feat: F5 DoS for NGINX release 4.8 (#1489)

* rnitzan dos 4.8 (#1474)

* Add release notes for F5 DoS for NGINX v4.8

This document outlines the release information for F5 DoS for NGINX version 4.8, including new features and supported packages.

* Update Alpine version to 3.22 in deployment guide

Updated Alpine version references from 3.19 to 3.22 in the deployment guide and Dockerfile examples.

* Change section headings in deployment guide

Updated headings in the deployment guide for clarity.

* Update AMI links for NGINX Plus installation guide

* Update installation guide for NGINX Plus and WAF

* Update links for NGINX Plus AMIs in deployment guide

* Fix command execution for adminstall and bd_agent

* Fix command syntax for bd_agent execution

---------

Co-authored-by: Alan Dooley <a.dooley@f5.com>

* Create best-practices document

* Update best-practices.md

* Revise best practices for F5 DoS configuration

Updated section headings and added details for F5 DoS configuration in NGINX.

* Update deployment guide and remove deprecated instructions

Removed deprecated installation instructions for CentOS 7.4 and Ubuntu 20.04. Updated installation commands for App Protect DoS package versions.

* Remove redundant 'F5' from description

* Fix duplicate 'F5' in description and request log

* Fix description in access-log.md

* Fix duplicate 'F5' in description and overview

* Fix description for F5 DoS operation log

* Fix description for F5 DoS in security-log.md

* Fix typo in troubleshooting guide description

* Update SELinux link in deployment guide

* Update troubleshooting guide for NGINX errors

* Refactor deployment guide section headers

Updated section headers for deployment instructions to improve clarity and organization.

* feature: dos 4.8.3

* dos k8s

* dos k8s

* dos k8s

* dos 4.8.3 R36

* dos 4.8.3 R36

* dos 4.8.3 R36

* dos 4.8.3 R36

* Dos k8s nitzan (#1491)

* Create alpine-plus.md for Dockerfile configuration

Add Dockerfile for Alpine Plus with NGINX support

* add k8s to dos

* add k8s

* add k8s

---------

Co-authored-by: Alan Dooley <a.dooley@f5.com>

* remove new kubernetes page, not final yet

---------

Co-authored-by: Alan Dooley <a.dooley@f5.com>
Co-authored-by: pkozakpl <86775065+pkozakpl@users.noreply.github.com>

Author: 3 people

content/includes/dos/dockerfiles/alpine-plus-dos-waf.md

@@ -0,0 +1,16 @@
+---
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Supported OS_VER's are 3.21/3.22
+ARG OS_VER="3.22"
+
+# Base image
+FROM alpine:${OS_VER}
+
+# Install NGINX Plus and F5 DOS for NGINX
+
+
+```

content/includes/dos/dockerfiles/alpine-plus-dos.md

@@ -0,0 +1,38 @@
+---
+---
+
+```dockerfile
+# syntax=docker/dockerfile:1
+
+# Supported OS_VER's are 3.21/3.22
+ARG OS_VER="3.22"
+
+# Base image
+FROM alpine:${OS_VER}
+
+# Install F5 DoS for NGINX
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
+    && printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \
+    && printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories \
+    && apk update \
+    && apk add app-protect-dos \
+    && cat license.jwt > /etc/nginx/license.jwt \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    && rm -rf /var/cache/apk/*
+
+# Copy configuration files:
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+
+```

content/includes/dos/dockerfiles/amazon-plus-dos-waf.md

@@ -0,0 +1,34 @@
+---
+---
+
+```dockerfile
+
+# For AmazonLinux 2023:
+FROM amazonlinux:2023
+
+# Install F5 DoS for NGINX
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    dnf -y install ca-certificates \
+    && curl -o /etc/yum.repos.d/plus-amazonlinux2023.repo https://cs.nginx.com/static/files/plus-amazonlinux2023.repo \
+    && curl -o  /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-dos-amazonlinux2023.repo \
+    && dnf install -y app-protect-dos \
+    && cat license.jwt > /etc/nginx/license.jwt \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf \ 
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log 
+
+# Copy configuration files:
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+
+```

content/includes/dos/dockerfiles/amazon-plus-dos.md

@@ -0,0 +1,37 @@
+---
+---
+
+```dockerfile
+
+# Where can be bullseye/bookworm
+FROM debian:bullseye
+
+# Install F5 DoS for NGINX
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    apt-get update \
+    && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring \
+    && mkdir -p /etc/ssl/nginx/ /etc/nginx/ \
+    && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-plus.list \
+    && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian $(lsb_release -cs) nginx-plus\n" > /etc/apt/sources.list.d/nginx-app-protect-dos.list \
+    && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \
+    && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos \
+    && cat license.jwt > /etc/nginx/license.jwt \
+    && apt-get remove --purge --auto-remove -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY nginx.conf /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+
+```

content/includes/dos/dockerfiles/debian-plus-dos-waf.md

@@ -0,0 +1,44 @@
+---
+---
+
+```dockerfile
+# For UBI 8
+FROM registry.access.redhat.com/ubi8
+
+ARG RHEL_ORG
+ARG RHEL_ACTIVATION_KEY
+
+# Install F5 DoS for NGINX
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    subscription-manager register --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY} \
+    && subscription-manager refresh \
+    && subscription-manager attach --auto || true \
+    && subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms \
+    && subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms \
+    && dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
+    && dnf -y install ca-certificates \
+    && curl -o /etc/yum.repos.d/plus-8.repo https://cs.nginx.com/static/files/plus-8.repo \
+    && curl -o /etc/yum.repos.d/app-protect-dos-8.repo https://cs.nginx.com/static/files/app-protect-dos-8.repo \
+    && dnf -y install app-protect-dos \
+    && cat license.jwt > /etc/nginx/license.jwt \
+    && rm /etc/yum.repos.d/plus-8.repo \
+    && rm /etc/yum.repos.d/app-protect-dos-8.repo \
+    && dnf clean all \
+    && rm -rf /var/cache/yum \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Copy configuration files:
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+
+```

content/includes/dos/dockerfiles/debian-plus-dos.md

@@ -0,0 +1,44 @@
+---
+---
+
+```dockerfile
+# For UBI 9
+FROM registry.access.redhat.com/ubi9
+
+ARG RHEL_ORG
+ARG RHEL_ACTIVATION_KEY
+
+# Install F5 DoS for NGINX
+RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
+    --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
+    --mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
+    subscription-manager register --org=${RHEL_ORG} --activationkey=${RHEL_ACTIVATION_KEY} \
+    && subscription-manager refresh \
+    && subscription-manager attach --auto || true \
+    && subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms \
+    && subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms \
+    && dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
+    && dnf -y install ca-certificates \
+    && curl -o /etc/yum.repos.d/plus-9.repo https://cs.nginx.com/static/files/plus-9.repo \
+    && curl -o /etc/yum.repos.d/app-protect-dos-9.repo https://cs.nginx.com/static/files/app-protect-dos-9.repo \
+    && dnf -y install app-protect-dos \
+    && cat license.jwt > /etc/nginx/license.jwt \
+    && rm /etc/yum.repos.d/plus-9.repo \
+    && rm /etc/yum.repos.d/app-protect-dos-9.repo \
+    && dnf clean all \
+    && rm -rf /var/cache/yum \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+
+# Copy configuration files:
+COPY nginx.conf custom_log_format.json /etc/nginx/
+COPY entrypoint.sh /root/
+RUN chmod +x /root/entrypoint.sh
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["sh", "/root/entrypoint.sh"]
+
+```