diff --git a/.github/labeler.yml b/.github/labeler.yml index c8cd64f8b..d3684b539 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -23,6 +23,12 @@ product/amplify: - changed-files: - any-glob-to-any-file: 'content/amplify/**' +product/dos: + - changed-files: + - any-glob-to-any-file: + - 'content/nap-dos/**' + - 'content/includes/nap-dos/**' + product/controller: - changed-files: - any-glob-to-any-file: @@ -37,18 +43,6 @@ product/modsec-waf: - changed-files: - any-glob-to-any-file: 'content/modsec-waf/**' -product/nap-dos: - - changed-files: - - any-glob-to-any-file: - - 'content/nap-dos/**' - - 'content/includes/nap-dos/**' - -product/nap-waf: - - changed-files: - - any-glob-to-any-file: - - 'content/nap-waf/**' - - 'content/includes/nap-waf/**' - product/ngf: - changed-files: - any-glob-to-any-file: @@ -97,12 +91,19 @@ product/unit: - 'content/unit/**' - 'content/includes/unit/**' +product/waf: + - changed-files: + - any-glob-to-any-file: + - 'content/waf/**' + - 'content/includes/waf/**' + # Other labels process documentation: - changed-files: - any-glob-to-any-file: - 'templates/**' + - 'documentation/**' - '*.md' - 'LICENSE' @@ -122,6 +123,8 @@ tooling: - '*.sh' - '*.js' - 'Makefile' - - '.vale.ini' - - '.gitignore' - '.gitattributes' + - '.gitignore' + - '.gitlint' + - '.markdownlint.yaml' + - '.vale.ini' diff --git a/content/waf/changelog/2024.md b/content/waf/changelog/2024.md index 184c50578..4296f32e5 100644 --- a/content/waf/changelog/2024.md +++ b/content/waf/changelog/2024.md @@ -17,7 +17,7 @@ For the current year, view [the top-level changelog]({{< ref "/waf/changelog/">} ## F5 WAF for NGINX 5.4 / 4.12 -_November 19th, 2024_ +Released _November 19th, 2024_. ### New features @@ -76,7 +76,7 @@ sudo service nginx restart ## F5 WAF for NGINX 5.3 / 4.11 -_September 25, 2024_ +Released _September 25, 2024_. ### New features @@ -116,7 +116,7 @@ _September 25, 2024_ ## F5 WAF for NGINX 5.2 / 4.10 -_May 29, 2024_ +Released _May 29, 2024_. ### New features @@ -149,7 +149,7 @@ _May 29, 2024_ ## F5 WAF for NGINX 5.1 / 4.9 -_April 18, 2024_ +Released _April 18, 2024_. ### New features @@ -188,7 +188,7 @@ _April 18, 2024_ ## F5 WAF for NGINX 5.0 / 4.8.1 -_March 19, 2024_ +Released _March 19, 2024_. ### New features @@ -199,7 +199,7 @@ _March 19, 2024_ {{< table >}} -| Distribution name | NGINX Open Source (5.1) | NGINX Plus (5.1) | NGINX Plus (4.8.1) | +| Distribution name | NGINX Open Source (5.0) | NGINX Plus (5.0) | NGINX Plus (4.8.1) | | ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |----------------------------------------------------| | Alpine 3.17 | _app-protect-module-oss-1.25.4+4.815.0-r1.apk_ | _app-protect-module-plus-31+4.815.0-r1.apk_ | _app-protect-31.4.815.0-r1.apk_ | | Amazon Linux 2023 | _app-protect-module-oss-1.25.4+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-31+4.815.0-1.amzn2023.ngx.x86_64.rpm_ | diff --git a/content/waf/changelog/_index.md b/content/waf/changelog/_index.md index 32d6ba815..c169cf58b 100644 --- a/content/waf/changelog/_index.md +++ b/content/waf/changelog/_index.md @@ -19,7 +19,7 @@ For older releases, check the changelogs for previous years: [2024]({{< ref "/wa ## F5 WAF for NGINX 5.9 -_September 29th, 2025_ +Released _September 29th, 2025_. ### New features @@ -32,6 +32,21 @@ _September 29th, 2025_ - Package and container artifacts now share the same version numbers - Upgrade processes remain the same as earlier releases - No breaking changes + +{{< call-out "important" >}} + +"_V4_" is now represented in the following pages or sections: + +- [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md">}}) +- Docker [Hybrid]({{< ref "/waf/install/docker.md#hybrid-configuration" >}}) and [Single container]({{< ref "/waf/install/docker.md#single-container-configuration" >}}) configuration + +"_V5_" is now represented in the following pages or sections: + +- [Kubernetes]({{< ref "/waf/install/kubernetes.md">}}) +- Docker [Multi-container]({{< ref "/waf/install/docker.md#multi-container-configuration" >}}) configuration + +{{< /call-out >}} + - Restructured documentation - Product name change - Version alignment @@ -58,7 +73,7 @@ _September 29th, 2025_ ## NGINX App Protect WAF 5.8 / 4.16 -_August 13th, 2025_ +Released _August 13th, 2025_. ### New features @@ -84,7 +99,7 @@ _August 13th, 2025_ ## NGINX App Protect WAF 5.7 / 4.15 -_June 24th, 2025_ +Released _June 24th, 2025_. ### New features @@ -124,10 +139,9 @@ _June 24th, 2025_ {{< /table >}} - ## NGINX App Protect WAF 5.6 / 4.14 -_April 1st, 2025_ +Released _April 1st, 2025_. ### New features @@ -167,7 +181,7 @@ _April 1st, 2025_ ## NGINX App Protect WAF 5.5 / 4.13 -_January 30th, 2025_ +Released _January 30th, 2025_. ### New features diff --git a/content/waf/fundamentals/technical-specifications.md b/content/waf/fundamentals/technical-specifications.md index 514eafddf..cfe7bfddd 100644 --- a/content/waf/fundamentals/technical-specifications.md +++ b/content/waf/fundamentals/technical-specifications.md @@ -14,6 +14,10 @@ nd-product: NAP-WAF This page outlines the technical specifications for F5 WAF for NGINX, which includes the minimum requirements and supported platforms. +## Resource limitations + +- F5 WAF for NGINX supports a **maximum** of **127** CPU cores. + ## Supported deployment environments You can deploy F5 WAF for NGINX in the following environments: @@ -54,9 +58,8 @@ The F5 WAF for NGINX package has the following dependencies: | app-protect-threat-campaigns | The F5 WAF for NGINX threat campaigns update package | | nginx-plus-module-appprotect | NGINX Plus dynamic module for F5 WAF for NGINX | - 1. _Optional dependencies_ -2. _This module needs to be installed separately, and includes a client for downloading and updating the feature's database_ +1. _This module needs to be installed separately, and includes a client for downloading and updating the feature's database_ ## Supported security policy features diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a1d032b9a..d54ca7d2d 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -445,7 +445,61 @@ Once you have updated your configuration files, you can reload NGINX to apply th #### Create and run a Docker Compose file -{{< include "waf/install-services-compose.md" >}} +Create a _docker-compose.yml_ file with the following contents in your host environment, replacing image tags as appropriate: + +```yaml +services: + nginx: + container_name: nginx + image: nginx-app-protect-5 + volumes: + - app_protect_bd_config:/opt/app_protect/bd_config + - app_protect_config:/opt/app_protect/config + - app_protect_etc_config:/etc/app_protect/conf + - /conf/nginx.conf:/etc/nginx/nginx.conf + - /conf/default.conf:/etc/nginx/conf.d/default.conf + - ./license.jwt:/etc/nginx/license.jwt # Only necessary when using NGINX Plus + networks: + - waf_network + ports: + - "80:80" + + waf-enforcer: + container_name: waf-enforcer + image: waf-enforcer:5.2.0 + environment: + - ENFORCER_PORT=50000 + ports: + - "50000:50000" + volumes: + - /opt/app_protect/bd_config:/opt/app_protect/bd_config + networks: + - waf_network + restart: always + + waf-config-mgr: + container_name: waf-config-mgr + image: waf-config-mgr:5.2.0 + volumes: + - /opt/app_protect/bd_config:/opt/app_protect/bd_config + - /opt/app_protect/config:/opt/app_protect/config + - /etc/app_protect/conf:/etc/app_protect/conf + restart: always + network_mode: none + depends_on: + waf-enforcer: + condition: service_started + +networks: + waf_network: + driver: bridge +``` + +To start the F5 WAF for NGINX services, use `docker compose up` in the same folder as the _docker-compose.yml_ file: + +```shell +sudo docker compose up -d +``` You can now review the operational status of F5 WAF for NGINX using the [Post-installation checks]({{< ref "/waf/install/docker.md#post-installation-checks" >}}).