From 4fde3e6db617ca848df1de39dc7e2b7943498fbc Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Thu, 6 Nov 2025 15:15:06 +0000 Subject: [PATCH] feat: Update process documentation, issue templates This commit adds NGINX Unit to the deprecated content process document, and updates the issue templates to reduce the amount of mandatory fields and rephrase questions to be more open-ended in the bug report and idea forms, accounting for simpler issues. It also removes some leftover include files related to products whose main content folders have already been removed. --- .github/ISSUE_TEMPLATE/1-idea_suggestion.yml | 12 +-- .github/ISSUE_TEMPLATE/2-bug_report.yml | 20 ++--- .../includes/acm/about/api-proxy-policies.md | 35 -------- content/includes/acm/about/global-policies.md | 29 ------- content/includes/acm/how-to/access-acm-api.md | 6 -- content/includes/acm/how-to/access-acm-ui.md | 7 -- content/includes/acm/how-to/policies-intro.md | 8 -- .../how-to/policies-proxy-cluster-intro.md | 9 -- .../acm/how-to/policies-proxy-intro.md | 9 -- .../acm/how-to/policies/api-owner-persona.md | 4 - .../how-to/policies/infra-admin-persona.md | 6 -- .../acm/how-to/update-application-settings.md | 23 ----- .../update-authorization-server-settings.md | 18 ---- .../acm/how-to/update-general-settings.md | 17 ---- content/includes/acm/index.md | 4 - content/includes/acm/openapi-support.md | 6 -- content/includes/acm/rbac/api-owner-role.md | 15 ---- content/includes/acm/rbac/infra-admin-role.md | 16 ---- .../includes/acm/tutorials/what-is-OAuth2.md | 6 -- content/includes/acm/webui-acm-login.md | 5 -- .../configuration-options.md | 87 ------------------- .../configure-devportal-helm-api-mtls.md | 26 ------ ...figure-devportal-helm-embedded-postgres.md | 27 ------ ...figure-devportal-helm-external-postgres.md | 29 ------- .../configure-helm-devportal-sqlite.md | 21 ----- content/includes/nms/index.md | 4 - .../nms/services/platform-services.md | 14 --- .../includes/unit/howto_change_ownership.md | 18 ---- content/includes/unit/howto_install_app.md | 2 - content/includes/unit/howto_install_prereq.md | 1 - content/includes/unit/howto_install_unit.md | 1 - content/includes/unit/howto_upload_config.md | 14 --- content/includes/unit/version.md | 1 - documentation/deprecated-content.md | 2 + 34 files changed, 13 insertions(+), 489 deletions(-) delete mode 100644 content/includes/acm/about/api-proxy-policies.md delete mode 100644 content/includes/acm/about/global-policies.md delete mode 100644 content/includes/acm/how-to/access-acm-api.md delete mode 100644 content/includes/acm/how-to/access-acm-ui.md delete mode 100644 content/includes/acm/how-to/policies-intro.md delete mode 100644 content/includes/acm/how-to/policies-proxy-cluster-intro.md delete mode 100644 content/includes/acm/how-to/policies-proxy-intro.md delete mode 100644 content/includes/acm/how-to/policies/api-owner-persona.md delete mode 100644 content/includes/acm/how-to/policies/infra-admin-persona.md delete mode 100644 content/includes/acm/how-to/update-application-settings.md delete mode 100644 content/includes/acm/how-to/update-authorization-server-settings.md delete mode 100644 content/includes/acm/how-to/update-general-settings.md delete mode 100644 content/includes/acm/index.md delete mode 100644 content/includes/acm/openapi-support.md delete mode 100644 content/includes/acm/rbac/api-owner-role.md delete mode 100644 content/includes/acm/rbac/infra-admin-role.md delete mode 100644 content/includes/acm/tutorials/what-is-OAuth2.md delete mode 100644 content/includes/acm/webui-acm-login.md delete mode 100644 content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md delete mode 100644 content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md delete mode 100644 content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md delete mode 100644 content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md delete mode 100644 content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md delete mode 100644 content/includes/nms/index.md delete mode 100644 content/includes/nms/services/platform-services.md delete mode 100644 content/includes/unit/howto_change_ownership.md delete mode 100644 content/includes/unit/howto_install_app.md delete mode 100644 content/includes/unit/howto_install_prereq.md delete mode 100644 content/includes/unit/howto_install_unit.md delete mode 100644 content/includes/unit/howto_upload_config.md delete mode 100644 content/includes/unit/version.md diff --git a/.github/ISSUE_TEMPLATE/1-idea_suggestion.yml b/.github/ISSUE_TEMPLATE/1-idea_suggestion.yml index 8efc08162..cd81ac17a 100644 --- a/.github/ISSUE_TEMPLATE/1-idea_suggestion.yml +++ b/.github/ISSUE_TEMPLATE/1-idea_suggestion.yml @@ -10,7 +10,7 @@ body: required: true - type: dropdown attributes: - label: Which product or products does this request relate to? + label: Which product or products does this idea relate to? multiple: true options: - F5 DoS for NGINX @@ -28,16 +28,12 @@ body: required: true - type: textarea attributes: - label: Is this idea related to a larger problem? + label: Does this idea relate to other issues? description: If you have identified multiple related issues, it might be a design pattern problem. - validations: - required: true - type: textarea attributes: - label: What alternative ways are there to implement your idea? - description: There are often multiple ways to something - context is important. - validations: - required: true + label: Are there alternative ideas for improving the same topic? + description: If you already identified reasons not to go with other solutions, we'd like to know why! - type: textarea attributes: label: Any additional information diff --git a/.github/ISSUE_TEMPLATE/2-bug_report.yml b/.github/ISSUE_TEMPLATE/2-bug_report.yml index 879472441..6f12b2f79 100644 --- a/.github/ISSUE_TEMPLATE/2-bug_report.yml +++ b/.github/ISSUE_TEMPLATE/2-bug_report.yml @@ -1,16 +1,16 @@ name: Bug report -description: Report an issue with our documentation +description: Report an issue with our content or website title: "[Bug]: " body: - type: textarea attributes: - label: Describe the bug you have identified + label: Describe the problem you have identified description: Explain the problem with as much detail as possible. validations: required: true - type: dropdown attributes: - label: Which product or products does this request relate to? + label: Which product or products does this problem relate to? multiple: true options: - F5 DoS for NGINX @@ -28,22 +28,16 @@ body: required: true - type: textarea attributes: - label: Steps to reproduce the bug + label: If necessary, explain any additional steps to reproduce the problem. description: Describe the where the issue occurs. - validations: - required: true - type: textarea attributes: label: What is the expected or desired behaviour? - description: Describe what you expected to happen instead of the bug. - validations: - required: true + description: Describe what you expected to happen instead of the problem - type: textarea attributes: - label: What environments or versions does this bug affect? - description: Describe the contexts which this bug seems to occur. - validations: - required: true + label: Is this problem specific to a particular platform or software version? + description: Describe the context in which this problem appears. - type: textarea attributes: label: Any additional information diff --git a/content/includes/acm/about/api-proxy-policies.md b/content/includes/acm/about/api-proxy-policies.md deleted file mode 100644 index 6a608f174..000000000 --- a/content/includes/acm/about/api-proxy-policies.md +++ /dev/null @@ -1,35 +0,0 @@ -The following table shows the available API Proxy Policies you can use when creating an API gateway. - -
- -**Legend:** - -- = Supported -- = Not supported -- = Applied by default - -{{}} - -| Policy Name | HTTP Proxy | gRPC Proxy | Applied On | Description | -| --------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | ----------------------------------------------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| [Access Control Routing]({{< ref "/nms/acm/how-to/policies/access-control-routing" >}}) | | | Inbound | Restrict access to your application servers based on JWT claims or header values. | -| [ACL Consumer Restriction]({{< ref "/nms/acm/how-to/policies/api-access-control-lists#create-acl-consumer-restriction-policy" >}}) | | | Inbound | Protect your upstream TCP application servers by denying/allowing access from certain consumers client IDs or authenticated JWT claims. | -| [ACL IP Restriction]({{< ref "/nms/acm/how-to/policies/api-access-control-lists#create-acl-ip-restriction-policy" >}}) | | | Inbound | Protect your upstream TCP application servers by denying/allowing access from certain client IP addresses or CIDR blocks | -| [Advanced Security]({{< ref "/nms/acm/how-to/policies/advanced-security" >}}) | | | Inbound | Protect your upstream TCP application servers by applying an F5 WAF for NGINX policy to the traffic to your proxy | -| [Allowed HTTP Methods]({{< ref "/nms/acm/how-to/policies/allowed-http-methods" >}}) | | | Inbound | Restrict access to specific request methods and set a custom response code for non-matching requests. | -| [APIKey Authentication]({{< ref "/nms/acm/how-to/policies/apikey-authn" >}}) | | | Inbound | Secure the API gateway proxy by adding an API key. | -| [HTTP Backend Config]({{< ref "/nms/acm/how-to/policies/http-backend-configuration" >}}) | | | Inbound | Customize settings to ensure fault tolerance, maximize throughput, reduce latency, and optimize resource usage. | -| [GRPC Backend Config]({{< ref "/nms/acm/how-to/policies/grpc-policies" >}}) | | | Inbound | Customize settings to ensure fault tolerance, maximize throughput, reduce latency, and optimize resource usage. | -| [Backend Health Check]({{< ref "/nms/acm/how-to/policies/health-check" >}}) | | | Backend | Perform regular health checks to the backend API service to avoid and recover from server issues. Customize the policy with your desired thresholds. | -| [Basic Authentication]({{< ref "/nms/acm/how-to/policies/basic-authn" >}}) | | | Inbound | Restrict access to APIs by requiring a username and password. | -| [CORS]({{< ref "/nms/acm/how-to/policies/cors" >}}) | | | Inbound | Configure cross-origin resource sharing (CORS) to control resource access from outside domains. | -| [JSON Web Token Assertion]({{< ref "/nms/acm/how-to/policies/jwt-assertion" >}}) | | | Inbound | Secure your API gateway proxy with JSON web token verification. | -| [OAuth2 Token Introspection]({{< ref "/nms/acm/how-to/policies/introspection" >}}) | | | Inbound | Secure your API gateway proxy with OAuth2 Tokens. | -| [Proxy Cache]({{< ref "/nms/acm/how-to/policies/proxy-cache" >}}) | | | Outbound | Enable and configure caching to improve the performance of your API gateway proxy. | -| [Proxy Request Headers]({{< ref "/nms/acm/how-to/policies/proxy-request-headers" >}}) | | | Backend | Configure the headers to pass to the backend API service. | -| [Rate Limit]({{< ref "/nms/acm/how-to/policies/rate-limit" >}}) | | | Inbound | Add rate limits to limit incoming requests and secure API workloads. | - -{{}} - - - \ No newline at end of file diff --git a/content/includes/acm/about/global-policies.md b/content/includes/acm/about/global-policies.md deleted file mode 100644 index 5c5c47df3..000000000 --- a/content/includes/acm/about/global-policies.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -nd-docs: DOCS-1283 ---- - -The following table shows the available Global Policies you can use when creating a new cluster. - -
- -**Legend:** - -- = Supported -- = Not supported -- = Applied by default - -{{}} - -| Policy Name | HTTP Environment | gRPC Environment | Applied On | Description | -|-------------------------------------------------------------------|-------------------------------------------------|-------------------------------------------------|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [Error Response Format]({{< ref "/nms/acm/how-to/policies/error-response-format.md" >}}) | | | Outbound | Configure the Error Response Format policy to customize the HTTP error codes and error messages. | -| [Log Format]({{< ref "/nms/acm/how-to/policies/log-format.md" >}}) | | | Outbound | Use the Log Format global policy to generate detailed access logs in JSON (default) or syslog format. Among the settings you can select, use the filter to fine-tune what gets logged, set the log destination, and adjust the log severity level to specify the type of errors to log. | -| [OpenID Connect Relying Party]({{< ref "/nms/acm/how-to/policies/openID-connect" >}}) | | | Inbound | Secure access to your APIs with an OpenID Connect (OIDC) policy. This policy configures the API gateway proxy as a relying party for authenticating users with an OIDC provider. | -| [Proxy Response Headers]({{< ref "/nms/acm/how-to/policies/proxy-response-headers.md" >}}) | | | Inbound | Customize the Proxy Response Headers policy to include or exclude headers in the proxy response. By default, the standard headers are included in the response. In addition, you can specify whether the header is always included regardless of the response code. You can also add custom headers and values to include in the response. | -| [Request Body Size Limit]({{< ref "/nms/acm/how-to/policies/request-body-size-limit" >}}) | | | Inbound | Prevent Denial-of-Service (DoS) and other types of attacks by limiting the request body size. Customize the policy to configure the max payload size the API gateway proxy cluster can accept; the default limit is 1 MB. The API gateway proxy blocks requests exceeding the limit, while returning the configured error code. Set the max size to 0 to disable checking the request body size. | -| [Request Correlation ID]({{< ref "/nms/acm/how-to/policies/request-correlation-id.md" >}}) | | | Inbound | Apply the Correlation ID policy to add a unique identifier to each request entering the application. You can use this unique ID to trace end-to-end transactions moving through components in a distributed system. The policy uses `x-correlation-id` as the default HTTP header name, or you can provide a custom header value. | -| [Request Header Specification]({{< ref "/nms/acm/how-to/policies/request-header-specification.md" >}}) | | | Inbound | Configure if headers containing underscores or other special characters are accepted or ignored. | -| [TLS Backend]({{< ref "/nms/acm/how-to/policies/tls-policies" >}}) | | | Backend | Secure the communication between the API gateway proxy and the backend API service by enabling and customizing the TLS backend policy. When mTLS is enabled, the API gateway proxy identifies itself to the backend service using an SSL client certificate. | -| [TLS Inbound]({{< ref "/nms/acm/how-to/policies/tls-policies" >}}) | | | Inbound | Secure inbound connections with the TLS inbound policy. Enable mTLS for secure bidirectional communication. | - -{{}} diff --git a/content/includes/acm/how-to/access-acm-api.md b/content/includes/acm/how-to/access-acm-api.md deleted file mode 100644 index 8fa994888..000000000 --- a/content/includes/acm/how-to/access-acm-api.md +++ /dev/null @@ -1,6 +0,0 @@ - -You can use tools such as `curl` or [Postman](https://www.postman.com) to interact with the API Connectivity Manager REST API. The API URL follows the format `https:///api/acm/` and must include authentication information with each call. For more information about authentication options, please refer to the [API Overview]({{< ref "/nms/acm/about/api-overview.md" >}}). - - - - \ No newline at end of file diff --git a/content/includes/acm/how-to/access-acm-ui.md b/content/includes/acm/how-to/access-acm-ui.md deleted file mode 100644 index 0fcdb2612..000000000 --- a/content/includes/acm/how-to/access-acm-ui.md +++ /dev/null @@ -1,7 +0,0 @@ - -This guide provides instructions for completing tasks using the API Connectivity Manager user interface (UI). - -To access the UI, go to the FQDN of your NGINX Instance Manager host and log in. On the Launchpad menu, select "API Connectivity Manager." - - - \ No newline at end of file diff --git a/content/includes/acm/how-to/policies-intro.md b/content/includes/acm/how-to/policies-intro.md deleted file mode 100644 index 7583dc3f0..000000000 --- a/content/includes/acm/how-to/policies-intro.md +++ /dev/null @@ -1,8 +0,0 @@ -In API Connectivity Manager, you can apply global policies to API Gateways and Developer Portals to ensure your organization's security requirements are enforced. - -When you add policies at the environment level, they will apply to all proxies hosted within that environment. - -See the [Learn about Policies]({{< ref "/nms/acm/about/policies-overview.md">}}) topic for an overview of the different policy types and available policies. - - - \ No newline at end of file diff --git a/content/includes/acm/how-to/policies-proxy-cluster-intro.md b/content/includes/acm/how-to/policies-proxy-cluster-intro.md deleted file mode 100644 index d109bfcf3..000000000 --- a/content/includes/acm/how-to/policies-proxy-cluster-intro.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: DOCS-1285 ---- - -In API Connectivity Manager, you can apply cluster policies to API Gateways and Developer Portals to further enhance their configuration to meet your requirements. A proxy cluster is a group of instances configured as API Gateways or Developer Portals. Any cluster policy will apply to all instances in a group. - -If a proxy cluster is shared between environments, updating cluster policies will effect all the environments. - -See the [Learn about Policies]({{< ref "/nms/acm/about/policies-overview.md">}}) topic for an overview of the different policy types and available policies. diff --git a/content/includes/acm/how-to/policies-proxy-intro.md b/content/includes/acm/how-to/policies-proxy-intro.md deleted file mode 100644 index 63f57ba84..000000000 --- a/content/includes/acm/how-to/policies-proxy-intro.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: DOCS-1286 ---- - -In API Connectivity Manager, you can apply policies to an API Gateway to further enhance their configuration to meet your requirements. - -Policies added at the proxy level are applied to all routes within that proxy. - -For an overview of the different policy types and available policies, refer to the consult the [Learn about Policies]({{< ref "/nms/acm/about/policies-overview.md">}}) topic. diff --git a/content/includes/acm/how-to/policies/api-owner-persona.md b/content/includes/acm/how-to/policies/api-owner-persona.md deleted file mode 100644 index f4dcbc5da..000000000 --- a/content/includes/acm/how-to/policies/api-owner-persona.md +++ /dev/null @@ -1,4 +0,0 @@ -This guide is intended for API Owners — the individuals or teams who are responsible for designing, creating, and maintaining APIs. - - - diff --git a/content/includes/acm/how-to/policies/infra-admin-persona.md b/content/includes/acm/how-to/policies/infra-admin-persona.md deleted file mode 100644 index 93f024c8d..000000000 --- a/content/includes/acm/how-to/policies/infra-admin-persona.md +++ /dev/null @@ -1,6 +0,0 @@ -This guide is meant for Infrastructure Administrators. - -Infrastructure Administrators ensure uniform governance across an organization's infrastructure by setting policies at the infrastructure level, enabling teams to build APIs without interruption while adhering to the organization's standards. - - - diff --git a/content/includes/acm/how-to/update-application-settings.md b/content/includes/acm/how-to/update-application-settings.md deleted file mode 100644 index 784fd650e..000000000 --- a/content/includes/acm/how-to/update-application-settings.md +++ /dev/null @@ -1,23 +0,0 @@ -# - {{}} - - - | Variable | Description | - |----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| - | (Optional) Choose an OAuth Flow | OAuth flows are authorization and authentication processes. | - | (Optional) App Name | Name the application. | - | Client ID | Client ID is a public identifier for the client that is required for all OAuth flows. | - | Client Secret | Client Secret is used by the client to exchange an authorization code for a token.
It should be an empty value with `""` when PKCE is enabled. | - | Scopes | List of the OAuth 2.0 scope values that this server supports.
For example, `openid+profile+email+offline_access`. | - | (Optional) Sign-Out Redirect URI | Signout Redirect URI refers to the URI the user gets redirected to after a successful logout. | - | (Optional) Redirect URI | Redirect URI is called by the IDP after successful authentication. | - | (Optional) User Info URI | User Info URI is called by the front end to retrieve the user's info via the IDP. | - | (Optional) Login URI | Login URI is called by the front end for logging-in IDP using OpenID Connect. | - | (Optional) Logout URI | Logout URI is called by the front end to handle OIDC logout with the IDP. See [RPLogout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout) for more information. | - - - - {{}} - - - diff --git a/content/includes/acm/how-to/update-authorization-server-settings.md b/content/includes/acm/how-to/update-authorization-server-settings.md deleted file mode 100644 index d34170d01..000000000 --- a/content/includes/acm/how-to/update-authorization-server-settings.md +++ /dev/null @@ -1,18 +0,0 @@ -# - **Specify all Endpoints** to update authorization server settings. - - {{}} - - | Variable | Description | - |---------------|----------------------------------------------------| - | Keys | URL of the IDP's JSON Web Key Set document. | - | Token | URL of the IDP's OAuth 2.0 Token Endpoint. | - | Authorization | URL of the IDP's OAuth 2.0 Authorization Endpoint. | - | User Info | URL of the IDP's UserInfo Endpoint. | - | LogOff URI | URL of the IDP's end_session endpoint. | - - - {{}} - - - \ No newline at end of file diff --git a/content/includes/acm/how-to/update-general-settings.md b/content/includes/acm/how-to/update-general-settings.md deleted file mode 100644 index 8dff25f5e..000000000 --- a/content/includes/acm/how-to/update-general-settings.md +++ /dev/null @@ -1,17 +0,0 @@ -# - {{}} - - | Variable | Description | - |-------------------------------------------------------------------|----------------------------------------------------------------------| - | (Optional) Select the token to return to the client upon login | Options:
- id_token
- none | - | (Optional) Select the token to forward to the backend application | Options:
- access_token
- id_token
- both
- none | - | Add User Registration | - add URL
- add type | - | Add Authorization Parameter | - add parameter key
- add value
- add type (Query or Path) | - | Add Token Parameter | - add parameter key
- add value
- add type (Query or Path) | - | Add Logout Parameter | - add parameter key
- add value
- add type (Query or Path) | - - - {{}} - - - \ No newline at end of file diff --git a/content/includes/acm/index.md b/content/includes/acm/index.md deleted file mode 100644 index 0c8fbf669..000000000 --- a/content/includes/acm/index.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -headless: true ---- - diff --git a/content/includes/acm/openapi-support.md b/content/includes/acm/openapi-support.md deleted file mode 100644 index bbc8b80ea..000000000 --- a/content/includes/acm/openapi-support.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -nd-docs: DOCS-1188 ---- - -{{< call-out "note" >}}API Connectivity Manager supports the [OpenAPI Specification version 3.0 and 3.1](https://swagger.io/specification/). If your spec uses the 2.0 standard, you must convert it before uploading it.{{< /call-out >}} - diff --git a/content/includes/acm/rbac/api-owner-role.md b/content/includes/acm/rbac/api-owner-role.md deleted file mode 100644 index 8e3a02825..000000000 --- a/content/includes/acm/rbac/api-owner-role.md +++ /dev/null @@ -1,15 +0,0 @@ -The built-in "ACM API Owner" role grants access to the following features at the workspace level. You can customize these settings if you wish. - -{{}} - -| Feature | Access | Scope | Description | -|----------------------------|---------------------------------------------|-----------|--------------------------------------------------------------| -| API Docs | Create, Read, Update, Delete | Workspace | View and manage API documentation published to a Dev Portal. | -| Dev Portal Setup | Create, Read, Update, Delete | Workspace | Set up and manage Dev Portals. | -| Hostnames | Read | Workspace | View and manage hostnames for deploying proxies. | -| Proxy Config | Create, Read, Update, Delete | Workspace | Create and manage proxies. | - -{{< /bootstrap-table >}} - - - diff --git a/content/includes/acm/rbac/infra-admin-role.md b/content/includes/acm/rbac/infra-admin-role.md deleted file mode 100644 index ce2174f7c..000000000 --- a/content/includes/acm/rbac/infra-admin-role.md +++ /dev/null @@ -1,16 +0,0 @@ -The built-in "ACM Infra Admin" role grants access to the following features at the workspace level. You can customize these settings if you wish. - -{{}} - -| Feature | Access | Scope | Description | -|----------------------------|---------------------------------------------|-----------|-----------------------------------------------| -| Dev Portal Setup | Create, Read, Update, Delete | Workspace | Set up and manage Dev Portals. | -| Environments | Create, Read, Update, Delete | Workspace | Create, configure, and manage environments. | -| Proxy Clusters | Create, Read, Update, Delete | Workspace | Create, configure, and manage proxy clusters. | -| Proxy Config | Read | Workspace | Create and manage proxies. | -| Service Workspace | Read | Workspace | Customize and manage Service workspaces. | - -{{< /bootstrap-table >}} - - - \ No newline at end of file diff --git a/content/includes/acm/tutorials/what-is-OAuth2.md b/content/includes/acm/tutorials/what-is-OAuth2.md deleted file mode 100644 index 12031fe9a..000000000 --- a/content/includes/acm/tutorials/what-is-OAuth2.md +++ /dev/null @@ -1,6 +0,0 @@ -The _OAuth2 Authorization Framework_ [[RFC-6749]](https://www.rfc-editor.org/rfc/rfc6749) grants third-party applications limited access to an HTTP service either by orchestrating an approval interaction between the resource owner and the HTTP service or granting the third-party application access on its own behalf. - -OAuth2 is an authorization protocol, not an authentication protocol. As such, OAuth2 grants access to a set of resources, for example, internal APIs or user data. - - - \ No newline at end of file diff --git a/content/includes/acm/webui-acm-login.md b/content/includes/acm/webui-acm-login.md deleted file mode 100644 index bd38ca740..000000000 --- a/content/includes/acm/webui-acm-login.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -nd-docs: DOCS-1189 ---- - -In a web browser, go to the FQDN for your NGINX Instance Manager host and log in. Then, from the Launchpad menu, select **API Connectivity Manager**. diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md deleted file mode 100644 index 6cea14a5c..000000000 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configuration-options.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -nd-docs: DOCS-1308 ---- - -The `values.yaml` file within the `nginx-devportal` Helm chart contains the deployment configuration for the Developer Portal. - -You can update these fields directly in the `values.yaml` file or by specifying the `--set` flag when running `helm install`. - -To modify a configuration for an existing release, run the `helm upgrade` command and use the `--set` flag or `-f `, where `my-values-file` is a path to a values file with your desired configuration. - -The following table lists the configurable parameters and default values used by the Developer Portal chart when installing from a Helm chart. - -{{}} - -| Parameter | Description | Default | -| :------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----------------------- | -| `api.acm.client.caSecret.name` | This secret can be used in order to provide a custom CA certificate when communicating from API Connectivity Manager to the Developer Portal via a TLS secured http connection. This should be set to the name of the secret in the release namespace that contains the CA certificate. | `""` | -| `api.acm.client.caSecret.key` | Key used in the secret to specify the CA file content (to add multiple certificates, chain them into one file). | `""` | -| `api.container.port` | TCP port for the pod to listen on. | `8080` | -| `api.container.securityContext` | Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | `{}` | -| `api.db.external` | PostgreSQL server can be external. | `false` | -| `api.db.host` | PostgreSQL server to use; defaults to the internal deployment service name. | `postgres.devportal.svc` | -| `api.db.name` | Database schema name to use. | `devportal` | -| `api.db.pass` | Password to use for PostgreSQL. | `nginxdm` | -| `api.db.port` | Port to use for PostgreSQL. If `api.db.external` is `true`, the port PostgreSQL is listening on. If `api.db.external` is `false`, the port the internal PostgreSQL should listen on. | `5432` | -| `api.db.tls.secretName` | User-provided secret containing TLS CA certificate for database server validation. An optional certificate/key when using client certificates can also be provided. Values are `tls.crt`, `tls.key`, and `ca.crt`. If you provide just the TLS certificate/key pair, a `kubernetes.io/tls` will suffice; otherwise, an opaque secret can be used. | `""` | -| `api.db.tls.verifyMode` | TLS verification modes for connecting to PostgreSQL. Options are `disable`, `require`, `verify-ca`, or `verify-full` | `require` | -| `api.db.type` | Database type to use with the Developer Portal `api` service. The database type can be `sqlite` or `psql` (for PostgreSQL) | `psql` | -| `api.db.user` | Username to use for PostgreSQL. | `nginxdm` | -| `api.image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `api.image.repository` | Repository name and path for the `api` image. | `api` | -| `api.image.tag` | Tag used for pulling images from registry. | `latest` | -| `api.logLevel` | Set the log level for the backend API service. The log level can be `fatal`, `error`, `warning`, `info`, or `debug` | `info` | -| `api.name` | Set the deployment name of the api. | `devportal-api` | -| `api.podSecurityContext` | Allows user to set security-related configurations at pod level, defining how the pod should run and what privileges it should have. | `{}` | -| `api.persistence.claims.accessMode` | Claim access mode. Can be `ReadWriteOnce` or `ReadWriteMany` | `ReadWriteOnce` | -| `api.persistence.claims.accessMode` | Claim access mode. Can be `ReadWriteOnce` or `ReadWriteMany` | `ReadWriteOnce` | -| `api.persistence.claims.size` | Size of claim to allocate. | `250Mi` | -| `api.persistence.enabled` | Optionally disable persistent storage, used for database data. | `true` | -| `api.replicas` | Set the number of API replicas in the deployment. This can be scaled above `1` only when `api.db.type` is `psql`. | `1` | -| `api.resources.requests.cpu` | Initial CPU resource requests for the `api` pods. | `125m` | -| `api.resources.requests.memory` | Initial Memory resource requests for the `api` pods. | `128Mi` | -| `api.service.port` | TCP port for the `api` service to listen on. This port maps to the API Connectivity Manager Environment ServiceTarget Listener port. For example, you may change this to `8443` when running the `api` with TLS. | `8080` | -| `api.tls.clientNames` | Common Names of client certificates to allow in a space separated list. | `""` | -| `api.tls.clientValidation` | Verify client certificates if sent with CA file. | `false` | -| `api.tls.secretName` | User provided secret containing TLS certificate/key pair and optional CA when using client certificates. Values are `tls.crt`, `tls.key`, and `ca.crt`. If you provide just the TLS certificate/key pair, a `kubernetes.io/tls` will suffice; otherwise, an opaque secret can be used. | `""` | -| `apigw.container.port` | TCP port for the pod to listen on. | `80` | -| `apigw.container.securityContext` | Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | `{}` | -| `apigw.controlPlane.host` | The API Connectivity Manager control plane IP address or hostname. | `127.0.0.1` | -| `apigw.controlPlane.instanceGroup` | The API Connectivity Manager control plane instance group for this agent to become a member of. | `devportal` | -| `apigw.image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `apigw.image.repository` | Repository name and path for the `apigw` image. | `apigw` | -| `apigw.image.tag` | Tag used for pulling images from the registry. | `latest` | -| `apigw.ingress.enabled` | Optionally enable ingress via an Ingress Controller. | `false` | -| `apigw.ingress.host` | Host to apply ingress rules to. | `localhost` | -| `apigw.name` | Set the deployment name of the API Gateway. | `devportal-gateway` | -| `apigw.podSecurityContext` | Allows user to set security-related configurations at a pod level, defining how the pod should run and what privileges it should have. | `{}` | -| `apigw.persistence.claims.accessMode` | Claim access mode. Can be `ReadWriteOnce` or `ReadWriteMany` | `ReadWriteOnce` | -| `apigw.persistence.claims.existingClaim` | Enable reuse of an existing claim. | `false` | -| `apigw.persistence.claims.size` | Size of claim to allocate. | `250Mi` | -| `apigw.persistence.enabled` | Optionally disable persistent storage used for OIDC session data. | `true` | -| `apigw.resources.requests.cpu` | Initial CPU resource requests for the `apigw` pods. | `125m` | -| `apigw.resources.requests.memory` | Initial Memory resource requests for the `apigw` pods. | `128Mi` | -| `apigw.service.annotations` | Annotations to apply to the `apigw` service. | `{}` | -| `apigw.service.port` | TCP port for the `apigw` service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to `443` when running the `apigw` with TLS. | `80` | -| `apigw.service.type` | The type of `Service` to expose for the `devportal-apigw`, options are `ClusterIP`, `NodePort` & `LoadBalancer`. | `ClusterIP` | -| `apigw.service.nodePortHttp` | When it's type `NodePort`, use `nodePortHttp` to set a static value. If left empty, Kubernetes will generate an ephemeral `NodePort`. | `""` | -| `apigw.service.externalIPs` | List of external IP addresses to apply to this service. | `[]` | -| `apigw.acmService.annotations` | Annotations to apply to the `apigw` service. | `{}` | -| `apigw.acmService.enabled` | Enables a service for the API Connectivity Manager DevPortal service. | `false` | -| `apigw.acmService.port` | TCP port for the `apigw` service to listen on. This is the port that is exposed in the LoadBalancer endpoint and is the traffic ingress point to the Developer Portal cluster. For example, you may change this to `443` when running the `apigw` with TLS. | `80` | -| `apigw.acmService.type` | The type of `Service` to expose for the `devportal-apigw`, options are `ClusterIP`, `NodePort` & `LoadBalancer`. | `ClusterIP` | -| `apigw.acmService.nodePortHttp` | When it's type `NodePort`, use `nodePortHttp` to set a static value. If left empty, Kubernetes will generate an ephemeral `NodePort`. | `""` | -| `apigw.acmService.externalIPs` | List of external IP addresses to apply to this service. | `[]` | -| `embeddedPostgres.container.securityContext` | Allows user to set security-related configurations for the container, defining how the container should run and what privileges it should have. | `{}` | -| `embeddedPostgres.image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `embeddedPostgres.image.repository` | Repository name and path for the image used by embedded Postgres. | `postgres` | -| `embeddedPostgres.image.tag` | Tag used for pulling images from the registry for embedded Postgres. | `12-alpine` | -| `embeddedPostgres.podSecurityContext` | Allows user to set security-related configurations at a pod level, defining how the pod should run and what privileges it should have. | `{}` | -| `fullnameOverride` | Override the full name of the Developer Portal chart. | `devportal` | -| `imagePullSecrets` | List of secrets to use for pulling images. | `[]` | -| `nameOverride` | Override the name of the Developer Portal chart. | `devportal` | -| `serviceAccount.annotations` | Annotations to apply to the service account. | `{}` | -| `serviceAccount.name` | Name of the service account to use. | `devportal` | - -{{}} - diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md deleted file mode 100644 index 1d7358f1e..000000000 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-api-mtls.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -nd-docs: DOCS-1309 ---- - -When deploying the Developer Portal using a helm chart, you can configure TLS to secure communication between the NGINX API Gateway and backend API service. - -To use TLS with the backend API service, you need the following: - -- An installed, licensed, and running version of API Connectivity Manager -- Access to a Kubernetes (or similar) cluster -- (Optional) A TLS CA certificate to verify NGINX API Gateway client TLS certificates -- (Optional) A TLS server certificate and key pair for validation with the NGINX API Gateway - -Set the following configuration options to use TLS with the backend API service: - -{{}} - -| Parameter | Value | -| --------------------------- | -------- | -| `api.db.external` | `false` | -| `api.db.type` | `sqlite` | -| `api.tls.clientNames` | `` | -| `api.tls.clientValidation` | `true` | -| `api.tls.secretName` | `test` | - -{{% /bootstrap-table %}} diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md deleted file mode 100644 index b14932a4e..000000000 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-embedded-postgres.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -nd-docs: DOCS-1311 ---- - -You can use an embedded PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a [PersistentVolumeClaim (PVC)](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for storage of the the PostgreSQL data files. Access between the backend API service and the database is secured using auto-generated client TLS certificates. - -To use an embedded PostgreSQL database, you need the following: - -- An installed, licensed, and running version of API Connectivity Manager -- Access to a Kubernetes (or similar) cluster - -Set the following configuration options to use an embedded PostgreSQL database: - -{{}} - -| Parameter | Value | -| -------------------------------------- | --------------- | -| `api.db.external` | `false` | -| `api.db.pass` | `nginxdm` | -| `api.db.type` | `psql` | -| `api.db.user` | `nginxdm` | -| `api.persistence.claims.accessMode` | `ReadWriteOnce` | -| `api.persistence.claims.existingClaim` | `false` | -| `api.persistence.claims.size` | `250Mi` | -| `api.persistence.enabled` | `true` | - -{{% /bootstrap-table %}} diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md deleted file mode 100644 index 54bdc7396..000000000 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-devportal-helm-external-postgres.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -nd-docs: DOCS-1307 ---- - -You can use an external PostgreSQL database for backend API service storage when deploying the Developer Portal from a Helm chart. Access between the backend API service and the database can be secured using TLS server certificates and optional client TLS certificates. - -To use an external PostgreSQL database, you need the following: - -- An installed, licensed, and running version of API Connectivity Manager -- Access to a Kubernetes (or similar) cluster -- A PostgreSQL service that your Kubernetes cluster can connect to using the required TCP port -- (Optional) a TLS CA certificate for verifying PostgreSQL server TLS certificates -- (Optional) a TLS client certificate and key for authenticating with the PostgreSQL server - -Set the following configuration options to use an external PostgreSQL database: - -{{}} - -| Parameter | Value | -| ------------------------ | -------------- | -| `api.db.external` | `true` | -| `api.db.host` | `pg.nginx.com` | -| `api.db.pass` | `nginxdm` | -| `api.db.tls.secretName` | `db-certs` | -| `api.db.tls.verifyMode` | `verify-full` | -| `api.db.type` | `psql` | -| `api.db.user` | `nginxdm` | - -{{% /bootstrap-table %}} diff --git a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md b/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md deleted file mode 100644 index d1a4b970a..000000000 --- a/content/includes/installation/helm/acm/dev-portal-helm-configurations/configure-helm-devportal-sqlite.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -nd-docs: DOCS-1312 ---- - -You can use an SQLite database for backend API service storage when deploying the Developer Portal from a Helm chart. This configuration uses a [PersistentVolumeClaim (PVC)](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) for storage of the SQLite data files. - -To use SQLite database, you need the following: - -- An installed, licensed, and running version of API Connectivity Manager -- Access to a Kubernetes (or similar) cluster - -Set the following configuration options to use a SQLite database: - -{{}} - -| Parameter | Value | -| ----------------- | -------- | -| `api.db.external` | `false` | -| `api.db.type` | `sqlite` | - -{{}} diff --git a/content/includes/nms/index.md b/content/includes/nms/index.md deleted file mode 100644 index 0c8fbf669..000000000 --- a/content/includes/nms/index.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -headless: true ---- - diff --git a/content/includes/nms/services/platform-services.md b/content/includes/nms/services/platform-services.md deleted file mode 100644 index 1f3b0b281..000000000 --- a/content/includes/nms/services/platform-services.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -nd-docs: DOCS-1186 ---- - -{{}} - -|
Service
| Description | -|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Core | The core service configures and sets up the management plane, as well as performs data analysis for metrics, events, and alerts. | -| Data Plane Manager (DPM) | The data plane manager (DPM) service is responsible for configuring NGINX instances on the data plane, monitoring the state of data plane resources, and generating reports and event messages. | -| Ingestion | The ingestion service collects metrics, security violations, and events that are not sent to the data plane manager service by the NGINX Agent. This information can be forwarded to external data stores. | -| Integrations | The integrations process includes features for interacting with external components, like configuring [F5 WAF for NGINX policies]({{< ref "/nim/nginx-app-protect/setup-waf-config-management.md" >}}), managing threat campaigns, and more. | - -{{< /bootstrap-table >}} diff --git a/content/includes/unit/howto_change_ownership.md b/content/includes/unit/howto_change_ownership.md deleted file mode 100644 index 8176fced2..000000000 --- a/content/includes/unit/howto_change_ownership.md +++ /dev/null @@ -1,18 +0,0 @@ -Run the following command (as root) so Unit can access the application -directory (If the application uses several directories, run the command for -each one): - -```console -# chown -R unit:unit /path/to/app/ # User and group that Unit's router runs as by default -``` - - -{{< call-out "note" >}} -The **unit:unit** user-group pair is available only with -[official packages]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}) -, Docker [images]({{< relref "/unit/installation.md#installation-docker" >}}), -and some [third-party repos]({{< relref "/unit/installation.md#installation-community-repos" >}}). Otherwise, account names may differ; run the `ps aux | grep unitd` command to be sure. -{{< /call-out >}} - -For further details, including permissions, see the -[security checklist]({{< relref "/unit/howto/security.md#secutiry-apps" >}}). diff --git a/content/includes/unit/howto_install_app.md b/content/includes/unit/howto_install_app.md deleted file mode 100644 index acd12fb6e..000000000 --- a/content/includes/unit/howto_install_app.md +++ /dev/null @@ -1,2 +0,0 @@ -Install {{ app }}'s [app-link]. Here, we install it at **/path/to/app/**; use -a real path in your configuration. diff --git a/content/includes/unit/howto_install_prereq.md b/content/includes/unit/howto_install_prereq.md deleted file mode 100644 index 7018bd54e..000000000 --- a/content/includes/unit/howto_install_prereq.md +++ /dev/null @@ -1 +0,0 @@ -Install and configure {{ app }}'s [app-preq]. diff --git a/content/includes/unit/howto_install_unit.md b/content/includes/unit/howto_install_unit.md deleted file mode 100644 index 8bf3f5bea..000000000 --- a/content/includes/unit/howto_install_unit.md +++ /dev/null @@ -1 +0,0 @@ -Install [Unit]({{< relref "/unit/installation.md#installation-precomp-pkgs" >}}) with a {{ mod }} language module. diff --git a/content/includes/unit/howto_upload_config.md b/content/includes/unit/howto_upload_config.md deleted file mode 100644 index 5e7f0d9ca..000000000 --- a/content/includes/unit/howto_upload_config.md +++ /dev/null @@ -1,14 +0,0 @@ -Assuming the JSON above was added to -`config.json`. Run the following command as root: - -```console -# curl -X PUT --data-binary @config.json --unix-socket \ - /path/to/control.unit.sock \ # Path to Unit's control socket in your installation - http://localhost/config/ # Path to the config section in Unit's control API -``` - -{{< call-out "note" >}} -The [control socket]({{< relref "/unit/installation.md#configuration-socket" >}}) path may vary; run -`unitd -h` or see -[Startup and shutdown]({{< relref "/unit/howto/source.md#source-startup" >}}) for details. -{{< /call-out >}} diff --git a/content/includes/unit/version.md b/content/includes/unit/version.md deleted file mode 100644 index 4b06b5bed..000000000 --- a/content/includes/unit/version.md +++ /dev/null @@ -1 +0,0 @@ -1.34.1 \ No newline at end of file diff --git a/documentation/deprecated-content.md b/documentation/deprecated-content.md index 83b86119b..c755baecf 100644 --- a/documentation/deprecated-content.md +++ b/documentation/deprecated-content.md @@ -26,6 +26,7 @@ You should replace `` with a tag from the following table: | NGINX Controller | `archive-controller` | 2025-10-08 | | NGINX Management Suite[^2] | `archive-nms` | 2025-10-08 | | NGINX Service Mesh | `archive-mesh` | 2025-11-05 | +| NGINX Unit | `archive-unit` | 2025-10-08 | ## Review and add tags @@ -37,6 +38,7 @@ archive-controller archive-mesh archive-nap archive-nms +archive-unit ``` To add a new tag, use the following command: