manager.io) to create and manage these certificates in a production environment. -This guide will step through how to install and use `cert-manager` to secure this connection. +This guide will step through how to install and use `cert-manager` to secure this connection. {{< caution >}} @@ -179,7 +180,7 @@ Specify the Secret name using the `certGenerator.agentTLSSecretName` helm value. {{%tab name="Manifests"%}} -Specify the Secret name using the `agent-tls-secret` command-line argument. +Specify the Secret name using the `agent-tls-secret` command-line argument. {{% /tab %}} diff --git a/content/ngf/install/upgrade-version.md b/content/ngf/install/upgrade-version.md index e8e0f16ef..45b4fa3fd 100644 --- a/content/ngf/install/upgrade-version.md +++ b/content/ngf/install/upgrade-version.md @@ -4,18 +4,18 @@ weight: 700 toc: true type: how-to product: NGF -docs: DOCS-0000 +nd-docs: DOCS-1852 --- -This document describes how to upgrade NGINX Gateway Fabric when a new version releases. +This document describes how to upgrade NGINX Gateway Fabric when a new version releases. It covers the necessary steps for minor versions as well as major versions (such as 1.x to 2.x). Many of the nuances in upgrade paths relate to how custom resource definitions (CRDs) are managed. -{{< tip >}} +{{< tip >}} -To avoid interruptions, review the [Delay pod termination for zero downtime upgrades](#configure-delayed-pod-termination-for-zero-downtime-upgrades) section. +To avoid interruptions, review the [Delay pod termination for zero downtime upgrades](#configure-delayed-pod-termination-for-zero-downtime-upgrades) section. {{< /tip >}} @@ -24,7 +24,7 @@ To avoid interruptions, review the [Delay pod termination for zero downtime upgr {{< important >}} NGINX Plus users need a JWT secret before upgrading from version 1.4.0 to 1.5.x. -Follow the steps in [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up-the-jwt" >}}) to create the Secret. +Follow the steps in [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up-the-jwt" >}}) to create the Secret. {{< /important >}} @@ -33,7 +33,7 @@ Follow the steps in [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up- To upgrade your Gateway API resources, take the following steps: -- Use [Technical specifications]({{< ref "/ngf/reference/technical-specifications.md" >}}) to verify your Gateway API resources are compatible with your NGINX Gateway Fabric version. +- Use [Technical specifications]({{< ref "/ngf/reference/technical-specifications.md" >}}) to verify your Gateway API resources are compatible with your NGINX Gateway Fabric version. - Review the [release notes](https://github.com/kubernetes-sigs/gateway-api/releases) for any important upgrade-specific information. To upgrade the Gateway API resources, run the following command: @@ -53,10 +53,10 @@ kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gate Run the following command to upgrade the CRDs: ```shell -kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml ``` -{{< note >}} +{{< note >}} Ignore the following warning, as it is expected. @@ -119,7 +119,7 @@ To remove the previous version 1.x of NGINX Gateway Fabric, follow these steps: First, run the following command to uninstall NGINX Gateway Fabric from the `nginx-gateway` namespace, and update `ngf` to your release name if it is different: ```shell -helm uninstall ngf -n nginx-gateway +helm uninstall ngf -n nginx-gateway ``` Afterwards, remove CRDs associated with NGINX Gateway Fabric version 1.x with the following command: @@ -157,7 +157,7 @@ For customization options during the Helm installation process, view the [Instal Apply the new CRDs with the following command: ```shell -kubectl apply -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml ``` Next, install the latest stable release of NGINX Gateway Fabric in the `nginx-gateway` namespace with the following command: @@ -240,7 +240,7 @@ You can then follow [this localhost link](http://localhost:1313/nginx-gateway-fa ## Upgrade from NGINX Open Source to NGINX Plus -{{< important >}} +{{< important >}} Ensure that you [Set up the JWT]({{< ref "/ngf/install/nginx-plus.md#set-up-the-jwt" >}}) before upgrading. These instructions only apply to Helm. diff --git a/content/ngf/monitoring/dashboard.md b/content/ngf/monitoring/dashboard.md index 56cfc31d2..60ee15e29 100644 --- a/content/ngf/monitoring/dashboard.md +++ b/content/ngf/monitoring/dashboard.md @@ -9,7 +9,7 @@ nd-docs: DOCS-1417 This topic describes how to view the NGINX Plus dashboard to see real-time metrics. -The NGINX Plus dashboard offers a real-time live activity monitoring interface that shows key load and performance metrics of your server infrastructure. +The NGINX Plus dashboard offers a real-time live activity monitoring interface that shows key load and performance metrics of your server infrastructure. The dashboard is enabled by default for NGINX Gateway Fabric deployments that use NGINX Plus as the data plane, and is available on port 8765. @@ -33,7 +33,7 @@ The dashboard will look like this: To access the NGINX Plus dashboard from sources than the default `127.0.0.1`, you can use the NginxProxy resource to allow access to other IP Addresses or CIDR blocks. -The following example configuration allows access to the NGINX Plus dashboard from the IP Addresses `192.0.2.8` and +The following example configuration allows access to the NGINX Plus dashboard from the IP Addresses `192.0.2.8` and `192.0.2.0` and the CIDR block `198.51.100.0/24`: ```yaml diff --git a/content/ngf/monitoring/tracing.md b/content/ngf/monitoring/tracing.md index fe241cad5..ae895179c 100644 --- a/content/ngf/monitoring/tracing.md +++ b/content/ngf/monitoring/tracing.md @@ -4,7 +4,7 @@ weight: 100 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1844 --- This guide explains how to enable tracing on HTTPRoutes in NGINX Gateway Fabric using the OpenTelemetry Collector. Jaeger is used to process and collect the traces. diff --git a/content/ngf/overview/custom-policies.md b/content/ngf/overview/custom-policies.md index 02c04d899..03dda319b 100644 --- a/content/ngf/overview/custom-policies.md +++ b/content/ngf/overview/custom-policies.md @@ -4,7 +4,7 @@ weight: 600 toc: true nd-content-type: reference nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1835 --- ## Overview diff --git a/content/ngf/overview/gateway-architecture.md b/content/ngf/overview/gateway-architecture.md index fa45758e7..7d826635c 100644 --- a/content/ngf/overview/gateway-architecture.md +++ b/content/ngf/overview/gateway-architecture.md @@ -179,7 +179,7 @@ graph LR %% Kubernetes Configuration Flow HTTPRouteA --> GatewayAB - HTTPRouteB --> GatewayAB + HTTPRouteB --> GatewayAB HTTPRouteC --> GatewayC NGFPod --> KubernetesAPI @@ -247,9 +247,9 @@ The figure shows: - _Application B_ with one pod deployed in the _applications_ namespace by _Application Developer B_. To expose the application to its clients (_Clients B_) via the host `b.example.com`, _Application Developer B_ creates _HTTPRoute B_ and attaches it to `Gateway AB`. - _Application C_ with one pod deployed in the _applications2_ namespace by _Application Developer C_. To expose the application to its clients (_Clients C_) via the host `c.other-example.com`, _Application Developer C_ creates _HTTPRoute C_ and attaches it to `Gateway C`. - _Public Endpoint AB_, and _Public Endpoint C_ and which fronts the _NGINX AB_, and _NGINX C_ pods respectively. A public endpoint is typically a TCP load balancer (cloud, software, or hardware) or a combination of such load balancer with a NodePort service. _Clients A_ and _B_ connect to their applications via the _Public Endpoint AB_, and _Clients C_ connect to their applications via the _Public Endpoint C_. -- The bold arrows represent connections related to the client traffic. Note that the traffic from _Clients C_ to _Application C_ is completely isolated from the traffic between _Clients A_ and _B_ and _Application A_ and _B_ respectively. +- The bold arrows represent connections related to the client traffic. Note that the traffic from _Clients C_ to _Application C_ is completely isolated from the traffic between _Clients A_ and _B_ and _Application A_ and _B_ respectively. -The resources within the cluster are color-coded based on the user responsible for their creation. +The resources within the cluster are color-coded based on the user responsible for their creation. For example, the Cluster Operator is denoted by the color green, indicating they create and manage all the green resources. --- @@ -340,12 +340,12 @@ The following list describes the connections, preceeded by their types in parent 1. (HTTPS) - Read: _NGF_ reads the _Kubernetes API_ to get the latest versions of the resources in the cluster. - Write: _NGF_ writes to the _Kubernetes API_ to update the handled resources' statuses and emit events. If there's more than one replica of _NGF_ and [leader election](https://github.com/nginx/nginx-gateway-fabric/tree/v1.6.1/charts/nginx-gateway-fabric#configuration) is enabled, only the _NGF_ pod that is leading will write statuses to the _Kubernetes API_. -1. (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default). +1. (HTTP, HTTPS) _Prometheus_ fetches the `controller-runtime` metrics via an HTTP endpoint that _NGF_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX Gateway Fabric, and its endpoint can be turned off. 1. (HTTPS) NGF sends [product telemetry data]({{< ref "/ngf/overview/product-telemetry.md" >}}) to the F5 telemetry service. 1. (File I/O) _NGF_ writes logs to its _stdout_ and _stderr_, which are collected by the container runtime. 1. (HTTP, HTTPS) _Prometheus_ fetches the NGINX metrics via an HTTP endpoint that _NGINX_ exposes (`:9113/metrics` by default). Prometheus is **not** required by NGINX, and its endpoint can be turned off. -1. (gRPC) _NGF_ generates NGINX _configuration_ based on the cluster resources and sends them to _NGINX Agent_ over a secure gRPC connection. +1. (gRPC) _NGF_ generates NGINX _configuration_ based on the cluster resources and sends them to _NGINX Agent_ over a secure gRPC connection. - NGF sends a message containing file metadata to all pods (subscriptions) for the deployment. - Agent receives a ConfigApplyRequest with the list of file metadata. - Agent calls GetFile for each file in the list, which NGF sends back to the agent. diff --git a/content/ngf/overview/nginx-plus.md b/content/ngf/overview/nginx-plus.md index 30543eca3..b19de51fc 100644 --- a/content/ngf/overview/nginx-plus.md +++ b/content/ngf/overview/nginx-plus.md @@ -3,7 +3,7 @@ title: Advanced features with NGINX Plus weight: 300 type: reference product: NGF -docs: DOCS-1415 +nd-docs: DOCS-1837 --- NGINX Gateway Fabric can use NGINX Open Source or NGINX Plus as its data plane. [NGINX Plus](https://www.nginx.com/products/nginx/) is the closed source, commercial version of NGINX. Using NGINX Plus as the data plane offers additional benefits compared to the open source version. diff --git a/content/ngf/overview/product-telemetry.md b/content/ngf/overview/product-telemetry.md index 1213eff4b..837f71eda 100644 --- a/content/ngf/overview/product-telemetry.md +++ b/content/ngf/overview/product-telemetry.md @@ -3,7 +3,7 @@ title: Product telemetry weight: 500 nd-content-type: reference nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1836 --- Learn why, what and how NGINX Gateway Fabric collects telemetry. diff --git a/content/ngf/reference/api.md b/content/ngf/reference/api.md index 39928f8dc..d88e6111b 100644 --- a/content/ngf/reference/api.md +++ b/content/ngf/reference/api.md @@ -1,9 +1,9 @@ --- -title: "API reference" +title: API reference weight: 100 type: reference product: NGF -docs: DOCS-000 +nd-docs: DOCS-1855 --- ## Overview NGINX Gateway API Reference diff --git a/content/ngf/reference/cli-help.md b/content/ngf/reference/cli-help.md index a526ce149..193f1c45e 100644 --- a/content/ngf/reference/cli-help.md +++ b/content/ngf/reference/cli-help.md @@ -1,10 +1,10 @@ --- -title: "Command-line reference guide" +title: Command-line reference guide weight: 100 toc: true type: reference product: NGF -docs: "DOCS-1435" +nd-docs: DOCS-1843 --- ## Overview diff --git a/content/ngf/reference/technical-specifications.md b/content/ngf/reference/technical-specifications.md index d6dc24406..cd8658f51 100644 --- a/content/ngf/reference/technical-specifications.md +++ b/content/ngf/reference/technical-specifications.md @@ -1,11 +1,11 @@ --- title: Technical specifications -description: "NGINX Gateway Fabric technical specifications." +description: NGINX Gateway Fabric technical specifications. weight: 200 toc: true type: reference product: NGF -docs: DOCS-1434 +nd-docs: DOCS-1842 --- See the NGINX Gateway Fabric technical specifications page: diff --git a/content/ngf/traffic-management/advanced-routing.md b/content/ngf/traffic-management/advanced-routing.md index bfbc54bef..8f187c223 100644 --- a/content/ngf/traffic-management/advanced-routing.md +++ b/content/ngf/traffic-management/advanced-routing.md @@ -62,9 +62,9 @@ GW_IP=XXX.YYY.ZZZ.III GW_PORT= ``` -{{< note >}} +{{< note >}} -In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for. +In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for. {{< /note >}} diff --git a/content/ngf/traffic-management/client-settings.md b/content/ngf/traffic-management/client-settings.md index 61de5de79..881f890af 100644 --- a/content/ngf/traffic-management/client-settings.md +++ b/content/ngf/traffic-management/client-settings.md @@ -4,7 +4,7 @@ toc: true weight: 800 nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1846 --- Learn how to use the `ClientSettingsPolicy` API. diff --git a/content/ngf/traffic-management/mirror.md b/content/ngf/traffic-management/mirror.md index 03ab98793..a1d3e95e7 100644 --- a/content/ngf/traffic-management/mirror.md +++ b/content/ngf/traffic-management/mirror.md @@ -4,7 +4,7 @@ toc: true weight: 700 nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1847 --- Learn how to mirror your HTTP or gRPC traffic using NGINX Gateway Fabric. diff --git a/content/ngf/traffic-management/request-response-headers.md b/content/ngf/traffic-management/request-response-headers.md index 24740cbb1..724b27096 100644 --- a/content/ngf/traffic-management/request-response-headers.md +++ b/content/ngf/traffic-management/request-response-headers.md @@ -4,7 +4,7 @@ weight: 600 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1849 --- Learn how to modify the request and response headers of your application using NGINX Gateway Fabric. @@ -51,7 +51,7 @@ GW_IP=XXX.YYY.ZZZ.III GW_PORT= ``` -{{< note >}} +{{< note >}} In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the gateway will forward for. diff --git a/content/ngf/traffic-management/snippets.md b/content/ngf/traffic-management/snippets.md index 0112d01a5..6fc35d1f5 100644 --- a/content/ngf/traffic-management/snippets.md +++ b/content/ngf/traffic-management/snippets.md @@ -1,10 +1,10 @@ --- -title: "Use the SnippetsFilter API" +title: Use the SnippetsFilter API weight: 800 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: "DOCS-000" +nd-docs: DOCS-1848 --- This topic introduces Snippets, how to implement them using the `SnippetsFilter` API, and provides an example of how to use `SnippetsFilter` for rate limiting. diff --git a/content/ngf/traffic-management/tls-passthrough.md b/content/ngf/traffic-management/tls-passthrough.md index 82637e353..2306f01e6 100644 --- a/content/ngf/traffic-management/tls-passthrough.md +++ b/content/ngf/traffic-management/tls-passthrough.md @@ -4,7 +4,7 @@ weight: 800 toc: true nd-content-type: how-to nd-product: NGF -nd-docs: DOCS-000 +nd-docs: DOCS-1850 --- Learn how to use TLSRoutes to configure TLS passthrough load-balancing with NGINX Gateway Fabric. @@ -164,9 +164,9 @@ GW_IP=XXX.YYY.ZZZ.III GW_TLS_PORT= ``` -{{< note >}} +{{< note >}} -In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the Gateway will forward for. +In a production environment, you should have a DNS record for the external IP address that is exposed, and it should refer to the hostname that the Gateway will forward for. {{< /note >}} diff --git a/content/ngf/traffic-management/upstream-settings.md b/content/ngf/traffic-management/upstream-settings.md index f57d4d13f..153e9d4b3 100644 --- a/content/ngf/traffic-management/upstream-settings.md +++ b/content/ngf/traffic-management/upstream-settings.md @@ -1,10 +1,10 @@ --- -title: "Upstream Settings Policy API" +title: Upstream Settings Policy API weight: 900 toc: true type: how-to product: NGF -docs: "DOCS-000" +nd-docs: DOCS-1845 --- Learn how to use the `UpstreamSettingsPolicy` API. diff --git a/content/ngf/traffic-security/secure-backend.md b/content/ngf/traffic-security/secure-backend.md index cde85cd2a..b2545c9ec 100644 --- a/content/ngf/traffic-security/secure-backend.md +++ b/content/ngf/traffic-security/secure-backend.md @@ -11,7 +11,7 @@ Learn how to encrypt HTTP traffic between NGINX Gateway Fabric and your backend ## Overview -In this guide, we will show how to specify the TLS configuration of the connection from the Gateway to a backend pod with the Service API object using a [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/). +In this guide, we will show how to specify the TLS configuration of the connection from the Gateway to a backend pod with the Service API object using a [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/). The intended use-case is when a service or backend owner is managing their own TLS and NGINX Gateway Fabric needs to know how to connect to this backend pod that has its own certificate over HTTPS. diff --git a/content/ngf/troubleshooting.md b/content/ngf/troubleshooting.md index 86705512c..90387ec6b 100644 --- a/content/ngf/troubleshooting.md +++ b/content/ngf/troubleshooting.md @@ -512,6 +512,21 @@ It indicates that `proxy_protocol` is enabled for the gateway listeners, but the - Send valid proxy information with requests being handled by your application. +#### Custom Resource Definition is invalid due to being too large + +If you apply the NGINX Gateway Fabric CRDs and see the following error: + +```text +The CustomResourceDefinition "nginxproxies.gateway.nginx.org" is invalid: metadata.annotations: Too long: may not be more than 262144 bytes +``` + +This is a known issue with Kubernetes, more specifically the client-side-apply annotation limit with kubectl, and our recommended workaround +is to use kubectl's server-side apply when installing the NGINX Gateway Fabric CRDs. To do this, you can use the `--server-side` flag when applying the CRDs: + +```shell +kubectl apply --server-side -f https://raw.githubusercontent.com/nginx/nginx-gateway-fabric/v{{< version-ngf >}}/deploy/crds.yaml +``` + ### See also You can view the [Kubernetes Troubleshooting Guide](https://kubernetes.io/docs/tasks/debug/debug-application/) for more debugging guidance. diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 85e0d0596..697ea9b07 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -1,6 +1,6 @@ --- title: F5 NGINX One Console -nd-subtitle: The F5 NGINX One Console makes it easy to manage NGINX instances across locations and environments. The console lets you monitor and control your NGINX fleet from one placeβ€”you can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more. +nd-subtitle: Optimize, secure, and scale your modern apps url: /nginx-one/ nd-landing-page: true cascade: @@ -8,68 +8,87 @@ cascade: nd-content-type: landing-page nd-product: NGINX One --- + +## About +[//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections." +[//]: # "Use underscores for _italics_, and double asterisks for **bold**." +[//]: # "Backticks are for `monospace`, used sparingly and reserved mostly for executable names - they can cause formatting problems. Avoid them in tables: use italics instead." +F5 NGINX One Console makes it easy to manage NGINX instances across locations and environments. The console lets you monitor and control your NGINX fleet from one placeβ€”you can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more. NGINX One Console is part of NGINX One, which includes [NGINX One components](#nginx-one-components). + +## Featured content +[//]: # "You can add a maximum of three cards: any extra will not display." +[//]: # "One card will take full width page: two will take half width each. Three will stack like an inverse pyramid." +[//]: # "Some examples of content could be the latest release note, the most common install path, and a popular new feature." {{}} - {{}} - {{}} - Simplify, scale, secure, and collaborate with your NGINX fleet + {{}} + {{}} + Get up and running with NGINX One Console {{}} - {{}} - See benefits from the NGINX One Console - {{}} - {{}} + {{}} +{{}} + + +{{}} + {{}} + {{}} Work with data plane keys, containers, and proxy servers - {{}} - {{}} - Monitor and maintain your deployments - {{}} - {{}} - Work with Staged Configurations - {{}} - {{}} - Review your deployments in a dashboard - {{}} - {{}} + {{}} + {{}} + Manage one instance or groups of instances. Monitor certificates. Set up metrics. + {{}} + {{}} Assign responsibilities with role-based access control - {{}} - {{}} - Manage your NGINX fleet over REST - {{}} - {{}} - Learn terms unique to NGINX One Console - {{}} - {{}}{{< changelog-dates >}}{{}} - {{}} -{{}} + {{}} + {{}} + Manage your NGINX fleet over REST + {{}} + {{}} +{{}} + +### More information -# Other Components {{}} + {{}} + {{}} + See latest updates: New features, improvements, and bug fixes + {{}} + {{}} + See latest updates: New features, improvements, and bug fixes + {{}} + {{}} +{{}} + +## NGINX One components +[//]: # "You can add any extra content for the page here, such as additional cards, diagrams or text." + +{{< card-layout >}} {{< card-section title="Kubernetes Solutions">}} - {{< card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon">}} - Kubernetes traffic management with API gateway, identity, and observability features. + {{< card title="NGINX Ingress Controller" titleUrl="/nginx-ingress-controller/" brandIcon="NGINX-Ingress-Controller-product-icon.svg">}} + Kubernetes traffic management with API gateway, identity, and observability features. {{}} - {{< card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric" brandIcon="NGINX-product-icon">}} - Next generation Kubernetes connectivity using the Gateway API. + {{< card title="NGINX Gateway Fabric" titleUrl="/nginx-gateway-fabric/" brandIcon="NGINX-product-icon.svg">}} + Next generation Kubernetes connectivity using the Gateway API. {{}} {{}} {{< card-section title="Local Console Option">}} - {{< card title="NGINX Instance Manager" titleUrl="/nginx-instance-manager" brandIcon="NGINX-Instance-Manager-product-icon">}} - Track and control NGINX Open Source and NGINX Plus instances. + {{< card title="NGINX Instance Manager" titleUrl="/nginx-instance-manager/" brandIcon="NGINX-Instance-Manager-product-icon.svg">}} + Track and control NGINX Open Source and NGINX Plus instances. {{}} {{}} {{< card-section title="Modern App Delivery">}} - {{< card title="NGINX Plus" titleUrl="/nginx" brandIcon="NGINX-Plus-product-icon-RGB">}} - The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway. + {{< card title="NGINX Plus" titleUrl="/nginx/" brandIcon="NGINX-Plus-product-icon-RGB.svg">}} + The all-in-one load balancer, reverse proxy, web server, content cache, and API gateway. {{}} - {{< card title="NGINX Open Source" titleUrl="https://nginx.org" brandIcon="NGINX-product-icon">}} - The open source all-in-one load balancer, content cache, and web server + {{< card title="NGINX Open Source" titleUrl="https://nginx.org" brandIcon="NGINX-product-icon.svg">}} + The open source all-in-one load balancer, content cache, and web server {{}} {{}} {{< card-section title="Security">}} - {{< card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf" brandIcon="NGINX-App-Protect-WAF-product-icon">}} - Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs. + {{< card title="NGINX App Protect WAF" titleUrl="/nginx-app-protect-waf/" brandIcon="NGINX-App-Protect-WAF-product-icon.svg">}} + Lightweight, high-performance, advanced protection against Layer 7 attacks on your apps and APIs. {{}} - {{< card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos" brandIcon="NGINX-App-Protect-DoS-product-icon">}} - Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. + {{< card title="NGINX App Protect DoS" titleUrl="/nginx-app-protect-dos/" brandIcon="NGINX-App-Protect-DoS-product-icon.svg">}} + Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. {{}} {{}} -{{}} \ No newline at end of file +{{}} diff --git a/content/nginx-one/about.md b/content/nginx-one/about.md deleted file mode 100644 index 72e06d6bb..000000000 --- a/content/nginx-one/about.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -description: '' -docs: DOCS-1392 -title: Manage your NGINX fleet -toc: true -weight: 10 -type: -- reference ---- - -The F5 NGINX One Console makes it easy to manage NGINX instances across locations and environments. The console lets you monitor and control your NGINX fleet from one placeβ€”you can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more. - -## Benefits and key features - -NGINX One offers the following key benefits: - -- **Centralized control**: Manage all your NGINX instances from a single console. -- **Enhanced monitoring and risk detection**: Automatically detect critical vulnerabilities (CVEs), verify SSL certificate statuses, and identify security issues in NGINX configurations. -- **Performance optimization**: Track your NGINX versions and receive recommendations for tuning your configurations for better performance. -- **Graphical Metrics Display**: Access a dashboard that shows key metrics for your NGINX instances, including instance availability, version distribution, system health, and utilization trends. -- **Real-time alerts**: Receive alerts about critical issues. diff --git a/content/nginx-one/agent/_index.md b/content/nginx-one/agent/_index.md new file mode 100644 index 000000000..159229def --- /dev/null +++ b/content/nginx-one/agent/_index.md @@ -0,0 +1,6 @@ +--- +title: NGINX Agent +description: Learn about NGINX Agent, its features, and how to install it. +weight: 750 +url: /nginx-one/agent/ +--- diff --git a/content/nginx-one/agent/changelog.md b/content/nginx-one/agent/changelog.md new file mode 100644 index 000000000..dc603dd71 --- /dev/null +++ b/content/nginx-one/agent/changelog.md @@ -0,0 +1,9 @@ +--- +title: Agent changelog +toc: false +url: /nginx-one/agent/changelog +weight: 1200 +nd-docs: DOCS-1868 +--- + + \ No newline at end of file diff --git a/content/nginx-one/agent/community/_index.md b/content/nginx-one/agent/community/_index.md new file mode 100644 index 000000000..aa967306e --- /dev/null +++ b/content/nginx-one/agent/community/_index.md @@ -0,0 +1,5 @@ +--- +title: "Community" +weight: 600 +url: /nginx-one/agent/community/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/community/community.md b/content/nginx-one/agent/community/community.md new file mode 100644 index 000000000..5b4f29ded --- /dev/null +++ b/content/nginx-one/agent/community/community.md @@ -0,0 +1,21 @@ +--- +title: Community and contribution +toc: true +weight: 600 +docs: DOCS-000 +nd-docs: DOCS-1869 +--- + +Discover the various ways you can participate in the F5 NGINX Agent project: + +## Community + +- Have questions or ideas to discuss? Join the conversation about NGINX Agent in the [NGINX Community Forum](https://community.nginx.org/). + +## Contribute + +Get involved with the project by contributing! See our [contributing guide](https://github.com/nginx/agent/blob/main/CONTRIBUTING.md) for details. + +## License + +[Apache License, Version 2.0](https://github.com/nginx/agent/blob/main/LICENSE) diff --git a/content/nginx-one/agent/configure-instance-reporting/_index.md b/content/nginx-one/agent/configure-instance-reporting/_index.md new file mode 100644 index 000000000..daac817e1 --- /dev/null +++ b/content/nginx-one/agent/configure-instance-reporting/_index.md @@ -0,0 +1,5 @@ +--- +title: "Configure instance reporting" +weight: 400 +url: /nginx-one/agent/configure-instance-reporting/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/configure-instance-reporting/configuration-overview.md b/content/nginx-one/agent/configure-instance-reporting/configuration-overview.md new file mode 100644 index 000000000..5bfb8e7f9 --- /dev/null +++ b/content/nginx-one/agent/configure-instance-reporting/configuration-overview.md @@ -0,0 +1,87 @@ +--- +title: Configuration overview +toc: true +weight: 300 +docs: DOCS-1229 +nd-docs: DOCS-1879 +--- + +This page describes how to configure F5 NGINX Agent using configuration files, CLI (Command line interface) flags, and environment variables. + +{{}} + +- NGINX Agent interprets configuration values set by configuration files, CLI flags, and environment variables in the following priorities: + + 1. CLI flags overwrite configuration files and environment variable values. + 2. Environment variables overwrite configuration file values. + 3. Config files are the lowest priority and config settings are superseded if either of the other options is used. + +- You must open any required firewall ports or add SELinux/AppArmor rules for the ports and IPs you want to use. + +{{}} + +## Configuration via Configuration Files + +The NGINX Agent configuration file is created using a YAML structure and can be found in `/etc/nginx-agent/nginx-agent.conf` + +1. Edit the configuration file `sudo vim /etc/nginx-agent/nginx-agent.conf` +2. Add the log property +```bash +log: + level: debug +``` +3. Save and exit +4. `sudo systemctl restart nginx-agent` + +## Configuration via CLI Parameters + +From a command line terminal: +```bash +sudo nginx-agent \ + --log-level=debug +``` + +## Configuration via Environment Variables +Environment variables are another way to set configuration values, especially in containerized deployments or CI/CD pipelines. + +```bash +sudo docker run \ + --env=NGINX_AGENT_LOG_LEVEL=debug \ + -d agent +``` +
+NGINX Agent configuration options + +{{< bootstrap-table "table table-striped table-bordered" >}} +| **Environment Variable** | **Command-Line Option** | **Description** | **Default Value** | +|--------------------------------------------------|---------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------------| +| NGINX_AGENT_LOG_LEVEL | --log-level | The desired verbosity level for logging messages from nginx-agent. Available options: panic, fatal, error, info, and debug. | info | +| NGINX_AGENT_LOG_PATH | --log-path | The path to output log messages to. If the default path doesn't exist, logs are output to stdout/stderr. | /var/log/nginx-agent/nginx-agent.log | +| NGINX_AGENT_DATA_PLANE_NGINX_RELOAD_MONITORING_PERIOD | --data-plane-config-nginx-reload-monitoring-period | The amount of time used to monitor NGINX after a configuration reload (units in seconds). | N/A | +| NGINX_AGENT_DATA_PLANE_NGINX_TREAT_WARNINGS_AS_ERRORS | --data-plane-config-nginx-treat-warnings-as-errors | Warning messages in the NGINX error logs are treated as errors after a configuration reload. | N/A | +| NGINX_AGENT_DATA_PLANE_NGINX_EXCLUDE_LOGS | --data-plane-config-nginx-exclude-logs | Specify one or more log paths to exclude from metrics collection and error monitoring (Unix PATH format). | N/A | +| NGINX_AGENT_ALLOWED_DIRECTORIES | --allowed-directories | A comma-separated list of paths granting read/write permissions for the agent. | N/A | +| NGINX_AGENT_FEATURES | --features | Comma-separated list of features enabled for the agent. | N/A | +| NGINX_AGENT_LABELS | --labels | A comma-separated list of key-value pairs defining agent labels (e.g., grouping). | N/A | +| NGINX_AGENT_COMMAND_SERVER_HOST | --command-server-host | Specifies target hostname for the command and control server. | N/A | +| NGINX_AGENT_COMMAND_SERVER_PORT | --command-server-port | Specifies the port of the command and control server. | N/A | +| NGINX_AGENT_COMMAND_AUTH_TOKEN | --command-auth-token | Authentication token used to establish communication with the command server. | N/A | +| NGINX_AGENT_COMMAND_AUTH_TOKENPATH | --command-auth-tokenpath | File path for the authentication token used with the server. | N/A | +| NGINX_AGENT_COMMAND_TLS_CERT | --command-tls-cert | Certificate file path required for TLS communication. | N/A | +| NGINX_AGENT_COMMAND_TLS_KEY | --command-tls-key | Certificate key file path required for TLS communication. | N/A | +| NGINX_AGENT_COMMAND_TLS_CA | --command-tls-ca | CA certificate file path for TLS communication. | N/A | +| NGINX_AGENT_COMMAND_TLS_SKIP_VERIFY | --command-tls-skip-verify | **For Testing Only:** Disables client-side verification of the server's certificate chain and hostname. | N/A | +| NGINX_AGENT_COMMAND_TLS_SERVER_NAME | --command-tls-server-name | Specifies server name sent in the TLS handshake configuration. | N/A | +| NGINX_AGENT_INSTANCE_WATCHER_MONITORING_FREQUENCY | --instance-watcher-monitoring-frequency | Frequency (in seconds) for instance monitoring. | N/A | +| NGINX_AGENT_HEALTH_WATCHER_MONITORING_FREQUENCY | --health-watcher-monitoring-frequency | Frequency (in seconds) for monitoring NGINX health changes. | N/A | +| NGINX_AGENT_FILE_WATCHER_MONITORING_FREQUENCY | --file-watcher-monitoring-frequency | Frequency (in seconds) for monitoring file changes. | N/A | +| NGINX_AGENT_COLLECTOR_CONFIG_PATH | --collector-config-path | Path to OpenTelemetry (OTel) Collector configuration file. | /etc/nginx-agent/opentelemetry-collector-agent.yaml | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_HEALTH_PATH | --collector-extensions-health-path | Path configured for health check server communication with OTel Collector. | / | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_SERVER_HOST | --collector-extensions-health-server-host | Hostname for publishing health check statuses of OTel Collector. | localhost | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_SERVER_PORT | --collector-extensions-health-server-port | Port for publishing health check statuses of OTel Collector. | 13133 | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_CA | --collector-extensions-health-tls-ca | CA certificate file path for TLS communication with OTel health server. | N/A | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_CERT | --collector-extensions-health-tls-cert | TLS Certificate file path for communication with OTel health server. | N/A | +| NGINX_AGENT_COLLECTOR_EXTENSIONS_TLS_KEY | --collector-extensions-health-tls-key | File path for TLS key used when connecting with OTel health server. | N/A | +| NGINX_AGENT_COLLECTOR_PROCESSORS_BATCH_SEND_BATCH_TIMEOUT | --collector-processors-batch-send-batch-timeout | Maximum time duration for sending batch data metrics regardless of size. | 200ms +{{< /bootstrap-table >}} |% +
\ No newline at end of file diff --git a/content/nginx-one/agent/configure-instance-reporting/configure-agent-group.md b/content/nginx-one/agent/configure-instance-reporting/configure-agent-group.md new file mode 100644 index 000000000..cd1f2a8ef --- /dev/null +++ b/content/nginx-one/agent/configure-instance-reporting/configure-agent-group.md @@ -0,0 +1,88 @@ +--- +title: Add users to nginx-agent group +toc: true +weight: 400 +docs: DOCS-000 +nd-docs: DOCS-1881 +--- + +This page describes how the F5 NGINX Agent process interacts with the NGINX user on a system, and how to add users to the NGINX Agent group. + +## Overview + +During installation, NGINX Agent detects the NGINX user (typically `nginx`) for the master and worker processes and adds this user to a group called `nginx-agent`. + +If you change the NGINX username after installing the NGINX Agent, you'll need to add the new username to the `nginx-agent` group so that the NGINX socket has the proper permissions. + +A failure to update the `nginx-agent` group when the NGINX username changes may result in non-compliance errors for NGINX Plus. + +--- + +## NGINX socket + +NGINX Agent creates a socket in the default location `/var/run/nginx-agent/nginx.sock`. You can customize this location by editing the `nginx-agent.conf` file and setting the path similar to the following example: + +```nginx configuration +nginx: + ... + socket: "unix:/var/run/nginx-agent/nginx.sock" +``` + +The socket server starts when the NGINX socket configuration is enabled; the socket configuration is enabled by default. + +--- + +## Add NGINX Users to nginx-agent group + +To manually add NGINX users to the `nginx-agent` group, take the following steps: + +1. Verify the `nginx-agent` group exists: + + ```shell + sudo getent group | grep nginx-agent + ``` + + The output looks similar to the following example: + + ```shell + nginx-agent:x:1001:root,nginx + ``` + + If the group doesn't exist, create it by running the following command: + + ```shell + sudo groupadd nginx-agent + ``` + +2. Verify the ownership of `/var/run/nginx-agent` directory: + + ```shell + ls -l /var/run/nginx-agent + ``` + + The output looks similar to the following: + + ```shell + total 0 + srwxrwxr-x 1 root nginx-agent 0 Jun 13 10:51 nginx.sockvv + ``` + + If the group ownership is not `nginx-agent`, change the ownership by running the following command: + + ```shell + sudo chown :nginx-agent /var/run/nginx-agent + ``` + +3. To add NGINX user(s) to the `nginx-agent` group, run the following command: + + ```shell + sudo usermod -a -G nginx-agent + ``` + + For example to add the `nginx` user, take the following step: + + ```shell + sudo usermod -a -G nginx-agent nginx + ``` + + Repeat for all NGINX users. diff --git a/content/nginx-one/agent/configure-instance-reporting/configure-selinux.md b/content/nginx-one/agent/configure-instance-reporting/configure-selinux.md new file mode 100644 index 000000000..03e98bb7b --- /dev/null +++ b/content/nginx-one/agent/configure-instance-reporting/configure-selinux.md @@ -0,0 +1,44 @@ +--- +title: Configure SELinux +weight: 600 +toc: true +nd-docs: DOCS-1880 +--- + +## Overview + +You can use the optional SELinux policy module included in the package to secure F5 NGINX Agent operations with flexible, mandatory access control that follows the principle of least privilege. + +{{< important >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /important >}} + +## Before you begin + +Take these preparatory steps before configuring SELinux: + +1. Enable SELinux on your system. +2. Install the tools `load_policy`, `semodule`, and `restorecon`. +3. [Install NGINX Agent]({{< ref "/nginx-one/agent/install-upgrade/_index.md" >}}) with SELinux module files in place. + +{{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}} + +--- + +## Enable SELinux for NGINX Agent {#selinux-agent} + +{{< include "/installation/enable-agent-selinux.md" >}} + +### Add ports to NGINX Agent SELinux context + +{{< include "/installation/add-ports-agent-selinux.md" >}} + +--- + +## Recommended Resources + +- +- +- +- +- +- +- \ No newline at end of file diff --git a/content/nginx-one/agent/containers/_index.md b/content/nginx-one/agent/containers/_index.md new file mode 100644 index 000000000..d74d0a2c4 --- /dev/null +++ b/content/nginx-one/agent/containers/_index.md @@ -0,0 +1,5 @@ +--- +title: "Containers" +weight: 300 +url: /nginx-one/agent/containers/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/containers/run-agent-container.md b/content/nginx-one/agent/containers/run-agent-container.md new file mode 100644 index 000000000..e902de08b --- /dev/null +++ b/content/nginx-one/agent/containers/run-agent-container.md @@ -0,0 +1,90 @@ +--- +title: Run the NGINX Agent in a container +weight: 100 +toc: true +nd-content-type: how-to +product: Agent +nd-docs: DOCS-1872 +--- + +## Overview + +This guide serves as a step-by-step guide to run NGINX Agent in a container. It covers the basic setup needed to get the NGINX Agent up and running efficiently and securely. + +## Before you begin + +Before you begin this guide ensure: + +{{< note >}} +This guide uses Docker but NGINX Agent also works with other container applications. +{{< /note >}} + +- **Docker:** Ensure Docker is installed and configured on your system. [Download Docker from the official site](https://www.docker.com/products/docker-desktop/). +- **Credentials:** Acquire any necessary authentication tokens or credentials required for the NGINX Agent. + +## Prepare the environment + +To run NGINX Agent in a container you will need to download the NGINX Agent +container image and create a configuration file. + +### Pull the NGINX Agent container image + +Run the following command to pull the official image: + +```bash +docker pull private-registry.nginx.com/nginx-plus/agentv3:latest +``` + +Ensure you are using the correct image version. Replace `latest` with the desired version tag if necessary. + + +### Create a configuration file + +Create a configuration file named `nginx-agent.conf` in your current directory +and populate the file with the following structure: + + +{{< include "/nginx-one/conf/nginx-agent-conf.md" >}} + + +## Run the container + +Run the NGINX Agent container with the configuration file mounted. + +Use the following command: + +```bash +docker run -d \ + --name nginx-agent \ + -v $(pwd)/nginx-agent.conf:/etc/nginx-agent/nginx-agent.conf \ + nginx/agent:latest +``` + +Key options explained: + +- `-d`: Runs the container in detached mode. +- `--name nginx-agent`: Assigns a name to the container for easy identification. +- `-v $(pwd)/nginx-agent.conf:/etc/nginx-agent/nginx-agent.conf`: Mounts the configuration file into the container. + + +### Verify the container is running + +Check the running status of the container: + +```bash +docker ps +``` + +You should see an entry for `nginx-agent`. The `STATUS` field indicates that the container is running. + +### Monitor logs + +To ensure the container is functioning properly and communicating with NGINX One Console, monitor the container logs. + +Run the following command: + +```bash +docker logs -f nginx-agent +``` + +Look for log entries indicating successful connection to the NGINX One Console and periodic metric transmission. diff --git a/content/nginx-one/agent/install-upgrade/_index.md b/content/nginx-one/agent/install-upgrade/_index.md new file mode 100644 index 000000000..0224aada9 --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/_index.md @@ -0,0 +1,5 @@ +--- +title: "Install and update" +weight: 200 +url: /nginx-one/agent/install-upgrade/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/install-upgrade/install-from-github.md b/content/nginx-one/agent/install-upgrade/install-from-github.md new file mode 100644 index 000000000..30795537f --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/install-from-github.md @@ -0,0 +1,73 @@ +--- +title: Install from GitHub package files +toc: true +weight: 300 +docs: DOCS-000 +nd-docs: DOCS-1876 +--- + +{{< note >}} +If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}}) +to manage your NGINX instances, NGINX Agent is installed automatically when you +add an NGINX instance to NGINX One Console. + +For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) +{{< /note >}} + +Follow the steps in this guide to install NGINX Agent in your NGINX instance using +GitHub package files. + +## Before you begin + +{{< include "/agent/installation/prerequisites.md" >}} + +## GitHub package files + +To install NGINX Agent on your system using GitHub package files, go to the +[GitHub releases page](https://github.com/nginx/agent/releases) and download the +latest package supported by your operating system distribution and CPU architecture. + +Use your system's package manager to install the package. Some examples: + +- Debian, Ubuntu, and other distributions using the `dpkg` package manager. + + ```shell + sudo dpkg -i nginx-agent-.deb + ``` + +- RHEL, CentOS RHEL, Amazon Linux, Oracle Linux, and other distributions using + the `yum` package manager + + ```shell + sudo yum localinstall nginx-agent-.rpm + ``` + +- RHEL and other distributions using the `rpm` package manager + + ```shell + sudo rpm -i nginx-agent-.rpm + ``` + +- Alpine Linux + + ```shell + sudo apk add nginx-agent-.apk + ``` + +- FreeBSD + + ```shell + sudo pkg add nginx-agent-.pkg + ``` + +### Manually connect NGINX Agent to NGINX One Console + +{{< include "agent/installation/manually-connect-to-console" >}} + +## Start, stop, and enable NGINX Agent + +{{< include "/agent/installation/start-stop-agent.md" >}} + +## Verify that NGINX Agent is running + +{{< include "/agent/installation/verify-agent.md" >}} \ No newline at end of file diff --git a/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md b/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md new file mode 100644 index 000000000..f362ec8d5 --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/install-from-oss-repo.md @@ -0,0 +1,104 @@ +--- +title: Install from Open Source repo +toc: true +weight: 100 +docs: DOCS-000 +nd-docs: DOCS-1873 +--- + +{{< note>}} +If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}}) +to manage your NGINX instances, NGINX Agent is installed automatically when you +add an NGINX instance to NGINX One Console. + +For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) +{{< /note >}} + +## Overview + +Follow the steps in this guide to install NGINX Agent in your NGINX instance using +the NGINX Open Source repository. + +## Before you begin + +{{< include "/agent/installation/prerequisites.md" >}} + +## Manual installation using the NGINX Open Source repository + +Before you install NGINX Agent for the first time on your system, you need to set +up the `nginx-agent` packages repository. Afterward, you can install and update +NGINX Agent from the repository. + +
+{{< fa "brands fa-centos" >}} Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +### Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +{{< include "/agent/installation/oss/oss-rhel.md" >}} + +
+ +
+{{< fa "brands fa-ubuntu" >}} Install NGINX Agent on Ubuntu + +### Install NGINX Agent on Ubuntu + +{{< include "/agent/installation/oss/oss-ubuntu.md" >}} + +
+ +
+{{< fa "brands fa-debian" >}} Install NGINX Agent on Debian + +### Install NGINX Agent on Debian + +{{< include "/agent/installation/oss/oss-debian.md" >}} + +
+ +
+{{< fa "brands fa-suse" >}} Install NGINX Agent on SLES + +### Install NGINX Agent on SLES + +{{< include "/agent/installation/oss/oss-sles.md" >}} + +
+ +
+{{< fa "solid fa-mountain-sun" >}} Install NGINX Agent on Alpine Linux + +### Install NGINX Agent on Alpine Linux + +{{< include "/agent/installation/oss/oss-alpine.md" >}} + +
+ +
+{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux + +### Install NGINX Agent on Amazon Linux + +{{< include "/agent/installation/oss/oss-amazon-linux.md" >}} + +
+
+{{< fa "brands fa-freebsd" >}} Install NGINX Agent on FreeBSD + +### Install NGINX Agent on FreeBSD + +{{< include "/agent/installation/oss/oss-freebsd.md" >}} + +
+ +### Manually connect NGINX Agent to NGINX One Console + +{{< include "agent/installation/manually-connect-to-console" >}} + +## Start, stop, and enable NGINX Agent + +{{< include "/agent/installation/start-stop-agent.md" >}} + +## Verify that NGINX Agent is running + +{{< include "/agent/installation/verify-agent.md" >}} diff --git a/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md new file mode 100644 index 000000000..eb20efab1 --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/install-from-plus-repo.md @@ -0,0 +1,105 @@ +--- +title: Install from NGINX Plus repo +toc: true +weight: 200 +docs: DOCS-000 +nd-docs: DOCS-1877 +--- + +{{< note>}} +If you are using [NGINX One Console]({{< ref "/nginx-one/getting-started.md" >}}) +to manage your NGINX instances, NGINX Agent is installed automatically when you +add an NGINX instance to NGINX One Console. + +For a quick guide on how to connect your instance to NGINX One Console see: [Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) +{{< /note >}} + +## Overview + +Follow the steps in this guide to install NGINX Agent in your NGINX instance using +the NGINX Plus repository. + +## Before you begin + +{{< include "/agent/installation/prerequisites.md" >}} + +## Manual installation using the NGINX Plus repository + +Before you install NGINX Agent for the first time on your system, you need to +set up the `nginx-agent` packages repository. Afterward, you can install and update +NGINX Agent from the repository. + + +
+{{< fa "brands fa-centos" >}} Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +### Install NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +{{< include "/agent/installation/plus/plus-rhel.md" >}} + +
+ +
+{{< fa "brands fa-ubuntu" >}} Install NGINX Agent on Ubuntu + +### Install NGINX Agent on Ubuntu + +{{< include "/agent/installation/plus/plus-ubuntu.md" >}} + +
+ +
+{{< fa "brands fa-debian" >}} Install NGINX Agent on Debian + +### Install NGINX Agent on Debian + +{{< include "/agent/installation/plus/plus-debian.md" >}} + +
+ +
+{{< fa "brands fa-suse" >}} Install NGINX Agent on SLES + +### Install NGINX Agent on SLES + +{{< include "/agent/installation/plus/plus-sles.md" >}} + +
+ +
+{{< fa "solid fa-mountain-sun" >}} Install NGINX Agent on Alpine Linux + +### Install NGINX Agent on Alpine Linux + +{{< include "/agent/installation/plus/plus-alpine.md" >}} + +
+
+{{< fa "brands fa-aws" >}} Install NGINX Agent on Amazon Linux + +### Install NGINX Agent on Amazon Linux + +{{< include "/agent/installation/plus/plus-amazon-linux.md" >}} + +
+ +
+{{< fa "brands fa-freebsd" >}} Install NGINX Agent on FreeBSD + +### Install NGINX Agent on FreeBSD + +{{< include "/agent/installation/plus/plus-freebsd.md" >}} + +
+ +### Manually connect NGINX Agent to NGINX One Console + +{{< include "agent/installation/manually-connect-to-console" >}} + +## Start, stop, and enable NGINX Agent + +{{< include "/agent/installation/start-stop-agent.md" >}} + +## Verify that NGINX Agent is running + +{{< include "/agent/installation/verify-agent.md" >}} diff --git a/content/nginx-one/agent/install-upgrade/uninstall.md b/content/nginx-one/agent/install-upgrade/uninstall.md new file mode 100644 index 000000000..3a7c95aef --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/uninstall.md @@ -0,0 +1,82 @@ +--- +title: Uninstall NGINX Agent +toc: true +weight: 500 +docs: DOCS-000 +nd-docs: DOCS-1874 +--- + +## Overview + +Follow the steps in this guide to remove F5 NGINX Agent from your NGINX instances. + +## Before you begin + +The user following performing the uninstall steps needs to have `root` privilege. + +## Uninstall NGINX Agent + +Complete the following steps on each host where you've installed NGINX Agent + +
+{{< fa "brands fa-centos" >}} Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +### Uninstall NGINX Agent on RHEL, CentOS, Rocky Linux, AlmaLinux, and Oracle Linux + +{{< include "/agent/installation/uninstall/uninstall-rhel.md" >}} + +
+ +
+{{< fa "brands fa-ubuntu" >}} Uninstall NGINX Agent on Ubuntu + +### Uninstall NGINX Agent on Ubuntu + +{{< include "/agent/installation/uninstall/uninstall-ubuntu.md" >}} + +
+ +
+{{< fa "brands fa-debian" >}} Uninstall NGINX Agent on Debian + +### Uninstall NGINX Agent on Debian + +{{< include "/agent/installation/uninstall/uninstall-debian.md" >}} + +
+ +
+{{< fa "brands fa-suse" >}} Uninstall NGINX Agent on SLES + +### Uninstall NGINX Agent on SLES + +{{< include "/agent/installation/uninstall/uninstall-sles.md" >}} + +
+ +
+{{< fa "solid fa-mountain-sun" >}} Uninstall NGINX Agent on Alpine Linux + +### Uninstall NGINX Agent on Alpine Linux + +{{< include "/agent/installation/uninstall/uninstall-alpine.md" >}} + +
+ +
+{{< fa "brands fa-aws" >}} Uninstall NGINX Agent on Amazon Linux + +### Uninstall NGINX Agent on Amazon Linux + +{{< include "/agent/installation/uninstall/uninstall-amazon-linux.md" >}} + +
+ +
+{{< fa "brands fa-freebsd" >}} Uninstall NGINX Agent on FreeBSD + +### Uninstall NGINX Agent on FreeBSD + +{{< include "/agent/installation/uninstall/uninstall-freebsd.md" >}} + +
diff --git a/content/nginx-one/agent/install-upgrade/update.md b/content/nginx-one/agent/install-upgrade/update.md new file mode 100644 index 000000000..a6f5cfd10 --- /dev/null +++ b/content/nginx-one/agent/install-upgrade/update.md @@ -0,0 +1,15 @@ +--- +title: Update NGINX Agent +toc: true +weight: 400 +docs: DOCS-000 +nd-docs: DOCS-1875 +--- + +## Overview + +{{< include "/agent/installation/update.md" >}} + +## Migrate NGINX Agent running in containers + +{{< include "/agent/installation/update-container.md" >}} diff --git a/content/nginx-one/agent/metrics/_index.md b/content/nginx-one/agent/metrics/_index.md new file mode 100644 index 000000000..e089288c1 --- /dev/null +++ b/content/nginx-one/agent/metrics/_index.md @@ -0,0 +1,5 @@ +--- +title: "Metrics" +weight: 500 +url: /nginx-one/agent/metrics/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/metrics/configure-otel-metrics.md b/content/nginx-one/agent/metrics/configure-otel-metrics.md new file mode 100644 index 000000000..78824f3bc --- /dev/null +++ b/content/nginx-one/agent/metrics/configure-otel-metrics.md @@ -0,0 +1,41 @@ +--- +title: Export NGINX instance metrics +weight: 450 +toc: true +nd-docs: DOCS-1882 +--- + +## Overview + +F5 NGINX Agent now includes an embedded [OpenTelemetry](https://opentelemetry.io/) collector, streamlining observability and metric collection for NGINX instances. With this feature, you can collect: + +* Metrics from NGINX Plus and NGINX Open Source +* Host metrics (CPU, memory, disk, and network activity) from VMs or Containers + +{{< note >}} +The OpenTelemetry exporter is enabled by default. Once a valid connection to the management plane is established, the Agent will automatically begin exporting metrics. +{{< /note >}} + +### Key benefits + +* Seamless Integration: No need to deploy an external OpenTelemetry Collector. All components are embedded within the Agent for streamlined observability. +* Standardized Protocol: Support for OpenTelemetry standards ensures interoperability with a wide range of observability backends, including Jaeger, Prometheus, Splunk, and more. + +### Verify that metrics are exported + +You can validate that metrics are successfully exported by using the methods below: + +- **NGINX One dashboard** + + - When an instance has connected to NGINX One Console [See: Connect to NGINX One Console]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}), you should see metrics showing on the NGINX One Dashboard. + +- **Agent logs** + + Check the OpenTelemetry Collector logs for confirmation of successful metric processing: + + 1. Open the file: `/var/log/nginx-agent/opentelemetry-collector-agent.log` + 2. Look for the following logs: + + ```text + Everything is ready. Begin running and processing data. + ``` diff --git a/content/nginx-one/agent/overview/_index.md b/content/nginx-one/agent/overview/_index.md new file mode 100644 index 000000000..25d1de757 --- /dev/null +++ b/content/nginx-one/agent/overview/_index.md @@ -0,0 +1,5 @@ +--- +title: "Overview" +weight: 100 +url: /nginx-one/agent/install-upgrade/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/overview/about.md b/content/nginx-one/agent/overview/about.md new file mode 100644 index 000000000..14bed57b4 --- /dev/null +++ b/content/nginx-one/agent/overview/about.md @@ -0,0 +1,54 @@ +--- +title: About +weight: 100 +toc: true +nd-docs: DOCS-1870 +--- + +{{< include "agent/v3-available.md" >}} + +{{< include "agent/about.md" >}} + +## Architecture + +```mermaid +graph BT + + %% Define colors for the subgraphs + style ManagementPlane fill:#d0eac4,stroke:#228B22,stroke-width:2px,color:#000000 + style CommandControl fill:#cfe2f1,stroke:#1E90FF,stroke-width:2px,color:#000000 + style OTelManagementPlane fill:#cfe2f1,stroke:#1E90FF,stroke-width:2px,color:#000000 + style Compute fill:#cfe2f1,stroke:#1E90FF,stroke-width:2px,color:#000000 + style NGINX fill:#b5e0b6,stroke:#008000,stroke-width:2px,color:#000000 + style NGINXConfig fill:#b5e0b6,stroke:#008000,stroke-width:2px,color:#000000 + style ErrorLogs fill:#b5e0b6,stroke:#008000,stroke-width:2px,color:#000000 + style Agent fill:#b5e0b6,stroke:#008000,stroke-width:2px,color:#000000 + + subgraph ManagementPlane["NGINX One"] + CommandControl["Command Server"] + OTelManagementPlane["OTel Receiver"] + end + + subgraph Compute["NGINX Instance"] + subgraph Agent["Agent Process"] + OTelDataPlane["OTel Collector"] + end + + subgraph NGINX["NGINX Process"] + NGINXMetrics["Metrics"] + end + NGINXConfig["NGINX Configuration Files"] + ErrorLogs["NGINX Error Logs"] + + Metrics["Host Metrics"] --> |Collects| OTelDataPlane + NGINXMetrics --> |Reads| OTelDataPlane["OTel Collector"] + Agent --> |Watch/Reload| NGINX + Agent --> |Reads| ErrorLogs + OTelDataPlane --> |Reads| AccessLogs["NGINX Access Logs"] + Agent <--> |Reads/Writes| NGINXConfig + end + + Compute <--> |gRPC| ManagementPlane +``` + +{{< include "agent/architecture.md" >}} diff --git a/content/nginx-one/agent/overview/tech-specs.md b/content/nginx-one/agent/overview/tech-specs.md new file mode 100644 index 000000000..025723595 --- /dev/null +++ b/content/nginx-one/agent/overview/tech-specs.md @@ -0,0 +1,9 @@ +--- +title: Technical Specifications +toc: false +weight: 200 +docs: DOCS-000 +nd-docs: DOCS-1871 +--- + +{{< include "/agent/tech-specs.md" >}} diff --git a/content/nginx-one/agent/support/_index.md b/content/nginx-one/agent/support/_index.md new file mode 100644 index 000000000..253093e5e --- /dev/null +++ b/content/nginx-one/agent/support/_index.md @@ -0,0 +1,5 @@ +--- +title: "Support" +weight: 700 +url: /nginx-one/agent/support/ +--- \ No newline at end of file diff --git a/content/nginx-one/agent/support/troubleshooting.md b/content/nginx-one/agent/support/troubleshooting.md new file mode 100644 index 000000000..180099616 --- /dev/null +++ b/content/nginx-one/agent/support/troubleshooting.md @@ -0,0 +1,31 @@ +--- +title: Troubleshooting +toc: true +weight: 700 +docs: DOCS-000 +nd-docs: DOCS-1878 +--- + +## F5 NGINX Agent Troubleshooting + +**1. Container running but Agent is not connected to NGINX One Console?** +- Check Agent logs ```bash + docker logs + ``` +- If you are using NGINX Plus, a valid license will need to be passed into the container run command. +- Ensure that the values sent with the container run command are correct. + +**2. Container running but instance is showing offline on NGINX One Console?** +- Check Agent logs ```bash + docker logs c5e1e3234900 | grep "nginx" + ``` +- Verify the following log message is shown: ```2025/02/17 19:02:58 [notice] 32#32: nginx/1.27.2 (nginx-plus-r33-p2 ``` +- If not found, it could mean the container image is missing the NGINX service +- Make sure NGINX is running ```ps -ef | grep "nginx"``` +- Make sure NGINX is part of the image file. + + +**3. NGINX Agent is installed on my Virtual Machine, but not showing up on NGINX One Console?** +- Verify the agent is running ```sudo systemctl status nginx-agent``` +- Check for any errors in the logs ```sudo tail -f /var/log/nginx-agent/agent.log``` +- Check ```/etc/nginx-agent/nginx-agent.conf``` for any misconfigurations. diff --git a/content/nginx-one/api/api-reference-guide.md b/content/nginx-one/api/api-reference-guide.md index 43adf2b6a..d3034aa1e 100644 --- a/content/nginx-one/api/api-reference-guide.md +++ b/content/nginx-one/api/api-reference-guide.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-1398 +nd-docs: DOCS-1398 doctypes: - reference type: redoc diff --git a/content/nginx-one/api/authentication.md b/content/nginx-one/api/authentication.md index 101c0d81d..7518c3677 100644 --- a/content/nginx-one/api/authentication.md +++ b/content/nginx-one/api/authentication.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-1397 +nd-docs: DOCS-1397 title: Authentication toc: true weight: 10 diff --git a/content/nginx-one/changelog.md b/content/nginx-one/changelog.md index ab541049a..dd9cf1216 100644 --- a/content/nginx-one/changelog.md +++ b/content/nginx-one/changelog.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-1394 +nd-docs: DOCS-1394 title: Changelog toc: true weight: 99999 @@ -30,6 +30,14 @@ h2 { Stay up-to-date with what's new and improved in the F5 NGINX One Console. +## July 1, 2025 + +### NGINX Agent version 3 support + +We have added support for NGINX Agent 3.x in NGINX One Console. You can now: + +- Manage data plane instances with NGINX Agent version 3. + ## May 19, 2025 ### Import and export your Staged Configs @@ -83,7 +91,7 @@ You can: - Remove a deployed certificate from a Config Sync Group For more information, including warnings about risks, see our documentation on how you can: -- [Add a file]({{< ref "/nginx-one/nginx-configs/add-file.md" >}}) +- [Add a file]({{< ref "/nginx-one/nginx-configs/one-instance/add-file.md" >}}) - [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}) ### Revert a configuration @@ -136,7 +144,7 @@ Select the link for each CVE to see the details, including the CVE's publish dat ### Edit NGINX configurations -You can now make configuration changes to your NGINX instances. For more details, see [View and edit NGINX configurations]({{< ref "/nginx-one/nginx-configs/view-edit-nginx-configurations.md" >}}). +You can now make configuration changes to your NGINX instances. For more details, see [View and edit NGINX configurations]({{< ref "/nginx-one/nginx-configs/one-instance/view-edit-nginx-configurations.md" >}}). ## May 28, 2024 diff --git a/content/nginx-one/connect-instances/_index.md b/content/nginx-one/connect-instances/_index.md index ea3ed0292..686d7efc8 100644 --- a/content/nginx-one/connect-instances/_index.md +++ b/content/nginx-one/connect-instances/_index.md @@ -1,6 +1,6 @@ --- description: -title: Connect your instances +title: Connect more instances weight: 200 url: /nginx-one/connect-instances/ --- diff --git a/content/nginx-one/connect-instances/add-instance.md b/content/nginx-one/connect-instances/add-instance.md index 328d93724..db4af6a8f 100644 --- a/content/nginx-one/connect-instances/add-instance.md +++ b/content/nginx-one/connect-instances/add-instance.md @@ -2,7 +2,7 @@ description: '' title: Add an NGINX instance toc: true -weight: 100 +weight: 300 type: - how-to --- diff --git a/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md b/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md index 8545e0419..5f4d251b5 100644 --- a/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md +++ b/content/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md @@ -1,6 +1,6 @@ --- description: '' -docs: null +nd-docs: null title: Connect NGINX Plus container images toc: true weight: 400 @@ -42,13 +42,13 @@ sudo docker login private-registry.nginx.com --username=YOUR_JWT_HERE --password ### Pull the NGINX Plus image -Pull the NGINX Plus image from the private registry. Replace `VERSION_TAG` with the desired version, such as `alpine`, `debian`, or `ubi`. +Pull the NGINX Plus image from the private registry. Replace `` with the desired version, such as `alpine`, `debian`, or `ubi`. ```sh -sudo docker pull private-registry.nginx.com/nginx-plus/agent:VERSION_TAG +docker pull private-registry.nginx.com/nginx-plus/agentv3: ``` -You must specify a version tag. The `latest` tag is not supported. Learn more in the [Deploying NGINX and NGINX Plus on Docker]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pulling-the-image" >}}) guide. +You must specify a version tag that matches your distribution. The `latest` tag is not supported. Learn more in the [Deploying NGINX and NGINX Plus on Docker]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pull-the-image" >}}) guide.
@@ -62,7 +62,7 @@ sudo docker pull private-registry.nginx.com/nginx-plus/agent:debian ### Start the NGINX Plus container -Start the Docker container to connect it to NGINX One. Replace `YOUR_NGINX_ONE_DATA_PLANE_KEY_HERE` with your data plane key and `VERSION_TAG` with the version tag you pulled. +Start the Docker container to connect it to NGINX One. Replace `YOUR_NGINX_ONE_DATA_PLANE_KEY_HERE` with your data plane key and `version-tag` with the version tag you pulled. **For NGINX Plus R33 or later**: @@ -79,7 +79,7 @@ sudo docker run \ --env=NGINX_AGENT_TLS_ENABLE=true \ --restart=always \ --runtime=runc \ --d private-registry.nginx.com/nginx-plus/agent: +-d private-registry.nginx.com/nginx-plus/agent: ```
diff --git a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md index 224b3ff51..0052e684c 100644 --- a/content/nginx-one/connect-instances/create-manage-data-plane-keys.md +++ b/content/nginx-one/connect-instances/create-manage-data-plane-keys.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-1395 +nd-docs: DOCS-1395 title: Prepare - Create and manage data plane keys toc: true weight: 100 @@ -66,3 +66,7 @@ Before you can delete a key, it must be expired or revoked. You can revoke a key 2. Find the key you want to revoke in the list of expired or revoked keys. 3. Next to the key name, select the check box. You can select multiple keys at the same time. 4. Select **Delete selected**. + +## Use the API + +You can use our [API to manage your data plane keys]({{< ref "/nginx-one/api/api-reference-guide/#tag/Data-Plane/Key" >}}) in all of these ways (and more). diff --git a/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md b/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md index 6c97ffccc..c29aec28b 100644 --- a/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md +++ b/content/nginx-one/connect-instances/set-up-nginx-proxy-for-nginx-one.md @@ -1,9 +1,9 @@ --- description: '' -docs: null -title: Minimize connections - Set up NGINX as a proxy +nd-docs: null +title: Prepare - Set up NGINX as a proxy toc: true -weight: 300 +weight: 200 type: - how-to --- diff --git a/content/nginx-one/getting-started.md b/content/nginx-one/getting-started.md index 6a761fa2f..8f5605201 100644 --- a/content/nginx-one/getting-started.md +++ b/content/nginx-one/getting-started.md @@ -4,30 +4,109 @@ toc: true weight: 100 type: how-to product: NGINX One -docs: DOCS-1393 --- -This guide provides step-by-step instructions on how to activate and start using F5 NGINX One Console. NGINX One is a management console for monitoring and managing NGINX data plane instances. +The F5 NGINX One Console makes it easy to manage NGINX instances across locations and environments. The console lets you monitor and control your NGINX fleet from one placeβ€”you can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more. -## Enable the NGINX One service {#enable-nginx-one} +This guide provides step-by-step instructions to activate and use F5 NGINX One Console. For a list of the latest changes, see our [changelog]({{< ref "/nginx-one/changelog.md" >}}) -To get started using NGINX One, enable the service on F5 Distributed Cloud. +## Benefits and key features -1. Log in to [F5 Distributed Console](https://www.f5.com/cloud/products/distributed-cloud-console). -1. Select **NGINX One** from the list of services. -1. Select **Enable Service**. -1. After the service has been enabled, select **Visit Service** to load NGINX One Console. +NGINX One offers the following key benefits: + +- **Centralized control**: Manage all your NGINX instances from a single console. +- **Enhanced monitoring and risk detection**: Automatically detect critical vulnerabilities (CVEs), verify SSL certificate statuses, and identify security issues in NGINX configurations. +- **Performance optimization**: Track your NGINX versions and receive recommendations for tuning your configurations for better performance. +- **Graphical Metrics Display**: Access a dashboard that shows key metrics for your NGINX instances, including instance availability, version distribution, system health, and utilization trends. +- **Real-time alerts**: Receive alerts about critical issues. + +## Before you begin + +**You need access to F5 Distributed Cloud**. + +If you already have accessed F5 Distributed Cloud and have NGINX instances available, you can skip these sections and start to [Add your NGINX instances to NGINX One](#add-your-nginx-instances-to-nginx-one). Otherwise, take these steps to "onboard" yourself to NGINX One Console. + +
+If you want to register for a trial + +### Register for a trial subscription + + +If you want to register for a trial, navigate to https://account.f5.com/myf5. If needed, select **Sign up** to get an account. Then follow these steps: + +1. Navigate to https://account.f5.com/myf5 and log in. +1. Select trials +1. Find **F5 NGINX**. Sign up for the trial. +1. The trial may require approval. + +
+ +
+Confirm access to the F5 Distributed Cloud + +### Confirm access to the F5 Distributed Cloud + +{{< include "/nginx-one/cloud-access.md" >}} + +
+ +
+Confirm access to NGINX One Console + +### Confirm access to NGINX One Console + +{{< include "/nginx-one/cloud-access-nginx.md" >}} + +
+ +
+Install an instance of NGINX + +### Install an instance of NGINX + +{{< include "/nginx-one/install-nginx.md" >}} + +
+ +
+Make sure you're running a supported Linux distribution + +NGINX Agent sets up communication between your NGINX Instance and NGINX One Console. Make sure your Linux operating system is listed below. The installation script for NGINX Agent is compatible with these distributions and versions. + +### NGINX Agent installation script: supported distributions + +{{}} + +| Distribution | Version | Architecture | +|------------------------------|----------------------|-----------------| +| AlmaLinux | 8, 9 | x86_64, aarch64 | +| Alpine Linux | 3.16 - 3.18 | x86_64, aarch64 | +| Amazon Linux | 2023 | x86_64, aarch64 | +| Amazon Linux 2 | LTS | x86_64, aarch64 | +| CentOS | 7.4+ | x86_64, aarch64 | +| Debian | 11, 12 | x86_64, aarch64 | +| Oracle Linux | 7.4+, 8.1+, 9 | x86_64 | +| Red Hat Enterprise Linux | 7.4+, 8.1+, 9 | x86_64, aarch64 | +| Rocky Linux | 8, 9 | x86_64, aarch64 | +| Ubuntu | 20.04 LTS, 22.04 LTS | x86_64, aarch64 | + +{{}} + + + +
--- ## Add your NGINX instances to NGINX One -Next, add your NGINX instances to NGINX One. You'll need to create a data plane key and then install NGINX Agent on each instance you want to monitor. +Add your NGINX instances to NGINX One. You'll need to create a data plane key and then install NGINX Agent on each instance you want to monitor. The following instructions include minimal information, sufficient to "get started." See the following links for detailed instructions: -- [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) +- [Prepare - Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) - [Add an NGINX instance]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) +- [Connect NGINX Plus container images]({{< ref "/nginx-one/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md" >}}) ### Generate a data plane key {#generate-data-plane-key} @@ -95,18 +174,7 @@ To install NGINX Agent on an NGINX instance: The `install` script writes an `nginx-agent.conf` file to the `/etc/nginx-agent/` directory, with the [data plane key](#generate-data-plane-key) that you generated. You can find this information in the `nginx-agent.conf` file: -```yaml -server: - token: "" - host: agent.connect.nginx.com - grpcPort: 443 - -tls: - enable: True - skip_verify: False -``` - -If you followed the [Installation and upgrade](https://docs.nginx.com/nginx-agent/installation-upgrade/) guides for installing NGINX Agent, you may need to add this information manually to `nginx-agent.conf`. +{{< include "/nginx-one/conf/nginx-agent-conf.md" >}} @@ -114,29 +182,6 @@ If you followed the [Installation and upgrade](https://docs.nginx.com/nginx-agen
- Make sure your Linux operating system is listed below. The installation script for NGINX Agent is compatible with these distributions and versions. - -#### NGINX Agent installation script: supported distributions - -{{}} - -| Distribution | Version | Architecture | -|------------------------------|----------------------|-----------------| -| AlmaLinux | 8, 9 | x86_64, aarch64 | -| Alpine Linux | 3.16 - 3.18 | x86_64, aarch64 | -| Amazon Linux | 2023 | x86_64, aarch64 | -| Amazon Linux 2 | LTS | x86_64, aarch64 | -| CentOS | 7.4+ | x86_64, aarch64 | -| Debian | 11, 12 | x86_64, aarch64 | -| Oracle Linux | 7.4+, 8.1+, 9 | x86_64 | -| Red Hat Enterprise Linux | 7.4+, 8.1+, 9 | x86_64, aarch64 | -| Rocky Linux | 8, 9 | x86_64, aarch64 | -| Ubuntu | 20.04 LTS, 22.04 LTS | x86_64, aarch64 | - -{{}} - - - --- The NGINX One Console dashboard relies on APIs for NGINX Plus and NGINX Open Source Stub Status to report traffic and system metrics. The following sections show you how to enable those metrics. @@ -149,7 +194,7 @@ The NGINX One Console dashboard relies on APIs for NGINX Plus and NGINX Open Sou {{< include "/use-cases/monitoring/enable-nginx-oss-stub-status.md" >}} ---- +--- ## View instance metrics with the NGINX One dashboard @@ -164,37 +209,6 @@ After connecting your NGINX instances to NGINX One, you can monitor their perfor {{< include "/use-cases/monitoring/n1c-dashboard-overview.md" >}} -Navigating the dashboard: - -- **Drill down into specifics**: For in-depth information on a specific metric, like expiring certificates, click on the relevant link in the metric's card to go to a detailed overview page. -- **Refine metric timeframe**: Metrics show the last hour's data by default. To view data from a different period, select the time interval you want from the drop-down menu. - - -{{< img src="nginx-one/images/nginx-one-dashboard.png">}} - - -{{}} -**NGINX One dashboard metrics** -| Metric | Description | Details | -|---|---|---| -| **Instance availability** | Understand the operational status of your NGINX instances. | - **Online**: The NGINX instance is actively connected and functioning properly.
- **Offline**: NGINX Agent is connected but the NGINX instance isn't running, isn't installed, or can't communicate with NGINX Agent.
- **Unavailable**: The connection between NGINX Agent and NGINX One has been lost or the instance has been decommissioned.
- **Unknown**: The current state can't be determined at the moment. | -| **NGINX versions by instance** | See which NGINX versions are in use across your instances. | | -| **Operating systems** | Find out which operating systems your instances are running on. | | -| **Certificates** | Monitor the status of your SSL certificates to know which are expiring soon and which are still valid. | | -| **Config recommendations** | Get configuration recommendations to optimize your instances' settings. | | -| **CVEs (Common Vulnerabilities and Exposures)** | Evaluate the severity and number of potential security threats in your instances. | - **Major**: Indicates a high-severity threat that needs immediate attention.
- **Medium**: Implies a moderate threat level.
- **Minor** and **Low**: Represent less critical issues that still require monitoring.
- **Other**: Encompasses any threats that don't fit the standard categories. | -| **CPU utilization** | Track CPU usage trends and pinpoint instances with high CPU demand. | | -| **Memory utilization** | Watch memory usage patterns to identify instances using significant memory. | | -| **Disk space utilization** | Monitor how much disk space your instances are using and identify those nearing capacity. | | -| **Unsuccessful response codes** | Look for instances with a high number of HTTP server errors and investigate their error codes. | | -| **Top network usage** | Review the network usage and bandwidth consumption of your instances. | | - -{{}} - - - - - diff --git a/content/nginx-one/glossary.md b/content/nginx-one/glossary.md index 04951c14c..69c264c63 100644 --- a/content/nginx-one/glossary.md +++ b/content/nginx-one/glossary.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-1396 +nd-docs: DOCS-1396 title: Glossary toc: true weight: 800 @@ -15,9 +15,11 @@ This glossary defines terms used in the F5 NGINX One Console and F5 Distributed | Term | Definition | |-------------|-------------| | **Config Sync Group** | A group of NGINX systems (or instances) with identical configurations. They may also share the same certificates. However, the instances in a Config Sync Group could belong to different systems and even different clusters. For more information, see this explanation of [Important considerations]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md#important-considerations" >}}) | +| **Control Plane** | The control plane is the part of a network architecture that manages and controls the flow or data or traffic (the Data Plane). It is responsible for system-level tasks such as routing and traffic management. | | **Data Plane** | The data plane is the part of a network architecture that carries user traffic. It handles tasks like forwarding data packets between devices and managing network communication. In the context of NGINX, the data plane is responsible for tasks such as load balancing, caching, and serving web content. | | **Instance** | An instance is an individual system with NGINX installed. You can group the instances of your choice in a Config Sync Group. When you add an instance to NGINX One, you need to use a data plane key. | | **Namespace** | In F5 Distributed Cloud, a namespace groups a tenant’s configuration objects, similar to administrative domains. Every object in a namespace must have a unique name, and each namespace must be unique to its tenant. This setup ensures isolation, preventing cross-referencing of objects between namespaces. You'll see the namespace in the NGINX One Console URL as `/namespaces//` | +| **NGINX Agent** | A lightweight software component installed on NGINX instances to enable communication with the NGINX One console. | | **Staged Configurations** | Also known as **Staged Configs**. Allows you to save "work in progress." You can create it from scratch, an Instance, another Staged Config, or a Config Sync Group. It does _not_ have to be a working configuration until you publish it to an instance or a Config Sync Group. You can even manage your **Staged Configurations** through our [API]({{< ref "/nginx-one/api/api-reference-guide/#tag/StagedConfigs" >}}). | | **Tenant** | A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC). | {{}} diff --git a/content/nginx-one/nginx-configs/certificates/manage-certificates.md b/content/nginx-one/nginx-configs/certificates/manage-certificates.md index b80d52c3c..cf6409c8b 100644 --- a/content/nginx-one/nginx-configs/certificates/manage-certificates.md +++ b/content/nginx-one/nginx-configs/certificates/manage-certificates.md @@ -1,5 +1,5 @@ --- -docs: null +nd-docs: null title: Manage certificates toc: true weight: 100 @@ -34,7 +34,7 @@ From the NGINX One Console you can: You can manage the certificates for: -- [Unique instances]({{< ref "/nginx-one/nginx-configs/add-file.md#new-ssl-certificate-or-ca-bundle" >}}) +- [Unique instances]({{< ref "/nginx-one/nginx-configs/one-instance/add-file.md#new-ssl-certificate-or-ca-bundle" >}}) - For all instances that are members of a [Config Sync Group]({{< ref "/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups/#configuration-management" >}}) @@ -195,4 +195,4 @@ To convert these cerificates to managed, start with the Certificates menu, and s - [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) - [Add an instance]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) -- [Add a file in a configuration]({{< ref "/nginx-one/nginx-configs/add-file.md" >}}) +- [Add a file in a configuration]({{< ref "/nginx-one/nginx-configs/one-instance/add-file.md" >}}) diff --git a/content/nginx-one/nginx-configs/clean-up-unavailable-instances.md b/content/nginx-one/nginx-configs/clean-up-unavailable-instances.md index 9e7979e34..94166a18d 100644 --- a/content/nginx-one/nginx-configs/clean-up-unavailable-instances.md +++ b/content/nginx-one/nginx-configs/clean-up-unavailable-instances.md @@ -1,6 +1,6 @@ --- description: '' -docs: null +nd-docs: null title: Clean up unavailable NGINX instances toc: true weight: 1000 @@ -16,7 +16,7 @@ This guide explains how to set up automatic cleanup for NGINX instances in NGINX Before you set up automatic cleanup for NGINX instances, ensure: -- You have administrator access to NGINX One. +- You have [administrator access]({{< ref "/nginx-one/rbac/roles.md" >}}) to NGINX One Console. - You understand that this action will delete instances permanently after they are unavailable for the specified duration. ## Configure instance cleanup diff --git a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md index 147b83950..823c4d7f2 100644 --- a/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md +++ b/content/nginx-one/nginx-configs/config-sync-groups/add-file-csg.md @@ -1,5 +1,5 @@ --- -docs: null +nd-docs: null title: Add a file to a Config Sync Group toc: true weight: 400 @@ -64,4 +64,4 @@ With this option, you can incorporate [Managed certificates]({{< ref "/nginx-one - [Create and manage data plane keys]({{< ref "/nginx-one/connect-instances/create-manage-data-plane-keys.md" >}}) - [Add an NGINX instance]({{< ref "/nginx-one/connect-instances/add-instance.md" >}}) -- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}) +- [Manage certificates]({{< ref "/nginx-one/nginx-configs/certificates/manage-certificates.md" >}}) \ No newline at end of file diff --git a/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md b/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md index d5811fe1a..5db71008b 100644 --- a/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md +++ b/content/nginx-one/nginx-configs/config-sync-groups/manage-config-sync-groups.md @@ -1,5 +1,5 @@ --- -docs: null +nd-docs: null title: Manage Config Sync Groups toc: true weight: 300 @@ -162,14 +162,9 @@ When adding a new NGINX instance that is not yet registered with NGINX One, you - From the **OS Type** list, choose the appropriate operating system for your Docker image. - After selecting the OS, run the provided command to pull the Docker image. - **Note**: Subject to availability, you can modify the `agent: ` to match the specific NGINX Plus version, OS type, and OS version you need. For example, you might use `agent: r32-ubi-9`. For more details on version tags and how to pull an image, see [Deploying NGINX and NGINX Plus on Docker]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pulling-the-image" >}}). + **Note**: Subject to availability, you can modify the `agentv3:` to match the specific NGINX Plus version, OS type, and OS version you need. For example, you might use `agentv3:r32-ubi-9`. For more details on version tags and how to pull an image, see [Deploying NGINX and NGINX Plus on Docker]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pull-the-image" >}}). - - From the **OS Type** list, choose the appropriate operating system for your Docker image. - - After selecting the OS, run the provided command to pull the Docker image. - - **Note**: Subject to availability, you can modify the `agent: ` to match the specific NGINX Plus version, OS type, and OS version you need. For example, you might use `agent: r32-ubi-9`. For more details on version tags and how to pull an image, see [Deploying NGINX and NGINX Plus on Docker]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-docker.md#pulling-the-image" >}}). - 10. Run the provided command, which includes the data plane key, in your NGINX instance terminal to start the Docker container. 11. Select **Done** to complete the process. diff --git a/content/nginx-one/metrics/_index.md b/content/nginx-one/nginx-configs/metrics/_index.md similarity index 100% rename from content/nginx-one/metrics/_index.md rename to content/nginx-one/nginx-configs/metrics/_index.md diff --git a/content/nginx-one/metrics/enable-metrics.md b/content/nginx-one/nginx-configs/metrics/enable-metrics.md similarity index 100% rename from content/nginx-one/metrics/enable-metrics.md rename to content/nginx-one/nginx-configs/metrics/enable-metrics.md diff --git a/content/nginx-one/metrics/review-metrics.md b/content/nginx-one/nginx-configs/metrics/review-metrics.md similarity index 100% rename from content/nginx-one/metrics/review-metrics.md rename to content/nginx-one/nginx-configs/metrics/review-metrics.md diff --git a/content/nginx-one/nginx-configs/one-instance/_index.md b/content/nginx-one/nginx-configs/one-instance/_index.md new file mode 100644 index 000000000..6577c95a0 --- /dev/null +++ b/content/nginx-one/nginx-configs/one-instance/_index.md @@ -0,0 +1,6 @@ +--- +description: +title: Manage a single NGINX instance +weight: 300 +url: /nginx-one/nginx-configs/one-instance +--- diff --git a/content/nginx-one/nginx-configs/add-file.md b/content/nginx-one/nginx-configs/one-instance/add-file.md similarity index 88% rename from content/nginx-one/nginx-configs/add-file.md rename to content/nginx-one/nginx-configs/one-instance/add-file.md index 574ba30e4..72b1d7d45 100644 --- a/content/nginx-one/nginx-configs/add-file.md +++ b/content/nginx-one/nginx-configs/one-instance/add-file.md @@ -1,5 +1,5 @@ --- -docs: null +nd-docs: null title: Add a file to an instance toc: true weight: 300 @@ -15,8 +15,8 @@ type: Before you add files in your configuration, ensure: -- You have access to the NGINX One Console. -- NGINX instances are properly registered with NGINX One Console +- You have [access to the NGINX One Console]({{< ref "/nginx-one/rbac/roles.md" >}}). +- NGINX instances are [properly registered]({{< ref "/nginx-one/getting-started.md#add-your-nginx-instances-to-nginx-one" >}}) with NGINX One Console. ## Important considerations diff --git a/content/nginx-one/nginx-configs/view-edit-nginx-configurations.md b/content/nginx-one/nginx-configs/one-instance/view-edit-nginx-configurations.md similarity index 95% rename from content/nginx-one/nginx-configs/view-edit-nginx-configurations.md rename to content/nginx-one/nginx-configs/one-instance/view-edit-nginx-configurations.md index f775520f8..5ad4ab137 100644 --- a/content/nginx-one/nginx-configs/view-edit-nginx-configurations.md +++ b/content/nginx-one/nginx-configs/one-instance/view-edit-nginx-configurations.md @@ -24,7 +24,7 @@ To view and edit an NGINX configuration, follow these steps: 6. When you are satisfied with the changes, select **Next**. 7. Compare and verify your changes before selecting **Save and Publish** to publish the edited configuration. -Alternatively, you can select **Save Changes As**. In the window that appears, you can set up this instance as a [**Staged Configuration**]({{< ref "/nginx-one/staged-configs/_index.md" >}}). +Alternatively, you can select **Save Changes As**. In the window that appears, you can set up this instance as a [**Staged Configuration**]({{< ref "/nginx-one/nginx-configs/staged-configs/_index.md" >}}). ## See also diff --git a/content/nginx-one/staged-configs/_index.md b/content/nginx-one/nginx-configs/staged-configs/_index.md similarity index 100% rename from content/nginx-one/staged-configs/_index.md rename to content/nginx-one/nginx-configs/staged-configs/_index.md diff --git a/content/nginx-one/staged-configs/add-staged-config.md b/content/nginx-one/nginx-configs/staged-configs/add-staged-config.md similarity index 96% rename from content/nginx-one/staged-configs/add-staged-config.md rename to content/nginx-one/nginx-configs/staged-configs/add-staged-config.md index 042779b8b..196d6c34a 100644 --- a/content/nginx-one/staged-configs/add-staged-config.md +++ b/content/nginx-one/nginx-configs/staged-configs/add-staged-config.md @@ -14,7 +14,7 @@ product: NGINX-One ## Overview -This guide explains how to add a Staged Configuration to your NGINX One Console. +This guide explains how to add a Staged Configuration to your NGINX One Console. {{< include "nginx-one/staged-config-overview.md" >}} @@ -47,7 +47,7 @@ To start a new Staged Configuration: You will see a new Staged Configuration with the default NGINX configuration file, `/etc/nginx/nginx.conf`, in edit mode. 1. Type or paste content for `/etc/nginx/nginx.conf`. -1. Select **Add File** to add the configuration, certificate, or other file(s) of your choice. +1. Select **Add File** to add the configuration, certificate, or other file(s) of your choice. 1. When you're done, select **Save**. ### Start from an existing Instance @@ -58,7 +58,7 @@ To start from an existing Instance: 1. Enter a name for your new Staged Configuration. 1. Select **Instance**. 1. In the Choose Instance menu that appears, select an existing Instance. -1. Select **Next**. +1. Select **Next**. NGINX One Console imports the configuration from the existing Instance. You can now edit the configuration. When you're ready to stop and save your work, select Save. @@ -70,7 +70,7 @@ To start from an existing Config Sync Group: 1. Select **Config Sync Group**. 1. In the Choose Config Sync Group menu that appears, select an existing Config Sync Group. 1. Enter a name for your new Staged Configuration. -1. Select **Next**. +1. Select **Next**. NGINX One Console imports the configuration from the existing Config Sync Group. You can now edit the configuration. When you're ready to stop and save your work, select Save. @@ -82,7 +82,7 @@ To start from an existing Staged Config: 1. Select **Staged Configuration**. 1. In the Choose Staged Configuration menu that appears, select an existing Staged Configuration. 1. Enter a name for your new Staged Configuration. -1. Select **Next**. +1. Select **Next**. NGINX One Console imports the configuration from the existing Staged Configuration. You can now edit the configuration. When you're ready to stop and save your work, select Save. diff --git a/content/nginx-one/staged-configs/api-staged-config.md b/content/nginx-one/nginx-configs/staged-configs/api-staged-config.md similarity index 100% rename from content/nginx-one/staged-configs/api-staged-config.md rename to content/nginx-one/nginx-configs/staged-configs/api-staged-config.md diff --git a/content/nginx-one/staged-configs/edit-staged-config.md b/content/nginx-one/nginx-configs/staged-configs/edit-staged-config.md similarity index 100% rename from content/nginx-one/staged-configs/edit-staged-config.md rename to content/nginx-one/nginx-configs/staged-configs/edit-staged-config.md diff --git a/content/nginx-one/staged-configs/import-export-staged-config.md b/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md similarity index 97% rename from content/nginx-one/staged-configs/import-export-staged-config.md rename to content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md index 68993ee99..7dee6a257 100644 --- a/content/nginx-one/staged-configs/import-export-staged-config.md +++ b/content/nginx-one/nginx-configs/staged-configs/import-export-staged-config.md @@ -26,7 +26,7 @@ Before you import or export a Staged Configuration to NGINX One Console, ensure: - You have an NGINX One Console account with staged configuration permissions. -You can also import, export, and manage multiple Staged Configurations through [the API]({{< ref "/nginx-one/staged-configs/api-staged-config.md" >}}). +You can also import, export, and manage multiple Staged Configurations through [the API]({{< ref "/nginx-one/nginx-configs/staged-configs/api-staged-config.md" >}}). ## Considerations diff --git a/content/nginx-one/rbac/overview.md b/content/nginx-one/rbac/overview.md index 2bcdfc17b..7282834e4 100644 --- a/content/nginx-one/rbac/overview.md +++ b/content/nginx-one/rbac/overview.md @@ -4,7 +4,7 @@ weight: 400 toc: true type: reference product: NGINX One -docs: DOCS-000 +nd-docs: DOCS-000 --- {{< include "security/rbac-intro.md" >}} diff --git a/content/nginx-one/rbac/rbac-api.md b/content/nginx-one/rbac/rbac-api.md index 11e90cfc3..4cf387018 100644 --- a/content/nginx-one/rbac/rbac-api.md +++ b/content/nginx-one/rbac/rbac-api.md @@ -4,13 +4,13 @@ weight: 500 toc: true type: reference product: NGINX One -docs: DOCS-000 +nd-docs: DOCS-000 --- Beyond the [Default roles]({{< ref "/nginx-one/rbac/roles.md" >}}) for NGINX One Console access, you can create [custom roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles#custom-roles) with more precisely defined access permissions. You can assign custom roles to users or service accounts. -You can associate these roles with specific [namespaces](https://docs.cloud.f5.com/docs-v2/multi-cloud-app-connect/how-to/app-security/service-policy), to help facilitate the principle of least privilege across your tenant. +You can associate these roles with specific [namespaces](https://docs.cloud.f5.com/docs-v2/multi-cloud-app-connect/how-to/app-security/service-policy), to help facilitate the principle of least privilege across your tenant. For this use-case, we include a list of API groups that you can use to specify permissions for custom roles with more granular access controls to NGINX One Console APIs. ## F5 API groups for NGINX One diff --git a/content/nginx-one/rbac/roles.md b/content/nginx-one/rbac/roles.md index e2d33a15b..521bd70c5 100644 --- a/content/nginx-one/rbac/roles.md +++ b/content/nginx-one/rbac/roles.md @@ -4,7 +4,7 @@ weight: 500 toc: true type: reference product: NGINX One -docs: DOCS-000 +nd-docs: DOCS-000 --- ## Default roles @@ -13,7 +13,7 @@ We provide three default **[roles](https://docs.cloud.f5.com/docs-v2/administrat ### Admin -The Admin role, identified as `f5xc-nginx-one-standard-admin`, provides full read and write access to all endpoints and features within the NGINX One Console. +The Admin role, identified as `f5xc-nginx-one-standard-admin`, provides full read and write access to all endpoints and features within the NGINX One Console. It also supports Role-based access control for related XC services. ### User diff --git a/content/nginx/admin-guide/basic-functionality/managing-configuration-files.md b/content/nginx/admin-guide/basic-functionality/managing-configuration-files.md index a4b4c123e..4b41b5b71 100644 --- a/content/nginx/admin-guide/basic-functionality/managing-configuration-files.md +++ b/content/nginx/admin-guide/basic-functionality/managing-configuration-files.md @@ -1,7 +1,7 @@ --- description: Understand the basic elements in an NGINX or F5 NGINX Plus configuration file, including directives and contexts. -docs: DOCS-378 +nd-docs: DOCS-378 title: Create NGINX Plus and NGINX Configuration Files toc: true weight: 200 @@ -9,7 +9,7 @@ type: - how-to --- -NGINX and NGINXΒ Plus are similar to other services in using a text‑based configuration file with a precise format. By default the file is named **nginx.conf** and for NGINXΒ Plus is placed in the `**/etc/nginx**` directory. +NGINX and NGINXΒ Plus are similar to other services in using a text‑based configuration file with a precise format. By default the file is named **nginx.conf** and for NGINXΒ Plus is placed in the `**/etc/nginx**` directory. For NGINX OpenΒ Source, the location depends on the package system used to install NGINX and the operating system. It is typically one of `**/usr/local/nginx/conf**`, `**/etc/nginx**`, or `**/usr/local/etc/nginx**`. diff --git a/content/nginx/admin-guide/basic-functionality/runtime-control.md b/content/nginx/admin-guide/basic-functionality/runtime-control.md index 65414ce62..f69773bf4 100644 --- a/content/nginx/admin-guide/basic-functionality/runtime-control.md +++ b/content/nginx/admin-guide/basic-functionality/runtime-control.md @@ -1,7 +1,7 @@ --- description: Understand the NGINX processes that handle traffic, and how to control them at runtime. -docs: DOCS-379 +nd-docs: DOCS-379 title: Control NGINX Processes at Runtime toc: true weight: 100 diff --git a/content/nginx/admin-guide/content-cache/content-caching.md b/content/nginx/admin-guide/content-cache/content-caching.md index 07f00b3dd..7ebd880a9 100644 --- a/content/nginx/admin-guide/content-cache/content-caching.md +++ b/content/nginx/admin-guide/content-cache/content-caching.md @@ -1,7 +1,7 @@ --- description: Cache both static and dynamic content from your proxied web and application servers, to speed delivery to clients and reduce the load on the servers. -docs: DOCS-380 +nd-docs: DOCS-380 title: NGINX Content Caching toc: true weight: 100 diff --git a/content/nginx/admin-guide/dynamic-modules/brotli.md b/content/nginx/admin-guide/dynamic-modules/brotli.md index 66935fac6..d885b0fb3 100644 --- a/content/nginx/admin-guide/dynamic-modules/brotli.md +++ b/content/nginx/admin-guide/dynamic-modules/brotli.md @@ -1,6 +1,6 @@ --- description: Learn how to use the Brotli module with F5 NGINX Plus -docs: DOCS-381 +nd-docs: DOCS-381 title: Brotli toc: true weight: 100 @@ -19,7 +19,7 @@ The [ngx_brotli](https://github.com/google/ngx_brotli) module enables Brotli com ## Prerequisites -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. 2. If required, install the **epel-release** dependency @@ -35,12 +35,11 @@ The [ngx_brotli](https://github.com/google/ngx_brotli) module enables Brotli com sudo yum update && \ sudo yum install epel-release -y ``` - - +3. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. ## Installation -Install the Brotli module package `nginx-plus-module-brotli`. +Install the Brotli module package `nginx-plus-module-brotli` from the official NGINX Plus repository. - for Amazon Linux 2 LTS, CentOS, Oracle Linux, and RHEL: @@ -77,8 +76,6 @@ Install the Brotli module package `nginx-plus-module-brotli`. sudo pkg install nginx-plus-module-brotli ``` - - ## Configuration After installation you will need to enable and configure Brotli modules in NGINX Plus configuration file **nginx.conf**. @@ -125,14 +122,12 @@ After installation you will need to enable and configure Brotli modules in NGINX nginx -s reload ``` +## More info +- [The `ngx_brotli` module GitHub project](https://github.com/google/ngx_brotli) -## More Info - -- [NGINX Module for Brotli Compression Reference](https://github.com/google/ngx_brotli) - -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/cookie-flag.md b/content/nginx/admin-guide/dynamic-modules/cookie-flag.md index f83eb6c10..7068d1449 100644 --- a/content/nginx/admin-guide/dynamic-modules/cookie-flag.md +++ b/content/nginx/admin-guide/dynamic-modules/cookie-flag.md @@ -2,7 +2,7 @@ description: Set `HttpOnly`, `SameSite`, and `secure` flags on cookies in `Set-Cookie` upstream response headers with the **Cookie-Flag** dynamic module, community-authored and supported by NGINX, Inc. -docs: DOCS-382 +nd-docs: DOCS-382 title: Cookie-Flag toc: true weight: 100 @@ -10,21 +10,21 @@ type: - how-to --- -{{< note >}} The `nginx-plus-module-cookie-flag` package is no longer available.{{< /note >}} +{{< note >}} The `nginx-plus-module-cookie-flag` package is no longer available in the NGINX Plus repository.{{< /note >}} -The module was deprecated in [NGINX Plus Release 23]({{< ref "nginx/releases.md#r23" >}}) and removed in [NGINX Plus Release 26]({{< ref "nginx/releases.md#r26" >}}). Its functionality has been replaced with natively supported [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive. +The module was deprecated in [NGINX Plus Release 23]({{< ref "/nginx/releases.md#r23" >}}) and removed in [NGINX Plus Release 26]({{< ref "/nginx/releases.md#r26" >}}). Its functionality has been replaced with natively supported [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive. -To remove the module, follow the [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) instructions. +To remove the module, follow the [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) instructions. To learn how to replace the module with the native solution, see [Native Method for Setting Cookie Flags](https://www.nginx.com/blog/nginx-plus-r23-released#cookie-flags) and the [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive. -## More Info +## More info -- [NGINX Module Reference for Adding Cookie Flag](https://github.com/AirisX/nginx_cookie_flag_module) +- [NGINX module reference for adding Cookie flag](https://github.com/AirisX/nginx_cookie_flag_module) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md b/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md index 2edfeb89d..aa75944a8 100644 --- a/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md +++ b/content/nginx/admin-guide/dynamic-modules/dynamic-modules.md @@ -1,7 +1,7 @@ --- description: Load modules dynamically into F5 NGINX Plus at runtime to add specialized functionality, including features authored by third parties. -docs: DOCS-383 +nd-docs: DOCS-383 title: Dynamic Modules toc: true weight: 10 @@ -11,13 +11,13 @@ type: ## Overview -F5 NGINX Plus uses a modular architecture. New features and functionality can be added with software modules, which can be plugged into a running NGINX Plus instance on demand. Dynamic modules add functionality to NGINX Plus such as [geolocating users by IP address]({{< ref "geoip2.md" >}}), [resizing images]({{< ref "image-filter.md" >}}), and embedding [NGINX JavaScript njs]({{< ref "nginscript.md" >}}) or [Lua]({{< ref "nginx/admin-guide/dynamic-modules/lua.md" >}}) scripts into the NGINX Plus event‑processing model. Modules are created both by NGINX and third‑party developers. +F5 NGINX Plus uses a modular architecture. New features and functionality can be added with software modules, which can be plugged into a running NGINX Plus instance on demand. Dynamic modules add functionality to NGINX Plus such as [geolocating users by IP address]({{< ref "/nginx/admin-guide/dynamic-modules/geoip2.md" >}}), [resizing images]({{< ref "/nginx/admin-guide/dynamic-modules/image-filter.md" >}}), and embedding [NGINX JavaScript njs]({{< ref "/nginx/admin-guide/dynamic-modules/nginscript.md" >}}) or [Lua]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}}) scripts into the NGINX Plus event‑processing model. Modules are created both by NGINX and third‑party developers. NGINX Plus allows features to be plugged in on demand Dynamic modules are shared object files (`.so`) that can be loaded at runtime using the [`load_module`](https://nginx.org/en/docs/ngx_core_module.html#load_module) directive in the NGINX configuration. -NGINX maintains the official NGINX Plus repository, which also provides packaged binaries for both [NGINX‑authored](#nginx-authored-dynamic-modules) and [NGINX‑certified community](#nginx-certified-community-dynamic-modules) dynamic modules. All modules in this repository are fully tested to ensure full compatibility with NGINX Plus. +NGINX maintains the official NGINX Plus repository, which also provides packaged binaries for both [NGINX‑authored]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#nginx-authored-dynamic-modules" >}}) and [NGINX‑certified community]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#nginx-certified-community-dynamic-modules" >}}) dynamic modules. All modules in this repository are fully tested to ensure full compatibility with NGINX Plus. For module‑specific installation and usage instructions, select the corresponding package name in the table. @@ -25,45 +25,44 @@ For module‑specific installation and usage instructions, select the correspond {{< bootstrap-table "table table-striped table-bordered" >}} | Name | Description | Package name | |---------------------------------|-----------------------------------|--------------------| -| [Brotli](https://github.com/google/ngx_brotli) | Brotli compression support with modules for dynamic compression and for serving pre-compressed `.br` files. | [`nginx-plus-module-brotli`]({{< ref "nginx/admin-guide/dynamic-modules/brotli.md" >}}) | -| [Encrypted-Session](https://github.com/openresty/encrypted-session-nginx-module) | AES-256 based encryption/decryption of NGINX variables. | [`nginx-plus-module-encrypted-session`]({{< ref "nginx/admin-guide/dynamic-modules/encrypted-session.md" >}}) | -| [FIPS Status Check](https://github.com/ogarrett/nginx-fips-check-module) | Verifies if OpenSSL is operating in FIPS mode. | [`nginx-plus-module-fips-check`]({{< ref "nginx/admin-guide/dynamic-modules/fips.md" >}})| -| [GeoIP](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) | Enables IP-based geolocation using the precompiled MaxMind databases. | [`nginx-plus-module-geoip`]({{< ref "nginx/admin-guide/dynamic-modules/geoip.md" >}}) | -| [GeoIP2](https://github.com/leev/ngx_http_geoip2_module) | Uses MaxMind GeoIP2 for enhanced geolocation. | [`nginx-plus-module-geoip2`]({{< ref "nginx/admin-guide/dynamic-modules/geoip2.md" >}})| -| [Headers-More](https://github.com/openresty/headers-more-nginx-module) | Extends the NGINX [Headers](https://nginx.org/en/docs/http/ngx_http_headers_module.html) module to modify request and response headers. | [`nginx-plus-module-headers-more`]({{< ref "nginx/admin-guide/dynamic-modules/headers-more.md" >}}) | -| [HTTP Substitutions Filter](https://github.com/yaoweibin/ngx_http_substitutions_filter_module) | Enables regex and string-based substitutions in response bodies. | [`nginx-plus-module-subs-filter`]({{< ref "nginx/admin-guide/dynamic-modules/http-substitutions-filter.md" >}}) | -| [Image-Filter](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html) | Adds on-the-fly support for JPEG, GIF, PNG, and WebP image resizing and cropping. | [`nginx-plus-module-image-filter`]({{< ref "nginx/admin-guide/dynamic-modules/image-filter.md" >}}) | -| [Lua](https://github.com/openresty/lua-nginx-module) | Embeds Lua programming language. | [`nginx-plus-module-lua`]({{< ref "nginx/admin-guide/dynamic-modules/lua.md" >}})| -| [NGINX Developer Kit](https://github.com/vision5/ngx_devel_kit) | Provides helper macros for module development. | [`nginx-plus-module-ndk`]({{< ref "nginx/admin-guide/dynamic-modules/ndk.md" >}}) | -| [njs Scripting Language](https://nginx.org/en/docs/njs/) | Adds JavaScript-like scripting for advanced server-side logic in NGINX configuration file. | [`nginx-plus-module-njs`]({{< ref "nginx/admin-guide/dynamic-modules/nginscript.md" >}}) | -| [OpenTelemetry](https://nginx.org/en/docs/ngx_otel_module.html#directives) | Adds distributed tracing support via OpenTelemetry. | [`nginx-plus-module-otel`]({{< ref "nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) | -| [Perl](https://nginx.org/en/docs/http/ngx_http_perl_module.html)| Integrates Perl scripting for advanced customization. | [`nginx-plus-module-perl`]({{< ref "nginx/admin-guide/dynamic-modules/perl.md" >}}) | -| [Phusion Passenger](https://www.phusionpassenger.com/library/install/nginx/) | Application server for Node.js, Python, Ruby. | [`nginx-plus-module-passenger`]({{< ref "nginx/admin-guide/dynamic-modules/passenger-open-source.md" >}}) | -| [Prometheus-njs](https://github.com/nginx/nginx-prometheus-exporter) | Converts [NGINX Plus metrics](https://demo.nginx.com/swagger-ui/) into Prometheus format. | [`nginx-plus-module-prometheus`]({{< ref "nginx/admin-guide/dynamic-modules/prometheus-njs.md" >}}) | -| [RTMP](https://github.com/arut/nginx-rtmp-module) | Adds streaming capabilities (RTMP, HLS, MPEG-DASH, FFmpeg support).| [`nginx-plus-module-rtmp`]({{< ref "nginx/admin-guide/dynamic-modules/rtmp.md" >}}) | -| [Set-Misc](https://github.com/openresty/set-misc-nginx-module) | Adds `set_*` directives for scripting (extend NGINX [Rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module). | [`nginx-plus-module-set-misc`]({{< ref "nginx/admin-guide/dynamic-modules/set-misc.md" >}}) | -| [SPNEGO for Kerberos](https://github.com/stnoonan/spnego-http-auth-nginx-module) | Adds support for [GSS‑API based](https://www.rfc-editor.org/rfc/rfc2743) SPNEGO/Kerberos authentication. | [`nginx-plus-module-auth-spnego`]({{< ref "nginx/admin-guide/dynamic-modules/spnego.md" >}}) | -| [XSLT](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) | Applies XSLT transformations to XML responses. | [`nginx-plus-module-xslt`]({{< ref "nginx/admin-guide/dynamic-modules/xslt.md" >}}) | +| [Brotli](https://github.com/google/ngx_brotli) | Brotli compression support with modules for dynamic compression and for serving pre-compressed `.br` files. | [`nginx-plus-module-brotli`]({{< ref "/nginx/admin-guide/dynamic-modules/brotli.md" >}}) | +| [Encrypted-Session](https://github.com/openresty/encrypted-session-nginx-module) | AES-256 based encryption/decryption of NGINX variables. | [`nginx-plus-module-encrypted-session`]({{< ref "/nginx/admin-guide/dynamic-modules/encrypted-session.md" >}}) | +| [FIPS Status Check](https://github.com/ogarrett/nginx-fips-check-module) | Verifies if OpenSSL is operating in FIPS mode. | [`nginx-plus-module-fips-check`]({{< ref "/nginx/admin-guide/dynamic-modules/fips.md" >}})| +| [GeoIP](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) | Enables IP-based geolocation using the precompiled MaxMind databases. | [`nginx-plus-module-geoip`]({{< ref "/nginx/admin-guide/dynamic-modules/geoip.md" >}}) | +| [GeoIP2](https://github.com/leev/ngx_http_geoip2_module) | Uses MaxMind GeoIP2 for enhanced geolocation. | [`nginx-plus-module-geoip2`]({{< ref "/nginx/admin-guide/dynamic-modules/geoip2.md" >}})| +| [Headers-More](https://github.com/openresty/headers-more-nginx-module) | Extends the NGINX [Headers](https://nginx.org/en/docs/http/ngx_http_headers_module.html) module to modify request and response headers. | [`nginx-plus-module-headers-more`]({{< ref "/nginx/admin-guide/dynamic-modules/headers-more.md" >}}) | +| [HTTP Substitutions Filter](https://github.com/yaoweibin/ngx_http_substitutions_filter_module) | Enables regex and string-based substitutions in response bodies. | [`nginx-plus-module-subs-filter`]({{< ref "/nginx/admin-guide/dynamic-modules/http-substitutions-filter.md" >}}) | +| [Image-Filter](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html) | Adds on-the-fly support for JPEG, GIF, PNG, and WebP image resizing and cropping. | [`nginx-plus-module-image-filter`]({{< ref "/nginx/admin-guide/dynamic-modules/image-filter.md" >}}) | +| [Lua](https://github.com/openresty/lua-nginx-module) | Embeds Lua programming language. | [`nginx-plus-module-lua`]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}})| +| [NGINX Developer Kit](https://github.com/vision5/ngx_devel_kit) | Provides helper macros for module development. | [`nginx-plus-module-ndk`]({{< ref "/nginx/admin-guide/dynamic-modules/ndk.md" >}}) | +| [njs Scripting Language](https://nginx.org/en/docs/njs/) | Adds JavaScript-like scripting for advanced server-side logic in NGINX configuration file. | [`nginx-plus-module-njs`]({{< ref "/nginx/admin-guide/dynamic-modules/nginscript.md" >}}) | +| [OpenTelemetry](https://nginx.org/en/docs/ngx_otel_module.html#directives) | Adds distributed tracing support via OpenTelemetry. | [`nginx-plus-module-otel`]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) | +| [Perl](https://nginx.org/en/docs/http/ngx_http_perl_module.html)| Integrates Perl scripting for advanced customization. | [`nginx-plus-module-perl`]({{< ref "/nginx/admin-guide/dynamic-modules/perl.md" >}}) | +| [Phusion Passenger](https://www.phusionpassenger.com/library/install/nginx/) | Application server for Node.js, Python, Ruby. | [`nginx-plus-module-passenger`]({{< ref "/nginx/admin-guide/dynamic-modules/passenger-open-source.md" >}}) | +| [Prometheus-njs](https://github.com/nginx/nginx-prometheus-exporter) | Converts [NGINX Plus metrics](https://demo.nginx.com/swagger-ui/) into Prometheus format. | [`nginx-plus-module-prometheus`]({{< ref "/nginx/admin-guide/dynamic-modules/prometheus-njs.md" >}}) | +| [RTMP](https://github.com/arut/nginx-rtmp-module) | Adds streaming capabilities (RTMP, HLS, MPEG-DASH, FFmpeg support).| [`nginx-plus-module-rtmp`]({{< ref "/nginx/admin-guide/dynamic-modules/rtmp.md" >}}) | +| [Set-Misc](https://github.com/openresty/set-misc-nginx-module) | Adds `set_*` directives for scripting (extend NGINX [Rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module). | [`nginx-plus-module-set-misc`]({{< ref "/nginx/admin-guide/dynamic-modules/set-misc.md" >}}) | +| [SPNEGO for Kerberos](https://github.com/stnoonan/spnego-http-auth-nginx-module) | Adds support for [GSS‑API based](https://www.rfc-editor.org/rfc/rfc2743) SPNEGO/Kerberos authentication. | [`nginx-plus-module-auth-spnego`]({{< ref "/nginx/admin-guide/dynamic-modules/spnego.md" >}}) | +| [XSLT](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) | Applies XSLT transformations to XML responses. | [`nginx-plus-module-xslt`]({{< ref "/nginx/admin-guide/dynamic-modules/xslt.md" >}}) | {{< /bootstrap-table >}} -### Community Dynamic Modules -Besides the modules provided in the official repository, a wide range of third-party modules is available through community-driven projects such as [Awesome NGINX GitHub project](https://github.com/agile6v/awesome-nginx#third-party-modules). Many of these modules can be [compiled as dynamic modules](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/#install_modules_oss) and used with your NGINX Plus or NGINX Open Source deployments. +### Community dynamic modules +Besides the modules provided in the official repository, a wide range of third-party modules is available through community-driven projects such as [Awesome NGINX GitHub project](https://github.com/agile6v/awesome-nginx#third-party-modules). Many of these modules can be [compiled as dynamic modules]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#install_modules_oss" >}}) and used with your NGINX Plus or NGINX Open Source deployments. -### NGINX Certified Partner Dynamic Modules +### NGINX Certified Partner dynamic modules In addition to the modules authored by NGINX and community third‑party developers, NGINX Certified Partner Modules are available for purchase from commercial third parties. Certified Modules are distributed and supported by their authors. NGINX has tested the modules extensively and [certifies](https://www.f5.com/go/partner/nginx-certified-module-program-documentation) that they do not interfere with standard NGINX Plus functionality. -NGINX Certified Partner Modules can be found on the [F5 Dynamic Modules page](https://www.f5.com/go/product/nginx-modules?filter=module-author%3Anginx-certified-partner). +NGINX Certified Partner modules can be found on the [F5 Dynamic Modules page](https://www.f5.com/go/product/nginx-modules?filter=module-author%3Anginx-certified-partner). ### Prerequisites -To get started using dynamic modules, first install the [latest NGINX Plus release]({{< ref "nginx/releases.md" >}}), following the [installation instructions]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). Dynamic modules are supported since [NGINX Plus Release 9]({{< ref "/nginx/releases.md#r9" >}}). +To get started using dynamic modules, first install the [latest NGINX Plus release]({{< ref "/nginx/releases.md" >}}), following the [installation instructions]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). Dynamic modules are supported since [NGINX Plus Release 9]({{< ref "/nginx/releases.md#r9" >}}). -## Getting Started with the Dynamic Modules Repository +## Getting started with the dynamic modules repository You can access and install the modules from the NGINX Plus repository using standard package management tools such as `apt`, `dnf`, `pkg`, `yum`, or `zypper`. - -### Displaying the List of Available Modules +### Displaying the list of available modules To see the list of available modules, run this command (for Debian and Ubuntu): @@ -110,7 +109,7 @@ nginx-plus-module-njs/stable nginx-plus-module-opentracing/stable NGINX Plus 3rd-party OpenTracing dynamic module - + nginx-plus-module-otel/stable NGINX Plus OpenTelemetry dynamic module @@ -137,7 +136,7 @@ nginx-plus-module-xslt/stable ``` -The command output also includes an optional debugging symbols package available for each module, for example, `nginx-plus-module-njs-dbg`. These packages are intended for troubleshooting and diagnostics and should be installed only in debugging or development environments. For more information, see [Debugging NGINX]({{< ref "nginx/admin-guide/monitoring/debugging.md" >}}). +The command output also includes an optional debugging symbols package available for each module, for example, `nginx-plus-module-njs-dbg`. These packages are intended for troubleshooting and diagnostics and should be installed only in debugging or development environments. For more information, see [Debugging NGINX]({{< ref "/nginx/admin-guide/monitoring/debugging.md" >}}). ### Installing and loading the module @@ -177,24 +176,24 @@ For example, to enable the `njs` dynamic modules after the installation of the ` ### Caveats -Certain dynamic modules may be unavailable on specific operating system versions due to platform limitations. For detailed compatibility information, see the [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md#dynamic-modules" >}}). +Certain dynamic modules may be unavailable on specific operating system versions due to platform limitations. For detailed compatibility information, see the [NGINX Plus Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}). -## Compiling Your Own Dynamic Modules +## Compiling your own dynamic modules To compile your own dynamic modules, see the [Compiling Third-Party Dynamic Modules for NGINX Plus](https://www.f5.com/company/blog/nginx/compiling-dynamic-modules-nginx-plus) blogpost. -## Uninstalling a Dynamic Module +## Uninstalling a dynamic module To uninstall a dynamic module, see the [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) article. ## See Also -- [Installing NGINX Plus]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) +- [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Compiling Third-Party Dynamic Modules blogpost](https://www.f5.com/company/blog/nginx/compiling-dynamic-modules-nginx-plus) +- [Compiling third-party dynamic modules](https://www.f5.com/company/blog/nginx/compiling-dynamic-modules-nginx-plus) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/encrypted-session.md b/content/nginx/admin-guide/dynamic-modules/encrypted-session.md index 47dece320..a3a90e94a 100644 --- a/content/nginx/admin-guide/dynamic-modules/encrypted-session.md +++ b/content/nginx/admin-guide/dynamic-modules/encrypted-session.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-384 +nd-docs: DOCS-384 title: Encrypted-Session toc: true weight: 100 @@ -8,17 +8,19 @@ type: - how-to --- -The Encrypted Session dynamic module provides encryption and decryption support for NGINX variables based on AES-256 with MAC. It is usually used with the [Set-Misc](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/set-misc/) dynamic module and the NGINX [`rewrite`](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module. +The Encrypted Session dynamic module provides encryption and decryption support for NGINX variables based on AES-256 with MAC. It is usually used with the [Set-Misc]({{< ref "/nginx/admin-guide/dynamic-modules/set-misc.md" >}}) dynamic module and the NGINX [`rewrite`](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module. ## Prerequisites -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Prior to installing the module, verify that the [NDK]({{< ref "ndk.md" >}}) module is already installed. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Prior to installing the module, verify that the [NDK]({{< ref "ndk.md" >}}) module is already installed. ## Installation -1. Install the Encrypted Session module package `nginx-plus-module-encrypted-session`. +1. Install the Encrypted Session module package `nginx-plus-module-encrypted-session` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -99,12 +101,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [NGINX encrypted-session-nginx-module Module Reference](https://github.com/openresty/encrypted-session-nginx-module) +- [The `encrypted-session-nginx-module` module GitHub project](https://github.com/openresty/encrypted-session-nginx-module) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/fips.md b/content/nginx/admin-guide/dynamic-modules/fips.md index 831173191..bc7942a33 100644 --- a/content/nginx/admin-guide/dynamic-modules/fips.md +++ b/content/nginx/admin-guide/dynamic-modules/fips.md @@ -1,7 +1,7 @@ --- description: Verify compliance with [FIPS 140-2](https://csrc.nist.gov/publications/detail/fips/140/2/final) security requirements for cryptographic modules. -docs: DOCS-385 +nd-docs: DOCS-385 title: FIPS Status Check toc: true weight: 100 @@ -13,9 +13,11 @@ For F5 NGINX Plus, the cryptographic boundary includes all functionality that is ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Install the FIPS module package `nginx-plus-module-fips-check`. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Install the FIPS module package `nginx-plus-module-fips-check` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -93,14 +95,14 @@ After installation you will need to enable and configure the module in NGINX Plu nginx -s reload ``` -## More Info +## More info -- [FIPS Compliance for NGINX Plus](https://docs.nginx.com/nginx/fips-compliance-nginx-plus/) +- [FIPS compliance for NGINX Plus]({{< ref "/nginx/fips-compliance-nginx-plus.md" >}}) -- [NGINX FIPS Status Check Module Reference](https://github.com/ogarrett/nginx-fips-check-module) +- [NGINX FIPS Status Check module GitHub project](https://github.com/ogarrett/nginx-fips-check-module) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/geoip.md b/content/nginx/admin-guide/dynamic-modules/geoip.md index 783b157aa..ea44055a9 100644 --- a/content/nginx/admin-guide/dynamic-modules/geoip.md +++ b/content/nginx/admin-guide/dynamic-modules/geoip.md @@ -1,7 +1,7 @@ --- description: Capture information from the client IP address in variables, using the MaxMind GeoIP databases, with the GeoIP dynamic module supported by NGINX, Inc. -docs: DOCS-386 +nd-docs: DOCS-386 title: GeoIP toc: true weight: 100 @@ -9,13 +9,17 @@ type: - how-to --- +The GeoIP dynamic module captures information from the client IP address in variables using the MaxMind GeoLite databases. + {{< note >}} MaxMind GeoLite Legacy databases are currently [discontinued](https://blog.maxmind.com/2018/01/discontinuation-of-the-geolite-legacy-databases), MaxMind GeoIP2 or Geolite2 databases and F5 NGINX Plus [GeoIP2 module]({{< ref "geoip2.md" >}}) should be used instead. {{< /note >}} ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the GeoIP module package `nginx-plus-module-geoip`. +3. Install the GeoIP module package `nginx-plus-module-geoip` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -60,6 +64,10 @@ After installation you will need to enable and configure the module in NGINX Plu http { # ... } + + stream { + # ... + } ``` 2. Perform additional configuration as required by the module ([HTTP](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) or [TCP/UDP](https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html)). @@ -83,18 +91,18 @@ After installation you will need to enable and configure the module in NGINX Plu nginx -s reload ``` -## More Info +## More info -- [GeoIP2 Dynamic Module Installation Instructions]({{< ref "geoip2.md" >}}) +- [GeoIP2 dynamic module]({{< ref "geoip2.md" >}}) -- [Restricting Access by Geographical Location]({{< ref "nginx/admin-guide/security-controls/controlling-access-by-geoip.md" >}}) +- [Restricting access by geographical location]({{< ref "/nginx/admin-guide/security-controls/controlling-access-by-geoip.md" >}}) -- [ngx_http_geoip_module Module Reference](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) +- [NGINX `ngx_http_geoip_module` module reference](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) -- [ngx_stream_geoip_module Module Reference](https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html) +- [NGINX `ngx_stream_geoip_module` module reference](https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/geoip2.md b/content/nginx/admin-guide/dynamic-modules/geoip2.md index aa06f7274..500527fd8 100644 --- a/content/nginx/admin-guide/dynamic-modules/geoip2.md +++ b/content/nginx/admin-guide/dynamic-modules/geoip2.md @@ -2,7 +2,7 @@ description: Capture information from the client IP address in variables, using the [MaxMind GeoIP2](https://www.maxmind.com/en/geoip2-databases) databases, with the GeoIP2 dynamic module supported by NGINX, Inc. -docs: DOCS-387 +nd-docs: DOCS-387 title: GeoIP2 toc: true weight: 100 @@ -10,18 +10,16 @@ type: - how-to --- - -## Module Info - [MaxMind GeoIP2](https://www.maxmind.com/en/geoip2-databases) databases provide contextual data for a comprehensive profile of IP addresses, including geolocation data (region, state, city, postal code) and extra data (ISP, domain, connection type). Basing on these data, F5 NGINX Plus will be able to perform different user differentiation strategies, for example, provide different type of content depending on a country. - ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the GeoIP2 module package `nginx-plus-module-geoip2`. +3. Install the GeoIP2 module package `nginx-plus-module-geoip2` from the official NGINX Plus repository. For CentOS, Oracle Linux, and RHEL: @@ -74,6 +72,10 @@ After installation you will need to enable and configure the module in NGINX Plu http { # ... } + + stream { + # ... + } ``` 2. Perform additional configuration as required by the [module](https://github.com/leev/ngx_http_geoip2_module#user-content-download-maxmind-geolite2-database-optional). @@ -98,16 +100,16 @@ After installation you will need to enable and configure the module in NGINX Plu ``` -## More Info +## More info -- [Restricting Access by Geographical Location]({{< ref "nginx/admin-guide/security-controls/controlling-access-by-geoip.md" >}}) +- [Restricting Access by Geographical Location]({{< ref "/nginx/admin-guide/security-controls/controlling-access-by-geoip.md" >}}) -- [MaxMind GeoIP2 Databases](https://www.maxmind.com/en/geoip2-databases) +- [MaxMind GeoIP2 databases](https://www.maxmind.com/en/geoip2-databases) -- [MaxMind Geolite2 Free Downloadable Databases](https://dev.maxmind.com/geoip/geoip2/geolite2/) +- [MaxMind Geolite2 free downloadable databases](https://dev.maxmind.com/geoip/geoip2/geolite2/) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/headers-more.md b/content/nginx/admin-guide/dynamic-modules/headers-more.md index 49df24db4..9c404544e 100644 --- a/content/nginx/admin-guide/dynamic-modules/headers-more.md +++ b/content/nginx/admin-guide/dynamic-modules/headers-more.md @@ -1,7 +1,7 @@ --- description: Set and clear input and output headers to extend the NGINX core [Headers](https://nginx.org/en/docs/http/ngx_http_headers_module.html) module, with the Headers-More dynamic module supported by NGINX, Inc. -docs: DOCS-388 +nd-docs: DOCS-388 title: Headers-More toc: true weight: 100 @@ -9,12 +9,15 @@ type: - how-to --- +The Headers-More dynamic module extends the NGINX core [Headers](https://nginx.org/en/docs/http/ngx_http_headers_module.html) module by enabling the functionality of setting or clearing input and output headers. ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Install the Headers-More module package `nginx-plus-module-headers-more`. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Install the Headers-More module package `nginx-plus-module-headers-more` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -94,13 +97,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` +## More info -## More Info - -- [NGINX ngx_headers_more Module Reference](https://github.com/openresty/headers-more-nginx-module) +- [NGINX `ngx_headers_more` GitHub project](https://github.com/openresty/headers-more-nginx-module) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/http-substitutions-filter.md b/content/nginx/admin-guide/dynamic-modules/http-substitutions-filter.md index 1707b63d1..ccd7277a5 100644 --- a/content/nginx/admin-guide/dynamic-modules/http-substitutions-filter.md +++ b/content/nginx/admin-guide/dynamic-modules/http-substitutions-filter.md @@ -1,7 +1,7 @@ --- description: Replace text in response bodies, using regular expressions and fixed strings, with the HTTP Substitutions Filter dynamic module supported by NGINX, Inc. -docs: DOCS-389 +nd-docs: DOCS-389 title: HTTP Substitutions Filter toc: true weight: 100 @@ -9,11 +9,15 @@ type: - how-to --- +The HTTP Substitutions Filter dynamic module replaces text in response bodies, using regular expressions and fixed strings. + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the HTTP Substitutions Filter module package `nginx-plus-module-subs-filter`. +3. Install the HTTP Substitutions Filter module package `nginx-plus-module-subs-filter` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -85,12 +89,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [NGINX Substitution Filter Module Reference](https://github.com/yaoweibin/ngx_http_substitutions_filter_module) +- [NGINX Substitution Filter GitHub project](https://github.com/yaoweibin/ngx_http_substitutions_filter_module) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/image-filter.md b/content/nginx/admin-guide/dynamic-modules/image-filter.md index 3d4a97f93..827556bc2 100644 --- a/content/nginx/admin-guide/dynamic-modules/image-filter.md +++ b/content/nginx/admin-guide/dynamic-modules/image-filter.md @@ -1,19 +1,22 @@ --- description: Crop, resize, rotate, and perform other transformations on GIF, JPEG, and PNG images, with the Image-Filter dynamic module supported by NGINX, Inc. -docs: DOCS-390 +nd-docs: DOCS-390 title: Image-Filter toc: true weight: 100 type: - how-to --- +The Image-Filter dynamic module enables you to crop, resize, rotate, and apply various transformations to GIF, JPEG, and PNG images. ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Install the Image-Filter module package `nginx-plus-module-image-filter`. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Install the Image-Filter module package `nginx-plus-module-image-filter` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -91,12 +94,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [NGINX Image Filter Module Reference](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html) +- [NGINX Image Filter module reference](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/lua.md b/content/nginx/admin-guide/dynamic-modules/lua.md index 87db66b69..8f0b237f1 100644 --- a/content/nginx/admin-guide/dynamic-modules/lua.md +++ b/content/nginx/admin-guide/dynamic-modules/lua.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-391 +nd-docs: DOCS-391 title: Lua toc: true weight: 100 @@ -12,13 +12,15 @@ Integrate Lua co-routines into the NGINX event-processing model with the communi ## Prerequisites -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Prior to installing the module, verify that the [NGINX Developer Kit (NDK)]({{< ref "nginx/admin-guide/dynamic-modules/ndk.md" >}}) module is already installed. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Prior to installing the module, verify that the [NGINX Developer Kit (NDK)]({{< ref "/nginx/admin-guide/dynamic-modules/ndk.md" >}}) module is already installed. ## Installation - Install the Lua module package `nginx-plus-module-lua`. + Install the Lua module package `nginx-plus-module-lua` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -75,6 +77,10 @@ After installation, enable and configure the modules in NGINX Plus configuration http { # ... } + + stream { + # ... + } ``` {{< note >}} The `ndk_http_module.so` module must be placed first. {{< /note >}} @@ -100,16 +106,16 @@ After installation, enable and configure the modules in NGINX Plus configuration nginx -s reload ``` -## More Info +## More info -- [The `lua-nginx-module` Module Reference](https://github.com/openresty/lua-nginx-module) +- [The `lua-nginx-module` GitHub Project](https://github.com/openresty/lua-nginx-module) - [The `stream-lua-nginx-module` Module Reference](https://github.com/openresty/stream-lua-nginx-module) -- [The NDK Module Reference](https://github.com/vision5/ngx_devel_kit) +- [The NDK Module GitHub project](https://github.com/vision5/ngx_devel_kit) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/ndk.md b/content/nginx/admin-guide/dynamic-modules/ndk.md index 8f051f955..a3476f8eb 100644 --- a/content/nginx/admin-guide/dynamic-modules/ndk.md +++ b/content/nginx/admin-guide/dynamic-modules/ndk.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-392 +nd-docs: DOCS-392 title: NGINX Developer Kit toc: true weight: 100 @@ -10,13 +10,15 @@ type: The NGINX Developer Kit (NDK) module makes it easier for module developers to develop NGINX modules. -The NDK module is also a prerequisite for [Encrypted Session]({{< ref "encrypted-session.md" >}}), [Lua]({{< ref "nginx/admin-guide/dynamic-modules/lua.md" >}}), and [Set-Misc]({{< ref "nginx/admin-guide/dynamic-modules/set-misc.md" >}}) modules. +The NDK module is also a prerequisite for [Encrypted Session]({{< ref "encrypted-session.md" >}}), [Lua]({{< ref "/nginx/admin-guide/dynamic-modules/lua.md" >}}), and [Set-Misc]({{< ref "/nginx/admin-guide/dynamic-modules/set-misc.md" >}}) modules. ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Install the NDK module package `nginx-plus-module-ndk`. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Install the NDK module package `nginx-plus-module-ndk` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -94,12 +96,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [NDK Module Reference](https://github.com/vision5/ngx_devel_kit) +- [The NDK Module GitHub project](https://github.com/vision5/ngx_devel_kit) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/nginscript.md b/content/nginx/admin-guide/dynamic-modules/nginscript.md index 36c526018..3a6cc2492 100644 --- a/content/nginx/admin-guide/dynamic-modules/nginscript.md +++ b/content/nginx/admin-guide/dynamic-modules/nginscript.md @@ -2,7 +2,7 @@ description: Integrate [JavaScript-like](https://nginx.org/en/docs/njs/) code into the NGINX event-processing model for HTTP or TDP/UDP, with the NGINX njs module, supported by NGINX, Inc. -docs: DOCS-393 +nd-docs: DOCS-393 title: njs Scripting Language toc: true weight: 100 @@ -10,11 +10,15 @@ type: - how-to --- +njs is an NGINX module that extends the server's functionality through JavaScript scripting, enabling the creation of custom server-side logic and [more](https://nginx.org/en/docs/njs/#usecases). + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the njs module package `nginx-plus-module-njs`. +3. Install the njs module package `nginx-plus-module-njs` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -70,6 +74,10 @@ After installation you will need to enable and configure the module in F5 NGINX http { # ... } + + stream { + # ... + } ``` 2. Perform additional configuration as required by the [module](https://www.nginx.com/blog/introduction-nginscript/). @@ -93,12 +101,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [njs Scripting Language Reference and Examples](https://nginx.org/en/docs/njs/) +- [njs Scripting Language reference and examples](https://nginx.org/en/docs/njs/) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/nginx-waf.md b/content/nginx/admin-guide/dynamic-modules/nginx-waf.md index b47873cd2..4564ebfb6 100644 --- a/content/nginx/admin-guide/dynamic-modules/nginx-waf.md +++ b/content/nginx/admin-guide/dynamic-modules/nginx-waf.md @@ -1,7 +1,7 @@ --- description: Protect against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, and RFI, with the F5 NGINX ModSecurity WAF dynamic module, supported by NGINX. -docs: DOCS-394 +nd-docs: DOCS-394 title: NGINX ModSecurity WAF toc: true weight: 100 @@ -9,22 +9,22 @@ type: - how-to --- -{{< note >}} The `nginx-plus-module-modsecurity` package is no longer available.{{< /note >}} +{{< note >}} The `nginx-plus-module-modsecurity` package is no longer available in the NGINX Plus repository.{{< /note >}} -The ModSecurity WAF module was deprecated since [NGINX Plus Release 29]({{< ref "nginx/releases.md#r29" >}}), and is no longer available since [NGINX Plus Release 32]({{< ref "nginx/releases.md#r32" >}}). +The ModSecurity WAF module was deprecated since [NGINX Plus Release 29]({{< ref "/nginx/releases.md#r29" >}}), and is no longer available since [NGINX Plus Release 32]({{< ref "/nginx/releases.md#r32" >}}). To remove the module, follow the [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) instructions. ## More Info -- [ModSecurity Documentation](https://github.com/SpiderLabs/ModSecurity/wiki) +- [ModSecurity documentation](https://github.com/SpiderLabs/ModSecurity/wiki) -- [NGINX ModSecurity WAF Technical Specifications](https://docs.nginx.com/nginx-waf/technical-specs/) +- [NGINX ModSecurity WAF technical specifications](https://docs.nginx.com/nginx-waf/technical-specs/) -- [Installing and Configuring NGINX ModSecurity WAF](https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging/) +- [Installing and configuring NGINX ModSecurity WAF](https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging/) - [Using the ModSecurity Rules from Trustwave SpiderLabs with the NGINX ModSecurity WAF](https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-trustwave-spiderlabs-rules/) - [Using the OWASP CRS with the NGINX ModSecurity WAF](https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs/) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/opentelemetry.md b/content/nginx/admin-guide/dynamic-modules/opentelemetry.md index 0e3d6c3f5..e3adfbf0f 100644 --- a/content/nginx/admin-guide/dynamic-modules/opentelemetry.md +++ b/content/nginx/admin-guide/dynamic-modules/opentelemetry.md @@ -1,7 +1,7 @@ --- description: Analyze your software performance by instrumenting, generating, collecting, and exporting telemetry data. -docs: DOCS-1207 +nd-docs: DOCS-1207 title: OpenTelemetry toc: true weight: 100 @@ -9,11 +9,9 @@ type: - how-to --- -## Overview - [OpenTelemetry](https://opentelemetry.io/) (OTel) is an observability framework for monitoring, tracing, troubleshooting, and optimizing applications. OTel enables the collection of telemetry data from a deployed application stack. -The `nginx-plus-module-otel` module is an [NGINX-authored]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-plus.md#nginx-authored-dynamic-modules" >}}) dynamic module that enables NGINX Plus to send telemetry data to an OTel collector. The module supports [W3C](https://w3c.github.io/trace-context/) trace context propagation, OpenTelemetry Protocol (OTLP)/gRPC trace exports, and offers several advantages over existing OTel modules including: +The `nginx-plus-module-otel` module is an [NGINX-authored]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#nginx-authored-dynamic-modules" >}}) dynamic module that enables NGINX Plus to send telemetry data to an OTel collector. The module supports [W3C](https://w3c.github.io/trace-context/) trace context propagation, OpenTelemetry Protocol (OTLP)/gRPC trace exports, and offers several advantages over existing OTel modules including: - Enhanced performance: with the module enabled, request processing overhead is limited to 10-15%, compared to other OpenTelemetry implementations, which can introduce performance degradation of up to 50%. @@ -25,14 +23,14 @@ The `nginx-plus-module-otel` module is an [NGINX-authored]({{< ref "nginx/admin- The source code for the module is available in the official [GitHub repository](https://github.com/nginxinc/nginx-otel). The official documentation, including module reference and usage examples, is available on the [nginx.org](https://nginx.org/en/docs/ngx_otel_module.html) website. -The OpenTelemetry module supersedes the deprecated [OpenTracing]({{< ref "opentracing.md" >}}) module which was available until NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}). +The OpenTelemetry module supersedes the deprecated [OpenTracing]({{< ref "opentracing.md" >}}) module which was available until NGINX Plus [Release 34]({{< ref "/nginx/releases.md#r34" >}}). ## Installation The installation process closely follows the [NGINX Plus installation procedure]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). The module is available as the prebuilt `nginx-plus-module-otel` package for various Linux distributions and can be installed directly from the official NGINX Plus repository. Prior to installation, you need to add the NGINX Plus package repository for your distribution and update the repository metadata. -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. {{< note >}} The OpenTelemetry module cannot be installed on Amazon Linux 2 LTS and SLES 15 SP5+. {{< /note >}} @@ -211,9 +209,9 @@ The installation process closely follows the [NGINX Plus installation procedure] ## Configuration - In a text editor, open the NGINX Plus configuration file: - - `/etc/nginx/nginx.conf` for Linux - - `/usr/local/etc/nginx/nginx.conf` for FreeBSD +In a text editor, open the NGINX Plus configuration file: + - `/etc/nginx/nginx.conf` for Linux + - `/usr/local/etc/nginx/nginx.conf` for FreeBSD For a complete list of directives, embedded variables, default span attributes, refer to the `ngx_otel_module` official documentation. @@ -295,12 +293,12 @@ http { ## More info -- [GitHub Repository for the NGINX Native OpenTelemetry Module](https://github.com/nginxinc/nginx-otel) +- [NGINX Native OpenTelemetry module GitHub project](https://github.com/nginxinc/nginx-otel) -- [Official Documentation for the NGINX Native OpenTelemetry Module](https://nginx.org/en/docs/ngx_otel_module.html) +- [Official documentation for the NGINX Native OpenTelemetry module](https://nginx.org/en/docs/ngx_otel_module.html) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/opentracing.md b/content/nginx/admin-guide/dynamic-modules/opentracing.md index 81c64329d..967086de3 100644 --- a/content/nginx/admin-guide/dynamic-modules/opentracing.md +++ b/content/nginx/admin-guide/dynamic-modules/opentracing.md @@ -4,7 +4,7 @@ description: Instrument NGINX with OpenTracing-compliant requests for a range of module provides the framework for recording traces; you will also need to install a service-specific tracing module. This module (β€œtracer”) pushes traces to the collector and analyser provided by that service. -docs: DOCS-395 +nd-docs: DOCS-395 title: OpenTracing toc: true weight: 100 @@ -12,19 +12,19 @@ type: - how-to --- -{{< note >}} The `nginx-plus-module-opentracing` package is no longer available.{{< /note >}} +{{< note >}} The `nginx-plus-module-opentracing` package is no longer available in the NGINX Plus repository.{{< /note >}} -The module was deprecated in [NGINX Plus Release 31]({{< ref "nginx/releases.md#r31" >}}) and removed in [NGINX Plus Release 34]({{< ref "nginx/releases.md#r34" >}}). Its functionality has been replaced with the [OpenTelemetry]({{< ref "nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module. +The module was deprecated in [NGINX Plus Release 31]({{< ref "/nginx/releases.md#r31" >}}) and removed in [NGINX Plus Release 34]({{< ref "/nginx/releases.md#r34" >}}). Its functionality has been replaced with the [OpenTelemetry]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}}) module. -To remove the module, follow the [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) instructions. +To remove the module, follow the [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) instructions. -## More Info +## More info -- [NGINX plugin for OpenTracing Reference](https://github.com/opentracing-contrib/nginx-opentracing) +- [NGINX plugin for OpenTracing GitHub project](https://github.com/opentracing-contrib/nginx-opentracing) -- [NGINX Dynamic Modules]({{< ref "nginx/admin-guide/dynamic-modules/dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "/nginx/admin-guide/dynamic-modules/dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/passenger-open-source.md b/content/nginx/admin-guide/dynamic-modules/passenger-open-source.md index bf1cc841f..b65c82689 100644 --- a/content/nginx/admin-guide/dynamic-modules/passenger-open-source.md +++ b/content/nginx/admin-guide/dynamic-modules/passenger-open-source.md @@ -2,7 +2,7 @@ description: Deploy and administer applications written in Node.js, Python, and Ruby with the Passenger Open Source dynamic module from Phusion, supported by NGINX, Inc. -docs: DOCS-396 +nd-docs: DOCS-396 title: Phusion Passenger Open Source toc: true weight: 100 @@ -10,12 +10,15 @@ type: - how-to --- - +The Passenger Open Source dynamic module from Phusion enables deployment and administration of applications written in Node.js, Python, and Ruby. + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the Phusion Passenger Open Source module package `nginx-plus-module-passenger`. +3. Install the Phusion Passenger Open Source module package `nginx-plus-module-passenger` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -58,9 +61,6 @@ type: sudo pkg install nginx-plus-module-passenger ``` - - - ## Configuration After installation you will need to enable and configure the module in F5 NGINX Plus configuration file `nginx.conf`. @@ -96,14 +96,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` - - ## More Info -- [Passenger Documentation](https://www.phusionpassenger.com/library/install/nginx/) +- [Passenger documentation](https://www.phusionpassenger.com/library/install/nginx/) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/perl.md b/content/nginx/admin-guide/dynamic-modules/perl.md index bc932dfc8..0ea7d52b3 100644 --- a/content/nginx/admin-guide/dynamic-modules/perl.md +++ b/content/nginx/admin-guide/dynamic-modules/perl.md @@ -2,7 +2,7 @@ description: Implement location and variable handlers in Perl and insert Perl calls into Server Side Includes (SSI), with the Perl dynamic module, supported by NGINX, Inc. -docs: DOCS-397 +nd-docs: DOCS-397 title: Perl toc: true weight: 100 @@ -10,12 +10,15 @@ type: - how-to --- - +The Perl dynamic module allows implementing location and variable handlers in Perl and insert Perl calls into Server Side Includes (SSI). + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the Perl module package `nginx-plus-module-perl`. +3. Install the Perl module package `nginx-plus-module-perl` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -58,9 +61,6 @@ type: sudo pkg install nginx-plus-module-perl ``` - - - ## Configuration After installation you will need to enable and configure the module in F5 NGINX Plus configuration file `nginx.conf`. @@ -96,14 +96,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` +## More info - -## More Info - -- [NGINX Perl Module Reference](https://nginx.org/en/docs/http/ngx_http_perl_module.html) +- [NGINX Perl module reference](https://nginx.org/en/docs/http/ngx_http_perl_module.html) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md b/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md index 297c115f0..2dd3a26de 100644 --- a/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md +++ b/content/nginx/admin-guide/dynamic-modules/prometheus-njs.md @@ -1,6 +1,6 @@ --- description: Expose Prometheus metrics endpoint directly from F5 NGINX Plus. -docs: DOCS-398 +nd-docs: DOCS-398 title: Prometheus-njs toc: true weight: 100 @@ -8,15 +8,11 @@ type: - how-to --- - -## Module Info - The `nginx-plus-module-prometheus` module is an [njs](https://nginx.org/en/docs/njs/) module that converts miscellaneous F5 NGINX Plus status metrics exposed by the [API](https://nginx.org/en/docs/http/ngx_http_api_module.html) module to a Prometheus compliant format. The module uses subrequests to the `/api` endpoint to access the metrics. In case you have configured [dynamic upstream routing](#prom_keyval) with generic names for upstream groups, the module can understand replacements for these names and display the correct statistics. - -## Exported Metrics +## Exported metrics {#data} The following NGINX Plus status metrics are exported to Prometheus: @@ -57,52 +53,54 @@ The following NGINX Plus status metrics are exported to Prometheus: {{}} {{< /note >}} - -## Installation +## Installation {#install} + +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -Install the `nginx-plus-module-prometheus` module. +3. Install the `nginx-plus-module-prometheus` module from the official NGINX Plus repository. -- For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: + - For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: - ```shell - sudo yum install nginx-plus-module-prometheus - ``` + ```shell + sudo yum install nginx-plus-module-prometheus + ``` -- For Amazon Linux 2023, AlmaLinux, Rocky Linux: + - For Amazon Linux 2023, AlmaLinux, Rocky Linux: - ```shell - sudo dnf install nginx-plus-module-prometheus - ``` + ```shell + sudo dnf install nginx-plus-module-prometheus + ``` -- For Debian and Ubuntu: + - For Debian and Ubuntu: - ```shell - sudo apt install nginx-plus-module-prometheus - ``` + ```shell + sudo apt install nginx-plus-module-prometheus + ``` -- For SLES: + - For SLES: - ```shell - sudo zypper install nginx-plus-module-prometheus - ``` + ```shell + sudo zypper install nginx-plus-module-prometheus + ``` -- For Alpine: + - For Alpine: - ```shell - apk add nginx-plus-module-prometheus - ``` + ```shell + apk add nginx-plus-module-prometheus + ``` - For FreeBSD: + For FreeBSD: - ```shell - sudo pkg install nginx-plus-module-prometheus - ``` + ```shell + sudo pkg install nginx-plus-module-prometheus + ``` -{{< note >}} The [`nginx-plus-module-njs`]({{< ref "nginscript.md" >}}) module will also be installed together with the module. {{< /note >}} + {{< note >}} The [`nginx-plus-module-njs`]({{< ref "nginscript.md" >}}) module will also be installed together with the module. {{< /note >}} - -## Configuration +## Configuration {#conf} After module installation, perform the following steps in NGINX Plus configuration file (**nginx.conf**): @@ -154,8 +152,7 @@ After module installation, perform the following steps in NGINX Plus configurati 6. Configure Prometheus to obtain metrics from NGINX Plus by specifying the network address of the NGINX Plus instance in a [scrape_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) section of the Prometheus configuration file. - -## Upgrade Instructions +## Upgrade When upgrading Prometheus-njs version to version 1.3.1 and later, it is important to update NGINX Plus configuration file with the changes introduced in NGINX Plus [R22](https://www.nginx.com/blog/nginx-plus-r22-released/) and [njs 0.4.0](https://www.nginx.com/blog/nginx-plus-r22-released#njs): @@ -166,8 +163,7 @@ When upgrading Prometheus-njs version to version 1.3.1 and later, it is importan See [Configuration](#conf) for the example of Prometheus-njs configuration in NGINX Plus configuration file. - -## Module Variables +## Module variables {#vars} The module supports several embedded variables: @@ -178,8 +174,7 @@ The module supports several embedded variables: The variables can be set in NGINX Plus configuration file with the [`set`](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set) directive. - -### Using the $prom_keyval Variable +### Using the $prom_keyval variable {#prom_keyval} The `$prom_keyval` variable has been created to correctly show statistics for dynamic configuration of upstream routing: when names of upstreams are generic and these names are dynamically replaced by real names from the [key-value](https://nginx.org/en/docs/http/ngx_http_keyval_module.html) storage. @@ -226,9 +221,7 @@ http { } ``` - - -### Using the $prom_keyval_stream Variable +### Using the $prom_keyval_stream variable {#prom_keyval_stream} In order to perform dynamic replacements in the [`stream {}`](https://nginx.org/en/docs/stream/ngx_stream_core_module.html#stream) context, you will need to specify a new key-value storage in the stream block and set the name of the key-value storage in the `$prom_keyval_stream` variable: @@ -267,9 +260,7 @@ stream { } ``` - - -### Using the $prom_metrics_disabled Variable +### Using the $prom_metrics_disabled variable {#prom_metrics_disabled} The `$prom_metrics_disabled` variable disables exporting particular NGINX Plus status metrics to Prometheus. If you are concerned about the amount of storage NGINX Plus metrics are taking in Prometheus, you can disable particular endpoints via this variable. The variable value must be a comma separated list of NGINX Plus endpoints: @@ -306,8 +297,7 @@ You can disable exporting the following NGINX Plus status metrics to Prometheus: - `stream/limit_conns` - -## Example +## Example ```nginx load_module modules/ngx_http_js_module.so; @@ -366,12 +356,10 @@ stream { } ``` +## More info {#info} - -## More Info - -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/rtmp.md b/content/nginx/admin-guide/dynamic-modules/rtmp.md index 800753af3..7220fe1d6 100644 --- a/content/nginx/admin-guide/dynamic-modules/rtmp.md +++ b/content/nginx/admin-guide/dynamic-modules/rtmp.md @@ -1,7 +1,7 @@ --- description: Stream video in multiple formats, including Real-Time Messaging Protocol (RTMP), HLS, and DASH, with the RTMP dynamic module, supported by NGINX, Inc. -docs: DOCS-399 +nd-docs: DOCS-399 title: RTMP toc: true weight: 100 @@ -9,12 +9,15 @@ type: - how-to --- - +The RTMP dynamic module enables video streaming in multiple formats, including Real-Time Messaging Protocol (RTMP), HLS, and DASH. + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the RTMP Media Streaming module package `nginx-plus-module-rtmp`. +3. Install the RTMP Media Streaming module package `nginx-plus-module-rtmp` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -57,9 +60,6 @@ type: sudo pkg install nginx-plus-module-rtmp ``` - - - ## Configuration After installation you will need to enable and configure the module in F5 NGINX Plus configuration file `nginx.conf`. @@ -95,16 +95,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` +## More info {#info} - -## More Info - -- [NGINX RTMP Module Reference](https://github.com/arut/nginx-rtmp-module) - -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX RTMP GitHub project](https://github.com/arut/nginx-rtmp-module) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/set-misc.md b/content/nginx/admin-guide/dynamic-modules/set-misc.md index 3ee03391e..6d681f1d3 100644 --- a/content/nginx/admin-guide/dynamic-modules/set-misc.md +++ b/content/nginx/admin-guide/dynamic-modules/set-misc.md @@ -2,26 +2,26 @@ description: Implement numerous additional `set_*` directives to extend the NGINX core [Rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) module, with the Set-Misc dynamic module supported by NGINX, Inc. -docs: DOCS-400 +nd-docs: DOCS-400 title: Set-Misc toc: true weight: 100 type: - how-to --- - +The Set-Misc dynamic module extends the NGINX core [Rewrite](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html) by implementing numerous additional `set_*` directives. ## Prerequisites -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. - -2. Prior to installing the module, verify that the [NDK]({{< ref "ndk.md" >}}) module is already installed. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. +3. Prior to installing the module, verify that the [NDK]({{< ref "ndk.md" >}}) module is already installed. ## Installation -Install the Set-Misc module package `nginx-plus-module-set-misc`. +Install the Set-Misc module package `nginx-plus-module-set-misc` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -64,9 +64,6 @@ Install the Set-Misc module package `nginx-plus-module-set-misc`. sudo pkg install nginx-plus-module-set-misc ``` - - - ## Configuration After installation you will need to enable and configure the module in F5 NGINX Plus configuration file `nginx.conf`. @@ -105,14 +102,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` +## More info +- [The `ngx_set_misc` module GitHub project](https://github.com/openresty/set-misc-nginx-module) -## More Info - -- [NGINX `ngx_set_misc` Module Reference](https://github.com/openresty/set-misc-nginx-module) - -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/spnego.md b/content/nginx/admin-guide/dynamic-modules/spnego.md index 134113063..003e4a2eb 100644 --- a/content/nginx/admin-guide/dynamic-modules/spnego.md +++ b/content/nginx/admin-guide/dynamic-modules/spnego.md @@ -1,7 +1,7 @@ --- description: This module adds [SPNEGO](https://tools.ietf.org/html/rfc4178) support to F5 NGINX Plus. Currently, only Kerberos authentication via GSSAPI is supported. -docs: DOCS-401 +nd-docs: DOCS-401 title: SPNEGO toc: true weight: 100 @@ -9,11 +9,15 @@ type: - how-to --- +The SPNEGO Auth module adds [SPNEGO](https://tools.ietf.org/html/rfc4178) support to F5 NGINX Plus. Currently, only Kerberos authentication via GSSAPI is supported. + ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. + +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. -2. Install the SPNEGO Auth module package `nginx-plus-module-auth-spnego`. +3. Install the SPNEGO Auth module package `nginx-plus-module-auth-spnego` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -91,14 +95,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info - -- [NGINX Module for HTTP SPNEGO Auth Reference](https://github.com/stnoonan/spnego-http-auth-nginx-module) +## More info -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX module for HTTP SPNEGO auth GitHub poject](https://github.com/stnoonan/spnego-http-auth-nginx-module) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/uninstall.md b/content/nginx/admin-guide/dynamic-modules/uninstall.md index ee504ae99..66656fff7 100644 --- a/content/nginx/admin-guide/dynamic-modules/uninstall.md +++ b/content/nginx/admin-guide/dynamic-modules/uninstall.md @@ -1,19 +1,19 @@ --- description: This section describes how to uninstall an F5 NGINX Plus dynamic module. -docs: DOCS-402 +nd-docs: DOCS-402 title: Uninstalling a dynamic module toc: true weight: 100 type: - how-to --- -You may need to uninstall a dynamic module in NGINX Plus in several scenarios: +You may need to uninstall a dynamic module in NGINX Plus in several scenarios: - The module is being replaced with a newer or alternative version. For example, the [OpenTracing]({{< ref "opentracing.md" >}}) module has been replaced by the [OpenTelemetry]({{< ref "opentelemetry.md" >}}) module. The [Cookie-Flag]({{< ref "cookie-flag.md" >}}) dynamic module has been superseded by natively supported [`proxy_cookie_flags`](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_flags) directive. - The module is no longer supported, for example, the [NGINX ModSecurity WAF]({{< ref "nginx-waf.md" >}}) module. -- The operating system is not supported by the module. See the the [Dynamic Modules]({{< ref "nginx/technical-specs.md#dynamic-modules" >}}) section of the [NGINXΒ Plus Technical Specifications]({{< ref "nginx/technical-specs.md#dynamic-modules" >}}). +- The operating system is not supported by the module. See the the [Dynamic Modules]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) section of the [NGINXΒ Plus Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}). - The module it is no longer required, uninstalling it helps optimize resource usage and reduce maintenance overhead. @@ -88,10 +88,10 @@ After uninstalling the package, you will need to disable the module in the NGINX nginx -s reload ``` -## More Info +## More info -- [NGINX Module Reference](https://nginx.org/en/docs/) +- [NGINX modules reference](https://nginx.org/en/docs/) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) diff --git a/content/nginx/admin-guide/dynamic-modules/xslt.md b/content/nginx/admin-guide/dynamic-modules/xslt.md index 0a2117ea4..3eccd0f4e 100644 --- a/content/nginx/admin-guide/dynamic-modules/xslt.md +++ b/content/nginx/admin-guide/dynamic-modules/xslt.md @@ -1,19 +1,22 @@ --- description: Modify XML code in response bodies using one or more XSLT stylesheets, with the XSLT dynamic module, supported by NGINX, Inc. -docs: DOCS-403 +nd-docs: DOCS-403 title: XSLT toc: true weight: 100 type: - how-to --- +With the XSLT dynamic module, you can modify XML code in response bodies using one or more XSLT stylesheets. ## Installation -1. Check the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) page to verify that the module is supported by your operating system. +1. Check the [Technical Specifications]({{< ref "/nginx/technical-specs.md#dynamic-modules" >}}) page to verify that the module is supported by your operating system. -2. Install the XSLT module package `nginx-plus-module-xslt`. +2. Make sure that your operating system is configured to retrieve binary packages from the official NGINX Plus repository. See installation instructions for your operating system on the [Installing NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) page. + +3. Install the XSLT module package `nginx-plus-module-xslt` from the official NGINX Plus repository. For Amazon Linux 2, CentOS, Oracle Linux, and RHEL: @@ -91,12 +94,12 @@ After installation you will need to enable and configure the module in F5 NGINX nginx -s reload ``` -## More Info +## More info -- [NGINX ngx_http_xslt_module Reference](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) +- [NGINX `ngx_http_xslt_module` module reference](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) -- [NGINX Dynamic Modules]({{< ref "dynamic-modules.md" >}}) +- [NGINX dynamic modules]({{< ref "dynamic-modules.md" >}}) -- [NGINX Plus Technical Specifications]({{< ref "nginx/technical-specs.md" >}}) +- [NGINX Plus technical specifications]({{< ref "/nginx/technical-specs.md" >}}) -- [Uninstalling a Dynamic Module]({{< ref "uninstall.md" >}}) +- [Uninstalling a dynamic module]({{< ref "uninstall.md" >}}) diff --git a/content/nginx/admin-guide/high-availability/configuration-sharing.md b/content/nginx/admin-guide/high-availability/configuration-sharing.md index 1f89b6967..a6a9e73ed 100644 --- a/content/nginx/admin-guide/high-availability/configuration-sharing.md +++ b/content/nginx/admin-guide/high-availability/configuration-sharing.md @@ -1,7 +1,7 @@ --- description: Sychronize configuration across a cluster of F5 NGINX Plus instances. Though designed for high-availability deployments, the solution works for any cluster. -docs: DOCS-404 +nd-docs: DOCS-404 title: Synchronizing NGINX Configuration in a Cluster toc: true weight: 300 diff --git a/content/nginx/admin-guide/high-availability/ha-keepalived-nodes.md b/content/nginx/admin-guide/high-availability/ha-keepalived-nodes.md index 52465ece9..9b88cafeb 100644 --- a/content/nginx/admin-guide/high-availability/ha-keepalived-nodes.md +++ b/content/nginx/admin-guide/high-availability/ha-keepalived-nodes.md @@ -1,7 +1,7 @@ --- description: Enable high availability of F5 NGINX Plus instances in on-premises deployments, with active-active pairs and multiple passive instances. -docs: DOCS-405 +nd-docs: DOCS-405 title: Configuring Active-Active High Availability and Additional Passive Nodes with keepalived toc: true diff --git a/content/nginx/admin-guide/high-availability/ha-keepalived.md b/content/nginx/admin-guide/high-availability/ha-keepalived.md index 23aae7e4b..df12a2379 100644 --- a/content/nginx/admin-guide/high-availability/ha-keepalived.md +++ b/content/nginx/admin-guide/high-availability/ha-keepalived.md @@ -1,7 +1,7 @@ --- description: Enable high availability of F5 NGINX Plus instances in on-premises deployments, configuring an active-passive pair in a solution based on keepalived and VRRP. -docs: DOCS-406 +nd-docs: DOCS-406 title: High Availability Support for NGINX Plus in On-Premises Deployments toc: true weight: 100 diff --git a/content/nginx/admin-guide/high-availability/zone_sync.md b/content/nginx/admin-guide/high-availability/zone_sync.md index 5baeb4224..c7e0191b5 100644 --- a/content/nginx/admin-guide/high-availability/zone_sync.md +++ b/content/nginx/admin-guide/high-availability/zone_sync.md @@ -2,7 +2,7 @@ description: This article describes how to use F5 NGINX Plus to synchronize shared memory zones across NGINX cluster nodes including sticky learn session persistence, requests limiting, and key-value store data. -docs: DOCS-407 +nd-docs: DOCS-407 title: Runtime State Sharing in a Cluster toc: true weight: 400 diff --git a/content/nginx/admin-guide/high-availability/zone_sync_details.md b/content/nginx/admin-guide/high-availability/zone_sync_details.md index 8b46c0568..dfd91b2f0 100644 --- a/content/nginx/admin-guide/high-availability/zone_sync_details.md +++ b/content/nginx/admin-guide/high-availability/zone_sync_details.md @@ -1,7 +1,7 @@ --- description: Design and limitations of the zone synchronization feature that allows synchronizing data in an nginx cluster. -docs: DOCS-408 +nd-docs: DOCS-408 title: How NGINX Plus Performs Zone Synchronization toc: true weight: 500 diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md index 2c9f4ce58..b47f900e3 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md @@ -1,6 +1,6 @@ --- description: Deploy NGINX and F5 NGINX Plus as the Docker container. -docs: DOCS-409 +nd-docs: DOCS-409 title: Deploying NGINX and NGINX Plus with Docker toc: true weight: 600 @@ -28,7 +28,7 @@ type: Since NGINX Plus NGINX Plus [Release 31]({{< ref "nginx/releases.md#r31" >}}) you can get an NGINX Plus image from the official NGINX Plus Docker registry and upload it to your private registry. -The NGINX Plus Docker registry is available at `https://private-registry.nginx.com/v2/`. +The NGINX Plus Docker registry is available at `https://private-registry.nginx.com/v2/`. The registry contains the following image types: @@ -156,24 +156,36 @@ For NGINX Plus, run: docker pull private-registry.nginx.com/nginx-plus/base: ``` -For NGINX Plus with NGINX Agent, run: +For NGINX Plus with NGINX Agent version 2, run: ```shell docker pull private-registry.nginx.com/nginx-plus/agent: ``` +For NGINX Plus with NGINX Agent version 3, run: + +```shell +docker pull private-registry.nginx.com/nginx-plus/agentv3: +``` + For NGINX Plus installed from `nginx` user (rootless installation), run: ```shell docker pull private-registry.nginx.com/nginx-plus/rootless-base: ``` -For NGINX Plus with NGINX Agent installed from `nginx` user (rootless installation), run: +For NGINX Plus with NGINX Agent version 2 installed from `nginx` user (rootless installation), run: ```shell docker pull private-registry.nginx.com/nginx-plus/rootless-agent: ``` +For NGINX Plus with NGINX Agent version 3 installed from `nginx` user (rootless installation), run: + +```shell +docker pull private-registry.nginx.com/nginx-plus/rootless-agentv3: +``` + For NGINX modules, run: ```shell diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md index 0394b8053..a56510b8f 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md @@ -1,7 +1,7 @@ --- description: Install NGINX Open Source either as a prebuilt package or from source, following step-by-step instructions for all supported Linux distributions. -docs: DOCS-410 +nd-docs: DOCS-410 title: Installing NGINX Open Source toc: true weight: 200 @@ -106,7 +106,7 @@ The installation steps include updating the package repository and installing th amazon-linux-extras list | grep nginx # get package name, e.g. nginx1 sudo amazon-linux-extras install nginx1 ``` - + Check the version installed: ```shell @@ -437,7 +437,7 @@ Before installing, check if your operating system and architecture are supported | sudo tee /etc/apt/preferences.d/99nginx ``` -6. Install the `nginx` package: +6. Install the `nginx` package: ```shell sudo apt update && \ diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md index 66a814d97..497ab477d 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-amazon-web-services.md @@ -1,7 +1,7 @@ --- description: Install F5 NGINX Plus on Amazon Web Services (AWS), to provide sophisticated Layer 7 load balancing for your apps running on Amazon Linux, RHEL, and Ubuntu. -docs: DOCS-411 +nd-docs: DOCS-411 title: Installing NGINX Plus AMIs on Amazon EC2 toc: true weight: 300 diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-google-cloud-platform.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-google-cloud-platform.md index 02e88fbd8..0be740d50 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-google-cloud-platform.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-google-cloud-platform.md @@ -1,7 +1,7 @@ --- description: Install F5 NGINX Plus on the Google Cloud Platform, to provide sophisticated Layer 7 load balancing for your apps running on Google Compute Engine. -docs: DOCS-412 +nd-docs: DOCS-412 title: Install NGINX Plus on the Google Cloud Platform toc: true weight: 400 diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-microsoft-azure.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-microsoft-azure.md index bae0f2be2..15be48b73 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-microsoft-azure.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus-microsoft-azure.md @@ -1,7 +1,7 @@ --- description: Install F5 NGINX Plus as a virtual machine image on Microsoft Azure, to provide sophisticated Layer 7 load balancing for your apps. -docs: DOCS-413 +nd-docs: DOCS-413 title: Installing NGINX Plus on Microsoft Azure toc: true weight: 500 diff --git a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md index aed4c97fe..bf36ca1fb 100644 --- a/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md +++ b/content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md @@ -1,7 +1,7 @@ --- description: Install and upgrade F5 NGINX Plus with step-by-step instructions for the base package and dynamic modules on all supported Linux distributions. -docs: DOCS-414 +nd-docs: DOCS-414 title: Installing NGINX Plus toc: true weight: 100 @@ -452,7 +452,7 @@ NGINX-certified community dynamic modules are popular third‑party modules test | [SPNEGO for Kerberos](https://github.com/stnoonan/spnego-http-auth-nginx-module) | Adds support for [GSS‑API based](https://www.rfc-editor.org/rfc/rfc2743) SPNEGO/Kerberos authentication. | [`nginx-plus-module-auth-spnego`]({{< ref "nginx/admin-guide/dynamic-modules/spnego.md" >}}) | {{< /bootstrap-table >}} -### Install from official repository +### Install from official repository [NGINX‑authored](#nginx-authored-dynamic-modules) and [NGINX‑certified community](#nginx-certified-community-dynamic-modules) dynamic modules can be installed as packaged binaries directly from the official `nginx-plus` repository. To install a binary package, run the command in a terminal that corresponds to your operating system, replacing `` with the actual binary package name, for example, `nginx-plus-module-njs`. @@ -679,7 +679,7 @@ For a community dynamic module to work with NGINXΒ Plus, it must be compiled alo cp objs/ngx_http_hello_world_module.so ./ngx_http_hello_world_module_1.27.4.so ``` -1. Transfer the resulting `.so` file from your build environment to the production environment. +1. Transfer the resulting `.so` file from your build environment to the production environment. 1. In your production environment, copy the resulting `.so` file to the dynamic modules directory. The path to the directory depends on your operating system: diff --git a/content/nginx/admin-guide/load-balancer/dynamic-configuration-api.md b/content/nginx/admin-guide/load-balancer/dynamic-configuration-api.md index 742d40381..7e68e92b3 100644 --- a/content/nginx/admin-guide/load-balancer/dynamic-configuration-api.md +++ b/content/nginx/admin-guide/load-balancer/dynamic-configuration-api.md @@ -1,7 +1,7 @@ --- description: Dynamically reconfigure the servers in an F5 NGINX Plus upstream group using the NGINX Plus API, without reloading configuration or restarting processes. -docs: DOCS-415 +nd-docs: DOCS-415 title: Dynamic Configuration of Upstreams with the NGINX Plus API toc: true weight: 700 diff --git a/content/nginx/admin-guide/load-balancer/grpc-health-check.md b/content/nginx/admin-guide/load-balancer/grpc-health-check.md index cc63388bc..c345e84b6 100644 --- a/content/nginx/admin-guide/load-balancer/grpc-health-check.md +++ b/content/nginx/admin-guide/load-balancer/grpc-health-check.md @@ -1,7 +1,7 @@ --- description: Monitor the health of gRPC servers in an upstream group by sending periodic health checks. -docs: DOCS-416 +nd-docs: DOCS-416 title: gRPC Health Checks toc: true weight: 600 diff --git a/content/nginx/admin-guide/load-balancer/http-health-check.md b/content/nginx/admin-guide/load-balancer/http-health-check.md index 49dbb1b4d..468fd2989 100644 --- a/content/nginx/admin-guide/load-balancer/http-health-check.md +++ b/content/nginx/admin-guide/load-balancer/http-health-check.md @@ -1,7 +1,7 @@ --- description: Monitor the health of HTTP servers in an upstream group by sending periodic health checks, including customizable active health checks in F5 NGINX Plus. -docs: DOCS-417 +nd-docs: DOCS-417 title: HTTP Health Checks toc: true weight: 300 diff --git a/content/nginx/admin-guide/load-balancer/http-load-balancer.md b/content/nginx/admin-guide/load-balancer/http-load-balancer.md index b76578a60..4bdfa62f3 100644 --- a/content/nginx/admin-guide/load-balancer/http-load-balancer.md +++ b/content/nginx/admin-guide/load-balancer/http-load-balancer.md @@ -1,7 +1,7 @@ --- description: Load balance HTTP traffic across web or application server groups, with several algorithms and advanced features like slow-start and session persistence. -docs: DOCS-418 +nd-docs: DOCS-418 title: HTTP Load Balancing toc: true weight: 100 @@ -217,7 +217,7 @@ NGINX Plus supports three session persistence methods. The methods are set with In the example above, the `srv_id` parameter sets the name of the cookie. The optional `expires` parameter sets the time for the browser to keep the cookie (here, `1` hour). The optional `domain` parameter defines the domain for which the cookie is set, and the optional `path` parameter defines the path for which the cookie is set. -- [Sticky route](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky_route) – Use the [`route`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#route) parameter to the `server` directive to assign a route identifier to each server. NGINX Plus assigns one of the route identifiers to the client when it receives the client's first request. Subsequent requests then compare these route identifiers, which are either stored in a cookie or passed in the request URI. +- [Sticky route](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky_route) – Use the [`route`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#route) parameter to the `server` directive to assign a route identifier to each server. NGINX Plus assigns one of the route identifiers to the client when it receives the client's first request. Subsequent requests then compare these route identifiers, which are either stored in a cookie or passed in the request URI. ```nginx upstream backend { @@ -227,7 +227,7 @@ NGINX Plus supports three session persistence methods. The methods are set with } ``` In the example above, the session cookie is checked first for the route identifier. If there is none, then the URI is checked second. - + - [Sticky learn](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#sticky_learn) – NGINX Plus first finds session identifiers by inspecting requests and responses. Then NGINX Plus β€œlearns” which upstream server corresponds to which session identifier. Generally, these identifiers are passed in a HTTP cookie. If a request contains a session identifier already β€œlearned”, NGINX Plus forwards the request to the corresponding server: ```nginx @@ -279,7 +279,7 @@ The [`max_conns`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#m The [`queue`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue) directive allows excess connections to be held in a queue. It requires a maxmum number for the queue and a timeout. -If the `max_conns` limit has been reached, the request is placed in a queue for further processing. If the queue limit has been reached, if no queue directive is specified, or if a client reaches the `timeout` time in queue, the client will receive an error. +If the `max_conns` limit has been reached, the request is placed in a queue for further processing. If the queue limit has been reached, if no queue directive is specified, or if a client reaches the `timeout` time in queue, the client will receive an error. ```nginx upstream backend { diff --git a/content/nginx/admin-guide/load-balancer/tcp-health-check.md b/content/nginx/admin-guide/load-balancer/tcp-health-check.md index 585cdf7da..65dff60c3 100644 --- a/content/nginx/admin-guide/load-balancer/tcp-health-check.md +++ b/content/nginx/admin-guide/load-balancer/tcp-health-check.md @@ -1,7 +1,7 @@ --- description: Monitor the health of TCP servers in an upstream group by sending periodic health checks, including customizable active health checks in F5 NGINX Plus. -docs: DOCS-419 +nd-docs: DOCS-419 title: TCP Health Checks toc: true weight: 400 diff --git a/content/nginx/admin-guide/load-balancer/tcp-udp-load-balancer.md b/content/nginx/admin-guide/load-balancer/tcp-udp-load-balancer.md index bf40c20be..a6ef398f0 100644 --- a/content/nginx/admin-guide/load-balancer/tcp-udp-load-balancer.md +++ b/content/nginx/admin-guide/load-balancer/tcp-udp-load-balancer.md @@ -1,7 +1,7 @@ --- description: This chapter describes how to use F5 NGINX Plus and NGINX Open Source to proxy and load balance TCP and UDP traffic. -docs: DOCS-420 +nd-docs: DOCS-420 title: TCP and UDP Load Balancing toc: true weight: 200 diff --git a/content/nginx/admin-guide/load-balancer/udp-health-check.md b/content/nginx/admin-guide/load-balancer/udp-health-check.md index 7885d032a..3be757218 100644 --- a/content/nginx/admin-guide/load-balancer/udp-health-check.md +++ b/content/nginx/admin-guide/load-balancer/udp-health-check.md @@ -1,7 +1,7 @@ --- description: This chapter describes how to configure different types of health checks for UDP servers in a load‑balanced upstream server group. -docs: DOCS-421 +nd-docs: DOCS-421 title: UDP Health Checks toc: true weight: 500 @@ -240,7 +240,7 @@ This is the raw DNS query of `healthcheck.example.com`, represented as one line where: {{}} -| HEX | Description | +| HEX | Description | |------------------|------------------------| | \x00\x01 | Transaction ID: 0x0001 | | \x01\x00 | Flags: Standard query, recursion desired | diff --git a/content/nginx/admin-guide/load-balancer/using-proxy-protocol.md b/content/nginx/admin-guide/load-balancer/using-proxy-protocol.md index 3ed8000be..4e42c2ce6 100644 --- a/content/nginx/admin-guide/load-balancer/using-proxy-protocol.md +++ b/content/nginx/admin-guide/load-balancer/using-proxy-protocol.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-422 +nd-docs: DOCS-422 title: Accepting the PROXY Protocol toc: true weight: 800 diff --git a/content/nginx/admin-guide/mail-proxy/mail-proxy.md b/content/nginx/admin-guide/mail-proxy/mail-proxy.md index a2f29c46d..8d081c6f1 100644 --- a/content/nginx/admin-guide/mail-proxy/mail-proxy.md +++ b/content/nginx/admin-guide/mail-proxy/mail-proxy.md @@ -1,7 +1,7 @@ --- description: Simplify your email service and improve its performance with NGINX or F5 NGINX Plus as a proxy for the IMAP, POP3, and SMTP protocols -docs: DOCS-423 +nd-docs: DOCS-423 title: Configure NGINX as a Mail Proxy Server toc: true weight: 100 diff --git a/content/nginx/admin-guide/monitoring/debugging.md b/content/nginx/admin-guide/monitoring/debugging.md index 91125e718..2aaf0f352 100644 --- a/content/nginx/admin-guide/monitoring/debugging.md +++ b/content/nginx/admin-guide/monitoring/debugging.md @@ -1,7 +1,7 @@ --- description: Troubleshoot problems and track down bugs in an NGINX or F5 NGINX Plus deployment, with the debugging binary, debug logging, and core dumps. -docs: DOCS-424 +nd-docs: DOCS-424 title: Debugging NGINX toc: true weight: 300 diff --git a/content/nginx/admin-guide/monitoring/diagnostic-package.md b/content/nginx/admin-guide/monitoring/diagnostic-package.md index 1960889db..a58e77b3c 100644 --- a/content/nginx/admin-guide/monitoring/diagnostic-package.md +++ b/content/nginx/admin-guide/monitoring/diagnostic-package.md @@ -1,7 +1,7 @@ --- description: This page describes how to trigger the automatic collection of data required to troubleshoot issues in a NGINX or F5 NGINX Plus deployment. -docs: DOCS-1357 +nd-docs: DOCS-1357 title: NGINX Diagnostic Package toc: true weight: 400 diff --git a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md index cd6e9e4f5..55474230f 100644 --- a/content/nginx/admin-guide/monitoring/live-activity-monitoring.md +++ b/content/nginx/admin-guide/monitoring/live-activity-monitoring.md @@ -2,7 +2,7 @@ description: Track the performance of F5 NGINX Plus and your apps in real time, on the built-in live activity monitoring dashboard or by feeding the JSON to other tools. -docs: DOCS-425 +nd-docs: DOCS-425 title: Live Activity Monitoring toc: true weight: 100 diff --git a/content/nginx/admin-guide/monitoring/logging.md b/content/nginx/admin-guide/monitoring/logging.md index 2f075d9e7..6f1c8a048 100644 --- a/content/nginx/admin-guide/monitoring/logging.md +++ b/content/nginx/admin-guide/monitoring/logging.md @@ -1,7 +1,7 @@ --- description: Capture detailed information about errors and request processing in log files, either locally or via syslog. -docs: DOCS-426 +nd-docs: DOCS-426 title: Configuring Logging toc: true weight: 200 @@ -14,7 +14,7 @@ This article describes how to log errors and requests in NGINX OpenΒ Source and ## Set Up the Error Log -NGINX writes an error log that records encountered issues of different severity levels. The [error_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) directive sets up the log location and severity level. The log location can be a particular file, `stderr`, or `syslog`. By default, the error log is located at **logs/error.log**, but the absolute path depends on the operating system and installation. The error severity level follows the `syslog` classification system. The log includes messages from all severity levels above the specified level. +NGINX writes an error log that records encountered issues of different severity levels. The [error_log](https://nginx.org/en/docs/ngx_core_module.html#error_log) directive sets up the log location and severity level. The log location can be a particular file, `stderr`, or `syslog`. By default, the error log is located at **logs/error.log**, but the absolute path depends on the operating system and installation. The error severity level follows the `syslog` classification system. The log includes messages from all severity levels above the specified level. The configuration below changes the minimal severity level of error messages to log from `error` to `warn`: @@ -81,7 +81,7 @@ When reading the resulting time values, keep the following in mind: - When a request is unable to reach an upstream server or a full header cannot be received, the variable contains `0` (zero) - In case of internal error while connecting to an upstream or when a reply is taken from the cache, the variable contains `-` (hyphen) -The log can be optimized by enabling the `buffer` and the `cache`. With the [buffer](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) parameter enabled, messages will be stored in the buffer first. When the buffer is full (or in some other [cases](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log)), the messages will be written to the log. +The log can be optimized by enabling the `buffer` and the `cache`. With the [buffer](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) parameter enabled, messages will be stored in the buffer first. When the buffer is full (or in some other [cases](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log)), the messages will be written to the log. To enable caching of log file descriptors, use the [open_log_file_cache](https://nginx.org/en/docs/http/ngx_http_log_module.html#open_log_file_cache) directive. Similar to the `error_log` directive, the [access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) directive defined on a particular configuration level overrides the settings from the previous levels. When processing of a request is completed, the message is written to the log that is configured on the current level, or inherited from the previous levels. If one level has multiple access log definitions, the message is written to all of them. diff --git a/content/nginx/admin-guide/monitoring/new-relic-plugin.md b/content/nginx/admin-guide/monitoring/new-relic-plugin.md index e22e19f44..5f4106696 100644 --- a/content/nginx/admin-guide/monitoring/new-relic-plugin.md +++ b/content/nginx/admin-guide/monitoring/new-relic-plugin.md @@ -1,7 +1,7 @@ --- description: Find what's new in version 2 of the NGINX and F5 NGINX Plus plug‑in for New Relic – more convenience, more metrics, richer visualization. -docs: DOCS-427 +nd-docs: DOCS-427 title: Monitoring NGINX and NGINX Plus with the New Relic Plug-In toc: true weight: 500 diff --git a/content/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md b/content/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md index 7474c6281..b55e58db1 100644 --- a/content/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md +++ b/content/nginx/admin-guide/security-controls/configuring-http-basic-authentication.md @@ -1,7 +1,7 @@ --- description: Control access using HTTP Basic authentication, and optionally in combination with IP address-based access control. -docs: DOCS-428 +nd-docs: DOCS-428 title: Restricting Access with HTTP Basic Authentication toc: true weight: 300 diff --git a/content/nginx/admin-guide/security-controls/configuring-jwt-authentication.md b/content/nginx/admin-guide/security-controls/configuring-jwt-authentication.md index bde080030..f13bad756 100644 --- a/content/nginx/admin-guide/security-controls/configuring-jwt-authentication.md +++ b/content/nginx/admin-guide/security-controls/configuring-jwt-authentication.md @@ -1,7 +1,7 @@ --- description: This article explains how to control authentication of your web resources using JWT authentication. -docs: DOCS-429 +nd-docs: DOCS-429 title: Setting up JWT Authentication toc: true weight: 500 diff --git a/content/nginx/admin-guide/security-controls/configuring-oidc.md b/content/nginx/admin-guide/security-controls/configuring-oidc.md index 1d35bbbdc..b9281f3e7 100644 --- a/content/nginx/admin-guide/security-controls/configuring-oidc.md +++ b/content/nginx/admin-guide/security-controls/configuring-oidc.md @@ -6,10 +6,10 @@ title: Single Sign-On with OpenID Connect and Identity Providers toc: true weight: 550 product: NGINX-PLUS -docs: DOCS-1690 +nd-docs: DOCS-1690 --- -This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus using: +This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus using: - OpenID Connect as the authentication mechanism. - An external Identity Provider (IdP) such as AD FS, Auth0, Cognito, Entra ID, Keycloak, OneLogin, Okta, Ping Identity and others. - NGINX Plus as an OIDC client application that verifies user identity (Relying Party). @@ -35,7 +35,7 @@ For the target client application, OIDC authentication can be enabled with great 6. NGINX Plus validates the `id_token` and retrieves profile data for the user using the `UserInfo` endpoint. The retrieved profile data is validated and the content of the `id_token` and the profile data is used for providing access control to the client application. -7. Upon successful validation, the resource access request is sent to the client application along with the access token. +7. Upon successful validation, the resource access request is sent to the client application along with the access token. 8. The client application validates the access token and based on the token validation, the resource access request is allowed or denied. @@ -66,7 +66,7 @@ For the target client application, OIDC authentication can be enabled with great - An identity provider (IdP) set up on your network or in the cloud. You need admin access to the IdP. -- An [NGINX Plus subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}) or later. +- An [NGINX Plus subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34]({{< ref "nginx/releases.md#r34" >}}) or later. To install NGINX Plus, follow the steps in [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/). - A domain name that points to your NGINX Plus instance (for example, `demo.example.com`). @@ -83,7 +83,7 @@ The setup steps are similar for most identity providers, but some details may di - Give the app a name. - Add the users or groups who need access. -3. Find the **Client ID** and **Client Secret** for your app. +3. Find the **Client ID** and **Client Secret** for your app. You'll need these later when you [set up NGINX Plus as the relying party](#setup-oidc-provider2). 4. Find the **issuer** value. diff --git a/content/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md b/content/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md index c023fee65..2ca4cb6e7 100644 --- a/content/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md +++ b/content/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md @@ -1,7 +1,7 @@ --- description: Authenticate clients during request processing by making a subrequest to an external authentication service, such as LDAP or OAuth. -docs: DOCS-430 +nd-docs: DOCS-430 title: Authentication Based on Subrequest Result toc: true weight: 400 diff --git a/content/nginx/admin-guide/security-controls/controlling-access-by-geoip.md b/content/nginx/admin-guide/security-controls/controlling-access-by-geoip.md index 5432bbb9e..7b8846695 100644 --- a/content/nginx/admin-guide/security-controls/controlling-access-by-geoip.md +++ b/content/nginx/admin-guide/security-controls/controlling-access-by-geoip.md @@ -1,7 +1,7 @@ --- description: Control access or forward traffic to different upstream servers based on the client's geographical location, using the GeoIP2 dynamic module. -docs: DOCS-431 +nd-docs: DOCS-431 title: Restricting Access by Geographical Location toc: true weight: 800 diff --git a/content/nginx/admin-guide/security-controls/controlling-access-proxied-http.md b/content/nginx/admin-guide/security-controls/controlling-access-proxied-http.md index a135c60cf..14ce72737 100644 --- a/content/nginx/admin-guide/security-controls/controlling-access-proxied-http.md +++ b/content/nginx/admin-guide/security-controls/controlling-access-proxied-http.md @@ -1,7 +1,7 @@ --- description: Protect your upstream web and application servers by limiting connections, rate of requests, or bandwidth, based on client IP address or other variables. -docs: DOCS-432 +nd-docs: DOCS-432 title: Limiting Access to Proxied HTTP Resources toc: true weight: 600 diff --git a/content/nginx/admin-guide/security-controls/controlling-access-proxied-tcp.md b/content/nginx/admin-guide/security-controls/controlling-access-proxied-tcp.md index bb1f2a268..714d3266d 100644 --- a/content/nginx/admin-guide/security-controls/controlling-access-proxied-tcp.md +++ b/content/nginx/admin-guide/security-controls/controlling-access-proxied-tcp.md @@ -1,7 +1,7 @@ --- description: Protect your upstream TCP application servers by limiting connections or bandwidth, based on client IP address or other variables. -docs: DOCS-433 +nd-docs: DOCS-433 title: Restricting Access to Proxied TCP Resources toc: true weight: 700 diff --git a/content/nginx/admin-guide/security-controls/denylisting-ip-addresses.md b/content/nginx/admin-guide/security-controls/denylisting-ip-addresses.md index d7e68d231..26c9d0475 100644 --- a/content/nginx/admin-guide/security-controls/denylisting-ip-addresses.md +++ b/content/nginx/admin-guide/security-controls/denylisting-ip-addresses.md @@ -1,7 +1,7 @@ --- description: Control access to your site or apps from specific client IP addresses, using dynamic denylists built with the F5 NGINX Plus key-value store and API. -docs: DOCS-434 +nd-docs: DOCS-434 title: Dynamic Denylisting of IP Addresses toc: true weight: 1100 diff --git a/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md b/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md index 978bab7c5..1ac632735 100644 --- a/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md +++ b/content/nginx/admin-guide/security-controls/securing-http-traffic-upstream.md @@ -1,7 +1,7 @@ --- description: Secure HTTP traffic between NGINX or F5 NGINX Plus and upstream servers, using SSL/TLS encryption. -docs: DOCS-435 +nd-docs: DOCS-435 title: Securing HTTP Traffic to Upstream Servers toc: true weight: 900 @@ -185,5 +185,5 @@ When a secure connection is passed from NGINX to the upstream server for the fir The next time NGINX passes a connection to the upstream server, session parameters will be reused because of the [proxy_ssl_session_reuse](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_session_reuse) directive, and the secured connection is established faster. The trusted CA certificates in the file named by the [proxy_ssl_trusted_certificate](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_trusted_certificate) directive are used to verify the certificate on the upstream. -The [proxy_ssl_verify_depth](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify_depth) directive specifies that two certificates in the certificates chain are checked. +The [proxy_ssl_verify_depth](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify_depth) directive specifies that two certificates in the certificates chain are checked. The [proxy_ssl_verify](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify) directive verifies the validity of certificates. diff --git a/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md b/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md index d40ccac1b..4ac9038ee 100644 --- a/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md +++ b/content/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream.md @@ -1,7 +1,7 @@ --- description: Secure TCP traffic between NGINX or F5 F5 NGINX Plus and upstream servers, using SSL/TLS encryption. -docs: DOCS-436 +nd-docs: DOCS-436 title: Securing TCP Traffic to Upstream Servers toc: true weight: 1000 @@ -19,7 +19,7 @@ This article explains how to secure TCP traffic between NGINX and an upstream TC ## Obtaining SSL Server Certificates -First, obtain SSL server certificates and a private key. Obtain an SSL server certificate from a trusted certificate authority (CA). Alternatively, generate one using an SSL library such as [OpenSSL](http://www.openssl.org/). Place the server certificates and private key on each of the upstream servers. +First, obtain SSL server certificates and a private key. Obtain an SSL server certificate from a trusted certificate authority (CA). Alternatively, generate one using an SSL library such as [OpenSSL](http://www.openssl.org/). Place the server certificates and private key on each of the upstream servers. Self-signed server certificates encrypt the connection between NGINX and the upstream server. However, these connections are vulnerable to a man-in-the-middle attack. (If an imposter impersonates the upstream server, NGINX will not know it is talking to a fake server.) To lessen the risk, obtain server certificates signed by a trusted CA. (You can create your own internal CA using OpenSSL.) Afterward, configure NGINX to only trust certificates signed by that CA. This makes it much more difficult for an attacker to impersonate an upstream server. diff --git a/content/nginx/admin-guide/security-controls/terminating-ssl-http.md b/content/nginx/admin-guide/security-controls/terminating-ssl-http.md index 455e36ea6..89a89db93 100644 --- a/content/nginx/admin-guide/security-controls/terminating-ssl-http.md +++ b/content/nginx/admin-guide/security-controls/terminating-ssl-http.md @@ -1,7 +1,7 @@ --- description: Terminate HTTPS traffic from clients, relieving your upstream web and application servers of the computational load of SSL/TLS encryption. -docs: DOCS-437 +nd-docs: DOCS-437 title: NGINX SSL Termination toc: true weight: 100 diff --git a/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md b/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md index af416b053..a1f0cbf57 100644 --- a/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md +++ b/content/nginx/admin-guide/security-controls/terminating-ssl-tcp.md @@ -1,7 +1,7 @@ --- description: Terminate SSL/TLS-encrypted traffic from clients, relieving your upstream TCP servers of the computational load. -docs: DOCS-438 +nd-docs: DOCS-438 title: SSL Termination for TCP Upstream Servers toc: true weight: 200 diff --git a/content/nginx/admin-guide/web-server/app-gateway-uwsgi-django.md b/content/nginx/admin-guide/web-server/app-gateway-uwsgi-django.md index d65bd8a5d..dc46f512e 100644 --- a/content/nginx/admin-guide/web-server/app-gateway-uwsgi-django.md +++ b/content/nginx/admin-guide/web-server/app-gateway-uwsgi-django.md @@ -1,6 +1,6 @@ --- description: Configure NGINX and F5 NGINX Plus as an application gateway for uWSGI and Django -docs: DOCS-439 +nd-docs: DOCS-439 title: Using NGINX and NGINX Plus as an Application Gateway with uWSGI and Django toc: true weight: 500 diff --git a/content/nginx/admin-guide/web-server/compression.md b/content/nginx/admin-guide/web-server/compression.md index 3f2c685bd..52bdf677f 100644 --- a/content/nginx/admin-guide/web-server/compression.md +++ b/content/nginx/admin-guide/web-server/compression.md @@ -1,7 +1,7 @@ --- description: Compress server responses, or decompress them for clients that don't support compression, to improve delivery speed and reduce overhead on the server. -docs: DOCS-440 +nd-docs: DOCS-440 title: Compression and Decompression toc: true weight: 400 diff --git a/content/nginx/admin-guide/web-server/reverse-proxy.md b/content/nginx/admin-guide/web-server/reverse-proxy.md index b00d5531e..144f9e82c 100644 --- a/content/nginx/admin-guide/web-server/reverse-proxy.md +++ b/content/nginx/admin-guide/web-server/reverse-proxy.md @@ -1,7 +1,7 @@ --- description: Configure NGINX as a reverse proxy for HTTP and other protocols, with support for modifying request headers and fine-tuned buffering of responses. -docs: DOCS-441 +nd-docs: DOCS-441 title: NGINX Reverse Proxy toc: true weight: 300 @@ -21,7 +21,7 @@ When NGINX proxies a request, it: 1. Sends the request to a specified proxy server 1. Fetches the response -1. Sends the response back to the client. +1. Sends the response back to the client. It is possible to proxy requests to an HTTP server (another NGINX server or any other server) or a non-HTTP server (which can run an application developed with a specific framework, such as PHP or Python) using a specified protocol. Supported protocols include [FastCGI](https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html), [uwsgi](https://nginx.org/en/docs/http/ngx_http_uwsgi_module.html), [SCGI](https://nginx.org/en/docs/http/ngx_http_scgi_module.html), and [memcached](https://nginx.org/en/docs/http/ngx_http_memcached_module.html). @@ -41,7 +41,7 @@ location ~ \.php { } ``` -Note that in the first example above, the address of the proxied server is followed by a URI, `/link/`. If the URI is specified along with the address, it replaces the part of the request URI that matches the location parameter. +Note that in the first example above, the address of the proxied server is followed by a URI, `/link/`. If the URI is specified along with the address, it replaces the part of the request URI that matches the location parameter. For example, the request with the `/some/path/page.html` URI will be proxied to `http://www.example.com/link/page.html`. However, if the address is specified without a URI, or it is not possible to determine the part of URI to be replaced, the full request URI is passed (possibly, modified). diff --git a/content/nginx/admin-guide/web-server/serving-static-content.md b/content/nginx/admin-guide/web-server/serving-static-content.md index 3bf089c49..b2ad7eb5f 100644 --- a/content/nginx/admin-guide/web-server/serving-static-content.md +++ b/content/nginx/admin-guide/web-server/serving-static-content.md @@ -1,7 +1,7 @@ --- description: Configure NGINX and F5 NGINX Plus to serve static content, with type-specific root directories, checks for file existence, and performance optimizations. -docs: DOCS-442 +nd-docs: DOCS-442 title: Serve Static Content toc: true weight: 200 diff --git a/content/nginx/admin-guide/web-server/web-server.md b/content/nginx/admin-guide/web-server/web-server.md index 772f17302..c92863549 100644 --- a/content/nginx/admin-guide/web-server/web-server.md +++ b/content/nginx/admin-guide/web-server/web-server.md @@ -1,7 +1,7 @@ --- description: Configure NGINX and F5 NGINX Plus as a web server, with support for virtual server multi-tenancy, URI and response rewriting, variables, and error handling. -docs: DOCS-443 +nd-docs: DOCS-443 title: Configuring NGINX and NGINX Plus as a Web Server toc: true weight: 100 diff --git a/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md b/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md index 0b1b05f2b..d20aa3c6a 100644 --- a/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md +++ b/content/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx.md @@ -6,7 +6,7 @@ description: Create Amazon Elastic Compute Cloud (EC2) instances for running NGI toc: true type: how-to product: NGINX+ -docs: DOCS-444 +nd-docs: DOCS-444 --- This guide explains how to create instances in the Amazon Elastic Compute Cloud (EC2) that can run NGINX Open Source and F5 NGINX Plus. diff --git a/content/nginx/deployment-guides/amazon-web-services/high-availability-keepalived.md b/content/nginx/deployment-guides/amazon-web-services/high-availability-keepalived.md index 8df51d9ae..87ff7efcb 100644 --- a/content/nginx/deployment-guides/amazon-web-services/high-availability-keepalived.md +++ b/content/nginx/deployment-guides/amazon-web-services/high-availability-keepalived.md @@ -1,7 +1,7 @@ --- description: Create a highly available active-passive deployment of F5 NGINX Plus on AWS with a solution combining keepalived and the AWS Elastic IP address feature. -docs: DOCS-445 +nd-docs: DOCS-445 title: Active-Passive HA for NGINX Plus on AWS Using Elastic IP Addresses toc: true weight: 200 diff --git a/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md b/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md index c37434906..9929a6858 100644 --- a/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md +++ b/content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md @@ -1,7 +1,7 @@ --- description: Create a highly available active-active deployment of F5 NGINX Plus on AWS in combination with AWS Network Load Balancer (NLB). -docs: DOCS-446 +nd-docs: DOCS-446 title: Active-Active HA for NGINX Plus on AWS Using AWS Network Load Balancer toc: true weight: 100 diff --git a/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md b/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md index 09f4df0a0..8f710bad2 100644 --- a/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md +++ b/content/nginx/deployment-guides/amazon-web-services/ingress-controller-elastic-kubernetes-services.md @@ -1,7 +1,7 @@ --- description: Use NGINX or F5 NGINX Plus as the Ingress Controller for Amazon Elastic Kubernetes Services. -docs: DOCS-447 +nd-docs: DOCS-447 title: Using NGINX or NGINX Plus as the Ingress Controller for Amazon Elastic Kubernetes Services toc: true @@ -19,7 +19,7 @@ This guide explains how to use NGINX Open Source or F5 NGINX Plus with NGINX Ing ## Prerequisites - [An AWS account](https://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/AboutAWSAccounts.html). -- A prebuilt image of the NGINX or NGINXΒ Plus Ingress Controller for Kubernetes. +- A prebuilt image of the NGINX or NGINXΒ Plus Ingress Controller for Kubernetes. - For NGINX Open Source you can use the pre-built image [on DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/). You can also build your own image. - For NGINXΒ Plus, you must [build an image](https://docs.nginx.com/nginx-ingress-controller/installation/build-nginx-ingress-controller/). @@ -30,16 +30,16 @@ make container DOCKERFILE=DockerfileForPlus PREFIX=nginx/nginx-plus-ingress ``` The `PREFIX` argument specifies the repo name in your private container registry. In this example, we set it to `nginx/nginx-plus-ingress`. You can later use that name to reference the image instead of its numerical ID. - + ## Create an Amazon EKS Cluster You can create an Amazon EKS cluster with: - the AWS Management Console - the AWS CLI -- the `eksctl` command line utility. +- the `eksctl` command line utility. -This guide covers the `eksctl` command as it is the simplest option. +This guide covers the `eksctl` command as it is the simplest option. 1. Follow the instructions in the [eksctl.io documentation](https://eksctl.io/installation/) to install or update the `eksctl` command. @@ -50,7 +50,7 @@ This guide covers the `eksctl` command as it is the simplest option. This step is only required if you do not plan to use the prebuilt NGINX Open Source image. -1. Use the [AWS documentation](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html) to create a repository in the Amazon Elastic Container Registry (ECR). In StepΒ 4 of the AWS instructions, name the repository {{}}**nginx-plus-ic**{{}} as that is what we use in this guide. +1. Use the [AWS documentation](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html) to create a repository in the Amazon Elastic Container Registry (ECR). In StepΒ 4 of the AWS instructions, name the repository {{}}**nginx-plus-ic**{{}} as that is what we use in this guide. 2. Run the following AWS CLI command. It generates an auth token for your AWS ECR registry, then pipes it into the `docker login` command. This lets AWS ECR authenticate and authorize the upcoming Docker requests. For details about the command, see the [AWS documentation](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html). @@ -93,7 +93,7 @@ Complete the steps up to and including [Confirm NGINX Ingress Controller is runn These steps assume you've cloned the [kubernetes-ingress](https://github.com/nginx/kubernetes-ingress) repository in the previous step. -You need a Kubernetes `LoadBalancer` service to route traffic to the NGINX Ingress Controller. By default, Amazon EKS will create a [Classic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html) for Kubernetes services of type `LoadBalancer`. However, we recommend that you create a [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) (NLB). It operates at the transport layer and is optimized for high performance and low latency. +You need a Kubernetes `LoadBalancer` service to route traffic to the NGINX Ingress Controller. By default, Amazon EKS will create a [Classic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html) for Kubernetes services of type `LoadBalancer`. However, we recommend that you create a [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) (NLB). It operates at the transport layer and is optimized for high performance and low latency. We also recommend enabling the PROXY Protocol for both the NGINXΒ Plus Ingress Controller and your NLB target groups. This is used to forward client connection information. If you choose not to enable the PROXY protocol, see the [Appendix](#appendix). @@ -144,7 +144,7 @@ Apply the manifest `deployments/service/loadbalancer-aws-elb.yaml` to create a ` * The `kubectl` commands are relative to the `deployment/examples/ingress-resources/complete-example` directory of the [kubernetes-ingress](https://github.com/nginx/kubernetes-ingress) repository. * Run the `curl` command listed in the instructions. It will access the demo app and populate the NGINXΒ Plus Ingress Controller logs. -4. Run the following commands to check if the PROXY Protocol is enabled: +4. Run the following commands to check if the PROXY Protocol is enabled: 1. Display the pod of NGINXΒ Ingress Controller: ```shell diff --git a/content/nginx/deployment-guides/amazon-web-services/route-53-global-server-load-balancing.md b/content/nginx/deployment-guides/amazon-web-services/route-53-global-server-load-balancing.md index 3cf5c6530..be9d7369a 100644 --- a/content/nginx/deployment-guides/amazon-web-services/route-53-global-server-load-balancing.md +++ b/content/nginx/deployment-guides/amazon-web-services/route-53-global-server-load-balancing.md @@ -1,7 +1,7 @@ --- description: Deploy global server load balancing (GSLB) for domains hosted in multiple AWS regions, with Amazon Route 53 and F5 NGINX Plus in an HA configuration. -docs: DOCS-448 +nd-docs: DOCS-448 title: Global Server Load Balancing with Amazon Route 53 and NGINX Plus toc: true weight: 300 diff --git a/content/nginx/deployment-guides/global-server-load-balancing/ns1-global-server-load-balancing.md b/content/nginx/deployment-guides/global-server-load-balancing/ns1-global-server-load-balancing.md index 8e14e22e7..414687c03 100644 --- a/content/nginx/deployment-guides/global-server-load-balancing/ns1-global-server-load-balancing.md +++ b/content/nginx/deployment-guides/global-server-load-balancing/ns1-global-server-load-balancing.md @@ -1,7 +1,7 @@ --- description: Deploy global server load balancing (GSLB) for domains registered with DNS services provider NS1 and proxied by F5 NGINX Plus. -docs: DOCS-449 +nd-docs: DOCS-449 title: Global Server Load Balancing with NS1 and NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/google-cloud-platform/high-availability-all-active.md b/content/nginx/deployment-guides/google-cloud-platform/high-availability-all-active.md index f44b95e75..d2b076277 100644 --- a/content/nginx/deployment-guides/google-cloud-platform/high-availability-all-active.md +++ b/content/nginx/deployment-guides/google-cloud-platform/high-availability-all-active.md @@ -1,7 +1,7 @@ --- description: Configure highly available F5 NGINX Plus load balancing of application instances, in an all-active deployment on the Google Cloud Platform. -docs: DOCS-450 +nd-docs: DOCS-450 title: All-Active HA for NGINX Plus on the Google Cloud Platform toc: true weight: 100 diff --git a/content/nginx/deployment-guides/load-balance-third-party/apache-tomcat.md b/content/nginx/deployment-guides/load-balance-third-party/apache-tomcat.md index 0cc3af9b2..44dae6f63 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/apache-tomcat.md +++ b/content/nginx/deployment-guides/load-balance-third-party/apache-tomcat.md @@ -1,7 +1,7 @@ --- description: Load balance Apache Tomcat application servers with NGINX Open Source or the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-451 +nd-docs: DOCS-451 title: Load Balancing Apache Tomcat Servers with NGINX Open Source and NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md b/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md index 1c1a48769..31cbd5e53 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md +++ b/content/nginx/deployment-guides/load-balance-third-party/microsoft-exchange.md @@ -1,7 +1,7 @@ --- description: Load balance Microsoft Exchange servers with the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-452 +nd-docs: DOCS-452 title: Load Balancing Microsoft Exchange Servers with NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/load-balance-third-party/node-js.md b/content/nginx/deployment-guides/load-balance-third-party/node-js.md index 93c8b64da..3bef20cac 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/node-js.md +++ b/content/nginx/deployment-guides/load-balance-third-party/node-js.md @@ -1,7 +1,7 @@ --- description: Load balance Node.js application servers with NGINX Open Source or the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-453 +nd-docs: DOCS-453 title: Load Balancing Node.js Application Servers with NGINX Open Source and NGINX Plus toc: true diff --git a/content/nginx/deployment-guides/load-balance-third-party/oracle-e-business-suite.md b/content/nginx/deployment-guides/load-balance-third-party/oracle-e-business-suite.md index 47466094e..bf04cf29b 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/oracle-e-business-suite.md +++ b/content/nginx/deployment-guides/load-balance-third-party/oracle-e-business-suite.md @@ -1,7 +1,7 @@ --- description: Load balance Oracle E-Business Suite applications with the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-454 +nd-docs: DOCS-454 title: Load Balancing Oracle E-Business Suite with NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/load-balance-third-party/oracle-weblogic-server.md b/content/nginx/deployment-guides/load-balance-third-party/oracle-weblogic-server.md index 872e44ebf..f8dfa6d88 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/oracle-weblogic-server.md +++ b/content/nginx/deployment-guides/load-balance-third-party/oracle-weblogic-server.md @@ -1,7 +1,7 @@ --- description: Load balance Oracle WebLogic Servers with NGINX Open Source and the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-455 +nd-docs: DOCS-455 title: Load Balancing Oracle WebLogic Server with NGINX Open Source and NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/load-balance-third-party/wildfly.md b/content/nginx/deployment-guides/load-balance-third-party/wildfly.md index 92c0d72b4..d7e92f7c1 100644 --- a/content/nginx/deployment-guides/load-balance-third-party/wildfly.md +++ b/content/nginx/deployment-guides/load-balance-third-party/wildfly.md @@ -1,7 +1,7 @@ --- description: Load balance Wildfly (JBoss) application servers with NGINX Open Source or the advanced features in F5 NGINX Plus, following our step-by-step setup instructions. -docs: DOCS-456 +nd-docs: DOCS-456 title: Load Balancing Wildfly and JBoss Application Servers with NGINX Open Source and NGINX Plus toc: true diff --git a/content/nginx/deployment-guides/microsoft-azure/high-availability-standard-load-balancer.md b/content/nginx/deployment-guides/microsoft-azure/high-availability-standard-load-balancer.md index e804a2ca2..5503b26aa 100644 --- a/content/nginx/deployment-guides/microsoft-azure/high-availability-standard-load-balancer.md +++ b/content/nginx/deployment-guides/microsoft-azure/high-availability-standard-load-balancer.md @@ -1,7 +1,7 @@ --- description: Create a highly available active-active deployment of F5 NGINX Plus on Microsoft Azure in combination with the Azure Standard Load Balancer. -docs: DOCS-457 +nd-docs: DOCS-457 title: Active-Active HA for NGINX Plus on Microsoft Azure Using the Azure Standard Load Balancer toc: true diff --git a/content/nginx/deployment-guides/microsoft-azure/virtual-machines-for-nginx.md b/content/nginx/deployment-guides/microsoft-azure/virtual-machines-for-nginx.md index ebbc17c53..f507efbb6 100644 --- a/content/nginx/deployment-guides/microsoft-azure/virtual-machines-for-nginx.md +++ b/content/nginx/deployment-guides/microsoft-azure/virtual-machines-for-nginx.md @@ -1,7 +1,7 @@ --- description: Create Microsoft Azure virtual machines for running NGINX Open Source and F5 NGINX Plus. -docs: DOCS-458 +nd-docs: DOCS-458 title: Creating Microsoft Azure Virtual Machines for NGINX Open Source and F5 NGINX Plus toc: true diff --git a/content/nginx/deployment-guides/migrate-hardware-adc/citrix-adc-configuration.md b/content/nginx/deployment-guides/migrate-hardware-adc/citrix-adc-configuration.md index de397e3b0..026d4db9c 100644 --- a/content/nginx/deployment-guides/migrate-hardware-adc/citrix-adc-configuration.md +++ b/content/nginx/deployment-guides/migrate-hardware-adc/citrix-adc-configuration.md @@ -1,7 +1,7 @@ --- description: Migrate load-balancing configuration from Citrix ADC to F5 NGINX Plus for equal performance at lower cost, using our syntax conversion examples. -docs: DOCS-459 +nd-docs: DOCS-459 title: Migrating Load Balancer Configuration from Citrix ADC to NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md b/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md index f5e2a4dec..b5f1f8adf 100644 --- a/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md +++ b/content/nginx/deployment-guides/migrate-hardware-adc/f5-big-ip-configuration.md @@ -1,7 +1,7 @@ --- description: Migrate load-balancing configuration from F5 BIG-IP LTM to NGINX Plus, using our syntax conversion examples. -docs: DOCS-460 +nd-docs: DOCS-460 title: Migrating Load Balancer Configuration from F5 BIG-IP LTM to F5 NGINX Plus toc: true weight: 100 diff --git a/content/nginx/deployment-guides/nginx-plus-high-availability-chef.md b/content/nginx/deployment-guides/nginx-plus-high-availability-chef.md index 3e709cab9..5f0b65a19 100644 --- a/content/nginx/deployment-guides/nginx-plus-high-availability-chef.md +++ b/content/nginx/deployment-guides/nginx-plus-high-availability-chef.md @@ -1,7 +1,7 @@ --- description: Step-by-step instructions for using Chef to automate the setup and maintenance of an active-passive high availability cluster of F5 NGINX Plus instances. -docs: DOCS-461 +nd-docs: DOCS-461 draft: true title: NGINX Plus High Availability Chef toc: true diff --git a/content/nginx/deployment-guides/setting-up-nginx-demo-environment.md b/content/nginx/deployment-guides/setting-up-nginx-demo-environment.md index a14367e24..8d68e7241 100644 --- a/content/nginx/deployment-guides/setting-up-nginx-demo-environment.md +++ b/content/nginx/deployment-guides/setting-up-nginx-demo-environment.md @@ -1,7 +1,7 @@ --- description: Configure NGINX Open Source as a web server and F5 NGINX Plus as a load balancer, as required for the sample deployments in NGINX deployment guides. -docs: DOCS-462 +nd-docs: DOCS-462 title: Setting up an NGINX demo environment toc: true weight: 100 diff --git a/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md b/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md index 3c1ed62f2..efa454958 100644 --- a/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md +++ b/content/nginx/deployment-guides/single-sign-on/active-directory-federation-services.md @@ -6,7 +6,7 @@ title: Single Sign-On with Microsoft Active Directory FS toc: true weight: 300 product: NGINX-PLUS -docs: DOCS-1683 +nd-docs: DOCS-1683 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Microsoft Active Directory Federation Services](https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services) (AD FS) as the Identity Provider (IdP) and NGINX Plus as the Relying Party (RP), or OIDC client application that verifies user identity. diff --git a/content/nginx/deployment-guides/single-sign-on/auth0.md b/content/nginx/deployment-guides/single-sign-on/auth0.md index 26eb60921..316596ed5 100644 --- a/content/nginx/deployment-guides/single-sign-on/auth0.md +++ b/content/nginx/deployment-guides/single-sign-on/auth0.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On With Auth0 toc: true weight: 100 -docs: DOCS-1686 +nd-docs: DOCS-1686 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Auth0](https://auth0.com/features/single-sign-on) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity. @@ -31,7 +31,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr 3. On the **Applications** screen, select **Create Application**. -4. On the **Create application** screen: +4. On the **Create application** screen: - Enter the **Name** for the application, for example, **NGINX Demo App**. diff --git a/content/nginx/deployment-guides/single-sign-on/cognito.md b/content/nginx/deployment-guides/single-sign-on/cognito.md index f3dbfaf51..1ea0a7994 100644 --- a/content/nginx/deployment-guides/single-sign-on/cognito.md +++ b/content/nginx/deployment-guides/single-sign-on/cognito.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with Amazon Cognito toc: true weight: 200 -docs: DOCS-1685 +nd-docs: DOCS-1685 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Amazon Cognito](https://aws.amazon.com/cognito/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity. @@ -16,10 +16,10 @@ This guide explains how to enable single sign-on (SSO) for applications being pr ## Prerequisites -- An [AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) +- An [AWS account](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) - A Cognito **User Pool** - + - An NGINX Plus [subscription](https://www.f5.com/products/nginx/nginx-plus) and NGINX Plus [Release 34](({{< ref "nginx/releases.md#r34" >}})) or later. For installation instructions, see [Installing NGINX Plus](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/). - A domain name pointing to your NGINX Plus instance, for example, `demo.example.com`. diff --git a/content/nginx/deployment-guides/single-sign-on/entra-id.md b/content/nginx/deployment-guides/single-sign-on/entra-id.md index 10637062f..3b360f1d7 100644 --- a/content/nginx/deployment-guides/single-sign-on/entra-id.md +++ b/content/nginx/deployment-guides/single-sign-on/entra-id.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with Microsoft Entra ID toc: true weight: 400 -docs: DOCS-1688 +nd-docs: DOCS-1688 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity. @@ -40,7 +40,7 @@ Register a new application in Microsoft Entra ID that will represent NGINX Plus 2. Register a New Application. - - Create a new application, for example, "Nginx Demo App", with NGINX callback URI `/oidc_callback`: + - Create a new application, for example, "Nginx Demo App", with NGINX callback URI `/oidc_callback`: ```bash az ad app create --display-name "Nginx Demo App" --web-redirect-uris "https://demo.example.com/oidc_callback" @@ -58,7 +58,7 @@ Register a new application in Microsoft Entra ID that will represent NGINX Plus - Replace the `` with the value obtained in the previous step. - - From the command output, copy the the `password` value which represents your **Client Secret**. You will need it later when configuring NGINX Plus. Make sure to securely save the generated client secret, as it will not be displayed again. + - From the command output, copy the the `password` value which represents your **Client Secret**. You will need it later when configuring NGINX Plus. Make sure to securely save the generated client secret, as it will not be displayed again. - From the same command output, copy the the `tenant` value which represents your **Tenant ID**. You will need it later when configuring NGINX Plus. diff --git a/content/nginx/deployment-guides/single-sign-on/keycloak.md b/content/nginx/deployment-guides/single-sign-on/keycloak.md index 3d9e7153c..b44ce3f6b 100644 --- a/content/nginx/deployment-guides/single-sign-on/keycloak.md +++ b/content/nginx/deployment-guides/single-sign-on/keycloak.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with Keycloak toc: true weight: 500 -docs: DOCS-1682 +nd-docs: DOCS-1682 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Keycloak](https://www.keycloak.org/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity. @@ -44,7 +44,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr 4. In the **Capability Config** section: - Set **Client Authentication** to **On**. This sets the client type to **confidential**. - + - Select **Next**. 5. In the **Login Settings** section: @@ -125,7 +125,7 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a nginx version: nginx/1.27.4 (nginx-plus-r34) ``` -2. Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during +2. Ensure that you have the values of the **Client ID**, **Client Secret**, and **Issuer** obtained during [Keycloak Configuration](#keycloak-setup) if applicable. PKCE will not have a **Client Secret**. 3. In your preferred text editor, open the NGINX configuration file (`/etc/nginx/nginx.conf` for Linux or `/usr/local/etc/nginx/nginx.conf` for FreeBSD). @@ -160,7 +160,7 @@ With Keycloak configured, you can enable OIDC on NGINX Plus. NGINX Plus serves a - your actual Keycloak **Client ID** obtained in [Keycloak Configuration](#keycloak-setup) with the [`client_id`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_id) directive - - (if not using PKCE) your **Client Secret** obtained in [Keycloak Configuration](#keycloak-setup) with the + - (if not using PKCE) your **Client Secret** obtained in [Keycloak Configuration](#keycloak-setup) with the [`client_secret`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive - the **Issuer** URL obtained in [Keycloak Configuration](#keycloak-setup) with the [`issuer`](https://nginx.org/en/docs/http/ngx_http_oidc_module.html#client_secret) directive diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md index 6d0173780..d014bc302 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md @@ -1,7 +1,7 @@ --- description: Enable OpenID Connect-based single-sign for applications proxied by NGINX Plus, using Microsoft AD FS as the identity provider (IdP). -docs: DOCS-463 +nd-docs: DOCS-463 type: - how-to title: Single Sign-On with Microsoft AD FS and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md index 71d7f6f26..b789fb2f8 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md @@ -1,7 +1,7 @@ --- description: Learn how to enable single sign-on (SSO) with [Auth0](https://auth0.com/) for applications proxied by F5 NGINX Plus. -docs: DOCS-884 +nd-docs: DOCS-884 type: - tutorial title: Single Sign-On With Auth0 and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md index 94e62f0f8..6a1d3fa91 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md @@ -1,7 +1,7 @@ --- description: Enable OpenID Connect-based single-sign for applications proxied by NGINX Plus, using Amazon Cognito as the identity provider (IdP). -docs: DOCS-464 +nd-docs: DOCS-464 type: - how-to title: Single Sign-On with Amazon Cognito and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md index 25c8af487..9bfd26e66 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md @@ -1,7 +1,7 @@ --- description: Enable OpenID Connect-based single-sign for applications proxied by NGINX Plus, using Keycloak as the identity provider (IdP). -docs: DOCS-465 +nd-docs: DOCS-465 type: - how-to title: Single Sign-On with Keycloak and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md index 4d1c81094..6b83eb437 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md @@ -1,7 +1,7 @@ --- description: Learn how to enable single sign-on (SSO) with Okta for applications proxied by F5 NGINX Plus. -docs: DOCS-466 +nd-docs: DOCS-466 type: - how-to title: Single Sign-On with Okta and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md index b6c8fde9a..e5560f8d5 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md @@ -1,7 +1,7 @@ --- description: Learn how to enable single sign-on (SSO) with [OneLogin](https://www.onelogin.com/) for applications proxied by F5 NGINX Plus. -docs: DOCS-467 +nd-docs: DOCS-467 type: - tutorial title: Single Sign-On with OneLogin and njs diff --git a/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md b/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md index 495b2ebad..3332bb3fb 100644 --- a/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md +++ b/content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md @@ -1,7 +1,7 @@ --- description: Enable OpenID Connect-based single-sign for applications proxied by NGINX Plus, using Ping Identity as the identity provider (IdP). -docs: DOCS-468 +nd-docs: DOCS-468 type: - how-to product: NGINX-PLUS diff --git a/content/nginx/deployment-guides/single-sign-on/okta.md b/content/nginx/deployment-guides/single-sign-on/okta.md index 2dc975726..933c60a16 100644 --- a/content/nginx/deployment-guides/single-sign-on/okta.md +++ b/content/nginx/deployment-guides/single-sign-on/okta.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with Okta toc: true weight: 700 -docs: DOCS-1689 +nd-docs: DOCS-1689 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Okta](https://www.okta.com/) as the Identity Provider (IdP), and NGINX Plus as the Relying Party, or OIDC client application that verifies user identity. diff --git a/content/nginx/deployment-guides/single-sign-on/onelogin.md b/content/nginx/deployment-guides/single-sign-on/onelogin.md index 1171890dc..c241a8fea 100644 --- a/content/nginx/deployment-guides/single-sign-on/onelogin.md +++ b/content/nginx/deployment-guides/single-sign-on/onelogin.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with OneLogin toc: true weight: 600 -docs: DOCS-1687 +nd-docs: DOCS-1687 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [OneLogin](https://www.onelogin.com/) as the Identity Provider (IdP) and NGINX Plus as the Relying Party (RP), or OIDC client application that verifies user identity. diff --git a/content/nginx/deployment-guides/single-sign-on/ping-identity.md b/content/nginx/deployment-guides/single-sign-on/ping-identity.md index c1bec1101..733847966 100644 --- a/content/nginx/deployment-guides/single-sign-on/ping-identity.md +++ b/content/nginx/deployment-guides/single-sign-on/ping-identity.md @@ -6,7 +6,7 @@ product: NGINX-PLUS title: Single Sign-On with Ping Identity toc: true weight: 800 -docs: DOCS-1684 +nd-docs: DOCS-1684 --- This guide explains how to enable single sign-on (SSO) for applications being proxied by F5 NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with [Ping Identity](https://www.pingidentity.com/en.html) (PingFederate or PingOne) as the Identity Provider (IdP), and NGINX Plus as the Relying Party. @@ -30,7 +30,7 @@ This guide explains how to enable single sign-on (SSO) for applications being pr Create a new application for NGINX Plus: 1. Log in to your Ping Identity admin console. - + 2. Go to **Applications** > **Applications**. 3. Click the **+** (plus) symbol to create a new OIDC Application. diff --git a/content/nginx/directives.md b/content/nginx/directives.md index e321d8207..20c3cb556 100644 --- a/content/nginx/directives.md +++ b/content/nginx/directives.md @@ -1,5 +1,5 @@ --- -docs: DOCS-469 +nd-docs: DOCS-469 title: NGINX Directives Index url: /nginx/directives weight: 700 diff --git a/content/nginx/fips-compliance-nginx-plus.md b/content/nginx/fips-compliance-nginx-plus.md index 52a378a44..eb11c2b91 100644 --- a/content/nginx/fips-compliance-nginx-plus.md +++ b/content/nginx/fips-compliance-nginx-plus.md @@ -1,6 +1,6 @@ --- description: '' -docs: DOCS-470 +nd-docs: DOCS-470 title: NGINX Plus FIPS Compliance toc: true weight: 600 diff --git a/content/nginx/open-source-components.md b/content/nginx/open-source-components.md index 6ecd01ee2..7b80cb289 100644 --- a/content/nginx/open-source-components.md +++ b/content/nginx/open-source-components.md @@ -1,7 +1,7 @@ --- description: License information for open source components included in the NGINX Plus software. -docs: DOCS-471 +nd-docs: DOCS-471 title: Open Source Components toc: true weight: 500 diff --git a/content/nginx/releases.md b/content/nginx/releases.md index 6533b24dd..764728ff0 100644 --- a/content/nginx/releases.md +++ b/content/nginx/releases.md @@ -1,7 +1,7 @@ --- description: Release information for F5 NGINX Plus, a complete application delivery platform, including new features and a list of supported platforms. -docs: DOCS-472 +nd-docs: DOCS-472 title: Releases toc: true weight: 300 diff --git a/content/nginx/technical-specs.md b/content/nginx/technical-specs.md index 5405859c6..41ba20307 100644 --- a/content/nginx/technical-specs.md +++ b/content/nginx/technical-specs.md @@ -2,7 +2,7 @@ description: Platforms supported by F5 NGINX Plus and dynamically loaded modules, supported SSL/TLS versions, supported deployment environments, and list of modules built into NGINX Plus. -docs: DOCS-473 +nd-docs: DOCS-473 title: Technical Specs toc: true weight: 400 @@ -14,21 +14,7 @@ NGINX Plus is available only as a binary; it is not distributed as source code. ## Supported Distributions {#supported-distributions} -{{}} -| Distribution | Supported on R34 | Supported on R33 | -|-------------------------------------|----------------------------------------------------|--------------------------------------------------------| -| AlmaLinux | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | -| Alpine Linux | 3.18 (x86_64, aarch64) **(deprecated)**
3.19 (x86_64, aarch64)
3.20 (x86_64, aarch64)
3.21 (x86_64, aarch64) **(new)** | 3.17 (x86_64, aarch64) **(deprecated)**
3.18 (x86_64, aarch64)
3.19 (x86_64, aarch64)
3.20 (x86_64, aarch64) **(new)** | -| Amazon Linux | 2023 (x86_64, aarch64) | 2023 (x86_64, aarch64) | -| Amazon Linux 2 | LTS (x86_64, aarch64) | LTS (x86_64, aarch64) | -| Debian | 11 (x86_64, aarch64)
12 (x86_64, aarch64) | 11 (x86_64, aarch64)
12 (x86_64, aarch64) | -| FreeBSD | 13 (amd64)
14 (amd64) | 13 (amd64)
14 (amd64) | -| Oracle Linux | 8.1+ (x86_64, aarch64)
9 (x86_64) | 8.1+ (x86_64, aarch64)
9 (x86_64) | -| Red Hat Enterprise Linux (RHEL) | 8.1+ (x86_64, aarch64)
9.0+ (x86_64, aarch64) | 8.1+ (x86_64, aarch64)
9.0+ (x86_64, aarch64) | -| Rocky Linux | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | 8 (x86_64, aarch64)
9 (x86_64, aarch64) | -| SUSE Linux Enterprise Server (SLES) | 15 SP2+ (x86_64) | 12 SP5 (x86_64) **(deprecated)**
15 SP2+ (x86_64) | -| Ubuntu | 20.04 LTS (x86_64, aarch64) **(deprecated)**
22.04 LTS (x86_64, aarch64)
24.04 LTS (x86_64, aarch64) | 20.04 LTS (x86_64, aarch64)
22.04 LTS (x86_64, aarch64)
24.04 LTS (x86_64, aarch64) | -{{}} +{{< include "nginx-plus/supported-distributions.md" >}} --- @@ -39,12 +25,12 @@ Dynamic modules are supported on the [same distributions as NGINX Plus](#support {{}} | Module | Distribution and details | |-------------------|-----------------------------------------------------------------------------------------------------------| -| AppProtect | AlmaLinux/Rocky Linux: **Not supported**
Alpine Linux: **Not supported**
Amazon Linux 2: **x86_64 only**
Amazon Linux 2023: **Not supported**
Debian 11: **x86_64 only**
FreeBSD: **Not supported**
Oracle Linux 8: **x86_64 only**
RHEL 8: **x86_64 only**
SLES: **Not supported**
Ubuntu 20.04: **x86_64 only** | -| GeoIP | Amazon Linux 2023 **Not supported**
RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8.0+, 9: **Not supported**
FreeBSD: **Not supported** | -| GeoIP2 | Amazon Linux 2: **Not supported** | -| HA-Keepalived | FreeBSD: **Not supported**
Alpine Linux: **Not supported**
Amazon Linux 2: **Not supported**
Amazon Linux 2023: **Not supported** | -| NGINX sync | FreeBSD: **Not supported**
Alpine Linux: **Not supported** | -| OpenTelemetry | Amazon Linux 2: **Not supported**
SLES: **Not supported** | | +| [AppProtect]({{< ref "/nap-waf/v5/admin-guide/install.md" >}}) | AlmaLinux: **Not supported**
Alpine Linux 3.17 & 3.18: **Not supported**
Alpine Linux 3.19: **x86_64 only**
Amazon Linux 2: **Not supported**
Amazon Linux 2023: **x86_64 only**
Debian 11 & 12: **x86_64 only**
FreeBSD: **Not supported**
Oracle Linux 8: **x86_64 only**
RHEL 8 & 9: **x86_64 only**
Rocky Linux 8: **Not supported**
Rocky Linux 9: **x86_64 only**
SLES: **Not supported**
Ubuntu 20.04: **Not supported**
Ubuntu 22.04 & 24.04: **x86_64 only** | +| [GeoIP]({{< ref "/nginx/admin-guide/dynamic-modules/geoip.md" >}}) | Amazon Linux 2023 **Not supported**
RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8.0+, 9: **Not supported**
FreeBSD: **Not supported** | +| [GeoIP2]({{< ref "/nginx/admin-guide/dynamic-modules/geoip2.md" >}}) | Amazon Linux 2: **Not supported** | +| [HA-Keepalived]({{< ref "/nginx/admin-guide/high-availability/ha-keepalived-nodes.md#configuring-keepalived-for-an-additional-passive-node" >}}) | FreeBSD: **Not supported**
Alpine Linux: **Not supported**
Amazon Linux 2: **Not supported**
Amazon Linux 2023: **Not supported** | +| [NGINX sync]({{< ref "/nginx/admin-guide/high-availability/configuration-sharing.md#installing-nginx-sync-on-the-primary-machine" >}}) | FreeBSD: **Not supported**
Alpine Linux: **Not supported** | +| [OpenTelemetry]({{< ref "/nginx/admin-guide/dynamic-modules/opentelemetry.md" >}})| Amazon Linux 2: **Not supported**
SLES: **Not supported** | | {{}} --- diff --git a/content/nginx/variables.md b/content/nginx/variables.md index 3c68dd448..07de70141 100644 --- a/content/nginx/variables.md +++ b/content/nginx/variables.md @@ -2,7 +2,7 @@ title: NGINX Variables Index url: /nginx/variables weight: 800 -docs: DOCS-1681 +nd-docs: DOCS-1681 --- \ No newline at end of file diff --git a/content/nginxaas-azure/billing/overview.md b/content/nginxaas-azure/billing/overview.md index c0f5df504..a1e26f75a 100644 --- a/content/nginxaas-azure/billing/overview.md +++ b/content/nginxaas-azure/billing/overview.md @@ -2,7 +2,7 @@ title: Billing overview weight: 100 toc: true -docs: DOCS-885 +nd-docs: DOCS-885 url: /nginxaas/azure/billing/overview/ type: - concept diff --git a/content/nginxaas-azure/billing/usage-and-cost-estimator.md b/content/nginxaas-azure/billing/usage-and-cost-estimator.md index 3e813c6c3..28f2ef7a8 100644 --- a/content/nginxaas-azure/billing/usage-and-cost-estimator.md +++ b/content/nginxaas-azure/billing/usage-and-cost-estimator.md @@ -2,7 +2,7 @@ title: Usage and cost estimator weight: 200 toc: true -docs: DOCS-1474 +nd-docs: DOCS-1474 url: /nginxaas/azure/billing/usage-and-cost-estimator/ type: - concept diff --git a/content/nginxaas-azure/changelog.md b/content/nginxaas-azure/changelog.md index 131c0b2b3..65f50437f 100644 --- a/content/nginxaas-azure/changelog.md +++ b/content/nginxaas-azure/changelog.md @@ -2,7 +2,7 @@ title: "Changelog" weight: 900 toc: true -docs: "DOCS-870" +nd-docs: "DOCS-870" url: /nginxaas/azure/changelog/ --- @@ -16,6 +16,13 @@ To review older entries, visit the [Changelog archive]({{< ref "/nginxaas-azure/ ## May 22, 2025 +- {{% icon-feature %}} **NGINXaaS for Azure now supports IPv6** + + Users can now configure their NGINXaaS deployments with just a single IPv6 frontend IP or in dual-stack (IPv4 + IPv6) mode. + + If you plan to use an IPv6 IP address whether standalone or in dual-stack mode, ensure that the subnet used by NGINXaaS has both IPv4 and IPv6 address spaces included. For more information on creating a vnets and subnets with IPv6 address spaces, refer to [Add IPv6 to virtual Network](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/add-dual-stack-ipv6-vm-portal?tabs=azureportal#add-ipv6-to-virtual-network) + + - {{% icon-feature %}} **NGINXaaS is now running NGINX Plus Release 33 (R33) in the Stable Upgrade Channel** NGINXaaS for Azure deployments using the **Stable** [Upgrade Channel]({{< ref "/nginxaas-azure/quickstart/upgrade-channels.md" >}}) have now been automatically upgraded to [NGINX Plus Release 33 (R33)]({{< ref "/nginx/releases.md#nginxplusrelease-33-r33" >}}). This upgrade also includes updates to the following NGINX Plus modules: diff --git a/content/nginxaas-azure/client-tools/cli.md b/content/nginxaas-azure/client-tools/cli.md index 7b3adb8c8..1731e17ec 100644 --- a/content/nginxaas-azure/client-tools/cli.md +++ b/content/nginxaas-azure/client-tools/cli.md @@ -3,7 +3,7 @@ title: Azure CLI weight: 900 description: Learn how to setup the Azure CLI to manage NGINXaaS for Azure. toc: true -docs: DOCS-1234 +nd-docs: DOCS-1234 url: /nginxaas/azure/client-tools/cli/ type: - task diff --git a/content/nginxaas-azure/client-tools/sdk.md b/content/nginxaas-azure/client-tools/sdk.md index 50305b9e7..55e41e647 100644 --- a/content/nginxaas-azure/client-tools/sdk.md +++ b/content/nginxaas-azure/client-tools/sdk.md @@ -4,7 +4,7 @@ weight: 300 description: Learn how to use the Python Azure Management SDK to manage NGINXaaS for Azure deployments. toc: true -docs: DOCS-1095 +nd-docs: DOCS-1095 url: /nginxaas/azure/client-tools/sdk/ type: - task diff --git a/content/nginxaas-azure/client-tools/templates.md b/content/nginxaas-azure/client-tools/templates.md index e9cdeb468..aae949498 100644 --- a/content/nginxaas-azure/client-tools/templates.md +++ b/content/nginxaas-azure/client-tools/templates.md @@ -4,7 +4,7 @@ weight: 100 description: Learn how to use Azure Resource Manager (ARM) JSON and Bicep templates to manage NGINXaaS for Azure. toc: true -docs: DOCS-1097 +nd-docs: DOCS-1097 url: /nginxaas/azure/client-tools/templates/ type: - task diff --git a/content/nginxaas-azure/client-tools/terraform.md b/content/nginxaas-azure/client-tools/terraform.md index 7a0ea91b2..e9baec4f1 100644 --- a/content/nginxaas-azure/client-tools/terraform.md +++ b/content/nginxaas-azure/client-tools/terraform.md @@ -3,7 +3,7 @@ title: Terraform weight: 400 description: Learn how to use the Terraform to manage NGINXaaS for Azure. toc: true -docs: DOCS-1472 +nd-docs: DOCS-1472 draft: true url: /nginxaas/azure/client-tools/terraform/ type: diff --git a/content/nginxaas-azure/get-help.md b/content/nginxaas-azure/get-help.md index ff1ffc96b..b418b008f 100644 --- a/content/nginxaas-azure/get-help.md +++ b/content/nginxaas-azure/get-help.md @@ -2,7 +2,7 @@ title: Get help weight: 750 toc: true -docs: DOCS-882 +nd-docs: DOCS-882 url: /nginxaas/azure/get-help/ type: - how-to diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md index df65d9f66..786649422 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md @@ -64,6 +64,25 @@ az nginx deployment create --deployment-name network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}" ``` +- Create a dual-stack (IPv4 + IPv6) NGINXaaS deployment with public IPs: + + ```bash + az nginx deployment create --name myDeployment --resource-group \ + myResourceGroup --location eastus2 --sku name="standardv2_Monthly" \ + --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv4},{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv6}]}" \ + network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}" + ``` + +- Create a dual-stack (IPv4 + IPv6) NGINXaaS deployment with private IPs: + + ```bash + az nginx deployment create --name myDeployment --resource-group \ + myResourceGroup --location eastus2 --sku \ + name="standardv2_Monthly" --network-profile \ + front-end-ip-configuration="{private-ip-addresses:[{private-ip-allocation-method:Static,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:10.0.0.2},{private-ip-allocation-method:Static,subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet,private-ip-address:2001:0db8:85a3:0000:0000:8a2e:0370:7334}]}" \ + network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}" + ``` + - Create a deployment with managed identity, storage account and scaling: ```bash @@ -115,6 +134,14 @@ az nginx deployment update [--add] tag2="value2" --enable-diagnostics ``` +Update an NGINXaaS deployment to a dual-stack (IPv4 + IPv6) network configuration with public IPs: + + ```bash + az nginx deployment update --name myDeployment --resource-group myResourceGroup \ + --network-profile front-end-ip-configuration="{public-ip-addresses:[{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv4},{id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/pubIPv6}]}" \ + network-interface-configuration="{subnet-id:/subscriptions/mySubscription/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet/subnets/mySubnet}" + ``` + See the [Azure CLI Deployment Update Documentation](https://learn.microsoft.com/en-us/cli/azure/nginx/deployment#az-nginx-deployment-update) for more details on the required and optional parameters. diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md index 3d58d49fb..964a5ce8b 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md @@ -2,7 +2,7 @@ title: Deploy using the Azure portal weight: 100 toc: true -docs: DOCS-878 +nd-docs: DOCS-878 url: /nginxaas/azure/getting-started/create-deployment/deploy-azure-portal/ type: - how-to @@ -63,6 +63,7 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS]( - The minimum subnet size for NGINXaaS is `/27` and is enough for a single NGINXaaS deployment even at large scales. - You can use an existing subnet; make sure that the subnet is delegated to `NGINX.NGINXPLUS/nginxDeployments` before creating a deployment in it. The subnet can contain other resources. - You can deploy more than one NGINXaaS in the same subnet. Every deployment in the subnet will share the subnet IP address space. A larger subnet, for example, a `/24` is recommended. + - If you plan on using an IPv6 address on the frontend, make sure the subnet is dual-stack, i.e., the subnet has both IPv4 and IPv6 address spaces. Attempting to use a subnet that is not dual-stack will cause deployment creation to fail. - Changes to a virtual network's DNS settings will not be applied automatically to your NGINXaaS deployment. To ensure DNS settings are applied, you must add any custom DNS servers to the VNET's DNS settings before creating an NGINXaaS deployment. As a workaround for existing deployments, we recommend using the [`resolver` directive](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) to explicitly specify your name server(s) and the [`resolve` parameter](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolve) to automatically re-resolve the domain name of the server without restarting NGINX.
diff --git a/content/nginxaas-azure/getting-started/managed-identity-portal.md b/content/nginxaas-azure/getting-started/managed-identity-portal.md index 802fa37ce..4051d36dc 100644 --- a/content/nginxaas-azure/getting-started/managed-identity-portal.md +++ b/content/nginxaas-azure/getting-started/managed-identity-portal.md @@ -2,7 +2,7 @@ title: Assign Managed Identities weight: 300 toc: true -docs: DOCS-872 +nd-docs: DOCS-872 url: /nginxaas/azure/getting-started/managed-identity-portal/ type: - how-to diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md index 498f81133..77a0b75ba 100644 --- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md +++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md @@ -2,7 +2,7 @@ title: Upload using the Azure portal weight: 100 toc: true -docs: DOCS-873 +nd-docs: DOCS-873 url: /nginxaas/azure/getting-started/nginx-configuration/nginx-configuration-portal/ type: - how-to diff --git a/content/nginxaas-azure/getting-started/prerequisites.md b/content/nginxaas-azure/getting-started/prerequisites.md index aefcdbf6d..a535f1d7f 100644 --- a/content/nginxaas-azure/getting-started/prerequisites.md +++ b/content/nginxaas-azure/getting-started/prerequisites.md @@ -2,7 +2,7 @@ title: Overview and prerequisites weight: 100 toc: true -docs: DOCS-880 +nd-docs: DOCS-880 url: /nginxaas/azure/getting-started/prerequisites/ type: - how-to diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md index fd593de98..0c27e8ff3 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md @@ -2,7 +2,7 @@ title: Add certificates using the Azure portal weight: 100 toc: true -docs: DOCS-875 +nd-docs: DOCS-875 url: /nginxaas/azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal/ type: - how-to diff --git a/content/nginxaas-azure/known-issues.md b/content/nginxaas-azure/known-issues.md index b7fe218d5..29cd3214f 100644 --- a/content/nginxaas-azure/known-issues.md +++ b/content/nginxaas-azure/known-issues.md @@ -2,18 +2,18 @@ title: "Known issues" weight: 1000 toc: true -docs: "DOCS-871" +nd-docs: "DOCS-871" url: /nginxaas/azure/known-issues/ --- List of known issues in the latest release of F5 NGINX as a Service for Azure (NGINXaaS). -### {{% icon-bug %}} Custom and precompiled security policies cannot both be referenced in an NGINX configuration +### {{% icon-bug %}} Custom and precompiled security policies cannot both be referenced in an NGINX configuration When using NGINX App Protect WAF, you can only reference default or custom security policies in your NGINX configuration, not both. -**Workaround**: Make a copy of the default policy you want to use, then add it as a custom policy with a different name. +**Workaround**: Make a copy of the default policy you want to use, then add it as a custom policy with a different name. ### {{% icon-bug %}} Terraform fails to apply due to validation errors, but creates "Failed" resources in Azure (ID-4424) @@ -103,8 +103,6 @@ If a configuration update request uses a certificate that is in failed `provisio - NGINXaaS deployments cannot access [Private Endpoints](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview) behind network security groups for private links. Attempts to do so will fail silently. - NGINXaaS deployments cannot access [Private Endpoints](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview) in a globally peered VNET. Attempts to do so will fail silently. - The resource group which contains the public IP resource attached to NGINXaaS deployment cannot be moved across subscriptions. Attempts to do so will result in a validation error. -- Creating an NGINXaaS deployment in a dual-stack subnet is not supported. Attempts to do so will result in a validation error. -- NGINXaaS deployments cannot be created with an IPv6 Public IP address. Attempts to do so will result in a validation error. - [Network security group](https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview) (NSG) flow logs will not be available for IP traffic flowing through an NGINXaaS deployment attached to a customer delegated subnet. Flow logs for other resources on the same subnet will be available as normal. ### {{% icon-bug %}} Deployment locked when updating mutliple certificates at once. (ID-767) diff --git a/content/nginxaas-azure/loadbalancer-kubernetes.md b/content/nginxaas-azure/loadbalancer-kubernetes.md index bd845dac1..ef48fde68 100644 --- a/content/nginxaas-azure/loadbalancer-kubernetes.md +++ b/content/nginxaas-azure/loadbalancer-kubernetes.md @@ -150,7 +150,8 @@ Install the NLK controller using `helm install`. Be sure your kubectl context is ```bash helm install nlk oci://registry-1.docker.io/nginxcharts/nginxaas-loadbalancer-kubernetes --version 1.1.1 \ --set "nlk.dataplaneApiKey=${keyValue}" \ - --set "nlk.config.nginxHosts=${dataplaneAPIEndpoint}nplus" + --set "nlk.config.nginxHosts=${dataplaneAPIEndpoint}nplus" \ + --set "nlk.config.tls.mode=ca-tls" ``` ##### Install the AKS Extension using the Azure CLI @@ -173,7 +174,8 @@ az k8s-extension create \ --plan-publisher f5-networks \ --release-namespace nlk \ --config nlk.dataplaneApiKey=${keyValue} \ - --config nlk.config.nginxHosts=${dataplaneAPIEndpoint}nplus + --config nlk.config.nginxHosts=${dataplaneAPIEndpoint}nplus \ + --config nlk.config.tls.mode=ca-tls ``` ##### Install the AKS Extension using the Azure portal @@ -296,6 +298,7 @@ spec: | `nlk.config.logLevel` | How verbose should the NLK controller logs be. | Possible values are `debug`, `info`, `warn`, `error`. Default: `info`. | | `nlk.config.nginxHosts` | The NGINX Plus APIs to send upstream updates to. | Should be set to `{{dataplaneApiEndpoint}}nplus`.| | `nlk.config.serviceAnnotationMatch` | The value to match on a Service's `nginx.com/nginxaas` annotation. Useful when configuring multiple NLK controllers to update separate NGINXaaS deployemnts. | Default: `nginxaas`. | +| `nlk.config.tls.mode` | The TLS mode to use when forming connections with the data plane API server. | Should be set to `ca-tls` to enforce TLS with the data plane API server.| | `nlk.dataplaneApiKey` | The NGINXaaS data plane API key that will authorize the controller to talk to your NGINXaaS deployment. | | ### Multiple AKS clusters diff --git a/content/nginxaas-azure/module-changelog.md b/content/nginxaas-azure/module-changelog.md new file mode 100644 index 000000000..efc14c51c --- /dev/null +++ b/content/nginxaas-azure/module-changelog.md @@ -0,0 +1,57 @@ +--- +title: "Module Changelog" +weight: 950 +toc: true +url: /nginxaas/azure/module-changelog/ +--- + +Learn about the modules supported by the latest versions of F5 NGINX as a Service for Azure. + + +## July 03, 2025 + +### Stable + + {{}} + +| Name | Version | Description | +|------------------------------------------|--------------------------|------------------------------------------------------------------------| +| nginx-plus | 1.27.2 (nginx-plus-r33-p2) | NGINX Plus, provided by Nginx, Inc. | +| nginx-agent | 1.19.15-1795423089 | NGINX Agent - Management for NGINXaaS | +| Operating System | Ubuntu 22.04.5 | Jammy Jellyfish, provided by Canonical Ltd. | +| nginx-plus-module-geoip2 | 33+3.4-1 | NGINX Plus 3rd-party GeoIP2 dynamic modules | +| nginx-plus-module-headers-more | 33+0.37-1 | NGINX Plus 3rd-party headers-more dynamic module | +| nginx-plus-module-image-filter | 33-1 | NGINX Plus image filter dynamic module | +| nginx-plus-module-lua | 33+0.10.27-1 | NGINX Plus 3rd-party Lua dynamic modules | +| nginx-plus-module-ndk | 33+0.3.3-1 | NGINX Plus 3rd-party NDK dynamic module | +| nginx-plus-module-njs | 33+0.8.9-1 | NGINX Plus njs dynamic modules | +| nginx-plus-module-otel | 33+0.1.0-1 | NGINX Plus OpenTelemetry dynamic module | +| nginx-plus-module-xslt | 33-1 | NGINX Plus xslt dynamic module | +| nginx-plus-module-appprotect | 33+5.264.0-1 | NGINX Plus app protect dynamic module version 5.264.0 | +| app-protect-module-plus | 33+5.264.0-1 | App-Protect package for Nginx Plus, includes all of the default files and examples. NGINX App Protect provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10 attacks. | +| app-protect-plugin | 6.9.0-1 | NGINX App Protect plugin | +{{}} + + + +### Preview + + {{}} + +| Name | Version | Description | +|------------------------------------------|--------------------------|------------------------------------------------------------------------| +| nginx-plus | 1.27.2 (nginx-plus-r33-p2) | NGINX Plus, provided by Nginx, Inc. | +| nginx-agent | 1.19.15-1795423089 | NGINX Agent - Management for NGINXaaS | +| Operating System | Ubuntu 22.04.5 | Jammy Jellyfish, provided by Canonical Ltd. | +| nginx-plus-module-geoip2 | 33+3.4-1 | NGINX Plus 3rd-party GeoIP2 dynamic modules | +| nginx-plus-module-headers-more | 33+0.37-1 | NGINX Plus 3rd-party headers-more dynamic module | +| nginx-plus-module-image-filter | 33-1 | NGINX Plus image filter dynamic module | +| nginx-plus-module-lua | 33+0.10.27-1 | NGINX Plus 3rd-party Lua dynamic modules | +| nginx-plus-module-ndk | 33+0.3.3-1 | NGINX Plus 3rd-party NDK dynamic module | +| nginx-plus-module-njs | 33+0.8.9-1 | NGINX Plus njs dynamic modules | +| nginx-plus-module-otel | 33+0.1.0-1 | NGINX Plus OpenTelemetry dynamic module | +| nginx-plus-module-xslt | 33-1 | NGINX Plus xslt dynamic module | +| nginx-plus-module-appprotect | 33+5.264.0-1 | NGINX Plus app protect dynamic module version 5.264.0 | +| app-protect-module-plus | 33+5.264.0-1 | App-Protect package for Nginx Plus, includes all of the default files and examples. NGINX App Protect provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10 attacks. | +| app-protect-plugin | 6.9.0-1 | NGINX App Protect plugin | +{{}} diff --git a/content/nginxaas-azure/monitoring/configure-alerts.md b/content/nginxaas-azure/monitoring/configure-alerts.md index 78dd3e9de..10a7d0a9f 100644 --- a/content/nginxaas-azure/monitoring/configure-alerts.md +++ b/content/nginxaas-azure/monitoring/configure-alerts.md @@ -3,7 +3,7 @@ title: Configure alerts weight: 300 toc: true draft: false -docs: DOCS-985 +nd-docs: DOCS-985 url: /nginxaas/azure/monitoring/configure-alerts/ type: - how-to diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md index f2e9c9081..4344f69bc 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md @@ -2,7 +2,7 @@ title: Enable NGINX logs using CLI weight: 100 toc: true -docs: DOCS-1369 +nd-docs: DOCS-1369 url: /nginxaas/azure/monitoring/enable-logging/logging-using-cli/ type: - how-to diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md index 59be2a8b3..70da26047 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md @@ -2,7 +2,7 @@ title: Enable NGINX logs using Azure Portal weight: 100 toc: true -docs: DOCS-1369 +nd-docs: DOCS-1369 url: /nginxaas/azure/monitoring/enable-logging/logging-using-portal/ type: - how-to diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md index 059e1c642..af167f562 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md @@ -2,7 +2,7 @@ title: Enable NGINX logs using Terraform weight: 100 toc: true -docs: DOCS-1369 +nd-docs: DOCS-1369 url: /nginxaas/azure/monitoring/enable-logging/logging-using-terraform/ type: - how-to diff --git a/content/nginxaas-azure/monitoring/enable-monitoring.md b/content/nginxaas-azure/monitoring/enable-monitoring.md index 7185e3320..ebb97ce62 100644 --- a/content/nginxaas-azure/monitoring/enable-monitoring.md +++ b/content/nginxaas-azure/monitoring/enable-monitoring.md @@ -2,7 +2,7 @@ title: Enable monitoring weight: 200 toc: true -docs: DOCS-876 +nd-docs: DOCS-876 url: /nginxaas/azure/monitoring/enable-monitoring/ type: - how-to diff --git a/content/nginxaas-azure/monitoring/metrics-catalog.md b/content/nginxaas-azure/monitoring/metrics-catalog.md index f81686f7e..b31d887c9 100644 --- a/content/nginxaas-azure/monitoring/metrics-catalog.md +++ b/content/nginxaas-azure/monitoring/metrics-catalog.md @@ -2,7 +2,7 @@ title: Metrics catalog weight: 400 toc: false -docs: DOCS-877 +nd-docs: DOCS-877 url: /nginxaas/azure/monitoring/metrics-catalog/ type: - concept diff --git a/content/nginxaas-azure/overview/feature-comparison.md b/content/nginxaas-azure/overview/feature-comparison.md index 4bc1f8ed6..f30da905f 100644 --- a/content/nginxaas-azure/overview/feature-comparison.md +++ b/content/nginxaas-azure/overview/feature-comparison.md @@ -3,7 +3,7 @@ title: Feature comparison weight: 300 description: Compare NGINXaaS for Azure with other NGINX offerings. toc: false -docs: DOCS-1473 +nd-docs: DOCS-1473 url: /nginxaas/azure/overview/feature-comparison/ type: - concept diff --git a/content/nginxaas-azure/overview/overview.md b/content/nginxaas-azure/overview/overview.md index 336bee241..3126bdad2 100644 --- a/content/nginxaas-azure/overview/overview.md +++ b/content/nginxaas-azure/overview/overview.md @@ -2,7 +2,7 @@ title: Overview and architecture weight: 100 toc: true -docs: DOCS-879 +nd-docs: DOCS-879 url: /nginxaas/azure/overview/overview/ type: - concept @@ -36,8 +36,8 @@ The key capabilities of NGINXaaS for Azure are: ## Limitations -- NGINXaaS does not support IPv6 yet. -- NGINXaaS supports one public or private IP per deployment. NGINXaaS doesn't support a mix of public and private IPs at this time. +- NGINXaaS supports at most one IPv4 and one IPv6 IP address at any given time. +- NGINXaaS doesn't support a mix of public and private IPs at this time. - The IP address associated with an NGINXaaS deployment can't be changed from public to private, or from private to public. ## Supported regions diff --git a/content/nginxaas-azure/quickstart/basic-caching.md b/content/nginxaas-azure/quickstart/basic-caching.md index ce7ad0bee..40b16402d 100644 --- a/content/nginxaas-azure/quickstart/basic-caching.md +++ b/content/nginxaas-azure/quickstart/basic-caching.md @@ -2,7 +2,7 @@ title: Enable content caching weight: 200 toc: true -docs: DOCS-897 +nd-docs: DOCS-897 url: /nginxaas/azure/quickstart/basic-caching/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/hosting-static-content.md b/content/nginxaas-azure/quickstart/hosting-static-content.md index 3495ea824..05706b3b9 100644 --- a/content/nginxaas-azure/quickstart/hosting-static-content.md +++ b/content/nginxaas-azure/quickstart/hosting-static-content.md @@ -2,7 +2,7 @@ title: Hosting static content weight: 200 toc: true -docs: DOCS-1344 +nd-docs: DOCS-1344 url: /nginxaas/azure/quickstart/hosting-static-content/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/njs-support.md b/content/nginxaas-azure/quickstart/njs-support.md index b64f26927..344bafc2e 100644 --- a/content/nginxaas-azure/quickstart/njs-support.md +++ b/content/nginxaas-azure/quickstart/njs-support.md @@ -2,7 +2,7 @@ title: Use the njs Scripting language weight: 400 toc: true -docs: DOCS-874 +nd-docs: DOCS-874 url: /nginxaas/azure/quickstart/njs-support/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/rate-limiting.md b/content/nginxaas-azure/quickstart/rate-limiting.md index 61662c2bf..8dff3c692 100644 --- a/content/nginxaas-azure/quickstart/rate-limiting.md +++ b/content/nginxaas-azure/quickstart/rate-limiting.md @@ -2,7 +2,7 @@ title: Enable rate limiting weight: 300 toc: true -docs: DOCS-899 +nd-docs: DOCS-899 url: /nginxaas/azure/quickstart/rate-limiting/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/recreate.md b/content/nginxaas-azure/quickstart/recreate.md index 4ba08ec0a..06b515b5a 100644 --- a/content/nginxaas-azure/quickstart/recreate.md +++ b/content/nginxaas-azure/quickstart/recreate.md @@ -2,7 +2,7 @@ title: Recreating a deployment weight: 500 toc: true -docs: DOCS-1378 +nd-docs: DOCS-1378 url: /nginxaas/azure/quickstart/recreate/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/runtime-state-sharing.md b/content/nginxaas-azure/quickstart/runtime-state-sharing.md index 072932f92..0f86569b4 100644 --- a/content/nginxaas-azure/quickstart/runtime-state-sharing.md +++ b/content/nginxaas-azure/quickstart/runtime-state-sharing.md @@ -2,7 +2,7 @@ title: Runtime State Sharing weight: 100 toc: true -docs: DOCS-1499 +nd-docs: DOCS-1499 url: /nginxaas/azure/quickstart/runtime-state-sharing/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/scaling.md b/content/nginxaas-azure/quickstart/scaling.md index 05f9d1608..7fb1777ea 100644 --- a/content/nginxaas-azure/quickstart/scaling.md +++ b/content/nginxaas-azure/quickstart/scaling.md @@ -2,7 +2,7 @@ title: Scaling guidance weight: 100 toc: true -docs: DOCS-989 +nd-docs: DOCS-989 url: /nginxaas/azure/quickstart/scaling/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md index 4470cf1aa..9e147ec1a 100644 --- a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md +++ b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md @@ -2,7 +2,7 @@ title: Restricting access with HTTP basic authentication weight: 100 toc: true -docs: DOCS-990 +nd-docs: DOCS-990 url: /nginxaas/azure/security-controls/auth-basic/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/security-controls/jwt.md b/content/nginxaas-azure/quickstart/security-controls/jwt.md index e3a4441dc..f403eef0e 100644 --- a/content/nginxaas-azure/quickstart/security-controls/jwt.md +++ b/content/nginxaas-azure/quickstart/security-controls/jwt.md @@ -2,7 +2,7 @@ title: Setting up JWT authentication weight: 200 toc: true -docs: DOCS-1101 +nd-docs: DOCS-1101 url: /nginxaas/azure/quickstart/security-controls/jwt/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/security-controls/oidc.md b/content/nginxaas-azure/quickstart/security-controls/oidc.md index ea0aa9875..e67db825a 100644 --- a/content/nginxaas-azure/quickstart/security-controls/oidc.md +++ b/content/nginxaas-azure/quickstart/security-controls/oidc.md @@ -2,7 +2,7 @@ title: Set up OIDC authentication weight: 300 toc: true -docs: DOCS-1646 +nd-docs: DOCS-1646 url: /nginxaas/azure/quickstart/security-controls/oidc/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md b/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md index c9b54ce8d..a3c4fcedd 100644 --- a/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md +++ b/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md @@ -2,7 +2,7 @@ title: Securing upstream traffic weight: 300 toc: true -docs: DOCS-1475 +nd-docs: DOCS-1475 url: /nginxaas/azure/quickstart/security-controls/securing-upstream-traffic/ type: - how-to diff --git a/content/nginxaas-azure/quickstart/upgrade-channels.md b/content/nginxaas-azure/quickstart/upgrade-channels.md index 9abd6486f..5c5360047 100644 --- a/content/nginxaas-azure/quickstart/upgrade-channels.md +++ b/content/nginxaas-azure/quickstart/upgrade-channels.md @@ -2,7 +2,7 @@ title: Upgrade channels weight: 150 toc: true -docs: DOCS-1480 +nd-docs: DOCS-1480 url: /nginxaas/azure/quickstart/upgrade-channels/ type: - how-to diff --git a/content/nic/configuration/access-control.md b/content/nic/configuration/access-control.md index 54fee5f91..4af2ecb27 100644 --- a/content/nic/configuration/access-control.md +++ b/content/nic/configuration/access-control.md @@ -2,7 +2,7 @@ title: Deploy a Policy for access control weight: 900 toc: true -docs: DOCS-000 +nd-docs: DOCS-1858 --- This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md" >}}). diff --git a/content/nic/configuration/configuration-examples.md b/content/nic/configuration/configuration-examples.md index 0a0e6e3bb..c49c0790e 100644 --- a/content/nic/configuration/configuration-examples.md +++ b/content/nic/configuration/configuration-examples.md @@ -1,5 +1,5 @@ --- -docs: DOCS-584 +nd-docs: DOCS-584 doctypes: - '' title: Configuration examples diff --git a/content/nic/configuration/global-configuration/command-line-arguments.md b/content/nic/configuration/global-configuration/command-line-arguments.md index 79d8f3f02..e7ca266e9 100644 --- a/content/nic/configuration/global-configuration/command-line-arguments.md +++ b/content/nic/configuration/global-configuration/command-line-arguments.md @@ -1,5 +1,5 @@ --- -docs: DOCS-585 +nd-docs: DOCS-585 doctypes: - '' title: Command-line arguments diff --git a/content/nic/configuration/global-configuration/configmap-resource.md b/content/nic/configuration/global-configuration/configmap-resource.md index 662c9a4a2..499f7733a 100644 --- a/content/nic/configuration/global-configuration/configmap-resource.md +++ b/content/nic/configuration/global-configuration/configmap-resource.md @@ -184,12 +184,12 @@ For more information, view the [VirtualServer and VirtualServerRoute resources]( Zone Sync enables the [ngx_stream_zone_sync_module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) in NGINX Ingress Controller when NGINX Plus is used. Multiple replicas are required to effectively utililise this functionality. More information is available in the [How NGINX Plus Performs Zone Synchronization]({{< ref "/nginx/admin-guide/high-availability/zone_sync_details.md" >}}) topic. -Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. +Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml). -{{< caution >}} -If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. +{{< caution >}} +If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC. {{< /caution >}} diff --git a/content/nic/configuration/global-configuration/custom-templates.md b/content/nic/configuration/global-configuration/custom-templates.md index 589ce5951..6bb99f87f 100644 --- a/content/nic/configuration/global-configuration/custom-templates.md +++ b/content/nic/configuration/global-configuration/custom-templates.md @@ -1,5 +1,5 @@ --- -docs: DOCS-587 +nd-docs: DOCS-587 doctypes: - '' title: Custom templates diff --git a/content/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/nic/configuration/global-configuration/globalconfiguration-resource.md index 80d05bd55..16fd90edc 100644 --- a/content/nic/configuration/global-configuration/globalconfiguration-resource.md +++ b/content/nic/configuration/global-configuration/globalconfiguration-resource.md @@ -1,5 +1,5 @@ --- -docs: DOCS-588 +nd-docs: DOCS-588 doctypes: - '' title: GlobalConfiguration resource diff --git a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md index e1d9a120c..f7eb66aea 100644 --- a/content/nic/configuration/global-configuration/mgmt-configmap-resource.md +++ b/content/nic/configuration/global-configuration/mgmt-configmap-resource.md @@ -1,5 +1,5 @@ --- -docs: DOCS-586 +nd-docs: DOCS-1859 doctypes: - '' title: Management ConfigMap resource @@ -7,7 +7,7 @@ toc: true weight: 300 --- -When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. +When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. --- diff --git a/content/nic/configuration/host-and-listener-collisions.md b/content/nic/configuration/host-and-listener-collisions.md index 502ef830c..3336bb21e 100644 --- a/content/nic/configuration/host-and-listener-collisions.md +++ b/content/nic/configuration/host-and-listener-collisions.md @@ -2,7 +2,7 @@ title: Host and Listener collisions toc: true weight: 800 -docs: DOCS-590 +nd-docs: DOCS-590 --- This document explains how F5 NGINX Ingress Controller handles host and listener collisions between resources. diff --git a/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md b/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md index 0060a7e3b..8f5c8b764 100644 --- a/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md +++ b/content/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md @@ -1,5 +1,5 @@ --- -docs: DOCS-592 +nd-docs: DOCS-592 doctypes: - '' title: Advanced configuration with Snippets @@ -7,9 +7,9 @@ toc: true weight: 400 --- -Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. +Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. -Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. +Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. @@ -27,7 +27,7 @@ Snippets have the following disadvantages: - *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources. - *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources. -{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}} +{{< note >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /note >}} ## Using snippets @@ -68,7 +68,7 @@ spec: These snippets generate the following NGINX configuration: -{{< note >}} The example is shortened for conciseness. {{< /note >}} +{{< note >}} The example is shortened for conciseness. {{< /note >}} ```nginx server { diff --git a/content/nic/configuration/ingress-resources/basic-configuration.md b/content/nic/configuration/ingress-resources/basic-configuration.md index 8d1948693..00ed51ef6 100644 --- a/content/nic/configuration/ingress-resources/basic-configuration.md +++ b/content/nic/configuration/ingress-resources/basic-configuration.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: reference product: NIC -docs: DOCS-593 +nd-docs: DOCS-593 --- This document shows a basic Ingress resource definition for F5 NGINX Ingress Controller. It load balances requests for two services as part of a single application. @@ -93,9 +93,9 @@ NGINX Ingress Controller imposes the following restrictions on Ingress resources ## Advanced configuration -NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. +NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. -These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap. +These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap. The Ingress resource only allows you to use basic NGINX features: host and path-based routing and TLS termination. diff --git a/content/nic/configuration/policy-resource.md b/content/nic/configuration/policy-resource.md index a6c33e3e4..00a928774 100644 --- a/content/nic/configuration/policy-resource.md +++ b/content/nic/configuration/policy-resource.md @@ -175,8 +175,14 @@ condition: |Field | Description | Type | Required | | ---| ---| ---| --- | |``jwt`` | defines a JWT condition to rate limit against. | [ratelimit.condition.jwt](#ratelimitconditionjwt) | No | -|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same JWT condition, only one policy can be the default. | ``bool`` | No | +|``variables`` | defines a Variable condition to rate limit against. | [ratelimit.condition.variables](#ratelimitconditionvariables) | No | +|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same condition, only one policy can be the default. | ``bool`` | No | {{% /table %}} +{{< note >}} + +One condition of type `jwt` or `variables` is required. Each Policy supports only one condition. + +{{< /note >}} The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md). @@ -201,7 +207,7 @@ The rate limit policy will only apply to requests that contain a JWT with the sp { "user_details": { "level": "premium" - }, + }, "sub": "client1" } ``` @@ -213,6 +219,27 @@ The rate limit policy will only apply to requests that contain a JWT with the sp |``match`` | the value of the claim to match against. | ``string`` | Yes | {{% /table %}} +### RateLimit.Condition.Variables + +RateLimit.Condition.Variables defines a condition for a rate limit by NGINX variable. The following example defines a condition for a rate limit policy that only applies to requests with the request method with a value `GET`: + +```yaml +variables: + - name: $request_method + match: GET +``` + +{{< note >}} +Only one variable at a time is supported at present. +{{< /note >}} + +{{% table %}} +|Field | Description | Type | Required | +| ---| ---| ---| --- | +|``name`` | the name of the NGINX variable to be rate limit by. | ``string`` | Yes | +|``match`` | the value of the NGINX variable to match against. Values prefixed with the `~` character denote the following is a [regular expression](https://nginx.org/en/docs/http/ngx_http_map_module.html#map). | ``string`` | Yes | +{{% /table %}} + ### APIKey The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy. diff --git a/content/nic/configuration/transportserver-resource.md b/content/nic/configuration/transportserver-resource.md index b725ea2e6..ea2f3c688 100644 --- a/content/nic/configuration/transportserver-resource.md +++ b/content/nic/configuration/transportserver-resource.md @@ -2,7 +2,7 @@ title: TransportServer resources toc: true weight: 600 -docs: DOCS-598 +nd-docs: DOCS-598 --- This document is reference material for the TransportServer resource used by F5 NGINX Ingress Controller. diff --git a/content/nic/glossary.md b/content/nic/glossary.md index d76f9e3db..3985d7857 100644 --- a/content/nic/glossary.md +++ b/content/nic/glossary.md @@ -1,6 +1,6 @@ --- description: null -docs: DOCS-1446 +nd-docs: DOCS-1446 title: Glossary weight: 10000 --- diff --git a/content/nic/installation/build-nginx-ingress-controller.md b/content/nic/installation/build-nginx-ingress-controller.md index 4f37d8f25..560a46ca4 100644 --- a/content/nic/installation/build-nginx-ingress-controller.md +++ b/content/nic/installation/build-nginx-ingress-controller.md @@ -4,7 +4,7 @@ toc: true weight: 400 type: how-to product: NIC -docs: DOCS-1453 +nd-docs: DOCS-1453 --- This document describes how to build an F5 NGINX Ingress Controller image from source code and upload it to a private Docker registry. diff --git a/content/nic/installation/create-license-secret.md b/content/nic/installation/create-license-secret.md index 91be0f9f9..3b13bc543 100644 --- a/content/nic/installation/create-license-secret.md +++ b/content/nic/installation/create-license-secret.md @@ -1,12 +1,13 @@ --- -title: Create a license Secret +title: Create a license Secret toc: true weight: 300 nd-content-type: how-to nd-product: NIC +nd-docs: DOCS-1860 --- -This document explains how to create and use a license secret for F5 NGINX Ingress Controller. +This document explains how to create and use a license secret for F5 NGINX Ingress Controller. # Overview @@ -18,18 +19,18 @@ The JWT is required for validating your subscription and reporting telemetry dat {{< note >}} Read the [subscription licenses topic]({{< ref "/solutions/about-subscription-licenses.md#for-internet-connected-environments" >}}) for a list of IPs associated with F5's licensing endpoint (`product.connect.nginx.com`). {{}} -## Set up your NGINX Plus license +## Set up your NGINX Plus license ### Download the JWT {{< include "/nic/installation/download-jwt.md" >}} -### Create the Secret +### Create the Secret The JWT needs to be configured before deploying NGINX Ingress Controller. The JWT will be stored in a Kubernetes Secret of type `nginx.com/license`, and can be created with the following command. ```shell -kubectl create secret generic license-token --from-file=license.jwt= --type=nginx.com/license -n +kubectl create secret generic license-token --from-file=license.jwt= --type=nginx.com/license -n ``` You can now delete the downloaded `.jwt` file. @@ -91,7 +92,7 @@ Specify the endpoint in the `usage-report-endpoint` Management ConfigMap key. To configure SSL certificates or SSL trusted certificates, extra steps are necessary. -To use Client Auth with NGINX Instance Manager, first create a Secret of type `kubernetes.io/tls` in the same namespace as the NGINX Ingress Controller pods. +To use Client Auth with NGINX Instance Manager, first create a Secret of type `kubernetes.io/tls` in the same namespace as the NGINX Ingress Controller pods. ```shell kubectl create secret tls ssl-certificate --cert= --key= -n @@ -112,7 +113,7 @@ Providing an optional CRL (certificate revocation list) will configure the [`ssl {{%tab name="Helm"%}} -Specify the SSL certificate Secret name using the `controller.mgmt.sslCertificateSecretName` Helm value. +Specify the SSL certificate Secret name using the `controller.mgmt.sslCertificateSecretName` Helm value. Specify the SSL trusted certificate Secret name using the `controller.mgmt.sslTrustedCertificateSecretName` Helm value. diff --git a/content/nic/installation/ingress-nginx.md b/content/nic/installation/ingress-nginx.md index cc8fc2ebb..faa3d3b04 100644 --- a/content/nic/installation/ingress-nginx.md +++ b/content/nic/installation/ingress-nginx.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1469 +nd-docs: DOCS-1469 doctypes: - tutorial tags: diff --git a/content/nic/installation/installing-nic/_index.md b/content/nic/installation/installing-nic/_index.md index ad70f8f42..52e4300bf 100644 --- a/content/nic/installation/installing-nic/_index.md +++ b/content/nic/installation/installing-nic/_index.md @@ -2,4 +2,5 @@ title: Install NGINX Ingress Controller description: weight: 100 +url: /nginx-ingress-controller/installation/installing-nic --- diff --git a/content/nic/installation/installing-nic/deploy-with-nap-using-helm.md b/content/nic/installation/installing-nic/deploy-with-nap-using-helm.md index 815ac0166..054b4e887 100644 --- a/content/nic/installation/installing-nic/deploy-with-nap-using-helm.md +++ b/content/nic/installation/installing-nic/deploy-with-nap-using-helm.md @@ -4,9 +4,10 @@ toc: true weight: 500 nd-content-type: how-to nd-product: NIC +nd-docs: DOCS-1861 --- -This document describes how to build a local F5 NGINX App Protect WAF v5 Docker image with NGINX Plus Ingress +This document describes how to build a local F5 NGINX App Protect WAF v5 Docker image with NGINX Plus Ingress Controller, which can be used to compile WAF policies. This is accomplished with the following steps: @@ -21,7 +22,7 @@ This is accomplished with the following steps: ## Prepare Secrets and credentials -1. Download your NGINX Ingress Controller subscription's JSON Web Token, SSL Certificate, and Private Key from MyF5. +1. Download your NGINX Ingress Controller subscription's JSON Web Token, SSL Certificate, and Private Key from MyF5. You can use the same JSON Web Token, Certificate, and Key as NGINX Plus in your MyF5 portal. 1. Rename the files to the following: - `nginx-repo.crt` @@ -330,7 +331,7 @@ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP "http://webapp.example.co ``` ```text -Request RejectedThe requested URL was rejected. Please consult with your +Request RejectedThe requested URL was rejected. Please consult with your administrator.

Your support ID is: 11241918873745059631

[Go Back] ``` @@ -338,6 +339,6 @@ administrator.

Your support ID is: 11241918873745059631

This is mostly the same as the [examples/custom_resources/app-protect-waf-v5](https://github.com/nginx/kubernetes-ingress/tree/main/examples/custom-resources/app-protect-waf-v5) deployment in a single file with the policy bundle already set. -You now have a fully operational NGINX Ingress Controller instance with NGINX App Protect deployed in your Kubernetes environment. +You now have a fully operational NGINX Ingress Controller instance with NGINX App Protect deployed in your Kubernetes environment. For further details, troubleshooting, or support, refer to the [official NGINX documentation]({{< ref "/" >}}) or reach out directly to your F5/NGINX account team. diff --git a/content/nic/installation/installing-nic/installation-with-helm.md b/content/nic/installation/installing-nic/installation-with-helm.md index 3580dce67..4ad8e1377 100644 --- a/content/nic/installation/installing-nic/installation-with-helm.md +++ b/content/nic/installation/installing-nic/installation-with-helm.md @@ -11,7 +11,7 @@ This document explains how to install F5 NGINX Ingress Controller using [Helm](h ## Before you begin -{{< note >}} All documentation should only be used with the latest stable release, indicated on [the releases page]({{< ref "/nic/releases.md" >}}) of the GitHub repository. {{< /note >}} +{{< call-out "note" >}} All documentation should only be used with the latest stable release, indicated on [the releases page]({{< ref "/nic/releases.md" >}}) of the GitHub repository. {{< /call-out >}} - A [Kubernetes Version Supported by NGINX Ingress Controller]({{< ref "/nic/technical-specifications.md#supported-kubernetes-versions" >}}) - Helm 3.0+. @@ -30,8 +30,7 @@ If you do not use the custom resources that require those CRDs (which correspond ### Upgrade the CRDs -{{< note >}} Please make sure to read the steps outlined in [Upgrade to V4]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md#update-custom-resource-apiversion" >}}) before running the CRD upgrade and perform the steps if applicable. -{{< /note >}} +{{< call-out "note" >}} If you are running NGINX Ingress Controller v3.x, you should read [Upgrade from NGINX Ingress Controller v3.x to v4.0.0]({{< ref "/nic/installation/installing-nic/upgrade-to-v4.md" >}}) before continuing. {{< /call-out >}} To upgrade the CRDs, pull the chart sources as described in [Pull the Chart](#pull-the-chart) and then run: @@ -47,10 +46,10 @@ kubectl apply -f https://raw.githubusercontent.com/nginx/kubernetes-ingress/v{{< In the above command, `v{{< nic-version >}}` represents the version of NGINX Ingress Controller release rather than the Helm chart version. -{{< note >}} The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`. +{{< call-out "note" >}} The following warning is expected and can be ignored: `Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply`. Check the [release notes](https://www.github.com/nginx/kubernetes-ingress/releases)β€―for a new release for any special upgrade procedures. -{{< /note >}} +{{< /call-out >}} ### Uninstall the CRDs @@ -60,7 +59,7 @@ To remove the CRDs, pull the chart sources as described in [Pull the Chart](#pul kubectl delete -f crds/ ``` -{{< warning >}} This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other NGINX Ingress Controller instances running in the cluster. {{< /warning >}} +{{< call-out "warning" >}} This command will delete all the corresponding custom resources in your cluster across all namespaces. Please ensure there are no custom resources that you want to keep and there are no other NGINX Ingress Controller instances running in the cluster. {{< /call-out >}} ## Manage the chart with OCI Registry @@ -113,7 +112,7 @@ You can install the `edge` version by specifying the `--version` flag with the v helm install my-release oci://ghcr.io/nginx/charts/nginx-ingress --version 0.0.0-edge ``` -{{< warning >}} The `edge` version is not intended for production use. It is intended for testing and development purposes only. {{< /warning >}} +{{< call-out "warning" >}} The `edge` version is not intended for production use. It is intended for testing and development purposes only. {{< /call-out >}} ## Manage the chart with Sources @@ -184,7 +183,7 @@ Although the advisory is to update all resources in accordance with new naming c ### Upgrade steps -{{< note >}} The following steps apply to both 2.x and 3.0.x releases. {{}} +{{< call-out "note" >}} The following steps apply to both 2.x and 3.0.x releases. {{}} The steps you should follow depend on the Helm release name: @@ -299,7 +298,6 @@ The [Run multiple NGINX Ingress Controllers]({{< ref "/nic/installation/run-mult The following tables lists the configurable parameters of the NGINX Ingress Controller chart and their default values. -{{< table >}} {{}} |Parameter | Description | Default | | --- | --- | --- | @@ -490,4 +488,3 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |**nginxAgent.napMonitoring.processorBufferSize** | Buffer size for processor. Will contain log lines and parsed log lines. | 50000 | |**nginxAgent.customConfigMap** | The name of a custom ConfigMap to use instead of the one provided by default. | "" | {{}} -{{< /table >}} diff --git a/content/nic/installation/installing-nic/installation-with-manifests.md b/content/nic/installation/installing-nic/installation-with-manifests.md index 61f457808..2f44611f6 100644 --- a/content/nic/installation/installing-nic/installation-with-manifests.md +++ b/content/nic/installation/installing-nic/installation-with-manifests.md @@ -4,7 +4,7 @@ toc: true weight: 200 type: how-to product: NIC -docs: DOCS-603 +nd-docs: DOCS-603 --- This guide explains how to use Manifests to install F5 NGINX Ingress Controller, then create both common and custom resources and set up role-based access control. diff --git a/content/nic/installation/installing-nic/installation-with-operator.md b/content/nic/installation/installing-nic/installation-with-operator.md index 3fc35a09f..459d7cfd1 100644 --- a/content/nic/installation/installing-nic/installation-with-operator.md +++ b/content/nic/installation/installing-nic/installation-with-operator.md @@ -4,7 +4,7 @@ toc: true weight: 300 type: how-to product: NIC -docs: DOCS-604 +nd-docs: DOCS-604 --- This document explains how to install F5 NGINX Ingress Controller using NGINX Ingress Operator. diff --git a/content/nic/installation/installing-nic/upgrade-to-v4.md b/content/nic/installation/installing-nic/upgrade-to-v4.md index 23382a540..f63d33fb2 100644 --- a/content/nic/installation/installing-nic/upgrade-to-v4.md +++ b/content/nic/installation/installing-nic/upgrade-to-v4.md @@ -1,18 +1,26 @@ --- -title: Upgrade to NGINX Ingress Controller 4.0.0 +title: Upgrade from NGINX Ingress Controller v3.x to v4.0.0 toc: true weight: 400 -type: how-to -product: NIC -docs: DOCS-000 +nd-content-type: how-to +nd-product: NIC +nd-docs: DOCS-1862 --- -This document explains how to upgrade F5 NGINX Ingress Controller to 4.0.0. +This document explains how to upgrade F5 NGINX Ingress Controller from version v3.x to v4.0.0. There are two necessary steps required: updating the `apiVersion` value of custom resources and configuring structured logging. For NGINX Plus users, there is a third step to create a Secret for your license. +{{< call-out "warning" "This upgrade path is intended for 3.x to 4.0.0 only" >}} + +The instructions in this document are intended only for users upgrading from NGINX Ingress Controller 3.x to 4.0.0. Internal changes meant that backwards compability was not possible, requiring extra steps to upgrade. + +From NGINX Ingress Controller v4.0.0 onwards, you can upgrade as normal, based on your installation method: [Helm]({{< ref "/nic/installation/installing-nic/installation-with-helm.md">}}) or [Manifests]({{< ref "/nic/installation/installing-nic/installation-with-manifests.md">}}). + +{{< /call-out >}} + --- ## Update custom resource apiVersion diff --git a/content/nic/installation/integrations/_index.md b/content/nic/installation/integrations/_index.md index e1c0b2f10..83943f248 100644 --- a/content/nic/installation/integrations/_index.md +++ b/content/nic/installation/integrations/_index.md @@ -2,4 +2,5 @@ title: Integrations description: weight: 600 +url: /nginx-ingress-controller/installation/integrations --- diff --git a/content/nic/installation/integrations/app-protect-dos/installation.md b/content/nic/installation/integrations/app-protect-dos/installation.md index 9471d48c5..75a4439ae 100644 --- a/content/nic/installation/integrations/app-protect-dos/installation.md +++ b/content/nic/installation/integrations/app-protect-dos/installation.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: how-to product: NIC -docs: DOCS-583 +nd-docs: DOCS-583 --- This document explains how to build an image for F5 NGINX Ingress Controller with NGINX App Protect DoS from source code. diff --git a/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md b/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md index c34785d49..e21c90e4e 100644 --- a/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md +++ b/content/nic/installation/integrations/app-protect-waf-v5/compile-waf-policies.md @@ -4,7 +4,7 @@ weight: 300 toc: true nd-content-type: how-to nd-product: NIC -nd-docs: DOCS-000 +nd-docs: DOCS-1863 --- ## Overview diff --git a/content/nic/installation/integrations/app-protect-waf-v5/configuration.md b/content/nic/installation/integrations/app-protect-waf-v5/configuration.md index 748e56d79..d6cbc208a 100644 --- a/content/nic/installation/integrations/app-protect-waf-v5/configuration.md +++ b/content/nic/installation/integrations/app-protect-waf-v5/configuration.md @@ -4,7 +4,7 @@ weight: 200 toc: true nd-content-type: how-to nd-product: NIC -nd-docs: DOCS-000 +nd-docs: DOCS-1866 --- ## Overview diff --git a/content/nic/installation/integrations/app-protect-waf-v5/installation.md b/content/nic/installation/integrations/app-protect-waf-v5/installation.md index 40f638f1a..2cdc5964c 100644 --- a/content/nic/installation/integrations/app-protect-waf-v5/installation.md +++ b/content/nic/installation/integrations/app-protect-waf-v5/installation.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: how-to product: NIC -docs: DOCS-000 +nd-docs: DOCS-1865 --- This document explains how to build a F5 NGINX Ingress Controller image with NGINX App Protect WAF v5 from source code. diff --git a/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md b/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md index 65594dcf6..aca3370d7 100644 --- a/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md +++ b/content/nic/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md @@ -4,7 +4,7 @@ weight: 400 toc: true nd-content-type: how-to nd-product: NIC -nd-docs: DOCS-000 +nd-docs: DOCS-1864 --- This document describes how to troubleshoot problems when using NGINX Ingress Controller and the NGINX App Protect WAF module version 5. diff --git a/content/nic/installation/integrations/app-protect-waf/configuration.md b/content/nic/installation/integrations/app-protect-waf/configuration.md index 50d2c6352..ce77de634 100644 --- a/content/nic/installation/integrations/app-protect-waf/configuration.md +++ b/content/nic/installation/integrations/app-protect-waf/configuration.md @@ -4,7 +4,7 @@ weight: 200 toc: true type: how-to product: NIC -docs: DOCS-578 +nd-docs: DOCS-578 --- This document explains how to use F5 NGINX Ingress Controller to configure NGINX App Protect WAF. diff --git a/content/nic/installation/integrations/app-protect-waf/installation.md b/content/nic/installation/integrations/app-protect-waf/installation.md index 08e7404e9..ed7732450 100644 --- a/content/nic/installation/integrations/app-protect-waf/installation.md +++ b/content/nic/installation/integrations/app-protect-waf/installation.md @@ -4,7 +4,7 @@ weight: 100 toc: true type: how-to product: NIC -docs: DOCS-579 +nd-docs: DOCS-579 --- This document explains how to build a F5 NGINX Ingress Controller image with F5 NGINX App Protect WAF from source code. diff --git a/content/nic/installation/integrations/f5-ingresslink.md b/content/nic/installation/integrations/f5-ingresslink.md index 1e06bbab7..887138ac3 100644 --- a/content/nic/installation/integrations/f5-ingresslink.md +++ b/content/nic/installation/integrations/f5-ingresslink.md @@ -1,5 +1,5 @@ --- -docs: DOCS-600 +nd-docs: DOCS-600 doctypes: - concept title: F5 BIG-IP diff --git a/content/nic/installation/integrations/opentracing.md b/content/nic/installation/integrations/opentracing.md index 55c6efd2a..9b131dc8c 100644 --- a/content/nic/installation/integrations/opentracing.md +++ b/content/nic/installation/integrations/opentracing.md @@ -1,5 +1,5 @@ --- -docs: DOCS-618 +nd-docs: DOCS-618 doctypes: - '' title: OpenTracing (Deprecated in v5.0.0) diff --git a/content/nic/installation/nic-images/_index.md b/content/nic/installation/nic-images/_index.md index bcf9d1557..526b52588 100644 --- a/content/nic/installation/nic-images/_index.md +++ b/content/nic/installation/nic-images/_index.md @@ -1,4 +1,5 @@ --- title: NGINX Ingress Controller images weight: 200 +url: /nginx-ingress-controller/installation/nic-images --- diff --git a/content/nic/installation/nic-images/get-registry-image.md b/content/nic/installation/nic-images/get-registry-image.md index 9fadafa08..9cf8dd08a 100644 --- a/content/nic/installation/nic-images/get-registry-image.md +++ b/content/nic/installation/nic-images/get-registry-image.md @@ -7,7 +7,7 @@ nd-product: NIC nd-docs: DOCS-605 --- -Learn how to pull an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry and upload it to your private registry. +Learn how to pull an F5 NGINX Plus Ingress Controller image from the official F5 Docker registry and upload it to your private registry. The F5 Registry images include versions with NGINX App Protect WAF and NGINX App Protect DoS. diff --git a/content/nic/installation/nic-images/use-aws-image.md b/content/nic/installation/nic-images/use-aws-image.md index 38178778c..4198e253c 100644 --- a/content/nic/installation/nic-images/use-aws-image.md +++ b/content/nic/installation/nic-images/use-aws-image.md @@ -1,5 +1,5 @@ --- -docs: DOCS-607 +nd-docs: DOCS-607 doctypes: - '' title: Use the AWS Marketplace NGINX Ingress Controller image @@ -107,7 +107,7 @@ Follow this guide to set up NGINX Ingress Controller using AWS Marketplace. This
- Ensure the service account name matches the one in your _values.yaml_ file for helm deployment. + Ensure the service account name matches the one in your _values.yaml_ file for helm deployment. Ensure the EKS `role-arn` matches the service account annotation in your _values.yaml_ file for helm deployment. You can use this command to retrieve the `role-arn` ``` shell aws iam list-roles | jq -r --arg role "my-cluster-sa" '.Roles[] | select(.RoleName==$role) | .Arn' diff --git a/content/nic/installation/nic-images/use-gcp-image.md b/content/nic/installation/nic-images/use-gcp-image.md index 2c38c8cff..2eb4e2f76 100644 --- a/content/nic/installation/nic-images/use-gcp-image.md +++ b/content/nic/installation/nic-images/use-gcp-image.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1455 +nd-docs: DOCS-1455 doctypes: - '' title: Use the GCP Marketplace NGINX Ingress Controller image diff --git a/content/nic/installation/run-multiple-ingress-controllers.md b/content/nic/installation/run-multiple-ingress-controllers.md index 3c2bd7116..98f3417b8 100644 --- a/content/nic/installation/run-multiple-ingress-controllers.md +++ b/content/nic/installation/run-multiple-ingress-controllers.md @@ -1,5 +1,5 @@ --- -docs: DOCS-606 +nd-docs: DOCS-606 doctypes: - '' title: Run multiple NGINX Ingress Controllers diff --git a/content/nic/logging-and-monitoring/prometheus.md b/content/nic/logging-and-monitoring/prometheus.md index 3d56d486f..17f32abe5 100644 --- a/content/nic/logging-and-monitoring/prometheus.md +++ b/content/nic/logging-and-monitoring/prometheus.md @@ -1,5 +1,5 @@ --- -docs: DOCS-614 +nd-docs: DOCS-614 doctypes: - concept title: Prometheus diff --git a/content/nic/overview/about.md b/content/nic/overview/about.md index f6231c24a..ef6bdeaf6 100644 --- a/content/nic/overview/about.md +++ b/content/nic/overview/about.md @@ -8,7 +8,7 @@ nd-docs: DOCS-612 This document describes the F5 NGINX Ingress Controller, an Ingress Controller implementation for NGINX and NGINX Plus. -NGINX Ingress Controller is an [Ingress Controller]({{< ref "/nic/glossary.md#ingress-controller">}}) implementation for [NGINX](https://nginx.org) and [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) that can load balance Websocket, gRPC, TCP and UDP applications. NGINX Ingress Controller gives you a way to manage NGINX through the [Kubernetes](https://kubernetes.io/) API, and is built to handle the continuous change that happens in Kubernetes environments. +NGINX Ingress Controller is an [Ingress Controller]({{< ref "/nic/glossary.md#ingress-controller">}}) implementation for [NGINX](https://nginx.org) and [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) that can load balance Websocket, gRPC, TCP and UDP applications. NGINX Ingress Controller gives you a way to manage NGINX through the [Kubernetes](https://kubernetes.io/) API, and is built to handle the continuous change that happens in Kubernetes environments. It supports standard [Ingress]({{< ref "/nic/glossary.md#ingress">}}) features such as content-based routing and TLS/SSL termination.Several NGINX and NGINX Plus features are available as extensions to Ingress resources through [Annotations]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations">}}) and the [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource">}}) resource. diff --git a/content/nic/overview/nginx-plus.md b/content/nic/overview/nginx-plus.md index 67adfa515..07316c039 100644 --- a/content/nic/overview/nginx-plus.md +++ b/content/nic/overview/nginx-plus.md @@ -1,5 +1,5 @@ --- -docs: DOCS-611 +nd-docs: DOCS-611 doctypes: - concept title: Extensibility with NGINX Plus diff --git a/content/nic/overview/product-telemetry.md b/content/nic/overview/product-telemetry.md index f6421b1f1..29f1ad409 100644 --- a/content/nic/overview/product-telemetry.md +++ b/content/nic/overview/product-telemetry.md @@ -2,6 +2,7 @@ title: Product telemetry toc: true weight: 500 +nd-docs: DOCS-1857 --- Learn why, what and how F5 NGINX Ingress Controller collects telemetry. diff --git a/content/nic/releases.md b/content/nic/releases.md index 4738b69be..f3480f11a 100644 --- a/content/nic/releases.md +++ b/content/nic/releases.md @@ -5,6 +5,55 @@ toc: true nd-content-type: reference nd-product: NIC nd-docs: DOCS-616 +--- +## 5.1.0 + +08 Jul 2025 + +This release includes the ability to configure Rate Limiting for your APIs based on a specific NGINX variable and its value. This allows you more granular control over how frequently specific users access your resources. + +Lastly, in our previous v5.0.0 release, we removed support for Open Tracing. This release replaces that observability capability with native NGINX Open Telemetry traces, allowing you to monitor the internal traffic of your applications. + +### Features +- [7642](https://github.com/nginx/kubernetes-ingress/pull/7642) Add OpenTelemetry support +- [7916](https://github.com/nginx/kubernetes-ingress/pull/7916) Add support for Agent V3 +- [7884](https://github.com/nginx/kubernetes-ingress/pull/7884) Tiered rate limits with variables +- [7765](https://github.com/nginx/kubernetes-ingress/pull/7765) Add OIDC PKCE configuration through Policy +- [7832](https://github.com/nginx/kubernetes-ingress/pull/7832) Add request_method to rate-limit Policy +- [7695](https://github.com/nginx/kubernetes-ingress/pull/7695) Add ConfigMapKeys & MGMTConfigMapKeys to Telemetry +- [7705](https://github.com/nginx/kubernetes-ingress/pull/7705) Add Context to logging for JSON and TEXT formats + +### Fixes + +- [7651](https://github.com/nginx/kubernetes-ingress/pull/7651) Use pod labels as headless selector labels +- [7691](https://github.com/nginx/kubernetes-ingress/pull/7691) Avoid applying updates on Ingress Controller shutdown +- [7748](https://github.com/nginx/kubernetes-ingress/pull/7748) Add ; in oidc files +- [7786](https://github.com/nginx/kubernetes-ingress/pull/7786) Correct namespace for mgmt secrets +- [7853](https://github.com/nginx/kubernetes-ingress/pull/7853) Update template for custom redirect URI +- [7865](https://github.com/nginx/kubernetes-ingress/pull/7865) Maintain HeadlessService on upgrade + +### Dependencies + +- [7647](https://github.com/nginx/kubernetes-ingress/pull/7647), [7666](https://github.com/nginx/kubernetes-ingress/pull/7666), [7711](https://github.com/nginx/kubernetes-ingress/pull/7711), [7767](https://github.com/nginx/kubernetes-ingress/pull/7767), [7798](https://github.com/nginx/kubernetes-ingress/pull/7798), [7824](https://github.com/nginx/kubernetes-ingress/pull/7824), [7854](https://github.com/nginx/kubernetes-ingress/pull/7854), [7900](https://github.com/nginx/kubernetes-ingress/pull/7900), [7918](https://github.com/nginx/kubernetes-ingress/pull/7918), [7926](https://github.com/nginx/kubernetes-ingress/pull/7926) Bump Go dependancies +- [7714](https://github.com/nginx/kubernetes-ingress/pull/7714), [7788](https://github.com/nginx/kubernetes-ingress/pull/7788), [7825](https://github.com/nginx/kubernetes-ingress/pull/7825), [7855](https://github.com/nginx/kubernetes-ingress/pull/7855), [7890](https://github.com/nginx/kubernetes-ingress/pull/7890), [7888](https://github.com/nginx/kubernetes-ingress/pull/7888), [7893](https://github.com/nginx/kubernetes-ingress/pull/7893), [7903](https://github.com/nginx/kubernetes-ingress/pull/7903) Bump Docker dependencies +- [7808](https://github.com/nginx/kubernetes-ingress/pull/7808) Update kubernetes version to v1.33.1 in helm schema +- [7896](https://github.com/nginx/kubernetes-ingress/pull/7896) Update go version to 1.24.4 + +### Upgrade + +- For NGINX, use the 5.1.0 images from our +[DockerHub](https://hub.docker.com/r/nginx/nginx-ingress/tags?page=1&ordering=last_updated&name=5.1.0), +[GitHub Container](https://github.com/nginx/kubernetes-ingress/pkgs/container/kubernetes-ingress), +[Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-ingress) or [Quay.io](https://quay.io/repository/nginx/nginx-ingress). +- For NGINX Plus, use the 5.1.0 images from the F5 Container registry or build your own image using the 5.1.0 source code +- For Helm, use version 2.2.0 of the chart. + +### Supported Platforms + +We will provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by +its provider and that passes the Kubernetes conformance tests. This release was fully tested on the following Kubernetes +versions: 1.25-1.33. + --- ## 5.0.0 @@ -18,7 +67,7 @@ With the removal of the OpenTracing dynamic module from [NGINX Plus R34](({{< re We have extended the rate-limit Policy to allow tiered rate limit groups with JWT claims. This will also allow users to apply different rate limits to their `VirtualServer` or `VirtualServerRoutes` with the value of a JWT claim. See [here](https://github.com/nginx/kubernetes-ingress/tree/v5.0.0/examples/custom-resources/rate-limit-tiered-jwt-claim/) for a working example. -We introduced NGINX Plus Zone Sync as a managed service within NGINX Ingress Controller in this release. In previous releases, we had examples using `stream-snippets` for OIDC support, users can now enable `zone-sync` without the need for `snippets`. NGINX Plus Zone Sync is available when utilising two or more replicas, it supports OIDC & rate limiting. +We introduced NGINX Plus Zone Sync as a managed service within NGINX Ingress Controller in this release. In previous releases, we had examples using `stream-snippets` for OIDC support, users can now enable `zone-sync` without the need for `snippets`. NGINX Plus Zone Sync is available when utilising two or more replicas, it supports OIDC & rate limiting. {{< note >}} For users who have previously installed OIDC or used the `zone_sync` directive with `stream-snippets`, please see the note in the [Configmap resources]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) topic to use the new `zone-sync` ConfigMap option. diff --git a/content/nic/technical-specifications.md b/content/nic/technical-specifications.md index ad9d5b2e4..794d5d818 100644 --- a/content/nic/technical-specifications.md +++ b/content/nic/technical-specifications.md @@ -4,7 +4,7 @@ toc: true weight: 200 doctype: reference product: NIC -docs: DOCS-617 +nd-docs: DOCS-617 --- This page describes technical specifications for F5 NGINX Ingress Controller, such as its version compatibility with Kubernetes and other NGINX software. @@ -17,17 +17,17 @@ We recommend using the latest release of NGINX Ingress Controller. We provide so We test NGINX Ingress Controller on a range of Kubernetes platforms for each release, and list them in the [release notes]({{< ref "/nic/releases.md" >}}). We provide technical support for NGINX Ingress Controller on any Kubernetes platform that is currently supported by its provider, and that passes the [Kubernetes conformance tests](https://www.cncf.io/certification/software-conformance/). {{< bootstrap-table "table table-bordered table-striped table-responsive" >}} -| NIC version | Kubernetes versions tested | NIC Helm Chart version | NIC Operator version | NGINX / NGINX Plus version | -| --- | --- | --- | --- | --- | -| {{< nic-version >}} | 1.25 - 1.32 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.4 / R34 | -| 4.0.1 | 1.25 - 1.32 | 2.0.1 | 3.0.1 | 1.27.4 / R33 P2 | -| 3.7.2 | 1.25 - 1.31 | 1.4.2 | 2.4.2 | 1.27.2 / R32 P1 | -| 3.6.2 | 1.25 - 1.31 | 1.3.2 | 2.3.2 | 1.27.1 / R32 P1 | -| 3.5.2 | 1.23 - 1.30 | 1.2.2 | 2.2.2 | 1.27.0 / R32 | -| 3.4.3 | 1.23 - 1.29 | 1.1.3 | 2.1.2 | 1.25.4 / R31 P1 | -| 3.3.2 | 1.22 - 1.28 | 1.0.2 | 2.0.2 | 1.25.3 / R30 | -| 3.2.1 | 1.22 - 1.27 | 0.18.1 | 1.5.1 | 1.25.2 / R30 | -| 3.1.1 | 1.22 - 1.26 | 0.17.1 | 1.4.2 | 1.23.4 / R29 | +| NIC version | Kubernetes versions tested | NIC Helm Chart version | NIC Operator version | NGINX / NGINX Plus version | End of Technical Support | +| --- | --- | --- | --- | --- | --- | +| {{< nic-version >}} | 1.25 - 1.33 | {{< nic-helm-version >}} | {{< nic-operator-version >}} | 1.27.5 / R34 P1 | - | +| 5.0.0 | 1.25 - 1.32 | 2.1.0 | 3.1.0 | 1.27.4 / R34 | Apr 16, 2027 | +| 4.0.1 | 1.25 - 1.32 | 2.0.1 | 3.0.1 | 1.27.4 / R33 P2 | Feb 7, 2027 | +| 3.7.2 | 1.25 - 1.31 | 1.4.2 | 2.4.2 | 1.27.2 / R32 P1 | Nov 25, 2026 | +| 3.6.2 | 1.25 - 1.31 | 1.3.2 | 2.3.2 | 1.27.1 / R32 P1 | Aug 19, 2026 | +| 3.5.2 | 1.23 - 1.30 | 1.2.2 | 2.2.2 | 1.27.0 / R32 | May 31, 2026 | +| 3.4.3 | 1.23 - 1.29 | 1.1.3 | 2.1.2 | 1.25.4 / R31 P1 | Feb 19, 2026 | +| 3.3.2 | 1.22 - 1.28 | 1.0.2 | 2.0.2 | 1.25.3 / R30 | Nov 1, 2025 | +| 3.2.1 | 1.22 - 1.27 | 0.18.1 | 1.5.1 | 1.25.2 / R30 | Aug 18, 2025 | {{% /bootstrap-table %}} --- @@ -42,13 +42,13 @@ We provide the following Docker images, which include NGINX or NGINX Plus bundle From release `v5.1.0` onwards, NGINX Ingress Controller will no longer provide binaries for the `armv7`, `s390x` & `ppc64le` architectures. {{< /important >}} -_All images include NGINX 1.27.4._ +_All images include NGINX 1.27.5._ {{< bootstrap-table "table table-bordered table-responsive" >}} |
Name
|
Base image
| DockerHub image | Architectures | | ---| --- | --- | --- | -|Alpine-based image | ``nginx:1.27.4-alpine``,
based on on ``alpine:3.21`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64
amd64 | -|Debian-based image | ``nginx:1.27.4``,
based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64
amd64 | +|Alpine-based image | ``nginx:1.27.5-alpine``,
based on on ``alpine:3.21`` | ``nginx/nginx-ingress:{{< nic-version >}}-alpine`` | arm64
amd64 | +|Debian-based image | ``nginx:1.27.5``,
based on on ``debian:12-slim`` | ``nginx/nginx-ingress:{{< nic-version >}}`` | arm64
amd64 | |Ubi-based image | ``redhat/ubi9-minimal`` | ``nginx/nginx-ingress:{{< nic-version >}}-ubi`` | arm64
amd64 | {{% /bootstrap-table %}} diff --git a/content/nic/troubleshooting/troubleshoot-common.md b/content/nic/troubleshooting/troubleshoot-common.md index 23438408c..4207917a9 100644 --- a/content/nic/troubleshooting/troubleshoot-common.md +++ b/content/nic/troubleshooting/troubleshoot-common.md @@ -92,7 +92,7 @@ args: - -log-level=debug ``` -**ConfigMap settings** +**ConfigMap settings** You can configure `error-log-level` in NGINX Ingress Controller `configMap`: ```yaml diff --git a/content/nic/troubleshooting/troubleshoot-configmap-policy.md b/content/nic/troubleshooting/troubleshoot-configmap-policy.md index fa5f44059..32169d55c 100644 --- a/content/nic/troubleshooting/troubleshoot-configmap-policy.md +++ b/content/nic/troubleshooting/troubleshoot-configmap-policy.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1457 +nd-docs: DOCS-1457 doctypes: - '' title: Troubleshooting Policy resources diff --git a/content/nic/troubleshooting/troubleshoot-ingress.md b/content/nic/troubleshooting/troubleshoot-ingress.md index e970b2548..3fccf4aec 100644 --- a/content/nic/troubleshooting/troubleshoot-ingress.md +++ b/content/nic/troubleshooting/troubleshoot-ingress.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1458 +nd-docs: DOCS-1458 doctypes: - '' title: Troubleshooting Ingress resources diff --git a/content/nic/troubleshooting/troubleshoot-support.md b/content/nic/troubleshooting/troubleshoot-support.md index 37308268b..340796320 100644 --- a/content/nic/troubleshooting/troubleshoot-support.md +++ b/content/nic/troubleshooting/troubleshoot-support.md @@ -1,7 +1,7 @@ --- title: Commercial support weight: 100 -docs: DOCS-000 +nd-docs: DOCS-1867 --- F5 NGINX Ingress Controller adheres to the support policy detailed in the following knowledge base article: [K000140156](https://my.f5.com/manage/s/article/K000140156). diff --git a/content/nic/troubleshooting/troubleshoot-virtualserver.md b/content/nic/troubleshooting/troubleshoot-virtualserver.md index 72af8d32c..b671aa00e 100644 --- a/content/nic/troubleshooting/troubleshoot-virtualserver.md +++ b/content/nic/troubleshooting/troubleshoot-virtualserver.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1461 +nd-docs: DOCS-1461 doctypes: - '' title: Troubleshooting VirtualServer resources diff --git a/content/nic/tutorials/custom-listen-ports.md b/content/nic/tutorials/custom-listen-ports.md index a2ab3347f..5e263f288 100644 --- a/content/nic/tutorials/custom-listen-ports.md +++ b/content/nic/tutorials/custom-listen-ports.md @@ -1,5 +1,5 @@ --- -docs: DOCS-1449 +nd-docs: DOCS-1449 doctypes: - concept title: Customizing NGINX Ingress Controller Ports diff --git a/content/nic/tutorials/oidc-custom-configuration.md b/content/nic/tutorials/oidc-custom-configuration.md index 460f88070..a38143ad4 100644 --- a/content/nic/tutorials/oidc-custom-configuration.md +++ b/content/nic/tutorials/oidc-custom-configuration.md @@ -4,7 +4,7 @@ weight: 1800 toc: true type: how-to product: NIC -docs: DOCS-000 +nd-docs: DOCS-1448 --- The F5 NGINX Ingress Controller implements OpenID Connect (OIDC) using the NGINX OpenID Connect Reference implementation: [nginx-openid-connect](https://github.com/nginxinc/nginx-openid-connect). @@ -46,7 +46,6 @@ Annotations: Data ==== oidc.conf: -docs: "DOCS-1448" ---- # Advanced configuration START set $internal_error_message "NGINX / OpenID Connect login failure\n"; diff --git a/content/nic/tutorials/security-monitoring.md b/content/nic/tutorials/security-monitoring.md index d41478b06..4f2f17340 100644 --- a/content/nic/tutorials/security-monitoring.md +++ b/content/nic/tutorials/security-monitoring.md @@ -4,6 +4,7 @@ toc: true weight: 1800 nd-content-type: how-to nd-product: NIC +nd-docs: DOCS-1856 --- This document explains how to use NGINX Ingress Controller to configure NGINX Agent for sending F5 NGINX App Protect WAF metrics to NGINX Security Monitoring. diff --git a/content/nim/admin-guide/add-license.md b/content/nim/admin-guide/add-license.md index 7d9aa0f2a..3c5b7afa8 100644 --- a/content/nim/admin-guide/add-license.md +++ b/content/nim/admin-guide/add-license.md @@ -1,5 +1,5 @@ --- -docs: DOCS-789 +nd-docs: DOCS-789 title: Add a license (connected) toc: true weight: 10 diff --git a/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md b/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md index f118da1c5..bbe22d82f 100644 --- a/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md +++ b/content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md @@ -5,7 +5,7 @@ toc: true weight: 10 type: how-to product: NIM -docs: DOCS-792 +nd-docs: DOCS-792 ---