diff --git a/content/nginxaas-azure/_index.md b/content/nginxaas-azure/_index.md index 16c176f9c..56a138de0 100644 --- a/content/nginxaas-azure/_index.md +++ b/content/nginxaas-azure/_index.md @@ -12,7 +12,7 @@ nd-product: N4Azure ## About -NGINX as a Service for Azure is an IaaS offering that is tightly integrated +F5 NGINXaaS for Azure is an IaaS offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. @@ -20,7 +20,7 @@ and reliable with full lifecycle management of advanced NGINX traffic services. {{}} {{}} - Deploy NGINX as a Service for Azure using the Azure portal, Azure CLI, or Terraform + Deploy NGINXaaS for Azure using the Azure portal, Azure CLI, or Terraform {{}} {{}} Step-by-step guides for several common use cases, including scaling guidance, security controls, and more @@ -50,7 +50,7 @@ and reliable with full lifecycle management of advanced NGINX traffic services. {{}} {{}} - Learn about the differences between NGINX as a Service for Azure and NGINX Plus + Learn about the differences between NGINXaaS for Azure and NGINX Plus {{}} {{}} See the latest updates: New features, improvements, and bug fixes diff --git a/content/nginxaas-azure/app-protect/configure-waf.md b/content/nginxaas-azure/app-protect/configure-waf.md index 4aea0ca1c..ba924183e 100644 --- a/content/nginxaas-azure/app-protect/configure-waf.md +++ b/content/nginxaas-azure/app-protect/configure-waf.md @@ -90,14 +90,14 @@ For more information on these policies refer the NGINX App Protect [configuratio The following table shows the path to the precompiled policy file that needs to be used with the `app_protect_policy_file` directive: -{{}} +{{< table >}} | Policy | Enforcement Mode | Path | |---------------------------- | ---------------------------- | -------------------------------------------- | | Default | Strict | /etc/app_protect/conf/NginxDefaultPolicy.json | | Default | Transparent | /etc/app_protect/conf/NginxDefaultPolicy_transparent.json | | Strict | Strict | /etc/app_protect/conf/NginxStrictPolicy.json | | Strict | Transparent | /etc/app_protect/conf/NginxStrictPolicy_transparent.json | -{{}} +{{< /table >}} To view the contents of the available security policies, navigate to the azure portal and select the **Security Policies** tab in the App Protect section. diff --git a/content/nginxaas-azure/app-protect/disable-waf.md b/content/nginxaas-azure/app-protect/disable-waf.md index 3efc32e04..a9cc3ba83 100644 --- a/content/nginxaas-azure/app-protect/disable-waf.md +++ b/content/nginxaas-azure/app-protect/disable-waf.md @@ -8,7 +8,7 @@ type: --- ## Overview -This guide explains how to disable F5 NGINX App Protect WAF on an NGINX as a Service for Azure (NGINXaaS) deployment. +This guide explains how to disable F5 NGINX App Protect WAF on an NGINXaaS for Azure (NGINXaaS) deployment. ## Before you start You must remove the WAF directives from your NGINX config file before attempting to disable WAF. diff --git a/content/nginxaas-azure/app-protect/enable-logging.md b/content/nginxaas-azure/app-protect/enable-logging.md index 04b171b85..3adf7cfe4 100644 --- a/content/nginxaas-azure/app-protect/enable-logging.md +++ b/content/nginxaas-azure/app-protect/enable-logging.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) supports exporting NGINX App Protect logs to an Azure Storage account or to a Log Analytics workspace. +F5 NGINXaaS for Azure (NGINXaaS) supports exporting NGINX App Protect logs to an Azure Storage account or to a Log Analytics workspace. ## Setting up operational logs @@ -81,7 +81,7 @@ NGINXaaS for Azure ships with several pre-compiled log configuration bundles. Mo The following table shows the path to the log configuration file that needs to be used with the app_protect_security_log directive: - {{}} + {{< table >}} | Profile | Path | |---------------------------- | -------------------------------------------- | | log_default | /etc/app_protect/conf/log_default.json | @@ -91,7 +91,7 @@ The following table shows the path to the log configuration file that needs to b | log_grpc_all | /etc/app_protect/conf/log_grpc_all.json | | log_grpc_illegal | /etc/app_protect/conf/log_grpc_illegal.json | | log_grpc_blocked | /etc/app_protect/conf/log_grpc_blocked.json | - {{}} + {{< /table >}} To view the contents of the available log configuration, navigate to the azure portal and select the Log Configurations tab in the App Protect section. @@ -124,7 +124,7 @@ app_protect_security_log "/etc/app_protect/conf/log_all.json" /var/log/app_prote If the diagnostic setting destination details included a Logs Analytics workspace, logs appear in the "NGXSecurityLogs" table with the following columns: -{{}} +{{< table >}} | **Attribute** | **Description** | |-----------------------------|-----------------| | **Location** | The location of the NGINXaaS resource.| @@ -133,7 +133,7 @@ If the diagnostic setting destination details included a Logs Analytics workspac | **Tag** | The tag with which NGINX security logs are generated if syslog-based log configuration is used. | | **Facility** | The syslog facility that generates the NGINX security logs if syslog-based log configuration is being used. | | **Severity** | The syslog severity with which NGINX security logs were generated if syslog-based log configuration is used. | -{{}} +{{< /table >}} To view the raw data in the NGINX security log, run the following KQL query: ``` diff --git a/content/nginxaas-azure/app-protect/enable-waf.md b/content/nginxaas-azure/app-protect/enable-waf.md index 9335f2a36..6396dd850 100644 --- a/content/nginxaas-azure/app-protect/enable-waf.md +++ b/content/nginxaas-azure/app-protect/enable-waf.md @@ -9,7 +9,7 @@ type: ## Overview -This guide explains how to enable F5 NGINX App Protect WAF on a F5 NGINX as a Service for Azure (NGINXaaS) deployment. [F5 NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/v5) provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10; response inspection; Meta characters check; HTTP protocol compliance; evasion techniques; disallowed file types; JSON & XML well-formedness; sensitive parameters & Data Guard. +This guide explains how to enable F5 NGINX App Protect WAF on a F5 NGINXaaS for Azure (NGINXaaS) deployment. [F5 NGINX App Protect WAF](https://docs.nginx.com/nginx-app-protect-waf/v5) provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10; response inspection; Meta characters check; HTTP protocol compliance; evasion techniques; disallowed file types; JSON & XML well-formedness; sensitive parameters & Data Guard. ## Before you start - NGINX App Protect WAF can only be enabled on NGINXaaS for Azure deployments with the **Standard v2** [plan]({{< ref "/nginxaas-azure/billing/overview.md" >}}) diff --git a/content/nginxaas-azure/billing/overview.md b/content/nginxaas-azure/billing/overview.md index 42c426eae..0301452fb 100644 --- a/content/nginxaas-azure/billing/overview.md +++ b/content/nginxaas-azure/billing/overview.md @@ -14,7 +14,7 @@ NGINXaaS for Azure is deployed into your Azure subscription. Your NGINXaaS deplo NGINXaaS for Azure is billed monthly based on hourly consumption. -F5 NGINX as a Service for Azure (NGINXaaS) provides two pricing plans. +F5 NGINXaaS for Azure (NGINXaaS) provides two pricing plans. ### Standard V2 plan diff --git a/content/nginxaas-azure/changelog-archive/changelog-2022.md b/content/nginxaas-azure/changelog-archive/changelog-2022.md index a0e8d10fa..9f94ac27e 100644 --- a/content/nginxaas-azure/changelog-archive/changelog-2022.md +++ b/content/nginxaas-azure/changelog-archive/changelog-2022.md @@ -5,7 +5,7 @@ toc: true url: /nginxaas/azure/changelog-archive/changelog-2022/ --- -Learn about the updates, new features, and resolved bugs in F5 NGINX as a Service for Azure during the year 2022. +Learn about the updates, new features, and resolved bugs in F5 NGINXaaS for Azure during the year 2022. To see the latest changes, visit the [Changelog]({{< ref "/nginxaas-azure/changelog" >}}) page. diff --git a/content/nginxaas-azure/changelog-archive/changelog-2023.md b/content/nginxaas-azure/changelog-archive/changelog-2023.md index 6f3eddf78..840a77bd5 100644 --- a/content/nginxaas-azure/changelog-archive/changelog-2023.md +++ b/content/nginxaas-azure/changelog-archive/changelog-2023.md @@ -5,7 +5,7 @@ toc: true url: /nginxaas/azure/changelog-archive/changelog-2023/ --- -Learn about the updates, new features, and resolved bugs in F5 NGINX as a Service for Azure during the year 2023. +Learn about the updates, new features, and resolved bugs in F5 NGINXaaS for Azure during the year 2023. To see the latest changes, visit the [Changelog]({{< ref "/nginxaas-azure/changelog" >}}) page. @@ -294,7 +294,7 @@ To see a list of currently active issues, visit the [Known issues]({{< ref "/ngi - {{% icon-feature %}} **NGINXaaS is generally available** - We are pleased to announce the general availability of NGINX as a Service (NGINXaaS), a first-party-like experience as a service co-developed by Microsoft and NGINX and tightly integrated into the [Azure](https://azure.microsoft.com/) ecosystem. + We are pleased to announce the general availability of NGINXaaS for Azure, a first-party-like experience as a service co-developed by Microsoft and NGINX and tightly integrated into the [Azure](https://azure.microsoft.com/) ecosystem. NGINXaaS, powered by [NGINX Plus](https://www.nginx.com/products/nginx/), is a fully managed service that removes the burden of deploying your own NGINX Plus cluster, installing libraries, upgrading, and managing it. diff --git a/content/nginxaas-azure/changelog-archive/changelog-2024.md b/content/nginxaas-azure/changelog-archive/changelog-2024.md index 2894053f8..eaf886bed 100644 --- a/content/nginxaas-azure/changelog-archive/changelog-2024.md +++ b/content/nginxaas-azure/changelog-archive/changelog-2024.md @@ -5,7 +5,7 @@ toc: true url: /nginxaas/azure/changelog-archive/changelog-2024/ --- -Learn about the updates, new features, and resolved bugs in F5 NGINX as a Service for Azure during the year 2024. +Learn about the updates, new features, and resolved bugs in F5 NGINXaaS for Azure during the year 2024. To see the latest changes, visit the [Changelog]({{< ref "/nginxaas-azure/changelog" >}}) page. diff --git a/content/nginxaas-azure/changelog.md b/content/nginxaas-azure/changelog.md index e9470ef8e..0d3ee4efe 100644 --- a/content/nginxaas-azure/changelog.md +++ b/content/nginxaas-azure/changelog.md @@ -7,7 +7,7 @@ url: /nginxaas/azure/changelog/ --- -Learn about the latest updates, new features, and resolved bugs in F5 NGINX as a Service for Azure. +Learn about the latest updates, new features, and resolved bugs in F5 NGINXaaS for Azure. To see a list of currently active issues, visit the [Known issues]({{< ref "/nginxaas-azure/known-issues.md" >}}) page. diff --git a/content/nginxaas-azure/client-tools/cli.md b/content/nginxaas-azure/client-tools/cli.md index 1731e17ec..fa96127c8 100644 --- a/content/nginxaas-azure/client-tools/cli.md +++ b/content/nginxaas-azure/client-tools/cli.md @@ -9,7 +9,7 @@ type: - task --- -F5 NGINX as a Service for Azure (NGINXaaS) deployments can be managed using the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/). This document outlines how to install the CLI tool including the NGINX extension. +F5 NGINXaaS for Azure (NGINXaaS) deployments can be managed using the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/). This document outlines how to install the CLI tool including the NGINX extension. ## Prerequisites diff --git a/content/nginxaas-azure/client-tools/sdk.md b/content/nginxaas-azure/client-tools/sdk.md index 55e41e647..6c8d65428 100644 --- a/content/nginxaas-azure/client-tools/sdk.md +++ b/content/nginxaas-azure/client-tools/sdk.md @@ -10,7 +10,7 @@ type: - task --- -F5 NGINX as a Service for Azure (NGINXaaS) deployments can be managed using the multi-language SDK. This document outlines common workflows using the Python SDK. You can find example code to manage NGINXaaS deployments and related objects in the NGINXaaS GitHub repository, [NGINXaaS Snippets](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/sdk/python/). +F5 NGINXaaS for Azure (NGINXaaS) deployments can be managed using the multi-language SDK. This document outlines common workflows using the Python SDK. You can find example code to manage NGINXaaS deployments and related objects in the NGINXaaS GitHub repository, [NGINXaaS Snippets](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/sdk/python/). ## Prerequisites diff --git a/content/nginxaas-azure/client-tools/templates.md b/content/nginxaas-azure/client-tools/templates.md index aae949498..f4f0a1623 100644 --- a/content/nginxaas-azure/client-tools/templates.md +++ b/content/nginxaas-azure/client-tools/templates.md @@ -10,7 +10,7 @@ type: - task --- -F5 NGINX as a Service for Azure (NGINXaaS) deployments can be managed using the ARM API or the Azure CLI with ARM template deployments using JSON or Bicep formats. These deployments can be made locally or in a continuous integration pipeline. This document outlines common workflows using the ARM API. You can find example code to manage NGINXaaS deployments and related objects in the NGINXaaS GitHub repository, [NGINXaaS Snippets](https://github.com/nginxinc/nginxaas-for-azure-snippets). +F5 NGINXaaS for Azure (NGINXaaS) deployments can be managed using the ARM API or the Azure CLI with ARM template deployments using JSON or Bicep formats. These deployments can be made locally or in a continuous integration pipeline. This document outlines common workflows using the ARM API. You can find example code to manage NGINXaaS deployments and related objects in the NGINXaaS GitHub repository, [NGINXaaS Snippets](https://github.com/nginxinc/nginxaas-for-azure-snippets). ## Prerequisites diff --git a/content/nginxaas-azure/client-tools/terraform.md b/content/nginxaas-azure/client-tools/terraform.md index e9baec4f1..08631dfa8 100644 --- a/content/nginxaas-azure/client-tools/terraform.md +++ b/content/nginxaas-azure/client-tools/terraform.md @@ -10,7 +10,7 @@ type: - task --- -F5 NGINX as a Service for Azure (NGINXaaS) deployments can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. +F5 NGINXaaS for Azure (NGINXaaS) deployments can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. ## Prerequisites diff --git a/content/nginxaas-azure/disaster-recovery.md b/content/nginxaas-azure/disaster-recovery.md index 0d0a150ae..d972fb0ed 100644 --- a/content/nginxaas-azure/disaster-recovery.md +++ b/content/nginxaas-azure/disaster-recovery.md @@ -8,7 +8,7 @@ type: --- -This guide describes how to configure disaster recovery (DR) for F5 NGINX as a Service for Azure deployments in separate (ideally [paired](https://learn.microsoft.com/en-us/azure/reliability/regions-paired)) Azure regions, ensuring upstream access remains available even if the primary NGINXaaS deployment in a region fails. The deployment architecture ensures users can access backend application servers (upstreams) continuously from an alternative region if the primary NGINXaaS deployment becomes unavailable. The solution leverages Terraform, Azure Traffic Manager, Azure Virtual Network (VNet) peering, and unique subnets to support failover. +This guide describes how to configure disaster recovery (DR) for F5 NGINXaaS for Azure deployments in separate (ideally [paired](https://learn.microsoft.com/en-us/azure/reliability/regions-paired)) Azure regions, ensuring upstream access remains available even if the primary NGINXaaS deployment in a region fails. The deployment architecture ensures users can access backend application servers (upstreams) continuously from an alternative region if the primary NGINXaaS deployment becomes unavailable. The solution leverages Terraform, Azure Traffic Manager, Azure Virtual Network (VNet) peering, and unique subnets to support failover. --- @@ -42,7 +42,7 @@ This guide describes how to configure disaster recovery (DR) for F5 NGINX as a S ### Step 1: Terrraform setup -To get started, please review the [Terraform prerequisites]({{< ref "/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md#prerequisites" >}}) for NGINX as a Service for Azure. +To get started, please review the [Terraform prerequisites]({{< ref "/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md#prerequisites" >}}) for NGINXaaS for Azure. The following steps outline Terraform resources required to set up the disaster recovery topology; these resources can be placed in a `main.tf` file, variables used by these resources can go into `variables.tf`, and outputs you need to collect can be defined in `outputs.tf`. The directory structure looks as follows: ```bash diff --git a/content/nginxaas-azure/get-help.md b/content/nginxaas-azure/get-help.md index bd8e22aa1..63e29842a 100644 --- a/content/nginxaas-azure/get-help.md +++ b/content/nginxaas-azure/get-help.md @@ -10,7 +10,7 @@ type: ## Contact NGINX support -To contact support about F5 NGINX as a Service for Azure (NGINXaaS): +To contact support about F5 NGINXaaS for Azure (NGINXaaS): 1. Go to your NGINXaaS deployment. @@ -51,7 +51,7 @@ If your deployment is configured to use NGINX App Protect WAF, please collect th To provide or update the preferred support contact email: -1. Go to your NGINX as a Service (NGINXaaS) for Azure deployment. +1. Go to your NGINXaaS for Azure deployment. 2. Select **New Support request** in the left menu. diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md index 3182aec32..cbbd5bf26 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-cli.md @@ -9,7 +9,7 @@ type: ## Overview -The Azure CLI has an extension to be used for management of F5 NGINX as a Service for Azure (NGINXaaS) deployments whether that be locally or in continuous integration pipelines. This document links you to information around basic NGINXaaS extension usage. +The Azure CLI has an extension to be used for management of F5 NGINXaaS for Azure (NGINXaaS) deployments whether that be locally or in continuous integration pipelines. This document links you to information around basic NGINXaaS extension usage. ## Prerequisites diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md index 8a146eaa8..6593413c0 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md @@ -10,9 +10,9 @@ type: ## Overview -This guide explains how to deploy F5 NGINX as a Service for Azure (NGINXaaS) using [Microsoft Azure portal](https://azure.microsoft.com/en-us/get-started/azure-portal). The deployment process involves creating a new deployment, configuring the deployment, and testing the deployment. +This guide explains how to deploy F5 NGINXaaS for Azure (NGINXaaS) using [Microsoft Azure portal](https://azure.microsoft.com/en-us/get-started/azure-portal). The deployment process involves creating a new deployment, configuring the deployment, and testing the deployment. -## Find the NGINX as a Service for Azure offer in the Azure portal +## Find the NGINXaaS for Azure offer in the Azure portal You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS](https://portal.azure.com/#create/f5-networks.f5-nginx-for-azure) page or finding the NGINXaaS service in the Azure portal: @@ -27,7 +27,7 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS]( 1. On the Create NGINXaaS Deployment **Basics** page, provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Subscription | Select the appropriate Azure subscription that you have access to.| @@ -39,7 +39,7 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS]( | Email | Provide an email address that can be notified about service alerts, maintenance data and activity reports. | | Upgrade Channel | Select the desired upgrade channel for your deployment. For more information, see [Upgrade Channels]({{< ref "/nginxaas-azure/quickstart/upgrade-channels.md" >}}). | - {{}} + {{< /table >}} 1. Next, select **Networking**. @@ -47,7 +47,7 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS]( 1. On the Create NGINXaaS Deployment **Networking** page, provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Virtual Network | A virtual network is required for communication between the resources you create.
You can create a new virtual network or use an existing one (for an existing one see note below).
Additionally, you can peer a new virtual network with existing ones (in any region) to create network access from NGINXaaS for Azure to your upstream servers. To peer the virtual network with another see [Create, change, or delete a virtual network peering](https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering).| @@ -56,7 +56,7 @@ You can start the NGINXaaS deployment process by visiting the [Create NGINXaaS]( | IP address | Set the IP address (public or private) that the service listens to for requests:

If you select a public IP address:
- Create a new public IP or use an existing one (for an existing one see the note below).
- Set the resource name for your public IP address.
Newly created public IPs are [zone-redundant in supported regions](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#availability-zone).

If you select a private IP address:
- Provide a static IP address from the same subnet range set previously. | | Inbound port rules | Select `None` to disallow inbound access on any port, or choose to allow traffic from one of these common http(s) ports.

**Note:** This option is only available when specifying a new virtual network as part of the create workflow. If you select an existing virtual network which is associated with a subnet and Network Security Group (NSG), you will need to edit the Inbound security rules to add access for the specific ports you want to allow (for example, ports 80 and 443).| | Apply default NGINX configuration | Confirm that you want your NGINXaaS deployment to be bootstrapped with a default NGINX configuration and a browsable splash page. | - {{}} + {{< /table >}} #### Notes on subnets: diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md index e4c175a4d..eeabd0296 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) deployments can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. +F5 NGINXaaS for Azure (NGINXaaS) deployments can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. ## Prerequisites diff --git a/content/nginxaas-azure/getting-started/managed-identity-portal.md b/content/nginxaas-azure/getting-started/managed-identity-portal.md index 2d91fd063..297d79ed2 100644 --- a/content/nginxaas-azure/getting-started/managed-identity-portal.md +++ b/content/nginxaas-azure/getting-started/managed-identity-portal.md @@ -10,7 +10,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) leverages a user assigned and a system assigned managed identity for some of its integrations with Azure, such as: +F5 NGINXaaS for Azure (NGINXaaS) leverages a user assigned and a system assigned managed identity for some of its integrations with Azure, such as: - Azure Key Vault (AKV): fetch SSL/TLS certificates from AKV to your NGINXaaS deployment, so that they can be referenced by your NGINX configuration. diff --git a/content/nginxaas-azure/getting-started/migrate-from-standard.md b/content/nginxaas-azure/getting-started/migrate-from-standard.md index f0922ddd3..1537b1335 100644 --- a/content/nginxaas-azure/getting-started/migrate-from-standard.md +++ b/content/nginxaas-azure/getting-started/migrate-from-standard.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) now supports in-place migration from Standard plan to the Standard V2 plan, we encourage you to upgrade your deployment to the Standard V2 plan as soon as possible. **The Standard plan is scheduled for retirement on May 1, 2025**. If you fail to migrate by May 1, 2025, your NGINXaaS deployment will stop receiving automatic updates that address critical security issues. +F5 NGINXaaS for Azure (NGINXaaS) now supports in-place migration from Standard plan to the Standard V2 plan, we encourage you to upgrade your deployment to the Standard V2 plan as soon as possible. **The Standard plan is scheduled for retirement on May 1, 2025**. If you fail to migrate by May 1, 2025, your NGINXaaS deployment will stop receiving automatic updates that address critical security issues. The Standard V2 plan maintains the same price as the Standard plan for existing capabilities. Enabling new capabilities such as NGINX App Protect WAF or additional listen ports that were added as part of Standard V2 will incur additional charges. diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md index 1c5015b2e..5e4d330df 100644 --- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md +++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-azure-cli.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) configurations can be managed using the Azure CLI. This document outlines common Azure CLI workflows to validate, create, and update NGINX configurations. +F5 NGINXaaS for Azure (NGINXaaS) configurations can be managed using the Azure CLI. This document outlines common Azure CLI workflows to validate, create, and update NGINX configurations. ## Prerequisites diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md index c3d4b769b..f380c2d89 100644 --- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md +++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md @@ -13,7 +13,7 @@ An NGINX configuration can be applied to the deployment using the Azure portal i - Create a new NGINX configuration from scratch or by pasting it in the Azure portal editor. - Upload a gzip compressed tar archive containing your NGINX configuration. -As part of applying your NGINX configuration, the service validates the configuration for syntax and compatibility with F5 NGINX as a Service for Azure (NGINXaaS). The use of certain directives and parameters is not allowed to ensure the NGINX configuration’s compatibility with IaaS deployment model in Azure. Validation errors are reported in the editor for you to correct. For more information, check the [NGINX Configuration Validation]({{< ref "nginx-configuration.md#nginx-configuration-validation" >}}) section. +As part of applying your NGINX configuration, the service validates the configuration for syntax and compatibility with F5 NGINXaaS for Azure (NGINXaaS). The use of certain directives and parameters is not allowed to ensure the NGINX configuration’s compatibility with IaaS deployment model in Azure. Validation errors are reported in the editor for you to correct. For more information, check the [NGINX Configuration Validation]({{< ref "nginx-configuration.md#nginx-configuration-validation" >}}) section. {{< call-out "note" >}} NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers, refer to the server name in the server block within the HTTP context. To learn more, and see examples, follow the instructions in the [NGINX configuration validtion]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/nginx-configuration-portal.md#nginx-configuration-validation" >}}) section.{{< /call-out >}} @@ -34,13 +34,13 @@ NGINXaaS supports Layer 7 HTTP loadbalancing. To configure .com and .net servers 1. Select {{< icon "fa fa-plus">}}**New File** to add a file path, then **Confirm**. - {{}} + {{< table >}} | Property | Description | | -------- | ----------- | | File path | Each NGINX configuration file can be uniquely identified by a file path (for example, nginx.conf or /etc/nginx/nginx.conf) to align with the intended NGINX configuration file structure. | | Root file | The root file is the main NGINX configuration file.
  • The first file created will be the root file by default. You can designate a different root file if you have more than a single configuration file in your deployment.
  • The root file is designated with a {{< golden-star >}} icon on the portal.
| | Protected File | Indicates that the file may contain sensitive data such as passwords or represent an ssl/tls certificate.
  • To protect a file, enable the **Protected** {{}} toggle button.
  • You cannot access the file contents of a protected file saved to the NGINX configuration, but you can view its metadata, such as the SHA-256 hash of the file contents.
  • You can provide new contents for an existing protected file using the **Overwrite** link or resubmit it without having to provide the file contents again.
  • To modify the file path of a protected file or convert it to a regular file, delete the original file and create a new one.
  • A protected file is designated with a {{}} icon on the portal.
| - {{}} + {{< /table >}} {{< call-out "note" >}}If specifying an absolute file path, see the [NGINX Filesystem Restrictions table]({{< ref "/nginxaas-azure/getting-started/nginx-configuration/overview/#nginx-filesystem-restrictions" >}}) for the allowed directories the file can be written to.{{< /call-out >}} diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md index 03789d9d3..c7d67ce1e 100644 --- a/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md +++ b/content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) configurations can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. +F5 NGINXaaS for Azure (NGINXaaS) configurations can be managed using Terraform. This document outlines common Terraform workflows for NGINXaaS. ## Prerequisites diff --git a/content/nginxaas-azure/getting-started/nginx-configuration/overview.md b/content/nginxaas-azure/getting-started/nginx-configuration/overview.md index 6d3f4910a..39684935c 100644 --- a/content/nginxaas-azure/getting-started/nginx-configuration/overview.md +++ b/content/nginxaas-azure/getting-started/nginx-configuration/overview.md @@ -8,7 +8,7 @@ type: --- This document provides details about using NGINX configuration files with your -F5 NGINX as a Service for Azure deployment, restrictions, and available directives. +F5 NGINXaaS for Azure deployment, restrictions, and available directives. ## NGINX configuration common user workflows @@ -27,7 +27,7 @@ NGINX configurations stored in GitHub can be applied to existing NGINXaaS for Az ## NGINX filesystem restrictions NGINXaaS for Azure places restrictions on the instance's filesystem; only a specific set of directories are allowed to be read from and written to. Below is a table describing what directories the NGINX worker process can read and write to and what directories files can be written to. These files include certificate files and any files uploaded to the deployment, excluding NGINX configuration files. - {{}} + {{< table >}} | Allowed Directory | NGINX worker process can read/write to | Files can be written to | |------------------ | ----------------- | ----------------- | | /etc/nginx | | ✓ | @@ -36,14 +36,14 @@ NGINXaaS for Azure places restrictions on the instance's filesystem; only a spec | /tmp | ✓ | | | /var/cache/nginx | ✓ | | | /var/www | ✓ | ✓ | -{{}} +{{< /table >}} Attempts to access other directories will be denied and result in a `5xx` error. ## Disallowed configuration directives Some directives are not supported because of specific limitations. If you include one of these directives in your NGINX configuration, you'll get an error. - {{}} + {{< table >}} | Disallowed Directive | Reason | |------------------ | ----------------- | | ssl_engine | No hardware SSL accelerator is available. | @@ -51,14 +51,14 @@ Some directives are not supported because of specific limitations. If you includ | fastcgi_bind
grpc_bind
memcached_bind
proxy_bind
scgi_bind
uwsgi_bind | Source IP specification for active-active deployments is not allowed. | | quic_bpf | QUIC connection migration is not currently supported for active-active deployments. | -{{}} +{{< /table >}} You may find that a few directives are not listed here as either allowed or disallowed. Our team is working on getting these directives supported soon. ## Directives that cannot be overridden Some directives cannot be overridden by the user provided configuration. - {{}} + {{< table >}} | Persistent Directive | Value | Reason | |------------------ | ----------------------- | -----------------| | `user` | `nginx` | The `nginx` user has the correct permissions for accessing certificates, policy files and other auxfiles. | @@ -69,7 +69,7 @@ Some directives cannot be overridden by the user provided configuration. | `master_process` | `on` | This directive is intended for NGINX developers. | | `worker_cpu_affinity` | `auto` | The value `auto` allows binding worker processes automatically to available CPUs based on the current capacity of the deployment. | -{{}} +{{< /table >}} ## NGINX listen port restrictions diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md index 580baf1b4..4e118bd21 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md @@ -7,9 +7,9 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) enables customers to secure traffic by adding SSL/TLS certificates to a deployment. NGINXaaS can fetch certificates directly from Azure Key Vault, rotate certificates, and provide observability on the status of your certificates. +F5 NGINXaaS for Azure (NGINXaaS) enables customers to secure traffic by adding SSL/TLS certificates to a deployment. NGINXaaS can fetch certificates directly from Azure Key Vault, rotate certificates, and provide observability on the status of your certificates. -This document provides details about using SSL/TLS certificates with your F5 NGINX as a Service for Azure deployment. +This document provides details about using SSL/TLS certificates with your F5 NGINXaaS for Azure deployment. ## Supported certificate types and formats @@ -62,7 +62,7 @@ For Azure client tools, such as the Azure CLI or Azure Resource Manager, the cer To view the status of your SSL/TLS certificates, [enable monitoring]({{< ref "/nginxaas-azure/monitoring/enable-monitoring.md" >}}) for your NGINXaaS deployment and navigate to the **Metrics** tab in the Azure portal. View the `nginxaas.certificates` metric under the `nginxaas statistics` metric namespace. The `nginxaas.certificates` metric allows you to filter by certificate name and the status of the certificate. The status dimension reports the health of your certificates through the following values: - {{}} + {{< table >}} | Status | Description | | ------------- | ------------- | @@ -71,7 +71,7 @@ To view the status of your SSL/TLS certificates, [enable monitoring]({{< ref "/n | `not found` | Azure returned a 404 error when fetching the certificate from AKV. | | `incompatible`| An error occurred while fetching or processing the certificate from AKV.

The possible reasons include:

  • Error while downloading certificate and key
  • Missing content type in certificate
  • Missing content in certificate
  • Unrecognized content type, certificate not in PEM or PKCS12 format
| - {{}} + {{< /table >}} {{< img src="nginxaas-azure/azure-metrics-nginxaas.certificates.png" alt="Interface screenshot showing the Azure metric nginxaas.certificates" >}} diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md index 1c8f189c7..54d8b9f94 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md @@ -7,7 +7,7 @@ type: - how-to --- -You can use Azure Key Vault (AKV) to store SSL/TLS certificates and keys to use in your F5 NGINX as a Service for Azure (NGINXaaS) configuration. +You can use Azure Key Vault (AKV) to store SSL/TLS certificates and keys to use in your F5 NGINXaaS for Azure (NGINXaaS) configuration. ### Prerequisites diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md index bb6c0fc65..c2d9e9106 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md @@ -10,7 +10,7 @@ type: ## Overview -You can manage SSL/TSL certificates for F5 NGINX as a Service for Azure (NGINXaaS) using the Azure portal. +You can manage SSL/TSL certificates for F5 NGINXaaS for Azure (NGINXaaS) using the Azure portal. ## Prerequisites @@ -28,22 +28,22 @@ Before you begin, refer Azure documentation to [Import a certificate to your Key 1. Provide the required information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Name | A unique name for the certificate. | | Certificate path | This path can match one or more `ssl_certificate` directive file arguments in your NGINX configuration.
The certificate path must be unique within the same deployment. | | Key path | This path can match one or more `ssl_certificate_key` directive file arguments in your NGINX configuration.
The key path must be unique within the same deployment.
The key path and certificate path can be the same within the certificate. | - {{}} + {{< /table >}} - The **Select certificate** button will take you to a new screen where you will need to provide the following information: - {{}} + {{< table >}} | Field | Description | |----------------------- | ---------------------------- | | Key vault | Select from the available key vaults. | | Certificate | Select the certificate you want to add from the previously selected key vault. | - {{}} + {{< /table >}} If you need to create a new key vault or certificate, you can do so by selecting **Create new key vault** or **Create new** under the **Key Vault** and **Certificate** fields, respectively. diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md index a904e7a5d..1940eb05d 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md @@ -9,7 +9,7 @@ type: ## Overview -You can manage SSL/TSL certificates for F5 NGINX as a Service for Azure (NGINXaaS) using Terraform. +You can manage SSL/TSL certificates for F5 NGINXaaS for Azure (NGINXaaS) using Terraform. ## Prerequisites diff --git a/content/nginxaas-azure/known-issues.md b/content/nginxaas-azure/known-issues.md index 29cd3214f..e307fbdf5 100644 --- a/content/nginxaas-azure/known-issues.md +++ b/content/nginxaas-azure/known-issues.md @@ -7,7 +7,7 @@ url: /nginxaas/azure/known-issues/ --- -List of known issues in the latest release of F5 NGINX as a Service for Azure (NGINXaaS). +List of known issues in the latest release of F5 NGINXaaS for Azure (NGINXaaS). ### {{% icon-bug %}} Custom and precompiled security policies cannot both be referenced in an NGINX configuration diff --git a/content/nginxaas-azure/loadbalancer-kubernetes.md b/content/nginxaas-azure/loadbalancer-kubernetes.md index 9ea1a46d4..836e6188a 100644 --- a/content/nginxaas-azure/loadbalancer-kubernetes.md +++ b/content/nginxaas-azure/loadbalancer-kubernetes.md @@ -186,18 +186,18 @@ You can also install the NLK controller AKS extension by navigating to [F5 NGINX - Select **Continue** to proceed with the installation. - On the **Basics** tab, provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Subscription | Select the appropriate Azure subscription. | | Resource group | Select the AKS cluster's resource group. | - {{}} + {{< /table >}} - Select **Cluster Details**, and provide the AKS cluster name. You can select an existing AKS cluster or create a new one. - Select **Application Details**, and provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | @@ -206,7 +206,7 @@ You can also install the NLK controller AKS extension by navigating to [F5 NGINX | Allow minor version upgrades of extension | Select whether to allow the extension to be upgraded automatically to the latest minor version. | | NGINXaaS Dataplane API Key | Provide the previously generated data plane API key value: `{keyValue}` | | NGINXaaS Dataplane API Endpoint | Provide the previously retrieved data plane API endpoint value: `{dataplaneAPIEndpoint}nplus` | - {{}} + {{< /table >}} - Select **Review + Create** to continue. - Azure will validate the extension settings. This page will provide a summary of the provided information. Select **Create**. diff --git a/content/nginxaas-azure/module-changelog.md b/content/nginxaas-azure/module-changelog.md index efc14c51c..28d052c79 100644 --- a/content/nginxaas-azure/module-changelog.md +++ b/content/nginxaas-azure/module-changelog.md @@ -5,14 +5,14 @@ toc: true url: /nginxaas/azure/module-changelog/ --- -Learn about the modules supported by the latest versions of F5 NGINX as a Service for Azure. +Learn about the modules supported by the latest versions of F5 NGINXaaS for Azure. ## July 03, 2025 ### Stable - {{}} + {{< table >}} | Name | Version | Description | |------------------------------------------|--------------------------|------------------------------------------------------------------------| @@ -30,13 +30,13 @@ Learn about the modules supported by the latest versions of F5 NGINX as a Servic | nginx-plus-module-appprotect | 33+5.264.0-1 | NGINX Plus app protect dynamic module version 5.264.0 | | app-protect-module-plus | 33+5.264.0-1 | App-Protect package for Nginx Plus, includes all of the default files and examples. NGINX App Protect provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10 attacks. | | app-protect-plugin | 6.9.0-1 | NGINX App Protect plugin | -{{}} +{{< /table >}} ### Preview - {{}} + {{< table >}} | Name | Version | Description | |------------------------------------------|--------------------------|------------------------------------------------------------------------| @@ -54,4 +54,4 @@ Learn about the modules supported by the latest versions of F5 NGINX as a Servic | nginx-plus-module-appprotect | 33+5.264.0-1 | NGINX Plus app protect dynamic module version 5.264.0 | | app-protect-module-plus | 33+5.264.0-1 | App-Protect package for Nginx Plus, includes all of the default files and examples. NGINX App Protect provides web application firewall (WAF) security protection for your web applications, including OWASP Top 10 attacks. | | app-protect-plugin | 6.9.0-1 | NGINX App Protect plugin | -{{}} +{{< /table >}} diff --git a/content/nginxaas-azure/monitoring/configure-alerts.md b/content/nginxaas-azure/monitoring/configure-alerts.md index 85543bd35..7ad4027a4 100644 --- a/content/nginxaas-azure/monitoring/configure-alerts.md +++ b/content/nginxaas-azure/monitoring/configure-alerts.md @@ -11,7 +11,7 @@ type: ## Overview -{{< call-out "note" >}}F5 NGINX as a Service for Azure (NGINXaaS) publishes platform metrics to Azure Monitor. To learn more about how to create and manage metrics-based alert rules, refer to the [Alerts section in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric) documentation from Microsoft. {{< /call-out >}} +{{< call-out "note" >}}F5 NGINXaaS for Azure (NGINXaaS) publishes platform metrics to Azure Monitor. To learn more about how to create and manage metrics-based alert rules, refer to the [Alerts section in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric) documentation from Microsoft. {{< /call-out >}} This guide explains how to create and configure metrics-based alerts for your NGINXaaS for Azure deployment using Azure Monitor. diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md index 08b1362c4..83f272526 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md @@ -10,7 +10,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. +F5 NGINXaaS for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. {{< call-out "caution" >}} Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs. diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md index 0f206a5b0..2ba868281 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md @@ -10,7 +10,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. +F5 NGINXaaS for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. {{< call-out "caution" >}} Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs. diff --git a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md index 8e544f5a2..e39f66416 100644 --- a/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md +++ b/content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md @@ -10,7 +10,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. +F5 NGINXaaS for Azure (NGINXaaS) supports integrating Azure Diagnostic Settings to collect NGINX error and access logs. {{< call-out "caution" >}} Enabling logs using the **NGINX Logs** blade on your NGINXaaS deployment is now deprecated. This feature will be removed in an upcoming update. If you have issues accessing your NGINX logs using the deprecated method, please follow the steps in this guide to access your NGINX logs. diff --git a/content/nginxaas-azure/monitoring/enable-monitoring.md b/content/nginxaas-azure/monitoring/enable-monitoring.md index f37b706f7..a743ec663 100644 --- a/content/nginxaas-azure/monitoring/enable-monitoring.md +++ b/content/nginxaas-azure/monitoring/enable-monitoring.md @@ -8,7 +8,7 @@ type: - how-to --- -Monitoring your application's performance is crucial for maintaining its reliability and efficiency. F5 NGINX as a Service for Azure (NGINXaaS) seamlessly integrates with Azure Monitor, allowing you to collect, correlate, and analyze metrics for a thorough understanding of your application's health and behavior. +Monitoring your application's performance is crucial for maintaining its reliability and efficiency. F5 NGINXaaS for Azure (NGINXaaS) seamlessly integrates with Azure Monitor, allowing you to collect, correlate, and analyze metrics for a thorough understanding of your application's health and behavior. Refer to the [Azure monitor overview](https://docs.microsoft.com/en-us/azure/azure-monitor/overview) documentation from Microsoft to learn more about Azure Monitor. diff --git a/content/nginxaas-azure/monitoring/metrics-catalog.md b/content/nginxaas-azure/monitoring/metrics-catalog.md index 0a6b06e0e..16ae9e82e 100644 --- a/content/nginxaas-azure/monitoring/metrics-catalog.md +++ b/content/nginxaas-azure/monitoring/metrics-catalog.md @@ -8,7 +8,7 @@ type: - concept --- -F5 NGINX as a Service for Azure (NGINXaaS) provides a rich set of metrics that you can use to monitor the health and performance of your NGINXaaS deployment. This document provides a catalog of the metrics that are available for monitoring NGINXaaS for Azure in Azure Monitor. +F5 NGINXaaS for Azure (NGINXaaS) provides a rich set of metrics that you can use to monitor the health and performance of your NGINXaaS deployment. This document provides a catalog of the metrics that are available for monitoring NGINXaaS for Azure in Azure Monitor. ## Available metrics @@ -32,7 +32,7 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio ### NGINXaaS statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | | --------------------- | --------------------------- | -------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | @@ -48,13 +48,13 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | system.listener_backlog.queue_limit | Listener backlog queue limit | listen_address, file_desc | count | The capacity of a specific backlog queue, labelled by listen address. | deployment | | system.listener_backlog.length | Listener backlog length | listen_address, file_desc | count | The number of items in a specific backlog queue, labelled by listen address. | deployment | -{{}} +{{< /table >}} {{< call-out "warning" >}}The `ncu.consumed` metric is now deprecated and is on the path to retirement. Please change any alerting on this metric to use the new Capacity Percentage metric.{{< /call-out >}} ### NGINX connections statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |------------------------------|------------------|----------------|----------|---------------------------------------------------------------------------------------------------------------|-----------------| @@ -64,11 +64,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | nginx.conn.idle | Idle connections | build version | count | Idle Connections The average number of idle client connections during the aggregation interval. | deployment | | nginx.conn.current | Current connections | build version | count | Current Connections The average number of active and idle client connections during the aggregation interval. | deployment | -{{}} +{{< /table >}} ### NGINX requests and response statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -102,11 +102,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.http.request.location_zone.bytes_rcvd | Location zone HTTP bytes received | build version location_zone | count | Location Zone Bytes Received The total number of bytes received from clients during the aggregation interval. | location zone | | plus.http.request.location_zone.bytes_sent | Location zone HTTP bytes sent | build version location_zone | count | Location Zone Bytes Sent The total number of bytes sent to clients during the aggregation interval. | location zone | -{{}} +{{< /table >}} ### NGINX SSL statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -134,11 +134,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.http.ssl.verify_failures.revoked_cert | Verify failures - revoked cert | build version server_zone | count | SSL certificate verification errors - a revoked certificate was presented by a client during the aggregation interval. | server zone | | plus.http.ssl.verify_failures.other | Verify failures - other | build version server_zone | count | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval. | server zone | -{{}} +{{< /table >}} ### NGINX cache statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -164,11 +164,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.cache.bypass.responses_written | Cache bypass responses written | build version cache_zone | count | The total number of responses that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone | | plus.cache.bypass.bytes_written | Cache bypass bytes written | build version cache_zone | count | The total number of bytes that bypassed the cache and were written back to the cache during the aggregation interval. | cache zone | -{{}} +{{< /table >}} ### NGINX worker statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -179,11 +179,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.worker.http.request.total | Total worker HTTP requests | build version worker_id | count | The total number of client requests received by the worker process during the aggregation interval. | worker | | plus.worker.http.request.current | Current worker HTTP requests | build version worker_id | count | The current number of client requests that are currently being processed by the worker process during the aggregation interval. | worker | -{{}} +{{< /table >}} ### NGINX upstream statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |-----------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -238,11 +238,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.stream.upstream.peers.ssl.verify_failures.hostname_mismatch | Stream verify failure - hostname mismatch | build version upstream peer.address peer.name | count | SSL certificate verification errors - server's certificate doesn't match the hostname during the aggregation interval. | upstream peer | | plus.stream.upstream.peers.ssl.verify_failures.other | Stream SSL verify failure - other | build version upstream peer.address peer.name | count | SSL certificate verification errors - other SSL certificate verification errors during the aggregation interval. | upstream peer | -{{}} +{{< /table >}} ### NGINX system statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -254,11 +254,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | system.interface.total_bytes| Interface total bytes | interface | count | System Interface Total Bytes, sum of bytes_sent and bytes_rcvd. | deployment | | system.interface.egress_throughput| Interface egress throughput | interface | count | System Interface Egress Throughput, i.e. bytes sent per second| deployment | -{{}} +{{< /table >}} ### NGINX stream statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |----------------------------------------|-------------------------------|-----------------------------|-------|-----------------------------------------------------------------------------------------------------------------------------|---------------| @@ -310,11 +310,11 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.stream.zone_sync.zones.records_pending | Zone sync records pending | build, version, shared_memory_zone | avg | The average number of records that need to be sent to the cluster during the aggregation interval. | shared memory zone | | plus.stream.zone_sync.zones.records_total | Zone sync records total | build, version, shared_memory_zone | avg | The average number of records stored in the shared memory zone by all nodes during the aggregation interval. | shared memory zone | -{{}} +{{< /table >}} ### NGINX resolver statistics -{{}} +{{< table >}} | **Metric** | **Display Name** | **Dimensions** | **Type** | **Description** | **Roll-up per** | |---------------------------------------|------------------------------|--------------------------------|----------|--------------------------------------------------------------------------------------------|-----------------| @@ -330,4 +330,4 @@ The metrics are categorized by the namespace used in Azure Monitor. The dimensio | plus.resolvers.responses.timedout | Timed out requests | build, version, resolver_zone | count | The number of timed out requests during the aggregation interval. | resolver zone | | plus.resolvers.responses.unknown | Unknown error responses | build, version, resolver_zone | count | The number of requests completed with an unknown error during the aggregation interval. | resolver zone | -{{}} +{{< /table >}} diff --git a/content/nginxaas-azure/overview/feature-comparison.md b/content/nginxaas-azure/overview/feature-comparison.md index f30da905f..8aec767b3 100644 --- a/content/nginxaas-azure/overview/feature-comparison.md +++ b/content/nginxaas-azure/overview/feature-comparison.md @@ -9,7 +9,7 @@ type: - concept --- -{{}} +{{< table >}} |**Load Balancer**
   |**NGINX Open
Source** |**NGINX Plus
 ** |**F5 NGINXaaS
for Azure** | |----------------------------------------|---------------------|---------------------|--------------------------| @@ -68,4 +68,4 @@ type: |  [Dynamic modules repository](https://www.f5.com/go/product/nginx-modules) | |{{}} |[Image-Filter](https://nginx.org/en/docs/http/ngx_http_image_filter_module.html)
[njs](https://nginx.org/en/docs/njs/)
[OpenTelemetry](https://nginx.org/en/docs/ngx_otel_module.html)
[XSLT](https://nginx.org/en/docs/http/ngx_http_xslt_module.html) | |  Deployable as a service | | |Microsoft Azure | |  [Commercial support](https://my.f5.com/manage/s/article/K000140156/) | |{{}} |{{}} | -{{}} +{{< /table >}} diff --git a/content/nginxaas-azure/overview/overview.md b/content/nginxaas-azure/overview/overview.md index 01c6b65d2..1dac9cbb8 100644 --- a/content/nginxaas-azure/overview/overview.md +++ b/content/nginxaas-azure/overview/overview.md @@ -8,9 +8,9 @@ type: - concept --- -## What Is F5 NGINX as a Service for Azure? +## What Is F5 NGINXaaS for Azure? -NGINX as a Service for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. +NGINXaaS for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. NGINXaaS for Azure is available in the Azure Marketplace. NGINXaaS for Azure is powered by [NGINX Plus](https://www.nginx.com/products/nginx/), which extends NGINX Open Source with advanced functionality and provides customers with a complete application delivery solution. Initial use cases covered by NGINXaaS include L4 TCP and L7 HTTP load balancing and reverse proxy which can be managed through various Azure management tools. @@ -43,11 +43,11 @@ The key capabilities of NGINXaaS for Azure are: ## Supported regions NGINXaaS for Azure is supported in the following regions: -{{< bootstrap-table "table table-striped table-bordered" >}} +{{< table >}} | **North America** | **South America** | **Europe** | **Asia Pacific** | |----------------------------------------------------------|--------------------------------------------|--------------------------------------------|-------------------------| | West Central US
West US
East US 2
West US 2
West US 3
East US
Central US
North Central US
Canada Central | Brazil South | West Europe
North Europe
Sweden Central
Germany West Central
UK West
UK South | Australia East
Japan East
Korea Central
Southeast Asia
Central India
South India | -{{< /bootstrap-table >}} +{{< /table >}} ## NGINXaaS architecture @@ -82,4 +82,4 @@ With the Standard V2 Plan, NGINXaaS uses the following redundancy features to ke ## What's next -To get started, check the [NGINX as a Service for Azure prerequisites]({{< ref "/nginxaas-azure/getting-started/prerequisites.md" >}}) +To get started, check the [NGINXaaS for Azure prerequisites]({{< ref "/nginxaas-azure/getting-started/prerequisites.md" >}}) diff --git a/content/nginxaas-azure/quickstart/basic-caching.md b/content/nginxaas-azure/quickstart/basic-caching.md index 40b16402d..9c8060bfc 100644 --- a/content/nginxaas-azure/quickstart/basic-caching.md +++ b/content/nginxaas-azure/quickstart/basic-caching.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports caching using the [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html) module, improving performance by allowing content to be served from cache without having to contact upstream servers. For more information on caching with NGINX, see [NGINX Content Caching](https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/). +F5 NGINXaaS for Azure (NGINXaaS) supports caching using the [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html) module, improving performance by allowing content to be served from cache without having to contact upstream servers. For more information on caching with NGINX, see [NGINX Content Caching](https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/). ## Configuring caching ```nginx diff --git a/content/nginxaas-azure/quickstart/geoip2.md b/content/nginxaas-azure/quickstart/geoip2.md index 184f6530a..d5dd28639 100644 --- a/content/nginxaas-azure/quickstart/geoip2.md +++ b/content/nginxaas-azure/quickstart/geoip2.md @@ -9,7 +9,7 @@ type: ## Overview -F5 NGINX as a Service for Azure (NGINXaaS) supports GeoIP2 using the [`ngx_http_geoip2_module` or `ngx_stream_geoip2_module`](https://github.com/leev/ngx_http_geoip2_module) dynamic modules, enabling NGINXaaS to implement various user differentiation strategies. For more information on GeoIP2 with NGINX, see [NGINX GeoIP2](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/geoip2/). +F5 NGINXaaS for Azure (NGINXaaS) supports GeoIP2 using the [`ngx_http_geoip2_module` or `ngx_stream_geoip2_module`](https://github.com/leev/ngx_http_geoip2_module) dynamic modules, enabling NGINXaaS to implement various user differentiation strategies. For more information on GeoIP2 with NGINX, see [NGINX GeoIP2](https://docs.nginx.com/nginx/admin-guide/dynamic-modules/geoip2/). NGINXaaS uses your MaxMind license to download GeoIP2 databases, puts them in the right place before NGINX starts, and updates the databases daily to reduce your operational overhead. All GeoIP2 data is deleted once you stop using GeoIP2 or delete your deployment. MaxMind provides a variety of [databases](https://www.maxmind.com/en/geoip-databases), including a lower accuracy [free option](https://www.maxmind.com/en/geolite2/signup). NGINXaaS uses a modified form of [MaxMind's `geoipupdate`](https://github.com/maxmind/geoipupdate). @@ -51,11 +51,11 @@ All licenses are [validated with MaxMind](https://dev.maxmind.com/license-key-va To view the status of your MaxMind license, [enable monitoring]({{< ref "/nginxaas-azure/monitoring/enable-monitoring.md" >}}) for your NGINXaaS deployment and navigate to the Metrics tab. View the `nginxaas.maxmind` metric under the `nginxaas statistics` metric namespace. The `nginxaas.maxmind` metric reports the health of your license through the `status` dimension: - {{}} + {{< table >}} | Status | Description | | -------------- | ------------------------------------------------------------------------------------------ | | `active` | The license is valid and in use to update GeoIP2 databases. | | `unauthorized` | MaxMind returned an license error, which usually indicates an issue with the `GeoIP.conf`. | - {{}} + {{< /table >}} diff --git a/content/nginxaas-azure/quickstart/hosting-static-content.md b/content/nginxaas-azure/quickstart/hosting-static-content.md index e72669cf7..05e418213 100644 --- a/content/nginxaas-azure/quickstart/hosting-static-content.md +++ b/content/nginxaas-azure/quickstart/hosting-static-content.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports hosting static content which allows users to serve static websites from their deployment. +F5 NGINXaaS for Azure (NGINXaaS) supports hosting static content which allows users to serve static websites from their deployment. ## Uploading static files as a tarball diff --git a/content/nginxaas-azure/quickstart/njs-support.md b/content/nginxaas-azure/quickstart/njs-support.md index d3948e7a1..6dff418a1 100644 --- a/content/nginxaas-azure/quickstart/njs-support.md +++ b/content/nginxaas-azure/quickstart/njs-support.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports the open-source [njs module](https://nginx.org/en/docs/http/ngx_http_js_module.html), allowing the extension of NGINX functionality with a subset of the Javascript language. +F5 NGINXaaS for Azure (NGINXaaS) supports the open-source [njs module](https://nginx.org/en/docs/http/ngx_http_js_module.html), allowing the extension of NGINX functionality with a subset of the Javascript language. ## Upload NGINX configuration with njs diff --git a/content/nginxaas-azure/quickstart/rate-limiting.md b/content/nginxaas-azure/quickstart/rate-limiting.md index 59101ceb9..87749a864 100644 --- a/content/nginxaas-azure/quickstart/rate-limiting.md +++ b/content/nginxaas-azure/quickstart/rate-limiting.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports rate limiting using the [ngx_http_limit_req_module](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html) module to limit the processing rate of requests. For more information on rate limiting with NGINX, see [NGINX Limiting Access to Proxied HTTP Resources](https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/) and [Rate Limiting with NGINX and NGINX Plus](https://www.nginx.com/blog/rate-limiting-nginx/). +F5 NGINXaaS for Azure (NGINXaaS) supports rate limiting using the [ngx_http_limit_req_module](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html) module to limit the processing rate of requests. For more information on rate limiting with NGINX, see [NGINX Limiting Access to Proxied HTTP Resources](https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/) and [Rate Limiting with NGINX and NGINX Plus](https://www.nginx.com/blog/rate-limiting-nginx/). ## Configuring basic rate limiting diff --git a/content/nginxaas-azure/quickstart/recreate.md b/content/nginxaas-azure/quickstart/recreate.md index 06b515b5a..9f9d314e8 100644 --- a/content/nginxaas-azure/quickstart/recreate.md +++ b/content/nginxaas-azure/quickstart/recreate.md @@ -8,7 +8,7 @@ type: - how-to --- -Learn how to recreate an existing F5 NGINX as a Service for Azure (NGINXaaS) deployment using an Azure Resource Manager (ARM) template. +Learn how to recreate an existing F5 NGINXaaS for Azure (NGINXaaS) deployment using an Azure Resource Manager (ARM) template. There are two ways to replicate a current NGINXaaS for Azure deployment using ARM templates. You can either delete and recreate the deployment, or you can update the DNS to smoothly transition to the new deployment. diff --git a/content/nginxaas-azure/quickstart/runtime-state-sharing.md b/content/nginxaas-azure/quickstart/runtime-state-sharing.md index 0eeb1ef60..1099542dc 100644 --- a/content/nginxaas-azure/quickstart/runtime-state-sharing.md +++ b/content/nginxaas-azure/quickstart/runtime-state-sharing.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports runtime state sharing using the [Zone Synchronization module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) to synchronize shared memory zones across NGINXaaS instances. +F5 NGINXaaS for Azure (NGINXaaS) supports runtime state sharing using the [Zone Synchronization module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) to synchronize shared memory zones across NGINXaaS instances. With runtime state sharing, NGINXaaS instances can share some state data between them, including: diff --git a/content/nginxaas-azure/quickstart/scaling.md b/content/nginxaas-azure/quickstart/scaling.md index cf98d9656..afbff47df 100644 --- a/content/nginxaas-azure/quickstart/scaling.md +++ b/content/nginxaas-azure/quickstart/scaling.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) supports manual and automatic scaling of your deployment, allowing you to adapt to application traffic demands while controlling cost. +F5 NGINXaaS for Azure (NGINXaaS) supports manual and automatic scaling of your deployment, allowing you to adapt to application traffic demands while controlling cost. {{< call-out "note" >}}This feature is only available for Standard plan(s).{{< /call-out >}} @@ -65,12 +65,12 @@ To avoid creating a loop between scaling rules, NGINXaaS will not apply a scalin The following table outlines constraints on the specified capacity based on the chosen Marketplace plan, including the minimum capacity required for a deployment to be highly available, the maximum capacity, and what value the capacity must be a multiple of. By default, an NGINXaaS for Azure deployment will be created with the corresponding minimum capacity. -{{}} +{{< table >}} | **Marketplace Plan** | **Minimum Capacity (NCUs)** | **Maximum Capacity (NCUs)** | **Multiple of** | |------------------------------|-----------------------------|-----------------------------|----------------------------| | Standard plan(s) | 10 | 500 | 10 | -{{}} +{{< /table >}} {{< call-out "note" >}}If you need a higher maximum capacity, please [open a request](https://my.f5.com/manage/s/) and specify the Resource ID of your NGINXaaS deployment, the region, and the desired maximum capacity you wish to scale to.{{< /call-out >}} diff --git a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md index fad9f819a..d9aee1f78 100644 --- a/content/nginxaas-azure/quickstart/security-controls/auth-basic.md +++ b/content/nginxaas-azure/quickstart/security-controls/auth-basic.md @@ -14,7 +14,7 @@ For more information on configuring HTTP Basic Authentication please refer to th ## Uploading a password file -F5 NGINX as a Service for Azure (NGINXaaS) accepts a file containing usernames and passwords using any of the password types specified in the [NGINX documentation](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic_user_file). The password file can be uploaded as a "protected file" when creating or updating your NGINX configuration to protect the file's contents from being read. The password file can alternatively be uploaded as a regular file. +F5 NGINXaaS for Azure (NGINXaaS) accepts a file containing usernames and passwords using any of the password types specified in the [NGINX documentation](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html#auth_basic_user_file). The password file can be uploaded as a "protected file" when creating or updating your NGINX configuration to protect the file's contents from being read. The password file can alternatively be uploaded as a regular file. {{< img src="nginxaas-azure/auth-basic-htpasswd.png" alt="Screenshot of the Azure portal showing the password file upload" >}} diff --git a/content/nginxaas-azure/quickstart/security-controls/certificates.md b/content/nginxaas-azure/quickstart/security-controls/certificates.md index 089347888..cfce20494 100644 --- a/content/nginxaas-azure/quickstart/security-controls/certificates.md +++ b/content/nginxaas-azure/quickstart/security-controls/certificates.md @@ -9,7 +9,7 @@ type: ## Overview -This tutorial walks through a complete example of using SSL/TLS certificates from Azure Key Vault in an F5 NGINX as a Service for Azure (NGINXaaS) deployment to secure traffic. In this guide, you will create all necessary resources to add a certificate to an NGINXaaS deployment using the [Azure portal](https://portal.azure.com/). +This tutorial walks through a complete example of using SSL/TLS certificates from Azure Key Vault in an F5 NGINXaaS for Azure (NGINXaaS) deployment to secure traffic. In this guide, you will create all necessary resources to add a certificate to an NGINXaaS deployment using the [Azure portal](https://portal.azure.com/). ## Create an Azure Key Vault (AKV) @@ -20,14 +20,14 @@ NGINXaaS enables customers to securely store SSL/TLS certificates in Azure Key V 1. Select **Create**. 1. On the Create a key vault **Basics** tab, provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Subscription | Select the appropriate Azure subscription that you have access to. | | Resource group | Specify whether you want to create a new resource group or use an existing one.
For more information, see [Azure Resource Group overview](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview). | | Key vault name | Provide a unique name for your key vault. For this tutorial, we use `nginxaas-kv`. | | Region | Select the region you want to deploy to. | - {{}} + {{< /table >}} For all other fields, you can leave them set to the default values. 1. Select **Review + Create** and then **Create**. @@ -46,14 +46,14 @@ Next, you can add an SSL/TLS certificate to your key vault by following [Azure's 1. Select **Certificates** in the left menu. 1. Select {{< icon "plus">}}**Generate/Import** and provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Method of Certificate Creation | Select **Generate** | | Certificate Name | Provide a unique name for your certificate. For this tutorial, we use `nginxaas-cert`. | | Type of Certificate Authority (CA) | Select **Self-signed certificate**. | | CN | Provide the IP address of your NGINXaaS deployment as the CN. For example, `CN=135.237.74.224` | - {{}} + {{< /table >}} For all other fields, you can leave them set to the default values. @@ -70,14 +70,14 @@ In order for your NGINXaaS deployment to access your key vault, it must have an 1. Under **System assigned**, select **Azure role assignments**. 1. Select {{< icon "plus">}}**Add role assignment** and provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Scope | Select **Key Vault**. | | Subscription | Select the Azure subscription your key vault is in. | | Resource | Select your key vault, `nginxaas-kv`. | | Role | Select **Key Vault Secrets User**. | - {{}} + {{< /table >}} 1. Select **Save**. @@ -88,22 +88,22 @@ Now, you can add your SSL/TLS certificate from your key vault to your NGINXaaS d 1. Go to your NGINXaaS deployment. 1. Select **NGINX certificates** in the left menu. 1. Select {{< icon "plus">}}**Add certificate** and provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Name | A unique name for the certificate. For this tutorial, we use `my-cert`. | | Certificate path | Set to `/etc/nginx/ssl/example.crt`. | | Key path | Set to `/etc/nginx/ssl/example.key`. | - {{}} + {{< /table >}} 1. Select **Select certificate** and provide the following information: - {{}} + {{< table >}} | Field | Description | |----------------------- | ---------------------------- | | Key vault | Select `nginxaas-kv`. | | Certificate | Select `nginxaas-cert`. | - {{}} + {{< /table >}} 1. Select **Add certificate**. @@ -168,7 +168,7 @@ If you want to disable public access to your key vault, you can configure a [Net 1. In the Search box, enter **Network Security Perimeters** and select **Network Security Perimeters** from the search results. 1. Select {{< icon "plus">}}**Create**. 1. In the **Basics** tab, provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Subscription | Select the appropriate Azure subscription that you have access to. | @@ -176,17 +176,17 @@ If you want to disable public access to your key vault, you can configure a [Net | Name | Provide a unique name for your network security perimeter. For this tutorial, we use `nginxaas-nsp`. | | Region | Select the region you want to deploy to. Refer to any [regional limitations](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts#regional-limitations) NSP has while in public preview. | | Profile name | Leave the profile name as the default `defaultProfile`. | - {{}} + {{< /table >}} 1. In the **Resources** tab, select {{< icon "plus">}}**Add**. 1. Search for your key vault, `nginxaas-kv`, select it, and click **Select**. 1. In the **Inbound access rules** tab, select {{< icon "plus">}}**Add** and provide the following information: - {{}} + {{< table >}} | Field | Description | |---------------------------- | ---------------------------- | | Rule Name | Set to `allow-nginxaas-deployment-sub`. | | Source Type | Select **Subscriptions**. | | Allowed sources | Select the subscription of your NGINXaaS deployment. | - {{}} + {{< /table >}} 1. Select **Review + Create** and then **Create**. By default, the key vault will be associated to the NSP in [Learning mode](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-concepts#access-modes-in-network-security-perimeter). This means traffic will be evaluated first based on the NSP's access rules. If no rules apply, evaluation will fall back to the key vault's firewall configuration. To fully secure public access, it is reccommended to [transition to Enforced mode](https://learn.microsoft.com/en-us/azure/private-link/network-security-perimeter-transition#transition-to-enforced-mode-for-existing-resources). diff --git a/content/nginxaas-azure/quickstart/security-controls/jwt.md b/content/nginxaas-azure/quickstart/security-controls/jwt.md index 0d176ebcf..f3c9f3513 100644 --- a/content/nginxaas-azure/quickstart/security-controls/jwt.md +++ b/content/nginxaas-azure/quickstart/security-controls/jwt.md @@ -8,7 +8,7 @@ type: - how-to --- -F5 NGINX as a Service for Azure (NGINXaaS) provides the option to control access to your resources using JWT authentication. With JWT authentication, a client provides a JSON Web Token, and the token will be validated against a local key file or a remote service. This document will explain how to validate tokens using Microsoft Entra as the remote service. +F5 NGINXaaS for Azure (NGINXaaS) provides the option to control access to your resources using JWT authentication. With JWT authentication, a client provides a JSON Web Token, and the token will be validated against a local key file or a remote service. This document will explain how to validate tokens using Microsoft Entra as the remote service. For more information on JWT authentication with NGINX+, please refer to [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html) and [NGINX Plus Setting up JWT Authentication](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-jwt-authentication/). diff --git a/content/nginxaas-azure/quickstart/security-controls/oidc.md b/content/nginxaas-azure/quickstart/security-controls/oidc.md index e67db825a..2ac04588c 100644 --- a/content/nginxaas-azure/quickstart/security-controls/oidc.md +++ b/content/nginxaas-azure/quickstart/security-controls/oidc.md @@ -10,7 +10,7 @@ type: ## Overview -Learn how to configure F5 NGINX as a Service (NGINXaaS) for Azure with OpenID Connect (OIDC) authentication. +Learn how to configure F5 NGINXaaS for Azure with OpenID Connect (OIDC) authentication. ## Prerequisites @@ -21,7 +21,7 @@ Learn how to configure F5 NGINX as a Service (NGINXaaS) for Azure with OpenID Co 3. [Configure the IdP](https://github.com/nginxinc/nginx-openid-connect/blob/main/README.md#configuring-your-idp). For example, you can [register a Microsoft Entra Web application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) as the IdP. -## Configure NGINX as a Service for Azure with IdP +## Configure NGINXaaS for Azure with IdP Configuring NGINXaaS for Azure with OIDC is similar as [Configuring NGINX Plus](https://github.com/nginxinc/nginx-openid-connect/blob/main/README.md#configuring-nginx-plus) in [nginx-openid-connect](https://github.com/nginxinc/nginx-openid-connect) but it also has its own specific configurations that must be completed to work normally. diff --git a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md index 39b285b1a..6a87992e6 100644 --- a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md +++ b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md @@ -38,7 +38,7 @@ The following example demonstrates this process using an existing virtual machin Please ensure the following environment variables are exported before copying the below Azure CLI commands. -{{}} +{{< table >}} | Name | Description | |------------------ | ----------------- | | APP_LOCATION | Location of the resource group @@ -48,7 +48,7 @@ Please ensure the following environment variables are exported before copying th | APP_VM_NAME | Name of the workload virtual machine | | APP_NIC_NAME | Name of the network interface of the virtual machine | | APP_IP_CONFIG_NAME | Name of the IP configuration associated with the NIC | -{{}} +{{< /table >}} ### Create a load balancer @@ -161,14 +161,14 @@ The following example demonstrates this process using an existing NGINXaaS deplo Please ensure the following environment variables are exported before copying the below Azure CLI commands. -{{}} +{{< table >}} | Name | Description | |------------------ | ----------------- | | DEP_RESOURCE_GROUP | Name of the resource group the NGINXaaS deployment is in | | DEP_VNET_NAME | Name of the virtual network the NGINXaaS deployment is in | | PRIVATE_ENDPOINT_SUBNET_ADDRESS_SPACE | Desired address space of the private endpoint's subnet | | PRIVATE_LINK_SERVICE_ID | Resource ID of the Private Link service | -{{}} +{{< /table >}} ### Create a new subnet diff --git a/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md b/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md index a3c4fcedd..e26d7d8d7 100644 --- a/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md +++ b/content/nginxaas-azure/quickstart/security-controls/securing-upstream-traffic.md @@ -8,7 +8,7 @@ type: - how-to --- -Learn how to encrypt HTTP traffic between F5 NGINX as a Service for Azure (NGINXaaS) and an upstream group or a proxied server. To secure TCP traffic to upstream servers, follow the [NGINX Plus guide](https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/). As with securing HTTP traffic, you will need to [add the SSL/TLS client certificate]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md">}}) to the NGINXaaS deployment. +Learn how to encrypt HTTP traffic between F5 NGINXaaS for Azure (NGINXaaS) and an upstream group or a proxied server. To secure TCP traffic to upstream servers, follow the [NGINX Plus guide](https://docs.nginx.com/nginx/admin-guide/security-controls/securing-tcp-traffic-upstream/). As with securing HTTP traffic, you will need to [add the SSL/TLS client certificate]({{< ref "/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md">}}) to the NGINXaaS deployment. ### Prerequisites diff --git a/content/nginxaas-azure/quickstart/upgrade-channels.md b/content/nginxaas-azure/quickstart/upgrade-channels.md index f4f5db09b..fb9f5be31 100644 --- a/content/nginxaas-azure/quickstart/upgrade-channels.md +++ b/content/nginxaas-azure/quickstart/upgrade-channels.md @@ -10,14 +10,14 @@ type: ## Overview -Maintaining the latest version NGINX Plus, operating system (OS), and other software dependencies is a key feature offered by F5 NGINX as a Service for Azure (NGINXaaS). The **Upgrade Channel** is an upgrade path to which you can subscribe your NGINXaaS deployment to control the timing of software upgrades. The following channels are available: +Maintaining the latest version NGINX Plus, operating system (OS), and other software dependencies is a key feature offered by F5 NGINXaaS for Azure (NGINXaaS). The **Upgrade Channel** is an upgrade path to which you can subscribe your NGINXaaS deployment to control the timing of software upgrades. The following channels are available: -{{}} +{{< table >}} | Channel | Description | |-------------|---------------------------| | preview | Selecting this channel automatically upgrades your deployment to the latest supported version of NGINX Plus and its dependencies soon after they become available. We recommend using this setting to try out new capabilities in deployments running in your development, testing, and staging environments. Do not use the **Preview** channel in your production environment. | | stable | A deployment running on this channel will receive updates on NGINX Plus and its dependencies at a slower rate than the **Preview** channel. We recommend using this setting for production deployments where you might want stable features instead of the latest ones. This is the **default channel** if you do not specify one for your deployment. | -{{}} +{{< /table >}} {{< call-out "note" >}} All channels will receive continuous updates related to OS patches, and security fixes. {{< /call-out >}} @@ -26,12 +26,12 @@ Maintaining the latest version NGINX Plus, operating system (OS), and other soft ### NGINX Plus and related modules -{{}} +{{< table >}} | Channel | Availablity of NGINX Plus and related modules | |-------------|-----------------------------------------------| | preview | No sooner than 14 days of a new NGINX Plus [release](https://docs.nginx.com/nginx/releases/). | | stable | No sooner than 45 days of a new NGINX Plus [release](https://docs.nginx.com/nginx/releases/). | -{{}} +{{< /table >}} A new version of NGINX Plus and its related modules is first introduced to the **preview** channel, where it is goes through our acceptance testing. Once we have baked the software in the **preview** channel for a reasonable time, it is eventually graduated to the **stable** channel. The actual promotion timelines can vary, and you can view our [Changelog]({{< ref "/nginxaas-azure/changelog.md" >}}) for latest updates.