From be939240905e572cecb8822ae807a74d007b87f6 Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 25 Nov 2025 16:28:02 +0000 Subject: [PATCH 1/5] docs: move includes. add nd-product --- content/agent/_index.md | 2 +- .../configuration/configuration-overview.md | 2 +- content/includes/agent/about.md | 1 + content/includes/agent/architecture.md | 1 + .../agent/installation/install-agent-api.md | 75 ------------------- .../manually-connect-to-console.md | 1 + .../agent/installation/oss/oss-alpine.md | 1 + .../installation/oss/oss-amazon-linux.md | 1 + .../agent/installation/oss/oss-debian.md | 1 + .../agent/installation/oss/oss-freebsd.md | 1 + .../agent/installation/oss/oss-rhel.md | 1 + .../agent/installation/oss/oss-sles.md | 1 + .../agent/installation/oss/oss-ubuntu.md | 1 + .../agent/installation/plus/plus-alpine.md | 1 + .../installation/plus/plus-amazon-linux.md | 1 + .../agent/installation/plus/plus-debian.md | 1 + .../agent/installation/plus/plus-freebsd.md | 1 + .../agent/installation/plus/plus-rhel.md | 1 + .../agent/installation/plus/plus-sles.md | 1 + .../agent/installation/plus/plus-ubuntu.md | 1 + .../agent/installation/prerequisites.md | 1 + .../agent/installation/start-stop-agent.md | 1 + .../uninstall/uninstall-alpine.md | 1 + .../uninstall/uninstall-amazon-linux.md | 1 + .../uninstall/uninstall-debian.md | 1 + .../uninstall/uninstall-freebsd.md | 1 + .../installation/uninstall/uninstall-rhel.md | 1 + .../installation/uninstall/uninstall-sles.md | 1 + .../uninstall/uninstall-ubuntu.md | 1 + .../agent/installation/update-container.md | 1 + content/includes/agent/installation/update.md | 1 + .../agent/installation/verify-agent.md | 1 + content/includes/agent/tech-specs.md | 1 + content/includes/agent/v3-available.md | 1 + .../add-file/edit-config-tip.md | 1 + .../add-file/existing-ssl-bundle.md | 1 + .../add-file/new-ssl-bundle.md | 1 + .../nginx-one-console/add-file/overview.md | 1 + .../nginx-one-console/alert-labels.md | 1 + .../nginx-one-console/cloud-access-nginx.md | 1 + .../nginx-one-console/cloud-access.md | 1 + .../conf/nginx-agent-conf.md | 1 + .../enable-nplus-api-dashboard.md | 1 + .../nginx-one-console/how-to/add-instance.md | 1 + .../how-to/generate-data-plane-key.md | 1 + .../how-to/install-nginx-agent.md | 1 + .../how-to/k8s-secret-dp-key.md | 2 +- .../how-to/ngf-troubleshooting.md | 2 +- .../how-to/verify-connection.md | 2 +- .../nginx-one-console/install-nginx.md | 1 + .../staged-config-overview.md | 2 +- .../workshops/nginx-one-env-variables.md | 1 + .../includes/security/jwt-password-note.md | 2 +- content/includes/security/rbac-intro.md | 1 + .../includes/support/how-to-get-support.md | 9 --- .../acm-dev-portal-supported-distros.md | 17 ----- .../tech-specs/acm-nim-dependencies.md | 23 ------ .../tech-specs/acm-supported-nginx.md | 13 ---- content/includes/tech-specs/index.md | 4 - .../credential-download-instructions.md | 1 + .../use-cases/docker-registry-instructions.md | 1 + .../enable-nginx-oss-stub-status.md | 1 + ...e-nginx-plus-api-with-config-sync-group.md | 3 +- .../monitoring/enable-nginx-plus-api.md | 3 +- .../enable-nginx-plus-status-zone-limited.md | 1 + .../monitoring/n1c-dashboard-overview.md | 1 + content/nginx-one-console/_index.md | 2 +- .../install-upgrade/install-from-plus-repo.md | 2 +- .../agent/install-upgrade/uninstall.md | 2 +- content/nginx-one-console/changelog.md | 2 +- content/nginx-one-console/getting-started.md | 2 +- content/nginx-one-console/glossary.md | 2 +- content/nginx-one-console/k8s/_index.md | 2 +- content/nginx-one-console/k8s/add-ngf-helm.md | 2 +- .../k8s/add-ngf-manifests.md | 2 +- content/nginx-one-console/k8s/add-nic.md | 2 +- content/nginx-one-console/k8s/overview.md | 2 +- .../config-templates/add-multiple-services.md | 2 +- .../config-templates/import-templates.md | 2 +- .../config-templates/save-as-staged-config.md | 2 +- .../config-templates/submit-templates.md | 2 +- .../set-up-security-alerts.md | 2 +- .../waf-integration/add-signature-sets.md | 2 +- .../waf-integration/configure-policy.md | 2 +- .../waf-integration/cookies-params-urls.md | 2 +- .../waf-integration/deploy-policy.md | 2 +- .../waf-integration/overview.md | 2 +- .../waf-integration/review-policy.md | 2 +- .../waf-policy-matching-types.md | 2 +- content/nginx-one-console/workshops/_index.md | 2 +- .../explore-nginx-one-console-features.md | 2 +- .../workshops/lab4/config-sync-groups.md | 2 +- .../upgrade-nginx-plus-to-latest-version.md | 2 +- 93 files changed, 89 insertions(+), 177 deletions(-) delete mode 100644 content/includes/agent/installation/install-agent-api.md rename content/includes/{ => nginx-one-console}/config-snippets/enable-nplus-api-dashboard.md (98%) rename content/includes/{ => nginx-one-console}/workshops/nginx-one-env-variables.md (96%) delete mode 100644 content/includes/support/how-to-get-support.md delete mode 100644 content/includes/tech-specs/acm-dev-portal-supported-distros.md delete mode 100644 content/includes/tech-specs/acm-nim-dependencies.md delete mode 100644 content/includes/tech-specs/acm-supported-nginx.md delete mode 100644 content/includes/tech-specs/index.md diff --git a/content/agent/_index.md b/content/agent/_index.md index 91597c0b1..563f133d0 100644 --- a/content/agent/_index.md +++ b/content/agent/_index.md @@ -17,7 +17,7 @@ nd-landing-page: true nd-content-type: landing-page # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: Agent +nd-product: NGAGENT --- ## About diff --git a/content/agent/configuration/configuration-overview.md b/content/agent/configuration/configuration-overview.md index 22a602330..e9b4124c2 100644 --- a/content/agent/configuration/configuration-overview.md +++ b/content/agent/configuration/configuration-overview.md @@ -4,7 +4,7 @@ draft: false weight: 100 toc: true nd-content-type: how-to -nd-product: Agent +nd-product: NGAGENT nd-docs: DOCS-1229 --- diff --git a/content/includes/agent/about.md b/content/includes/agent/about.md index 2c66ed327..167f112a1 100644 --- a/content/includes/agent/about.md +++ b/content/includes/agent/about.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/about.md - content/nginx-one-console/agent/overview/about.md diff --git a/content/includes/agent/architecture.md b/content/includes/agent/architecture.md index 288578976..47685b2ba 100644 --- a/content/includes/agent/architecture.md +++ b/content/includes/agent/architecture.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/about.md - content/nginx-one-console/agent/overview/about.md diff --git a/content/includes/agent/installation/install-agent-api.md b/content/includes/agent/installation/install-agent-api.md deleted file mode 100644 index 4efe97be5..000000000 --- a/content/includes/agent/installation/install-agent-api.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -nd-docs: DOCS-1031 -files: - - content/nim/waf-integration/configuration/setup-waf-config-management.md ---- - -{{< call-out "note" >}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{< /call-out >}} - -If your NGINX Instance Manager host doesn't use valid TLS certificates, you can use the insecure flags to bypass verification. Here are some example commands: - -{{}} - -{{%tab name="curl"%}} - -- **Secure:** - - ```bash - curl https:///install/nginx-agent | sudo sh - ``` - -- **Insecure:** - - ```bash - curl --insecure https:///install/nginx-agent | sudo sh - ``` - -To add the instance to a specific instance group during installation, use the `--instance-group` (or `-g`) flag: - -```shell -curl https:///install/nginx-agent -o install.sh -chmod u+x install.sh -sudo ./install.sh --instance-group -``` - -By default, the install script uses a secure connection to download packages. If it can’t establish one, it falls back to an insecure connection and logs this message: - -```text -Warning: An insecure connection will be used during this nginx-agent installation -``` - -To enforce a secure connection, set the `--skip-verify` flag to false: - -```shell -curl https:///install/nginx-agent -o install.sh -chmod u+x install.sh -sudo ./install.sh --skip-verify false -``` - -{{%/tab%}} - -{{%tab name="wget"%}} - -- **Secure:** - - ```shell - wget https:///install/nginx-agent -O - | sudo sh -s --skip-verify false - ``` - -- **Insecure:** - - ```shell - wget --no-check-certificate https:///install/nginx-agent -O - | sudo sh - ``` - -To add your instance to a group during installation, use the `--instance-group` (or `-g`) flag: - -```shell -wget https:///install/nginx-agent -O install.sh -chmod u+x install.sh -sudo ./install.sh --instance-group -``` - -{{%/tab%}} - -{{}} diff --git a/content/includes/agent/installation/manually-connect-to-console.md b/content/includes/agent/installation/manually-connect-to-console.md index fc62d529c..80b3394a3 100644 --- a/content/includes/agent/installation/manually-connect-to-console.md +++ b/content/includes/agent/installation/manually-connect-to-console.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/nginx-one-console/agent/install-upgrade/install-from-github.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-alpine.md b/content/includes/agent/installation/oss/oss-alpine.md index efb7709bb..703d17f57 100644 --- a/content/includes/agent/installation/oss/oss-alpine.md +++ b/content/includes/agent/installation/oss/oss-alpine.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-amazon-linux.md b/content/includes/agent/installation/oss/oss-amazon-linux.md index 1cd44c58d..9c637da0a 100644 --- a/content/includes/agent/installation/oss/oss-amazon-linux.md +++ b/content/includes/agent/installation/oss/oss-amazon-linux.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-debian.md b/content/includes/agent/installation/oss/oss-debian.md index e405b52da..35400ac92 100644 --- a/content/includes/agent/installation/oss/oss-debian.md +++ b/content/includes/agent/installation/oss/oss-debian.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-freebsd.md b/content/includes/agent/installation/oss/oss-freebsd.md index f051fe620..c9a9be81e 100644 --- a/content/includes/agent/installation/oss/oss-freebsd.md +++ b/content/includes/agent/installation/oss/oss-freebsd.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-rhel.md b/content/includes/agent/installation/oss/oss-rhel.md index 61650799d..6fa5af685 100644 --- a/content/includes/agent/installation/oss/oss-rhel.md +++ b/content/includes/agent/installation/oss/oss-rhel.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-sles.md b/content/includes/agent/installation/oss/oss-sles.md index f859dc062..fe046ce81 100644 --- a/content/includes/agent/installation/oss/oss-sles.md +++ b/content/includes/agent/installation/oss/oss-sles.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/oss/oss-ubuntu.md b/content/includes/agent/installation/oss/oss-ubuntu.md index f7f310942..98b15cd01 100644 --- a/content/includes/agent/installation/oss/oss-ubuntu.md +++ b/content/includes/agent/installation/oss/oss-ubuntu.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-oss-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/plus/plus-alpine.md b/content/includes/agent/installation/plus/plus-alpine.md index 86666bbd8..e80f78719 100644 --- a/content/includes/agent/installation/plus/plus-alpine.md +++ b/content/includes/agent/installation/plus/plus-alpine.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-amazon-linux.md b/content/includes/agent/installation/plus/plus-amazon-linux.md index 19e9bc930..f647486fe 100644 --- a/content/includes/agent/installation/plus/plus-amazon-linux.md +++ b/content/includes/agent/installation/plus/plus-amazon-linux.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-debian.md b/content/includes/agent/installation/plus/plus-debian.md index 7c0179b21..0d0674be5 100644 --- a/content/includes/agent/installation/plus/plus-debian.md +++ b/content/includes/agent/installation/plus/plus-debian.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-freebsd.md b/content/includes/agent/installation/plus/plus-freebsd.md index e0200a63b..ab84446bf 100644 --- a/content/includes/agent/installation/plus/plus-freebsd.md +++ b/content/includes/agent/installation/plus/plus-freebsd.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-rhel.md b/content/includes/agent/installation/plus/plus-rhel.md index 73decc142..8fd0ca5ce 100644 --- a/content/includes/agent/installation/plus/plus-rhel.md +++ b/content/includes/agent/installation/plus/plus-rhel.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-sles.md b/content/includes/agent/installation/plus/plus-sles.md index 514d7a558..fac5e5c95 100644 --- a/content/includes/agent/installation/plus/plus-sles.md +++ b/content/includes/agent/installation/plus/plus-sles.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/plus/plus-ubuntu.md b/content/includes/agent/installation/plus/plus-ubuntu.md index a6276a15d..fec5958dc 100644 --- a/content/includes/agent/installation/plus/plus-ubuntu.md +++ b/content/includes/agent/installation/plus/plus-ubuntu.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-plus-repo.md - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md diff --git a/content/includes/agent/installation/prerequisites.md b/content/includes/agent/installation/prerequisites.md index 9efc6a886..cd36e6e37 100644 --- a/content/includes/agent/installation/prerequisites.md +++ b/content/includes/agent/installation/prerequisites.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-github.md - content/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/start-stop-agent.md b/content/includes/agent/installation/start-stop-agent.md index 2cc0e37cf..0bdabd5f4 100644 --- a/content/includes/agent/installation/start-stop-agent.md +++ b/content/includes/agent/installation/start-stop-agent.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-github.md - content/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/installation/uninstall/uninstall-alpine.md b/content/includes/agent/installation/uninstall/uninstall-alpine.md index 1d8d5019c..11d2f006a 100644 --- a/content/includes/agent/installation/uninstall/uninstall-alpine.md +++ b/content/includes/agent/installation/uninstall/uninstall-alpine.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md index 95216546b..d83313ef1 100644 --- a/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md +++ b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-debian.md b/content/includes/agent/installation/uninstall/uninstall-debian.md index 1eabb8807..d703b57cc 100644 --- a/content/includes/agent/installation/uninstall/uninstall-debian.md +++ b/content/includes/agent/installation/uninstall/uninstall-debian.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-freebsd.md b/content/includes/agent/installation/uninstall/uninstall-freebsd.md index c2b3583b7..420b56432 100644 --- a/content/includes/agent/installation/uninstall/uninstall-freebsd.md +++ b/content/includes/agent/installation/uninstall/uninstall-freebsd.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-rhel.md b/content/includes/agent/installation/uninstall/uninstall-rhel.md index 2d1909edc..233f92062 100644 --- a/content/includes/agent/installation/uninstall/uninstall-rhel.md +++ b/content/includes/agent/installation/uninstall/uninstall-rhel.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-sles.md b/content/includes/agent/installation/uninstall/uninstall-sles.md index 24832bf6b..d9fcbc760 100644 --- a/content/includes/agent/installation/uninstall/uninstall-sles.md +++ b/content/includes/agent/installation/uninstall/uninstall-sles.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md index 1eabb8807..d703b57cc 100644 --- a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md +++ b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/uninstall.md - content/nginx-one-console/agent/install-upgrade/uninstall.md diff --git a/content/includes/agent/installation/update-container.md b/content/includes/agent/installation/update-container.md index 8cc610c44..221931fe0 100644 --- a/content/includes/agent/installation/update-container.md +++ b/content/includes/agent/installation/update-container.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/update.md - content/nginx-one-console/agent/install-upgrade/update.md diff --git a/content/includes/agent/installation/update.md b/content/includes/agent/installation/update.md index e2232b9a4..25159fc8c 100644 --- a/content/includes/agent/installation/update.md +++ b/content/includes/agent/installation/update.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/update.md - content/nginx-one-console/agent/install-upgrade/update.md diff --git a/content/includes/agent/installation/verify-agent.md b/content/includes/agent/installation/verify-agent.md index b5c3b025e..5c32cf7e0 100644 --- a/content/includes/agent/installation/verify-agent.md +++ b/content/includes/agent/installation/verify-agent.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/install-upgrade/install-from-github.md - content/agent/install-upgrade/install-from-oss-repo.md diff --git a/content/includes/agent/tech-specs.md b/content/includes/agent/tech-specs.md index 3c8a692da..93cc36988 100644 --- a/content/includes/agent/tech-specs.md +++ b/content/includes/agent/tech-specs.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/agent/tech-specs.md - content/nginx-one-console/agent/overview/tech-specs.md diff --git a/content/includes/agent/v3-available.md b/content/includes/agent/v3-available.md index fa06bcd51..a1f6a06af 100644 --- a/content/includes/agent/v3-available.md +++ b/content/includes/agent/v3-available.md @@ -1,4 +1,5 @@ --- +nd-product: NAGENT files: - content/nginx-one-console/agent/overview/about.md - content/nginx-one-console/agent/changelog.md diff --git a/content/includes/nginx-one-console/add-file/edit-config-tip.md b/content/includes/nginx-one-console/add-file/edit-config-tip.md index 96dcb93a9..713096a07 100644 --- a/content/includes/nginx-one-console/add-file/edit-config-tip.md +++ b/content/includes/nginx-one-console/add-file/edit-config-tip.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO --- From this window, select the file of your choice. If you want to delete this diff --git a/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md b/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md index 1284dab66..2d26afc33 100644 --- a/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md +++ b/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO --- With this option, you can incorporate [Managed certificates]({{< ref "/nginx-one-console/nginx-configs/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}). diff --git a/content/includes/nginx-one-console/add-file/new-ssl-bundle.md b/content/includes/nginx-one-console/add-file/new-ssl-bundle.md index 2f09d9c94..fe014ac79 100644 --- a/content/includes/nginx-one-console/add-file/new-ssl-bundle.md +++ b/content/includes/nginx-one-console/add-file/new-ssl-bundle.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO --- First you can select the toggle to allow NGINX One Console to manage the new certificate or bundle. diff --git a/content/includes/nginx-one-console/add-file/overview.md b/content/includes/nginx-one-console/add-file/overview.md index 1aa2eccaa..a686f97c9 100644 --- a/content/includes/nginx-one-console/add-file/overview.md +++ b/content/includes/nginx-one-console/add-file/overview.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO --- This guide explains how to add files in the F5 NGINX One Console. While you can manage files in the CLI, the NGINX One Console supports editing in a UI that resembles an Integrated Development Environment (IDE), with recommendations. diff --git a/content/includes/nginx-one-console/alert-labels.md b/content/includes/nginx-one-console/alert-labels.md index f24faf179..a3add6907 100644 --- a/content/includes/nginx-one-console/alert-labels.md +++ b/content/includes/nginx-one-console/alert-labels.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - content/nginx-one-console/glossary.md diff --git a/content/includes/nginx-one-console/cloud-access-nginx.md b/content/includes/nginx-one-console/cloud-access-nginx.md index 9da7904d6..7354911f4 100644 --- a/content/includes/nginx-one-console/cloud-access-nginx.md +++ b/content/includes/nginx-one-console/cloud-access-nginx.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/getting-started.md --- diff --git a/content/includes/nginx-one-console/cloud-access.md b/content/includes/nginx-one-console/cloud-access.md index 64ba84be5..c534be1e3 100644 --- a/content/includes/nginx-one-console/cloud-access.md +++ b/content/includes/nginx-one-console/cloud-access.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/nginx-one-console/conf/nginx-agent-conf.md b/content/includes/nginx-one-console/conf/nginx-agent-conf.md index aa3eec3b4..ed6e7dfad 100644 --- a/content/includes/nginx-one-console/conf/nginx-agent-conf.md +++ b/content/includes/nginx-one-console/conf/nginx-agent-conf.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/getting-started.md - content/nginx-one-console/agent/containers/run-agent-container.md diff --git a/content/includes/config-snippets/enable-nplus-api-dashboard.md b/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md similarity index 98% rename from content/includes/config-snippets/enable-nplus-api-dashboard.md rename to content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md index a3a4cfdbe..5ab31aaa9 100644 --- a/content/includes/config-snippets/enable-nplus-api-dashboard.md +++ b/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md - content/includes/use-cases/monitoring/enable-nginx-plus-api.md diff --git a/content/includes/nginx-one-console/how-to/add-instance.md b/content/includes/nginx-one-console/how-to/add-instance.md index 50fbdda68..41b7bff4d 100644 --- a/content/includes/nginx-one-console/how-to/add-instance.md +++ b/content/includes/nginx-one-console/how-to/add-instance.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/connect-instances/add-instance.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/nginx-one-console/how-to/generate-data-plane-key.md b/content/includes/nginx-one-console/how-to/generate-data-plane-key.md index d921a7af5..8bc1793e9 100644 --- a/content/includes/nginx-one-console/how-to/generate-data-plane-key.md +++ b/content/includes/nginx-one-console/how-to/generate-data-plane-key.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/nginx-one-console/how-to/install-nginx-agent.md b/content/includes/nginx-one-console/how-to/install-nginx-agent.md index 743b7944c..f8c49af32 100644 --- a/content/includes/nginx-one-console/how-to/install-nginx-agent.md +++ b/content/includes/nginx-one-console/how-to/install-nginx-agent.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md b/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md index 400c11af5..eec574de7 100644 --- a/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md +++ b/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md @@ -1,5 +1,5 @@ --- -nd-docs: "DOCS-000" +nd-product: NONECO files: - content/nginx-one-console/k8s/add-ngf-manifests.md - content/nginx-one-console/k8s/add-ngf-helm.md diff --git a/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md b/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md index 4ef8cab65..6c9e8f8dc 100644 --- a/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md +++ b/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md @@ -1,5 +1,5 @@ --- -nd-docs: "DOCS-000" +nd-product: NONECO files: - content/nginx-one-console/k8s/add-ngf-manifests.md - content/nginx-one-console/k8s/add-ngf-helm.md diff --git a/content/includes/nginx-one-console/how-to/verify-connection.md b/content/includes/nginx-one-console/how-to/verify-connection.md index ce4510a88..1e43d2594 100644 --- a/content/includes/nginx-one-console/how-to/verify-connection.md +++ b/content/includes/nginx-one-console/how-to/verify-connection.md @@ -1,5 +1,5 @@ --- -nd-docs: "DOCS-000" +nd-product: NONECO files: - content/nginx-one-console/k8s/add-ngf-manifests.md - content/nginx-one-console/k8s/add-ngf-helm.md diff --git a/content/includes/nginx-one-console/install-nginx.md b/content/includes/nginx-one-console/install-nginx.md index 41c8d6a37..578654301 100644 --- a/content/includes/nginx-one-console/install-nginx.md +++ b/content/includes/nginx-one-console/install-nginx.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/nginx-one-console/staged-config-overview.md b/content/includes/nginx-one-console/staged-config-overview.md index c7d13ee7c..2815e3ce9 100644 --- a/content/includes/nginx-one-console/staged-config-overview.md +++ b/content/includes/nginx-one-console/staged-config-overview.md @@ -1,5 +1,5 @@ --- -nd-docs: DOCS-000 +nd-product: NONECO files: - content/nginx-one-console/how-to/staged-configs/add-staged-config.md - content/nginx-one-console/how-to/staged-configs/edit-staged-config.md diff --git a/content/includes/workshops/nginx-one-env-variables.md b/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md similarity index 96% rename from content/includes/workshops/nginx-one-env-variables.md rename to content/includes/nginx-one-console/workshops/nginx-one-env-variables.md index 5660ee8e3..0fdc3d3fe 100644 --- a/content/includes/workshops/nginx-one-env-variables.md +++ b/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md @@ -1,4 +1,5 @@ --- +nd-product: NONECO files: - content/nginx-one-console/workshops/lab4/config-sync-groups.md - content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-r34.md diff --git a/content/includes/security/jwt-password-note.md b/content/includes/security/jwt-password-note.md index 69a32ad80..f5a9f816b 100644 --- a/content/includes/security/jwt-password-note.md +++ b/content/includes/security/jwt-password-note.md @@ -1,5 +1,5 @@ --- -nd-docs: +nd-product: NONECO --- {{}} diff --git a/content/includes/security/rbac-intro.md b/content/includes/security/rbac-intro.md index 306646790..0be0d25b7 100644 --- a/content/includes/security/rbac-intro.md +++ b/content/includes/security/rbac-intro.md @@ -3,6 +3,7 @@ files: - content/nginx-one-console/rbac/overview.md - content/nim/admin-guide/rbac/overview-rbac.md nd-docs: DOCS-000 +nd-product: MSC --- Role-based access control (RBAC) is a security system that governs access to resources within a software application. By assigning specific roles to users or groups, RBAC ensures that only authorized individuals have the ability to perform certain actions or access particular areas. diff --git a/content/includes/support/how-to-get-support.md b/content/includes/support/how-to-get-support.md deleted file mode 100644 index 9ffaf63de..000000000 --- a/content/includes/support/how-to-get-support.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: DOCS-1225 ---- - -If you need additional assistance, refer to the following topics for guidance on how to contact Support and create a Support Package: - -- [Contact Support]({{< ref "/nim/support/contact-support.md" >}}) -- [Create a Support Package]({{< ref "/nim/support/support-package.md" >}}) - diff --git a/content/includes/tech-specs/acm-dev-portal-supported-distros.md b/content/includes/tech-specs/acm-dev-portal-supported-distros.md deleted file mode 100644 index 88589d1e0..000000000 --- a/content/includes/tech-specs/acm-dev-portal-supported-distros.md +++ /dev/null @@ -1,17 +0,0 @@ -The Developer Portal supports the following Linux distributions: - -{{}} - -| Distribution | Version | Platform | API Connectivity Manager Developer Portal | -|--------------|---------------------------------------------------|--------------------------------|-----------------------------------------------------------| -| Amazon Linux | 2 LTS | x86_64 | 1.0.0 and later | -| CentOS | 7.4 and later in the 7.x family | x86_64 | 1.0.0 and later | -| Debian | 10
11 | x86_64
x86_64 | 1.0.0 and later
1.0.0 and later | -| Oracle Linux | 7.4 and later in the 7.x family | x86_64 | 1.0.0 and later | -| RHEL | 7.4 and later in the 7.x family
8.x
9.x | x86_64
x86_64
x86_64 | 1.0.0 and later
1.0.0 and later
1.3.0 and later | -| Ubuntu | 18.04
20.04
22.04 | x86_64
x86_64
x86_64 | 1.0.0 and later
1.0.0 and later
1.2.0 and later | - -{{}} - - - \ No newline at end of file diff --git a/content/includes/tech-specs/acm-nim-dependencies.md b/content/includes/tech-specs/acm-nim-dependencies.md deleted file mode 100644 index 165080b79..000000000 --- a/content/includes/tech-specs/acm-nim-dependencies.md +++ /dev/null @@ -1,23 +0,0 @@ -API Connectivity Manager depends on the platform capabilities of Instance Manager. The following table lists the minimum versions of Instance Manager required for API Connectivity Manager: - -{{}} - -| API Connectivity Manager | Instance Manager Dependency | -|--------------------------|-----------------------------| -| 1.9.0 - 1.9.3 | 2.13.0 and later | -| 1.8.0 | 2.12.0 and later | -| 1.6.0 - 1.7.0 | 2.10.0 and later | -| 1.5.0 | 2.9.0 and later | -| 1.4.0 - 1.4.1 | 2.7.0 and later | -| 1.3.0 - 1.3.1 | 2.6.0 and later | -| 1.1.0 - 1.2.0 | 2.4.0 and later | -| 1.0.0 | 2.3.0 and later | - -{{}} - -
- -To ensure API Connectivity Manager's new features work correctly, you may need to install or upgrade Instance Manager to the minimum version specified. If Instance Manager is not installed, API Connectivity Manager will install the latest version. If the installed version is below the minimum required version, API Connectivity Manager will upgrade Instance Manager to the latest version. Otherwise, API Connectivity Manager will leave Instance Manager unchanged. - - - diff --git a/content/includes/tech-specs/acm-supported-nginx.md b/content/includes/tech-specs/acm-supported-nginx.md deleted file mode 100644 index f31861b71..000000000 --- a/content/includes/tech-specs/acm-supported-nginx.md +++ /dev/null @@ -1,13 +0,0 @@ -API Connectivity Manager works with the following NGINX versions: - -{{}} - -| Module | Version | NGINX OSS | NGINX Plus | -|---------------------------------|--------------------------------|--------------------------------|--------------------| -| API Connectivity Manager - Management Plane | 1.9.0 and later
1.4.0-1.8.0
1.0.0–1.3.1 | 1.18–1.25.1
1.18–1.25.1
1.18–1.21.6 | R26–R32
R24–R29
R24–R27 | -| API Connectivity Manager - Data Plane and Dev Portal | 1.7.0 and later
1.4.0-1.6.0
1.0.0–1.3.1 | Not supported
Not supported
Not supported | R26–R29
R24–R28
R21–R27 | - -{{}} - - - \ No newline at end of file diff --git a/content/includes/tech-specs/index.md b/content/includes/tech-specs/index.md deleted file mode 100644 index 0c8fbf669..000000000 --- a/content/includes/tech-specs/index.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -headless: true ---- - diff --git a/content/includes/use-cases/credential-download-instructions.md b/content/includes/use-cases/credential-download-instructions.md index 672bdfb0f..2b3b1fbfa 100644 --- a/content/includes/use-cases/credential-download-instructions.md +++ b/content/includes/use-cases/credential-download-instructions.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md - content/nic/installation/nic-images/registry-download.md diff --git a/content/includes/use-cases/docker-registry-instructions.md b/content/includes/use-cases/docker-registry-instructions.md index 5f7e6af73..2cf690e8c 100644 --- a/content/includes/use-cases/docker-registry-instructions.md +++ b/content/includes/use-cases/docker-registry-instructions.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md - content/nic/installation/nic-images/registry-download.md diff --git a/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md b/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md index 1af06ff00..edee475fe 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md +++ b/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nim/monitoring/overview-metrics.md - content/nginx-one-console/getting-started.md diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md index 2ff20de2b..e425fb685 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md - content/nginx-one-console/nginx-configs/metrics/enable-metrics.md @@ -11,7 +12,7 @@ files: 5. In the **File name** box, enter `/etc/nginx/conf.d/dashboard.conf`, then select **Add**. 6. Paste the following into the new file workspace: -{{< include "config-snippets/enable-nplus-api-dashboard.md" >}} +{{< include "nginx-one-console/config-snippets/enable-nplus-api-dashboard.md" >}} 7. Select **Next**, review the diff, then select **Save and Publish**. 8. Open your browser to `http://:9000/dashboard.html` (replace `` with the IP or hostname of one of your group members). You should see the NGINX Plus dashboard. \ No newline at end of file diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md index acd462f7d..cca2a9665 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nim/monitoring/overview-metrics.md - content/nginx-one-console/getting-started.md @@ -6,7 +7,7 @@ files: To collect comprehensive metrics for NGINX Plus, including bytes streamed, information about upstream systems and caches, and counts of all HTTP status codes, add the following to your NGINX Plus configuration file, for example `/etc/nginx/nginx.conf` or an included file: -{{< include "config-snippets/enable-nplus-api-dashboard.md" >}} +{{< include "nginx-one-console/config-snippets/enable-nplus-api-dashboard.md" >}} {{< call-out "note" "Security tip" >}} - By default, all clients can call the API. diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md b/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md index c3b5e92a1..684e1f200 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nginx-one-console/nginx-configs/metrics/enable-metrics.md --- diff --git a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md index 7183acddf..c4b8dca72 100644 --- a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md +++ b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md @@ -1,4 +1,5 @@ --- +nd-product: MSC files: - content/nginx-one-console/metrics/enable-metrics.md - content/nginx-one-console/getting-started.md diff --git a/content/nginx-one-console/_index.md b/content/nginx-one-console/_index.md index 05ece2d60..358e4e8fc 100644 --- a/content/nginx-one-console/_index.md +++ b/content/nginx-one-console/_index.md @@ -6,7 +6,7 @@ nd-landing-page: true cascade: logo: "NGINX-One-product-icon.svg" nd-content-type: landing-page -nd-product: NGINX One +nd-product: NONECO --- ## About diff --git a/content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md b/content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md index 90932ff95..79d3d23a9 100644 --- a/content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +++ b/content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md @@ -3,7 +3,7 @@ title: Install from NGINX Plus repo toc: true weight: 200 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO nd-docs: DOCS-1877 --- diff --git a/content/nginx-one-console/agent/install-upgrade/uninstall.md b/content/nginx-one-console/agent/install-upgrade/uninstall.md index 27330e0ce..ea789fe1c 100644 --- a/content/nginx-one-console/agent/install-upgrade/uninstall.md +++ b/content/nginx-one-console/agent/install-upgrade/uninstall.md @@ -3,7 +3,7 @@ title: Uninstall NGINX Agent toc: false weight: 500 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO nd-docs: DOCS-1874 --- diff --git a/content/nginx-one-console/changelog.md b/content/nginx-one-console/changelog.md index 81915a322..280875c07 100644 --- a/content/nginx-one-console/changelog.md +++ b/content/nginx-one-console/changelog.md @@ -3,7 +3,7 @@ title: Changelog toc: true weight: 99999 nd-content-type: reference -nd-product: ONE +nd-product: NONECO nd-docs: DOCS-1394 --- diff --git a/content/nginx-one-console/getting-started.md b/content/nginx-one-console/getting-started.md index af08ad736..dcfbfbc0e 100644 --- a/content/nginx-one-console/getting-started.md +++ b/content/nginx-one-console/getting-started.md @@ -3,7 +3,7 @@ title: Get started toc: true weight: 100 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO --- The F5 NGINX One Console makes it easy to manage NGINX instances across locations and environments. The console lets you monitor and control your NGINX fleet from one place—you can check configurations, track performance metrics, identify security vulnerabilities, manage SSL certificates, and more. diff --git a/content/nginx-one-console/glossary.md b/content/nginx-one-console/glossary.md index 6cde7c522..ef41e0feb 100644 --- a/content/nginx-one-console/glossary.md +++ b/content/nginx-one-console/glossary.md @@ -3,7 +3,7 @@ title: Glossary toc: true weight: 1000 nd-content-type: reference -nd-product: ONE +nd-product: NONECO nd-docs: DOCS-1396 --- diff --git a/content/nginx-one-console/k8s/_index.md b/content/nginx-one-console/k8s/_index.md index e24e959f7..3ce8dfeaf 100644 --- a/content/nginx-one-console/k8s/_index.md +++ b/content/nginx-one-console/k8s/_index.md @@ -3,6 +3,6 @@ title: Connect Kubernetes deployments description: weight: 700 url: /nginx-one-console/k8s -nd-product: NGINX One +nd-product: NONECO --- diff --git a/content/nginx-one-console/k8s/add-ngf-helm.md b/content/nginx-one-console/k8s/add-ngf-helm.md index aca0e5801..10685d94a 100644 --- a/content/nginx-one-console/k8s/add-ngf-helm.md +++ b/content/nginx-one-console/k8s/add-ngf-helm.md @@ -3,7 +3,7 @@ title: Connect NGINX Gateway Fabric with Helm toc: true weight: 300 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO --- This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Helm. diff --git a/content/nginx-one-console/k8s/add-ngf-manifests.md b/content/nginx-one-console/k8s/add-ngf-manifests.md index 6823d389d..e9c798f84 100644 --- a/content/nginx-one-console/k8s/add-ngf-manifests.md +++ b/content/nginx-one-console/k8s/add-ngf-manifests.md @@ -3,7 +3,7 @@ title: Connect NGINX Gateway Fabric with Manifests toc: true weight: 300 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO --- This document explains how to connect F5 NGINX Gateway Fabric to F5 NGINX One Console with Manifests. diff --git a/content/nginx-one-console/k8s/add-nic.md b/content/nginx-one-console/k8s/add-nic.md index 605011202..f56f7ee63 100644 --- a/content/nginx-one-console/k8s/add-nic.md +++ b/content/nginx-one-console/k8s/add-nic.md @@ -3,7 +3,7 @@ title: Connect NGINX Ingress Controller toc: true weight: 200 nd-content-type: how-to -nd-product: NGINX One +nd-product: NONECO --- This document explains how to connect F5 NGINX Ingress Controller to F5 NGINX One Console using NGINX Agent. diff --git a/content/nginx-one-console/k8s/overview.md b/content/nginx-one-console/k8s/overview.md index b2da7f2d1..5641c46db 100644 --- a/content/nginx-one-console/k8s/overview.md +++ b/content/nginx-one-console/k8s/overview.md @@ -9,7 +9,7 @@ toc: false nd-content-type: concept # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX One +nd-product: NONECO --- You can now include Kubernetes systems through the [control plane](https://www.f5.com/glossary/control-plane). In related documentation, you can learn how to: diff --git a/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md b/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md index 2a83b24db..15aadd746 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md +++ b/content/nginx-one-console/nginx-configs/config-templates/add-multiple-services.md @@ -5,7 +5,7 @@ toc: true weight: 400 type: - how-to -nd-product: NGINX One Console +nd-product: NONECO --- # Overview diff --git a/content/nginx-one-console/nginx-configs/config-templates/import-templates.md b/content/nginx-one-console/nginx-configs/config-templates/import-templates.md index d437e9dee..51c11fcd2 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/import-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/import-templates.md @@ -5,7 +5,7 @@ toc: true weight: 100 type: - how-to -nd-product: NGINX One Console +nd-product: NONECO --- ## Overview diff --git a/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md b/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md index 6ade7536d..9c4075825 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md +++ b/content/nginx-one-console/nginx-configs/config-templates/save-as-staged-config.md @@ -5,7 +5,7 @@ toc: true weight: 300 type: - how-to -nd-product: NGINX One Console +nd-product: NONECO --- # Overview diff --git a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md index 91d655805..51f3a5cbd 100644 --- a/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md +++ b/content/nginx-one-console/nginx-configs/config-templates/submit-templates.md @@ -3,7 +3,7 @@ title: Submit templates toc: true weight: 200 nd-content-type: how-to -nd-product: ONE +nd-product: NONECO --- # Template submission and preview guide diff --git a/content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md b/content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md index 14f8e49d4..6f0e35c25 100644 --- a/content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md +++ b/content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md @@ -3,7 +3,7 @@ title: "Set up security alerts" weight: 500 toc: true nd-content-type: how-to -nd-product: ONE +nd-product: NONECO --- With this page, you'll learn how to set up alerts in F5 Distributed Cloud. Once configured, you'll see the CVEs and insecure configurations associated with your NGINX fleet. These instructions are intended for those responsible for keeping their NGINX infrastructure and application traffic secure. It assumes you know how to: diff --git a/content/nginx-one-console/waf-integration/add-signature-sets.md b/content/nginx-one-console/waf-integration/add-signature-sets.md index 5b750edf2..c650fe8ea 100644 --- a/content/nginx-one-console/waf-integration/add-signature-sets.md +++ b/content/nginx-one-console/waf-integration/add-signature-sets.md @@ -3,7 +3,7 @@ title: "Add signature sets and exceptions" weight: 300 toc: true nd-content-type: how-to -nd-product: NGINX One Console +nd-product: NONECO --- This document describes how you can configure signature sets and signature exceptions in F5 WAF for NGINX policies. When you add a policy, NGINX One Console provides options to customize attack signatures to better protect your applications. diff --git a/content/nginx-one-console/waf-integration/configure-policy.md b/content/nginx-one-console/waf-integration/configure-policy.md index 72aca8dbf..7e46dc7e4 100644 --- a/content/nginx-one-console/waf-integration/configure-policy.md +++ b/content/nginx-one-console/waf-integration/configure-policy.md @@ -9,7 +9,7 @@ toc: false nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX One +nd-product: NONECO --- This document describes how to configure a F5 WAF for NGINX security policy in the F5 NGINX One Console. diff --git a/content/nginx-one-console/waf-integration/cookies-params-urls.md b/content/nginx-one-console/waf-integration/cookies-params-urls.md index e0f6fd291..2d1e07563 100644 --- a/content/nginx-one-console/waf-integration/cookies-params-urls.md +++ b/content/nginx-one-console/waf-integration/cookies-params-urls.md @@ -3,7 +3,7 @@ title: "Add cookies, parameters and URLs" weight: 400 toc: true nd-content-type: how-to -nd-product: NGINX One Console +nd-product: NONECO --- ## Add cookies diff --git a/content/nginx-one-console/waf-integration/deploy-policy.md b/content/nginx-one-console/waf-integration/deploy-policy.md index 0699937f6..3830073c2 100644 --- a/content/nginx-one-console/waf-integration/deploy-policy.md +++ b/content/nginx-one-console/waf-integration/deploy-policy.md @@ -9,7 +9,7 @@ toc: false nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX One +nd-product: NONECO --- After you've set up a policy, it won't do anything, until you deploy it to one or more instances and Config Sync Groups. diff --git a/content/nginx-one-console/waf-integration/overview.md b/content/nginx-one-console/waf-integration/overview.md index 3f6b237e4..921f5850f 100644 --- a/content/nginx-one-console/waf-integration/overview.md +++ b/content/nginx-one-console/waf-integration/overview.md @@ -9,7 +9,7 @@ toc: false nd-content-type: concept # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX One +nd-product: NONECO --- You can now integrate the features of F5 WAF for NGINX v4 and v5 in F5 NGINX One Console. F5 WAF for NGINX offers advanced Web Application Firewall (WAF) capabilities. diff --git a/content/nginx-one-console/waf-integration/review-policy.md b/content/nginx-one-console/waf-integration/review-policy.md index 4b52c54ef..00601aaee 100644 --- a/content/nginx-one-console/waf-integration/review-policy.md +++ b/content/nginx-one-console/waf-integration/review-policy.md @@ -9,7 +9,7 @@ toc: false nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX One +nd-product: NONECO --- Before you implement a policy on an NGINX instance or Config Sync Group, you may want to review it. F5 NGINX One Console creates a policy for your F5 WAF for NGINX system. diff --git a/content/nginx-one-console/waf-integration/waf-policy-matching-types.md b/content/nginx-one-console/waf-integration/waf-policy-matching-types.md index 6fd4da489..c3dcacd11 100644 --- a/content/nginx-one-console/waf-integration/waf-policy-matching-types.md +++ b/content/nginx-one-console/waf-integration/waf-policy-matching-types.md @@ -3,7 +3,7 @@ title: "Matching types: Explicit vs Wildcard" weight: 700 toc: true nd-content-type: how-to -nd-product: NGINX One Console +nd-product: NONECO --- In F5 WAF for NGINX (formerly known as NGINX App Protect WAF), matching can be defined in two ways: diff --git a/content/nginx-one-console/workshops/_index.md b/content/nginx-one-console/workshops/_index.md index c64d85426..fde0d8c44 100644 --- a/content/nginx-one-console/workshops/_index.md +++ b/content/nginx-one-console/workshops/_index.md @@ -5,7 +5,7 @@ weight: 710 url: /nginx-one-console/workshops nd-landing-page: true nd-content-type: landing-page -nd-product: NGINX One +nd-product: NONECO --- Welcome to the NGINX One Console workshops. diff --git a/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md b/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md index 5c8060a46..9f59516d4 100644 --- a/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md +++ b/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md @@ -38,7 +38,7 @@ Make sure you have: - {{< include "/nginx-one-console/workshops/xc-account.md" >}} - All containers from [Lab 2: Run workshop components with Docker]({{< ref "/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md" >}}) running and registered -- {{< include "workshops/nginx-one-env-variables.md" >}} +- {{< include "nginx-one-console/workshops/nginx-one-env-variables.md" >}} - Basic NGINX and Linux knowledge --- diff --git a/content/nginx-one-console/workshops/lab4/config-sync-groups.md b/content/nginx-one-console/workshops/lab4/config-sync-groups.md index 0ee148cf4..bdd25517f 100644 --- a/content/nginx-one-console/workshops/lab4/config-sync-groups.md +++ b/content/nginx-one-console/workshops/lab4/config-sync-groups.md @@ -29,7 +29,7 @@ Make sure you have: - {{< include "/nginx-one-console/workshops/xc-account.md" >}} - Completed [Lab 2: Run workshop components with Docker]({{< ref "/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md" >}}) - Docker and Docker Compose installed and running -- {{< include "workshops/nginx-one-env-variables.md" >}} +- {{< include "nginx-one-console/workshops/nginx-one-env-variables.md" >}} - Basic familiarity with Linux command line and NGINX concepts --- diff --git a/content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md b/content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md index 199dafaec..83bcea10a 100644 --- a/content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md +++ b/content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md @@ -42,7 +42,7 @@ Make sure you have: - Docker and Docker Compose installed and running (for Docker scenario) - A trial or paid NGINX One JWT license (saved as `nginx-repo.jwt`) from [MyF5](https://my.f5.com/manage/s/) - A VM with NGINX Plus R32 (or earlier), SSH access, and NGINX Agent installed (for VM scenario) -- {{< include "workshops/nginx-one-env-variables.md" >}} +- {{< include "nginx-one-console/workshops/nginx-one-env-variables.md" >}} - Basic familiarity with Linux and NGINX --- From 749d14bf968f25a9703309d3f9a715e526069c82 Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 25 Nov 2025 16:58:42 +0000 Subject: [PATCH 2/5] docs: include cleanup --- content/includes/agent/about.md | 5 +- content/includes/agent/architecture.md | 5 +- .../agent/installation/install-agent-api.md | 76 ++ .../manually-connect-to-console.md | 8 +- .../agent/installation/oss/oss-alpine.md | 5 +- .../installation/oss/oss-amazon-linux.md | 5 +- .../agent/installation/oss/oss-debian.md | 5 +- .../agent/installation/oss/oss-freebsd.md | 23 - .../agent/installation/oss/oss-rhel.md | 5 +- .../agent/installation/oss/oss-sles.md | 5 +- .../agent/installation/oss/oss-ubuntu.md | 5 +- .../agent/installation/plus/plus-alpine.md | 5 +- .../installation/plus/plus-amazon-linux.md | 5 +- .../agent/installation/plus/plus-debian.md | 5 +- .../agent/installation/plus/plus-freebsd.md | 52 - .../agent/installation/plus/plus-rhel.md | 5 +- .../agent/installation/plus/plus-sles.md | 5 +- .../agent/installation/plus/plus-ubuntu.md | 5 +- .../agent/installation/prerequisites.md | 10 +- .../agent/installation/start-stop-agent.md | 10 +- .../uninstall/uninstall-alpine.md | 5 +- .../uninstall/uninstall-amazon-linux.md | 5 +- .../uninstall/uninstall-debian.md | 5 +- .../uninstall/uninstall-freebsd.md | 20 - .../installation/uninstall/uninstall-rhel.md | 5 +- .../installation/uninstall/uninstall-sles.md | 5 +- .../uninstall/uninstall-ubuntu.md | 5 +- .../agent/installation/update-container.md | 5 +- content/includes/agent/installation/update.md | 6 +- .../agent/installation/verify-agent.md | 10 +- content/includes/agent/tech-specs.md | 5 +- content/includes/agent/v3-available.md | 5 +- .../includes/controller/adc-rn-preamble.md | 13 - .../controller/add-existing-instance.md | 35 - .../includes/controller/apim-rn-preamble.md | 26 - .../controller/helper-script-prereqs.md | 48 - .../helper-script-support-package-details.md | 129 -- .../includes/installation/access-web-ui.md | 2 + content/includes/installation/add-nms-repo.md | 2 + .../installation/add-ports-agent-selinux.md | 7 +- .../installation/enable-agent-selinux.md | 7 +- .../installation/nms-prerequisites.md | 9 - content/includes/installation/nms-user.md | 3 + .../optional-installation-steps.md | 12 - .../installation/secure-installation.md | 2 + .../licensing-and-reporting/apply-jwt.md | 6 +- .../configure-nginx-plus-report-to-nim.md | 4 + .../custom-paths-jwt.md | 3 + .../deploy-jwt-with-csgs.md | 5 +- .../download-certificates-from-myf5.md | 5 +- .../download-jwt-crt-from-myf5.md | 3 + .../download-jwt-from-myf5.md | 9 +- .../log-location-and-monitoring.md | 4 + .../reported-usage-data.md | 4 + .../delay-pod-termination-overview.md | 9 - .../termination-grace-period.md | 9 - .../ngf/installation/deploy-ngf-crds.md | 7 +- .../ngf/installation/deploy-ngf-manifests.md | 7 +- .../expose-nginx-gateway-fabric.md | 7 +- .../installation/helm/pulling-the-chart.md | 6 +- ...stall-gateway-api-experimental-features.md | 5 +- .../install-gateway-api-resources.md | 7 +- .../installation/install-manifests-prereqs.md | 7 +- .../ngf/installation/jwt-password-note.md | 6 +- .../nginx-plus/docker-registry-secret.md | 6 +- .../installation/nginx-plus/download-jwt.md | 6 +- .../nginx-plus/nginx-plus-secret.md | 6 +- .../uninstall-gateway-api-resources.md | 6 +- .../ngf/installation/upgrade-api-resources.md | 20 - .../add-file/edit-config-tip.md | 3 + .../add-file/existing-ssl-bundle.md | 3 + .../add-file/new-ssl-bundle.md | 3 + .../nginx-one-console/add-file/overview.md | 3 + .../nginx-one-console/alert-labels.md | 7 +- .../nginx-one-console/cloud-access-nginx.md | 5 +- .../nginx-one-console/cloud-access.md | 8 +- .../conf/nginx-agent-conf.md | 6 +- .../enable-nplus-api-dashboard.md | 4 +- .../nginx-one-console/how-to/add-instance.md | 6 +- .../how-to/generate-data-plane-key.md | 11 +- .../how-to/install-nginx-agent.md | 5 +- .../how-to/k8s-secret-dp-key.md | 4 +- .../how-to/ngf-troubleshooting.md | 4 +- .../how-to/verify-connection.md | 4 +- .../nginx-one-console/install-nginx.md | 5 +- .../staged-config-overview.md | 7 +- .../workshops/nginx-one-env-variables.md | 6 +- .../nginx-one-console/workshops/xc-account.md | 10 +- .../install/back-up-config-and-logs.md | 2 + .../install/check-nginx-binary-version.md | 3 + .../nginx-plus/install/check-tech-specs.md | 2 + .../install/configure-usage-reporting.md | 2 + .../nginx-plus/install/copy-crt-and-key.md | 3 + .../install/copy-jwt-to-etc-nginx-dir.md | 3 + .../install/create-dir-for-crt-key.md | 3 + .../nginx-plus/install/create-dir-for-jwt.md | 2 + .../install/enable-nginx-service-at-boot.md | 2 + .../install-ca-certificates-dependency-dnf.md | 2 + .../install-ca-certificates-dependency-yum.md | 2 + .../install/install-nginx-agent-for-nim.md | 2 + .../install/install-nginx-plus-package-dnf.md | 2 + .../install/install-nginx-plus-package-yum.md | 2 + .../install/nim-disconnected-report-usage.md | 2 + .../pin-to-version/pin-debian-ubuntu-R32.md | 2 + .../install/pin-to-version/pin-rhel7-R32.md | 14 - .../install/pin-to-version/pin-rhel8-R32.md | 2 + .../install/pin-to-version/pin-rhel9-R32.md | 2 + .../nginx-plus/nginx-openid-repo-note.md | 11 + .../nginx-plus/oss-plus-comparison.md | 3 + .../nginx-plus/supported-distributions.md | 2 + .../usage-tracking/agentless-reporting.md | 163 --- .../get-list-k8s-deployments.md | 14 - .../usage-tracking/http-health-check.md | 83 -- .../usage-tracking/install-nginx-agent.md | 15 - .../nginx-plus/usage-tracking/install-nim.md | 16 - .../nginx-plus/usage-tracking/overview.md | 10 - .../usage-tracking/view-nginx-plus-count.md | 12 - .../logging-analysis-azure-storage.md | 6 +- .../logging-analysis-logs-analytics.md | 6 +- .../logging-config-access-logs.md | 6 +- .../logging-config-error-logs.md | 6 +- .../nginxaas-azure/logging-limitations.md | 6 +- .../nginxaas-azure/ncu-description.md | 5 +- .../nginxaas-azure/ssl-tls-prerequisites.md | 5 +- .../nginxaas-azure/terraform-prerequisites.md | 6 +- .../nginxaas-azure/terraform-resources.md | 6 +- .../nginxaas-google/access-console.md | 2 + .../create-or-import-nginx-config.md | 3 + .../logging-config-access-logs.md | 2 + .../logging-config-error-logs.md | 2 + .../nginxaas-google/ncu-description.md | 11 - .../nginxaas-google/ssl-tls-prerequisites.md | 5 - .../terraform-prerequisites.md | 3 + .../nginxaas-google/terraform-resources.md | 3 + .../nginxaas-google/update-nginx-config.md | 3 + .../nic/compatibility-tables/nic-k8s.md | 6 + .../nic/compatibility-tables/nic-nap.md | 8 + .../nic/configuration/access-control.md | 120 -- .../configuration/configuration-examples.md | 13 - .../command-line-arguments.md | 685 ---------- .../configmap-resource.md | 251 ---- .../global-configuration/custom-templates.md | 11 - .../globalconfiguration-resource.md | 183 --- .../mgmt-configmap-resource.md | 50 - .../reporting-resources-status.md | 195 --- .../host-and-listener-collisions.md | 168 --- ...advanced-configuration-with-annotations.md | 226 ---- .../advanced-configuration-with-snippets.md | 128 -- .../ingress-resources/basic-configuration.md | 107 -- .../cross-namespace-configuration.md | 14 - .../ingress-resources/custom-annotations.md | 146 --- .../nic/configuration/policy-resource.md | 945 -------------- .../includes/nic/configuration/security.md | 106 -- .../configuration/transportserver-resource.md | 416 ------- ...server-and-virtualserverroute-resources.md | 1102 ----------------- .../installation/create-common-resources.md | 4 + .../installation/create-custom-resources.md | 5 + .../nic/installation/deploy-controller.md | 3 + .../includes/nic/installation/download-jwt.md | 4 +- .../nic/installation/jwt-password-note.md | 5 +- .../nic/installation/manifests/daemonset.md | 5 + .../nic/installation/manifests/deployment.md | 5 + .../nic/installation/manifests/statefulset.md | 5 + .../manifests/verify-pods-are-running.md | 6 +- .../includes/nic/kubernetes-terminology.md | 6 +- content/includes/nic/rbac/set-up-rbac.md | 4 + .../auth/basic-auth-api-requests.md | 3 + .../admin-guide/license/add-license-webui.md | 5 +- .../license/connected-install-license-note.md | 3 + .../nim/clickhouse/cli-skip-clickhouse.md | 5 +- .../nim/clickhouse/clickhouse-defaults.md | 4 +- .../nim/clickhouse/clickhouse-install.md | 2 +- .../decoupling/note-legacy-nms-references.md | 20 +- .../license-usage-offline-script.md | 5 +- .../set-mode-of-operation-disconnected.md | 6 +- .../nim/docker/docker-compose-env-vars.md | 2 + .../nim/docker/docker-registry-login.md | 4 +- .../includes/nim/how-to-access-api-docs.md | 4 + content/includes/nim/how-to-access-nim-api.md | 13 + .../installation/install-script-flags/cert.md | 2 +- .../clickhouse-version.md | 2 +- .../install-script-flags/distribution.md | 2 +- .../installation/install-script-flags/key.md | 2 +- .../install-script-flags/skip-clickhouse.md | 2 +- .../optional-steps/configure-clickhouse.md | 6 +- .../optional-steps/configure-selinux.md | 2 +- .../disable-metrics-collection.md | 2 +- .../optional-steps/install-configure-vault.md | 2 +- .../nim/kubernetes/access-webui-helm.md | 2 + .../nms-chart-supported-module-versions.md | 2 + .../nim/rbac/assign-roles-to-user-groups.md | 3 + .../nim/rbac/assign-roles-to-users.md | 3 + content/includes/nim/rbac/create-roles.md | 6 + .../includes/nim/rbac/create-user-groups.md | 4 + content/includes/nim/rbac/what-is-rbac.md | 6 - ...ty-monitoring-attack-signature-database.md | 7 +- .../trust-proxy-ca-certificates.md | 17 - .../nim/tech-specs/nim-app-protect-support.md | 3 + .../security-data-plane-dependencies.md | 25 - .../security-management-plane-dependencies.md | 25 - .../nim/tech-specs/supported-distros.md | 3 +- .../tech-specs/supported-nginx-versions.md | 3 +- .../additional-templating-resources.md | 8 + .../includes/nim/uninstall/uninstall-nim.md | 3 + .../nim/waf/nim-waf-before-you-begin.md | 10 +- .../nim/waf/restart-nms-integrations.md | 7 +- .../includes/nim/waf/upload-cert-and-key.md | 7 +- content/includes/nim/webui-nim-login.md | 6 + .../includes/security/jwt-password-note.md | 4 + content/includes/security/rbac-intro.md | 7 +- .../includes/support/how-to-get-support.md | 12 + .../credential-download-instructions.md | 4 +- .../use-cases/docker-registry-instructions.md | 4 +- .../enable-nginx-oss-stub-status.md | 8 +- ...e-nginx-plus-api-with-config-sync-group.md | 4 +- .../monitoring/enable-nginx-plus-api.md | 8 +- .../enable-nginx-plus-status-zone-limited.md | 4 +- .../monitoring/n1c-dashboard-overview.md | 6 +- .../includes/waf/dockerfiles/alpine-oss.md | 3 + .../includes/waf/dockerfiles/alpine-plus.md | 3 + .../includes/waf/dockerfiles/amazon-oss.md | 3 + .../includes/waf/dockerfiles/amazon-plus.md | 3 + .../includes/waf/dockerfiles/debian-oss.md | 3 + .../includes/waf/dockerfiles/debian-plus.md | 3 + .../includes/waf/dockerfiles/official-oss.md | 3 + .../includes/waf/dockerfiles/oracle-oss.md | 3 + .../includes/waf/dockerfiles/oracle-plus.md | 3 + content/includes/waf/dockerfiles/rhel8-oss.md | 3 + .../includes/waf/dockerfiles/rhel8-plus.md | 3 + content/includes/waf/dockerfiles/rhel9-oss.md | 3 + .../includes/waf/dockerfiles/rhel9-plus.md | 3 + .../includes/waf/dockerfiles/rocky9-oss.md | 3 + .../includes/waf/dockerfiles/rocky9-plus.md | 3 + .../includes/waf/dockerfiles/ubuntu-oss.md | 3 + .../includes/waf/dockerfiles/ubuntu-plus.md | 3 + ...f5-waf-for-nginx-compiler-compatibility.md | 8 +- content/includes/waf/install-build-image.md | 2 + .../waf/install-create-configuration.md | 2 + content/includes/waf/install-next-steps.md | 6 +- content/includes/waf/install-post-checks.md | 6 +- .../includes/waf/install-selinux-warning.md | 3 + .../includes/waf/install-services-compose.md | 4 +- .../includes/waf/install-services-docker.md | 4 +- .../includes/waf/install-services-images.md | 4 +- .../includes/waf/install-services-registry.md | 5 +- .../waf/install-update-configuration.md | 5 +- content/includes/waf/table-policy-features.md | 3 + content/includes/waf/terminology.md | 6 +- 248 files changed, 750 insertions(+), 5955 deletions(-) create mode 100644 content/includes/agent/installation/install-agent-api.md delete mode 100644 content/includes/agent/installation/oss/oss-freebsd.md delete mode 100644 content/includes/agent/installation/plus/plus-freebsd.md delete mode 100644 content/includes/agent/installation/uninstall/uninstall-freebsd.md delete mode 100644 content/includes/controller/adc-rn-preamble.md delete mode 100644 content/includes/controller/add-existing-instance.md delete mode 100644 content/includes/controller/apim-rn-preamble.md delete mode 100644 content/includes/controller/helper-script-prereqs.md delete mode 100644 content/includes/controller/helper-script-support-package-details.md delete mode 100644 content/includes/installation/nms-prerequisites.md delete mode 100644 content/includes/installation/optional-installation-steps.md delete mode 100644 content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md delete mode 100644 content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md delete mode 100644 content/includes/ngf/installation/upgrade-api-resources.md delete mode 100644 content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md delete mode 100644 content/includes/nginx-plus/usage-tracking/agentless-reporting.md delete mode 100644 content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md delete mode 100644 content/includes/nginx-plus/usage-tracking/http-health-check.md delete mode 100644 content/includes/nginx-plus/usage-tracking/install-nginx-agent.md delete mode 100644 content/includes/nginx-plus/usage-tracking/install-nim.md delete mode 100644 content/includes/nginx-plus/usage-tracking/overview.md delete mode 100644 content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md delete mode 100644 content/includes/nginxaas-google/ncu-description.md delete mode 100644 content/includes/nginxaas-google/ssl-tls-prerequisites.md delete mode 100644 content/includes/nic/configuration/access-control.md delete mode 100644 content/includes/nic/configuration/configuration-examples.md delete mode 100644 content/includes/nic/configuration/global-configuration/command-line-arguments.md delete mode 100644 content/includes/nic/configuration/global-configuration/configmap-resource.md delete mode 100644 content/includes/nic/configuration/global-configuration/custom-templates.md delete mode 100644 content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md delete mode 100644 content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md delete mode 100644 content/includes/nic/configuration/global-configuration/reporting-resources-status.md delete mode 100644 content/includes/nic/configuration/host-and-listener-collisions.md delete mode 100644 content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md delete mode 100644 content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md delete mode 100644 content/includes/nic/configuration/ingress-resources/basic-configuration.md delete mode 100644 content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md delete mode 100644 content/includes/nic/configuration/ingress-resources/custom-annotations.md delete mode 100644 content/includes/nic/configuration/policy-resource.md delete mode 100644 content/includes/nic/configuration/security.md delete mode 100644 content/includes/nic/configuration/transportserver-resource.md delete mode 100644 content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md delete mode 100644 content/includes/nim/rbac/what-is-rbac.md delete mode 100644 content/includes/nim/system-configuration/trust-proxy-ca-certificates.md delete mode 100644 content/includes/nim/tech-specs/security-data-plane-dependencies.md delete mode 100644 content/includes/nim/tech-specs/security-management-plane-dependencies.md create mode 100644 content/includes/support/how-to-get-support.md diff --git a/content/includes/agent/about.md b/content/includes/agent/about.md index 167f112a1..e22f333ac 100644 --- a/content/includes/agent/about.md +++ b/content/includes/agent/about.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/about.md - - content/nginx-one-console/agent/overview/about.md +nd-files: +- content/nginx-one-console/agent/overview/about.md --- F5 NGINX Agent is a lightweight companion daemon designed to work with NGINX One and enable remote management of NGINX instances. It also gathers performance metrics from NGINX and transmits them to the NGINX One Console for enhanced monitoring and control. diff --git a/content/includes/agent/architecture.md b/content/includes/agent/architecture.md index 47685b2ba..6d4dc2985 100644 --- a/content/includes/agent/architecture.md +++ b/content/includes/agent/architecture.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/about.md - - content/nginx-one-console/agent/overview/about.md +nd-files: +- content/nginx-one-console/agent/overview/about.md --- The figure shows: diff --git a/content/includes/agent/installation/install-agent-api.md b/content/includes/agent/installation/install-agent-api.md new file mode 100644 index 000000000..f9cd5ea1c --- /dev/null +++ b/content/includes/agent/installation/install-agent-api.md @@ -0,0 +1,76 @@ +--- +nd-docs: DOCS-1031 +nd-files: +- content/nim/security-monitoring/set-up-app-protect-instances.md +- content/nim/waf-integration/configuration/onboard-instances/install-nginx-agent.md +--- + +{{< call-out "note" >}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{< /call-out >}} + +If your NGINX Instance Manager host doesn't use valid TLS certificates, you can use the insecure flags to bypass verification. Here are some example commands: + +{{}} + +{{%tab name="curl"%}} + +- **Secure:** + + ```bash + curl https:///install/nginx-agent | sudo sh + ``` + +- **Insecure:** + + ```bash + curl --insecure https:///install/nginx-agent | sudo sh + ``` + +To add the instance to a specific instance group during installation, use the `--instance-group` (or `-g`) flag: + +```shell +curl https:///install/nginx-agent -o install.sh +chmod u+x install.sh +sudo ./install.sh --instance-group +``` + +By default, the install script uses a secure connection to download packages. If it can’t establish one, it falls back to an insecure connection and logs this message: + +```text +Warning: An insecure connection will be used during this nginx-agent installation +``` + +To enforce a secure connection, set the `--skip-verify` flag to false: + +```shell +curl https:///install/nginx-agent -o install.sh +chmod u+x install.sh +sudo ./install.sh --skip-verify false +``` + +{{%/tab%}} + +{{%tab name="wget"%}} + +- **Secure:** + + ```shell + wget https:///install/nginx-agent -O - | sudo sh -s --skip-verify false + ``` + +- **Insecure:** + + ```shell + wget --no-check-certificate https:///install/nginx-agent -O - | sudo sh + ``` + +To add your instance to a group during installation, use the `--instance-group` (or `-g`) flag: + +```shell +wget https:///install/nginx-agent -O install.sh +chmod u+x install.sh +sudo ./install.sh --instance-group +``` + +{{%/tab%}} + +{{}} diff --git a/content/includes/agent/installation/manually-connect-to-console.md b/content/includes/agent/installation/manually-connect-to-console.md index 80b3394a3..9c368833b 100644 --- a/content/includes/agent/installation/manually-connect-to-console.md +++ b/content/includes/agent/installation/manually-connect-to-console.md @@ -1,9 +1,9 @@ --- nd-product: NAGENT -files: - - content/nginx-one-console/agent/install-upgrade/install-from-github.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-github.md +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- If you have installed NGINX Agent manually, you will need to connect it to the diff --git a/content/includes/agent/installation/oss/oss-alpine.md b/content/includes/agent/installation/oss/oss-alpine.md index 703d17f57..e417302bc 100644 --- a/content/includes/agent/installation/oss/oss-alpine.md +++ b/content/includes/agent/installation/oss/oss-alpine.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/oss/oss-amazon-linux.md b/content/includes/agent/installation/oss/oss-amazon-linux.md index 9c637da0a..285aafc37 100644 --- a/content/includes/agent/installation/oss/oss-amazon-linux.md +++ b/content/includes/agent/installation/oss/oss-amazon-linux.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/oss/oss-debian.md b/content/includes/agent/installation/oss/oss-debian.md index 35400ac92..c9506c934 100644 --- a/content/includes/agent/installation/oss/oss-debian.md +++ b/content/includes/agent/installation/oss/oss-debian.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/oss/oss-freebsd.md b/content/includes/agent/installation/oss/oss-freebsd.md deleted file mode 100644 index c9a9be81e..000000000 --- a/content/includes/agent/installation/oss/oss-freebsd.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md ---- - -1. To setup the pkg repository create a file with name `/etc/pkg/nginx-agent.conf` -with the following content: - - ```none - nginx-agent: { - URL: pkg+http://packages.nginx.org/nginx-agent/freebsd/${ABI}/latest - ENABLED: true - MIRROR_TYPE: SRV - } - ``` - -1. To install `nginx-agent`, run the following command: - - ```shell - sudo pkg install nginx-agent - ``` \ No newline at end of file diff --git a/content/includes/agent/installation/oss/oss-rhel.md b/content/includes/agent/installation/oss/oss-rhel.md index 6fa5af685..edcb893bb 100644 --- a/content/includes/agent/installation/oss/oss-rhel.md +++ b/content/includes/agent/installation/oss/oss-rhel.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/oss/oss-sles.md b/content/includes/agent/installation/oss/oss-sles.md index fe046ce81..d816b541a 100644 --- a/content/includes/agent/installation/oss/oss-sles.md +++ b/content/includes/agent/installation/oss/oss-sles.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/oss/oss-ubuntu.md b/content/includes/agent/installation/oss/oss-ubuntu.md index 98b15cd01..2669f2b6f 100644 --- a/content/includes/agent/installation/oss/oss-ubuntu.md +++ b/content/includes/agent/installation/oss/oss-ubuntu.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md --- 1. Install the prerequisites: diff --git a/content/includes/agent/installation/plus/plus-alpine.md b/content/includes/agent/installation/plus/plus-alpine.md index e80f78719..985c048d5 100644 --- a/content/includes/agent/installation/plus/plus-alpine.md +++ b/content/includes/agent/installation/plus/plus-alpine.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download diff --git a/content/includes/agent/installation/plus/plus-amazon-linux.md b/content/includes/agent/installation/plus/plus-amazon-linux.md index f647486fe..5f29a1f24 100644 --- a/content/includes/agent/installation/plus/plus-amazon-linux.md +++ b/content/includes/agent/installation/plus/plus-amazon-linux.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Create the `/etc/ssl/nginx` directory: diff --git a/content/includes/agent/installation/plus/plus-debian.md b/content/includes/agent/installation/plus/plus-debian.md index 0d0674be5..0fcca5066 100644 --- a/content/includes/agent/installation/plus/plus-debian.md +++ b/content/includes/agent/installation/plus/plus-debian.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Create the `/etc/ssl/nginx` directory: diff --git a/content/includes/agent/installation/plus/plus-freebsd.md b/content/includes/agent/installation/plus/plus-freebsd.md deleted file mode 100644 index ab84446bf..000000000 --- a/content/includes/agent/installation/plus/plus-freebsd.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md ---- - -1. Create the `/etc/ssl/nginx` directory: - - ```shell - sudo mkdir -p /etc/ssl/nginx - ``` - -1. Log in to [MyF5 Customer Portal](https://account.f5.com/myf5/) and download - your `nginx-repo.crt` and `nginx-repo.key` files. - -1. Copy the files to the `/etc/ssl/nginx/` directory: - - ```shell - sudo cp nginx-repo.crt nginx-repo.key /etc/ssl/nginx/ - ``` - -1. Install the prerequisite `ca_root_nss` package: - - ```shell - sudo pkg install ca_root_nss - ``` - -1. To setup the pkg repository create a file with name `/etc/pkg/nginx-agent.conf` -with the following content: - - ```none - nginx-agent: { - URL: pkg+https://pkgs.nginx.com/nginx-agent/freebsd/${ABI}/latest - ENABLED: yes - MIRROR_TYPE: SRV - } - ``` - -1. Add the following lines to the `/usr/local/etc/pkg.conf` file: - - ```conf - PKG_ENV: { SSL_NO_VERIFY_PEER: "1", - SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", - SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } - ``` - -1. To install `nginx-agent`, run the following command: - - ```shell - sudo pkg install nginx-agent - ``` \ No newline at end of file diff --git a/content/includes/agent/installation/plus/plus-rhel.md b/content/includes/agent/installation/plus/plus-rhel.md index 8fd0ca5ce..1dc5ff87f 100644 --- a/content/includes/agent/installation/plus/plus-rhel.md +++ b/content/includes/agent/installation/plus/plus-rhel.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Create the `/etc/ssl/nginx` directory: diff --git a/content/includes/agent/installation/plus/plus-sles.md b/content/includes/agent/installation/plus/plus-sles.md index fac5e5c95..49db2a038 100644 --- a/content/includes/agent/installation/plus/plus-sles.md +++ b/content/includes/agent/installation/plus/plus-sles.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Create the `/etc/ssl/nginx` directory: diff --git a/content/includes/agent/installation/plus/plus-ubuntu.md b/content/includes/agent/installation/plus/plus-ubuntu.md index fec5958dc..ef26ef7f5 100644 --- a/content/includes/agent/installation/plus/plus-ubuntu.md +++ b/content/includes/agent/installation/plus/plus-ubuntu.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- 1. Create the `/etc/ssl/nginx` directory: diff --git a/content/includes/agent/installation/prerequisites.md b/content/includes/agent/installation/prerequisites.md index cd36e6e37..d21de1695 100644 --- a/content/includes/agent/installation/prerequisites.md +++ b/content/includes/agent/installation/prerequisites.md @@ -1,11 +1,9 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-github.md - - content/agent/install-upgrade/install-from-oss-repo.md - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-github.md +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- - You must use one of the [supported operating system and architectures]({{< ref "/nginx-one-console/agent/overview/tech-specs.md#supported-distributions" >}}) diff --git a/content/includes/agent/installation/start-stop-agent.md b/content/includes/agent/installation/start-stop-agent.md index 0bdabd5f4..f40c0b0f3 100644 --- a/content/includes/agent/installation/start-stop-agent.md +++ b/content/includes/agent/installation/start-stop-agent.md @@ -1,11 +1,9 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-github.md - - content/agent/install-upgrade/install-from-oss-repo.md - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-github.md +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- To start NGINX Agent on `systemd` systems, run the following command: diff --git a/content/includes/agent/installation/uninstall/uninstall-alpine.md b/content/includes/agent/installation/uninstall/uninstall-alpine.md index 11d2f006a..28e14d41d 100644 --- a/content/includes/agent/installation/uninstall/uninstall-alpine.md +++ b/content/includes/agent/installation/uninstall/uninstall-alpine.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX agent: diff --git a/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md index d83313ef1..157cd949a 100644 --- a/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md +++ b/content/includes/agent/installation/uninstall/uninstall-amazon-linux.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX agent: diff --git a/content/includes/agent/installation/uninstall/uninstall-debian.md b/content/includes/agent/installation/uninstall/uninstall-debian.md index d703b57cc..63fa3d1a4 100644 --- a/content/includes/agent/installation/uninstall/uninstall-debian.md +++ b/content/includes/agent/installation/uninstall/uninstall-debian.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX Agent: diff --git a/content/includes/agent/installation/uninstall/uninstall-freebsd.md b/content/includes/agent/installation/uninstall/uninstall-freebsd.md deleted file mode 100644 index 420b56432..000000000 --- a/content/includes/agent/installation/uninstall/uninstall-freebsd.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md ---- - -Complete the following steps on each host where you've installed NGINX agent: - -1. Stop NGINX agent: - - ```shell - sudo service nginx-agent stop - ``` - -1. To uninstall NGINX agent, run the following command: - - ```shell - sudo pkg delete nginx-agent - ``` \ No newline at end of file diff --git a/content/includes/agent/installation/uninstall/uninstall-rhel.md b/content/includes/agent/installation/uninstall/uninstall-rhel.md index 233f92062..5ff95cd20 100644 --- a/content/includes/agent/installation/uninstall/uninstall-rhel.md +++ b/content/includes/agent/installation/uninstall/uninstall-rhel.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX Agent: diff --git a/content/includes/agent/installation/uninstall/uninstall-sles.md b/content/includes/agent/installation/uninstall/uninstall-sles.md index d9fcbc760..e4ec96fe9 100644 --- a/content/includes/agent/installation/uninstall/uninstall-sles.md +++ b/content/includes/agent/installation/uninstall/uninstall-sles.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX Agent: diff --git a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md index d703b57cc..63fa3d1a4 100644 --- a/content/includes/agent/installation/uninstall/uninstall-ubuntu.md +++ b/content/includes/agent/installation/uninstall/uninstall-ubuntu.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/uninstall.md - - content/nginx-one-console/agent/install-upgrade/uninstall.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/uninstall.md --- Complete the following steps on each host where you've installed NGINX Agent: diff --git a/content/includes/agent/installation/update-container.md b/content/includes/agent/installation/update-container.md index 221931fe0..4266bfb63 100644 --- a/content/includes/agent/installation/update-container.md +++ b/content/includes/agent/installation/update-container.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/update.md - - content/nginx-one-console/agent/install-upgrade/update.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/update.md --- To migrate NGINX Agent containers, we provide a script to convert NGINX Agent v2 config files to NGINX Agent v3 config files: [NGINX Agent Config Upgrade Script](https://github.com/nginx/agent/blob/v3/scripts/packages/upgrade-agent-config.sh) diff --git a/content/includes/agent/installation/update.md b/content/includes/agent/installation/update.md index 25159fc8c..4814a9eae 100644 --- a/content/includes/agent/installation/update.md +++ b/content/includes/agent/installation/update.md @@ -1,11 +1,9 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/update.md - - content/nginx-one-console/agent/install-upgrade/update.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/update.md --- - {{< call-out "note" >}} If you are using a version **older than NGINX Agent v2.31.0**, you must stop NGINX Agent before updating: - `sudo systemctl stop nginx-agent` diff --git a/content/includes/agent/installation/verify-agent.md b/content/includes/agent/installation/verify-agent.md index 5c32cf7e0..186f8ecf3 100644 --- a/content/includes/agent/installation/verify-agent.md +++ b/content/includes/agent/installation/verify-agent.md @@ -1,11 +1,9 @@ --- nd-product: NAGENT -files: - - content/agent/install-upgrade/install-from-github.md - - content/agent/install-upgrade/install-from-oss-repo.md - - content/agent/install-upgrade/install-from-plus-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md - - content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md +nd-files: +- content/nginx-one-console/agent/install-upgrade/install-from-github.md +- content/nginx-one-console/agent/install-upgrade/install-from-oss-repo.md +- content/nginx-one-console/agent/install-upgrade/install-from-plus-repo.md --- Once you have installed NGINX Agent, you can verify that it is running with the diff --git a/content/includes/agent/tech-specs.md b/content/includes/agent/tech-specs.md index 93cc36988..0e796c8be 100644 --- a/content/includes/agent/tech-specs.md +++ b/content/includes/agent/tech-specs.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/agent/tech-specs.md - - content/nginx-one-console/agent/overview/tech-specs.md +nd-files: +- content/nginx-one-console/agent/overview/tech-specs.md --- NGINX Agent is designed to operate efficiently on any system that meets the standard diff --git a/content/includes/agent/v3-available.md b/content/includes/agent/v3-available.md index a1f6a06af..f9190d2e7 100644 --- a/content/includes/agent/v3-available.md +++ b/content/includes/agent/v3-available.md @@ -1,8 +1,7 @@ --- nd-product: NAGENT -files: - - content/nginx-one-console/agent/overview/about.md - - content/nginx-one-console/agent/changelog.md +nd-files: +- content/nginx-one-console/agent/overview/about.md --- {{}} diff --git a/content/includes/controller/adc-rn-preamble.md b/content/includes/controller/adc-rn-preamble.md deleted file mode 100644 index 41c3e545b..000000000 --- a/content/includes/controller/adc-rn-preamble.md +++ /dev/null @@ -1,13 +0,0 @@ -We encourage you to install the latest version of the NGINX Controller Application Delivery module to take advantage of the newest features and updates. - -Technical support is provided for earlier versions that were released within two years of the current release. - -{{< call-out "note" >}} -For related installation documentation, refer to the following publications: - -- [NGINX Controller Installation Guide]({{< ref "/controller/admin-guides/backup-restore/_index.md" >}}) -- [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}}) -{{< /call-out>}} - - - \ No newline at end of file diff --git a/content/includes/controller/add-existing-instance.md b/content/includes/controller/add-existing-instance.md deleted file mode 100644 index 72a71cf98..000000000 --- a/content/includes/controller/add-existing-instance.md +++ /dev/null @@ -1,35 +0,0 @@ -Take the following steps to add an instance to NGINX Controller: - -1. Open the NGINX Controller user interface and log in. -2. Select the NGINX Controller menu icon, then select **Infrastructure**. -3. On the **Infrastructure** menu, select **Instances** > **Overview**. -4. On the **Instances** overview page, select **Create**. -5. On the **Create Instance** page, select **Add an existing instance**. -6. Add a name for the instance. If you don't provide a name, the hostname of the instance is used by default. -7. To add the instance to an existing [Instance Group]({{< ref "/controller/infrastructure/instances/manage-instances.md#instance-groups" >}}), select an Instance Group from the list. Or to create an Instance Group, select **Create New**. -8. To add the instance to an existing Location, select a Location from the list. Or to create a Location, select **Create New**. - - {{< call-out "important" >}} -Once set, the Location for an instance cannot be changed. If you need to change or remove the Location for an instance, you must [remove the instance from NGINX Controller]({{< ref "/controller/infrastructure/instances/manage-instances.md#delete-an-instance" >}}), and then add it back. - {{< /call-out >}} - - {{< call-out "important" >}} -Instances and the instance groups they belong to should specify the same location; however, this requirement is not currently enforced. If different locations are specified, the instance group's location takes precedence. This is important to remember when [assigning locations to workload groups]({{< ref "/controller/app-delivery/manage-apps.md#workload-groups">}}). - {{< /call-out >}} - -9. (Optional) By default, registration of NGINX Plus instances is performed over a secure connection. To use self-signed certificates with the Controller Agent, select **Allow insecure server connections to NGINX Controller using TLS**. For security purposes, we recommend that you secure the Controller Agent with signed certificates when possible. -10. Use SSH to connect and log in to the NGINX instance that you want to connect to NGINX Controller. -11. Run the `curl` or `wget` command that's shown in the **Installation Instructions** section on the NGINX instance to download and install the Controller Agent package. When specified, the `-i` and `-l` options for the `install.sh` script refer to the instance name and Location, respectively. - - {{< call-out "note" >}} - -Make sure you enter the commands to download and run the `install.sh` script on the NGINX Plus system, and not on the NGINX Controller. - -NGINX Controller 3.6 and earlier require Python 2.6 or 2.7. You'll be prompted to install Python if it's not installed already. Python is not required for NGINX Controller v3.7 and later. - - {{< /call-out >}} - -After a few minutes, the NGINX instance will appear on the **Instances** overview page. - - - \ No newline at end of file diff --git a/content/includes/controller/apim-rn-preamble.md b/content/includes/controller/apim-rn-preamble.md deleted file mode 100644 index 694a96a61..000000000 --- a/content/includes/controller/apim-rn-preamble.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -nd-docs: DOCS-1306 ---- - -We encourage you to install the latest version of the NGINX Controller APIM module to take advantage of the newest features and updates. - -Technical support is provided for earlier versions that were released within two years of the current release. - -{{< call-out "note" >}} -For related installation documentation, refer to the following publications: - -- [NGINX Controller Installation Guide]({{< ref "/controller/admin-guides/backup-restore/_index.md" >}}) -- [NGINX Controller Technical Specifications Guide]({{< ref "/controller/admin-guides/install/nginx-controller-tech-specs.md" >}}) -{{< /call-out>}} - -{{< call-out "important" >}} -**Upgrading from NGINX Controller 3.x to NGINX Controller API Management Module 3.18 or later** - -NGINX Controller 3.x includes the NGINX Controller Application Delivery Module (ADC) and NGINX Controller API Management Module (APIM). - -Starting with APIM 3.18, the ADC and APIM Modules are released independently on different schedules. - -If you've installed NGINX Controller 3.18 or earlier before July 2021, we recommend you use the ADC Module going forward. - -However, if you want to upgrade to APIM 3.18 or later, we recommend you upgrade to NGINX Controller 3.17 first. -{{< /call-out >}} diff --git a/content/includes/controller/helper-script-prereqs.md b/content/includes/controller/helper-script-prereqs.md deleted file mode 100644 index ed869622d..000000000 --- a/content/includes/controller/helper-script-prereqs.md +++ /dev/null @@ -1,48 +0,0 @@ -You can use the NGINX Controller `helper.sh prereqs` command to install the required system packages and Docker CE. - - - -| Options | Description | -|----------|-------------| -| `base` | Install the required Linux utilities. | -| `docker` | Install Docker CE. | -| `nfs` | Install NFS system packages. | - -To install all of the NGINX Controller prerequisites for your system at the same time, take the following steps: - -1. Download the NGINX Controller installer package from the [MyF5 Customer Portal](https://my.f5.com/manage/s/downloads). - -1. Extract the installer package files: - - ```bash - tar xzf controller-installer-.tar.gz - ``` - -1. Run the helper script with the `prereqs` option: - - ```bash - cd controller-installer - ./helper.sh prereqs - ``` - -{{< call-out "note" >}} -After you've installed NGINX Controller, you can install any of the prerequisites by running the following command: - - ```bash -/opt/nginx-controller/helper.sh prereqs [base|docker|nfs] -``` - -{{< /call-out >}} - - diff --git a/content/includes/controller/helper-script-support-package-details.md b/content/includes/controller/helper-script-support-package-details.md deleted file mode 100644 index bb5e77e70..000000000 --- a/content/includes/controller/helper-script-support-package-details.md +++ /dev/null @@ -1,129 +0,0 @@ -The support package is a tarball that includes NGINX Controller configuration information, logs, and system command output. Sensitive information, including certificate keys, is not included in the support package. - -The support package gathers information from the following locations: - -```md -. -├── database -│   ├── common.dump - full dump of the common database -│   ├── common.dump_stderr - any errors when dumping the database -│   ├── common-apimgmt-api-client-api-keys.txt - contents of apimgmt_api_client_api_keys table from the common database -│   ├── common-apimgmt-api-client-groups.txt - contents of apimgmt_api_client_groups table from the common database -│   ├── common-email-verification.txt - contents of email_verification table from the common database -│   ├── common-oauth-clients.txt - contents of oauth_clients table from the common database -│   ├── common-settings-license.txt - contents of settings_license table from the common database -│   ├── common-settings-nginx-plus.txt - contents of settings_nginx_plus table from the common database -│   ├── common-table-size.txt - list of all tables and their size in the common database -│   ├── data-table-size.txt - list of all tables and their size in the data database -│   ├── postgres-database-size.txt - size of every database -│   ├── postgres-long-running-queries.txt - all queries running longer than 10 seconds -│   ├── system.dump - full dump of the system database -│   ├── system-account-limits.txt - contents of account_limits table from the system database -│   ├── system-accounts.txt - contents of accounts table from the system database -│   ├── system-deleted-accounts.txt - contents of deleted_accounts table from the system database -│   ├── system-deleted-users.txt - contents of deleted_users table from the system database -│   ├── system-users.txt - contents of users table from the system database -│   └── system-table-size.txt - list of all tables and their size in the system database -├── k8s - output of `kubectl cluster-info dump -o yaml` augmented with some extra info -│   ├── apiservices.txt - output of `kubectl get apiservice` -│   ├── kube-system - contents of the kube-system namespace -│   │   ├── coredns-5c98db65d4-6flb9 -│   │   │   ├── desc.txt - pod description -│   │   │   ├── logs.txt - current logs -│   │   │   └── previous-logs.txt - previous logs, if any -│   │   ├── ... -│   │   ├── daemonsets.yaml - list of daemonsets -│   │   ├── deployments.yaml - list of deployments -│   │   ├── events.yaml - all events in this namespace -│   │   ├── namespace.yaml - details of the namespace, including finalizers -│   │   ├── pods.txt - output of `kubectl get pods --show-kind=true -o wide` -│   │   ├── pods.yaml - list of all pods -│   │   ├── replicasets.yaml - list of replicasets -│   │   ├── replication-controllers.yaml - list of replication controllers -│   │   ├── resources.txt - all Kubernetes resources in this namespace -│   │   └── services.yaml - list of services -│   ├── nginx-controller - contents of the nginx-controller namespace -│   │   ├── apigw-8fb64f768-9qwcm -│   │   │   ├── desc.txt - pod description -│   │   │   ├── logs.txt - current logs -│   │   │   └── previous-logs.txt - previous logs, if any -│   │   ├── ... -│   │   ├── daemonsets.yaml - list of daemonsets -│   │   ├── deployments.yaml - list of deployments -│   │   ├── events.yaml - all events in this namespace -│   │   ├── namespace.yaml - details of the namespace, including finalizers -│   │   ├── pods.txt - output of `kubectl get pods --show-kind=true -o wide` -│   │   ├── pods.yaml - list of all pods -│   │   ├── replicasets.yaml - list of replicasets -│   │   ├── replication-controllers.yaml - list of replication controllers -│   │   ├── resources.txt - all Kubernetes resources in this namespace -│   │   ├── services.yaml - list of services -│   ├── nodes.txt - output of `kubectl describe nodes` -│   ├── nodes.yaml - list of nodes -│   ├── resources.txt - all non-namespaced Kubernetes resources (including PersistentVolumes) -│   └── version.yaml - Kubernetes version -├── logs - copy of /var/log/nginx-controller/ -│   └── nginx-controller-install.log -├── os -│   ├── cpuinfo.txt - output of `cat /proc/cpuinfo` -│   ├── df-h.txt - output of `df -h` -│   ├── df-i.txt - output of `df -i` -│   ├── docker-container-ps.txt - output of `docker container ps` -│   ├── docker-images.txt - output of `docker images` -│   ├── docker-info.txt - output of `docker info` -│   ├── docker-stats.txt - output of `docker stats --all --no-stream` -│   ├── docker-version.txt - output of `docker version` -│   ├── du-mcs.txt - output of `du -mcs /opt/nginx-controller/* /var/log /var/lib` -│   ├── env.txt - output of `env` -│   ├── firewall-cmd.txt - output of `firewall-cmd --list-all` -│   ├── free.txt - output of `free -m` -│   ├── hostname-all-fqdns.txt - output of `hostname --all-fqdns` -│   ├── hostname-fqdn.txt - output of `hostname --fqdn` -│   ├── hostname.txt - output of `hostname` -│   ├── hostsfile.txt - output of `cat /etc/hosts` -│   ├── ip-address.txt - output of `ip address` -│   ├── ip-neigh.txt - output of `ip neigh` -│   ├── ip-route.txt - output of `ip route` -│   ├── iptables-filter.txt - output of `iptables -L -n -v` -│   ├── iptables-mangle.txt - output of `iptables -L -n -v -t mangle` -│   ├── iptables-nat.txt - output of `iptables -L -n -v -t nat` -│   ├── iptables-save.txt - output of `iptables-save` -│   ├── journal-kubelet.txt - output of `journalctl -q -u kubelet --no-pager` -│   ├── lspci.txt - output of `lspci -vvv` -│   ├── netstat-nr.txt - output of `netstat -nr` -│   ├── ps-faux.txt - output of `ps faux` -│   ├── pstree.txt - output of `pstree` -│   ├── ps.txt - output of `ps aux --sort=-%mem` -│   ├── resolvconf.txt - output of `cat /etc/resolv.conf` -│   ├── selinux-mode.txt - output of `getenforce` -│   ├── ss-ltunp.txt - output of `ss -ltunp` -│   ├── swapon.txt - output of `swapon -s` -│   ├── sysctl.txt - output of `sysctl -a --ignore` -│   ├── systemd.txt - output of `journalctl -q --utc` -│   ├── top.txt - output of `top -b -o +%CPU -n 3 -d 1 -w512 -c` -│   ├── uname.txt - output of `uname -a` -│   ├── uptime.txt - output of `cat /proc/uptime` -│   └── vmstat.txt - output of `cat /proc/vmstat` -├── timeseries -│ ├── table-sizes.stat - stat table containing controller table sizes -│ ├── events.csv - events table dump in csv -│ ├── events.sql - events table schema -│ ├── metrics_1day.csv - metrics_1day table dump in csv -│ ├── metrics_1day.sql - metrics_1day table schema -│ ├── metrics_1hour.csv - metrics_1hour table dump in csv -│ ├── metrics_1hour.sql - metrics_1hour table schema -│ ├── metrics_5min.csv - metrics_5min table dump in csv -│ ├── metrics_5min.sql - metrics_5min table schema -│ ├── metrics.csv - metrics table dump in csv -│ ├── metrics.sql - metrics table schema -│ ├── system-asynchronous-metrics.stat - shows info about currently executing events or consuming resources -│ ├── system-events.stat - information about the number of events that have occurred in the system -│ ├── system-metrics.stat - system metrics -│ ├── system-parts.stat - information about parts of a table in the MergeTree family -│ ├── system-settings.stat - information about settings that are currently in use -│ └── system-tables.stat - information about all the tables -└── version.txt - Controller version information -``` - - - diff --git a/content/includes/installation/access-web-ui.md b/content/includes/installation/access-web-ui.md index d51fe6f73..a0d466591 100644 --- a/content/includes/installation/access-web-ui.md +++ b/content/includes/installation/access-web-ui.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-1241 +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md --- To access the NGINX Instance Manager web interface, open a web browser and go to `https://`, replacing `` with the Fully Qualified Domain Name of your NGINX Instance Manager host. diff --git a/content/includes/installation/add-nms-repo.md b/content/includes/installation/add-nms-repo.md index 037ec3e09..6f69e2d9f 100644 --- a/content/includes/installation/add-nms-repo.md +++ b/content/includes/installation/add-nms-repo.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-1243 +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md --- Select the tab matching your Linux distribution, then follow the instructions to add the NGINX Instance Manager repository. diff --git a/content/includes/installation/add-ports-agent-selinux.md b/content/includes/installation/add-ports-agent-selinux.md index 43019a234..702d50aa4 100644 --- a/content/includes/installation/add-ports-agent-selinux.md +++ b/content/includes/installation/add-ports-agent-selinux.md @@ -1,8 +1,7 @@ --- -files: - - content/nginx-one-console/agent/configure-instances/configure-selinux.md - - content/nim/system-configuration/configure-selinux.md - - content/nms/nginx-agent/install-nginx-agent.md +nd-files: +- content/nginx-one-console/agent/configure-instances/configure-selinux.md +- content/nim/system-configuration/configure-selinux.md --- Make sure to add external ports to the firewall exception list. diff --git a/content/includes/installation/enable-agent-selinux.md b/content/includes/installation/enable-agent-selinux.md index 9aba4e12d..0c02dd581 100644 --- a/content/includes/installation/enable-agent-selinux.md +++ b/content/includes/installation/enable-agent-selinux.md @@ -1,8 +1,7 @@ --- -files: - - content/nginx-one-console/agent/configure-instances/configure-selinux.md - - content/nim/system-configuration/configure-selinux.md - - content/nms/nginx-agent/install-nginx-agent.md +nd-files: +- content/nginx-one-console/agent/configure-instances/configure-selinux.md +- content/nim/system-configuration/configure-selinux.md --- The following SELinux files are added when you install the NGINX Agent package: diff --git a/content/includes/installation/nms-prerequisites.md b/content/includes/installation/nms-prerequisites.md deleted file mode 100644 index 6833b66dd..000000000 --- a/content/includes/installation/nms-prerequisites.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: DOCS-1242 ---- - -{{< call-out "important" >}} -Before you can install this module, you need to have NGINX and ClickHouse installed on your system. Additionally, you will need to add the NGINX Instance Manager repository. The [Prerequisites]({{< ref "/nim/deploy/vm-bare-metal/install.md" >}}) topic has detailed instructions on how to fulfill these requirements. - -{{< /call-out >}} - diff --git a/content/includes/installation/nms-user.md b/content/includes/installation/nms-user.md index bed549243..b50afaecf 100644 --- a/content/includes/installation/nms-user.md +++ b/content/includes/installation/nms-user.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nim/disconnected/offline-install-guide-manual.md +- content/nim/disconnected/offline-install-guide.md --- {{< call-out "note" >}}NGINX Instance Manager components started this way run by default as the non-root `nms` user inside the `nms` group, both of which are created during installation.{{< /call-out >}} diff --git a/content/includes/installation/optional-installation-steps.md b/content/includes/installation/optional-installation-steps.md deleted file mode 100644 index 71674e85b..000000000 --- a/content/includes/installation/optional-installation-steps.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -nd-docs: DOCS-1030 ---- - -The following steps may be necessary depending on your installation configuration. - -- If you used a custom address, username, or password, or enabled TLS when [installing ClickHouse]({{< ref "/nim/deploy/vm-bare-metal/install.md#install-clickhouse" >}}), follow the steps in the [Configure ClickHouse]({{< ref "/nim/system-configuration/configure-clickhouse.md" >}}) guide to update the `/etc/nms/nms.conf` file. If you don't do so, NGINX Instance Manager won't be able to connect to ClickHouse. - -- If you use Vault, follow the steps in the [Configure Vault]({{< ref "/nim/system-configuration/configure-vault.md" >}}) guide to update the `/etc/nms/nms.conf` file. If you don't do so, NGINX Instance Manager won't be able to connect to Vault. - -- If you use SELinux, follow the steps in the [Configure SELinux]({{< ref "/nim/system-configuration/configure-selinux.md" >}}) guide to restore SELinux contexts (`restorecon`) for the files and directories related to NGINX Instance Manager. - diff --git a/content/includes/installation/secure-installation.md b/content/includes/installation/secure-installation.md index 509d72e65..abb233e35 100644 --- a/content/includes/installation/secure-installation.md +++ b/content/includes/installation/secure-installation.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-1405 +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md --- To ensure that your NGINX Instance Manager deployment remains secure, follow the recommendations in this section: diff --git a/content/includes/licensing-and-reporting/apply-jwt.md b/content/includes/licensing-and-reporting/apply-jwt.md index 943c69046..a96634e7b 100644 --- a/content/includes/licensing-and-reporting/apply-jwt.md +++ b/content/includes/licensing-and-reporting/apply-jwt.md @@ -1,7 +1,9 @@ --- file: - - content/solutions/about-subscription-licenses.md - - content/nap-waf/v5/admin-guide/install.md +- content/solutions/about-subscription-licenses.md +- content/nap-waf/v5/admin-guide/install.md +nd-files: +- content/solutions/about-subscription-licenses/getting-started.md --- 1. Copy the license file to: diff --git a/content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md b/content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md index 7cb7000d4..904325c03 100644 --- a/content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md +++ b/content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md @@ -1,4 +1,8 @@ --- +nd-files: +- content/nim/admin-guide/report-usage-connected-deployment.md +- content/nim/disconnected/report-usage-disconnected-deployment.md +- content/solutions/about-subscription-licenses/getting-started.md --- 1. Allow NGINX Plus instances to connect to NGINX Instance Manager over HTTPS (TCP `443`). diff --git a/content/includes/licensing-and-reporting/custom-paths-jwt.md b/content/includes/licensing-and-reporting/custom-paths-jwt.md index 544db84d1..ef0aec7ba 100644 --- a/content/includes/licensing-and-reporting/custom-paths-jwt.md +++ b/content/includes/licensing-and-reporting/custom-paths-jwt.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md +- content/solutions/about-subscription-licenses/getting-started.md --- If you’re upgrading from NGINX Plus R32 or earlier to R33 or later and plan to use a custom path for the license file, note that the custom path isn’t recognized until after the upgrade. You must first create a placeholder file at `/etc/nginx/license.jwt` (or `/usr/local/etc/nginx/license.jwt` on FreeBSD). diff --git a/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md b/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md index 31362eb64..6c7f0d7bf 100644 --- a/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md +++ b/content/includes/licensing-and-reporting/deploy-jwt-with-csgs.md @@ -1,9 +1,10 @@ --- file: - - content/solutions/about-subscription-licenses.md +- content/solutions/about-subscription-licenses.md +nd-files: +- content/solutions/about-subscription-licenses/getting-started.md --- - {{}} Before you deploy with a Config Sync Group, you need to create one in the NGINX One Console. If you haven’t created a group yet, see [Manage Config Sync Groups]({{< ref "/nginx-one-console/nginx-configs/config-sync-groups/manage-config-sync-groups.md" >}}) for instructions. diff --git a/content/includes/licensing-and-reporting/download-certificates-from-myf5.md b/content/includes/licensing-and-reporting/download-certificates-from-myf5.md index 36597020c..12625c3b8 100644 --- a/content/includes/licensing-and-reporting/download-certificates-from-myf5.md +++ b/content/includes/licensing-and-reporting/download-certificates-from-myf5.md @@ -1,6 +1,9 @@ --- -files: +nd-files: - content/includes/use-cases/credential-download-instructions.md +- content/waf/configure/compiler.md +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md index beae2cc49..d5f75021e 100644 --- a/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md +++ b/content/includes/licensing-and-reporting/download-jwt-crt-from-myf5.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Download the SSL certificate, private key, and the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: diff --git a/content/includes/licensing-and-reporting/download-jwt-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-from-myf5.md index a4338a1d6..aed5346f9 100644 --- a/content/includes/licensing-and-reporting/download-jwt-from-myf5.md +++ b/content/includes/licensing-and-reporting/download-jwt-from-myf5.md @@ -1,15 +1,14 @@ --- -files: +nd-files: - content/includes/nim/docker/docker-registry-login.md - content/includes/use-cases/credential-download-instructions.md -- content/nap-waf/v5/admin-guide/install.md -- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md - content/nginx-one-console/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md - content/nim/admin-guide/add-license.md - content/nim/deploy/docker/deploy-nginx-plus-and-agent-docker.md - content/nim/disconnected/add-license-disconnected-deployment.md -- content/solutions/about-subscription-licenses.md -- content/solutions/r33-pre-release-guidance-for-automatic-upgrades.md +- content/solutions/about-subscription-licenses/getting-started.md +- content/waf/install/kubernetes.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/licensing-and-reporting/log-location-and-monitoring.md b/content/includes/licensing-and-reporting/log-location-and-monitoring.md index 61a7aec75..ec5d86614 100644 --- a/content/includes/licensing-and-reporting/log-location-and-monitoring.md +++ b/content/includes/licensing-and-reporting/log-location-and-monitoring.md @@ -1,4 +1,8 @@ --- +nd-files: +- content/nim/admin-guide/report-usage-connected-deployment.md +- content/nim/disconnected/report-usage-disconnected-deployment.md +- content/solutions/about-subscription-licenses/getting-started.md --- Monitor the [NGINX error log](https://nginx.org/en/docs/ngx_core_module.html#error_log), usually at `/var/log/nginx/error.log`, to identify subscription issues early. The log records problems such as failed usage reports or licenses that are about to expire. Check it regularly to avoid downtime and stay compliant. diff --git a/content/includes/licensing-and-reporting/reported-usage-data.md b/content/includes/licensing-and-reporting/reported-usage-data.md index 1d19e60ff..bbc4554de 100644 --- a/content/includes/licensing-and-reporting/reported-usage-data.md +++ b/content/includes/licensing-and-reporting/reported-usage-data.md @@ -1,4 +1,8 @@ --- +nd-files: +- content/nim/admin-guide/report-usage-connected-deployment.md +- content/nim/disconnected/report-usage-disconnected-deployment.md +- content/solutions/about-subscription-licenses/getting-started.md --- By default, NGINX Plus sends usage data to F5 every hour in a `POST` request. The report includes information such as traffic volume, runtime, and instance activity. diff --git a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md b/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md deleted file mode 100644 index 718949866..000000000 --- a/content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: "DOCS-1441" ---- - -To avoid client service interruptions when upgrading NGINX Gateway Fabric, you can configure [`PreStop` hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) to delay terminating the NGINX Gateway Fabric pod, allowing the pod to complete certain actions before shutting down. This ensures a smooth upgrade without any downtime, also known as a zero downtime upgrade. - -For an in-depth explanation of how Kubernetes handles pod termination, see the [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) topic on their official website. - -{{< call-out "note" >}}Keep in mind that NGINX won't shut down while WebSocket or other long-lived connections are open. NGINX will only stop when these connections are closed by the client or the backend. If these connections stay open during an upgrade, Kubernetes might need to shut down NGINX forcefully. This sudden shutdown could interrupt service for clients.{{< /call-out >}} diff --git a/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md b/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md deleted file mode 100644 index 6f21d5702..000000000 --- a/content/includes/ngf/installation/delay-pod-termination/termination-grace-period.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -nd-docs: "DOCS-1440" ---- - -Set `terminationGracePeriodSeconds` to a value that is equal to or greater than the `sleep` duration specified in the `preStop` hook (default is `30`). This setting prevents Kubernetes from terminating the pod before before the `preStop` hook has completed running. - - ```yaml - terminationGracePeriodSeconds: 50 - ``` diff --git a/content/includes/ngf/installation/deploy-ngf-crds.md b/content/includes/ngf/installation/deploy-ngf-crds.md index db4a840db..3dab230cd 100644 --- a/content/includes/ngf/installation/deploy-ngf-crds.md +++ b/content/includes/ngf/installation/deploy-ngf-crds.md @@ -1,8 +1,7 @@ --- -nd-docs: "DOCS-000" -files: -- content/ngf/install/manifests.md -- content/nginx-one-console/ngf/add-ngf-manifests.md +nd-docs: DOCS-000 +nd-files: +- content/nginx-one-console/k8s/add-ngf-manifests.md --- #### Stable release diff --git a/content/includes/ngf/installation/deploy-ngf-manifests.md b/content/includes/ngf/installation/deploy-ngf-manifests.md index bac1f5293..db0ba02fe 100644 --- a/content/includes/ngf/installation/deploy-ngf-manifests.md +++ b/content/includes/ngf/installation/deploy-ngf-manifests.md @@ -1,8 +1,7 @@ --- -nd-docs: "DOCS-000" -files: -- content/ngf/install/manifests.md -- content/nginx-one-console/ngf/add-ngf-manifests.md +nd-docs: DOCS-000 +nd-files: +- content/nginx-one-console/k8s/add-ngf-manifests.md --- {{< call-out "note" >}} By default, NGINX Gateway Fabric is installed in the **nginx-gateway** namespace. You can deploy in another namespace by modifying the manifest files. {{< /call-out >}} diff --git a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md index 03b3e11f6..c072b0b35 100644 --- a/content/includes/ngf/installation/expose-nginx-gateway-fabric.md +++ b/content/includes/ngf/installation/expose-nginx-gateway-fabric.md @@ -1,7 +1,10 @@ --- -title: "Expose NGINX Gateway Fabric" +title: Expose NGINX Gateway Fabric weight: 300 -nd-docs: "DOCS-1427" +nd-docs: DOCS-1427 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md --- The Service that is provisioned when NGINX Gateway Fabric is first installed is a ClusterIP Service used only for internal communication between the control plane and data planes. To deploy NGINX itself and get a LoadBalancer Service, you now need to [create a Gateway]({{< ref "/ngf/install/deploy-data-plane.md" >}}). diff --git a/content/includes/ngf/installation/helm/pulling-the-chart.md b/content/includes/ngf/installation/helm/pulling-the-chart.md index e42fb7f6a..3923ccb20 100644 --- a/content/includes/ngf/installation/helm/pulling-the-chart.md +++ b/content/includes/ngf/installation/helm/pulling-the-chart.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-1439" +nd-docs: DOCS-1439 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/upgrade-version.md +- content/nginx-one-console/k8s/add-ngf-helm.md --- ```shell diff --git a/content/includes/ngf/installation/install-gateway-api-experimental-features.md b/content/includes/ngf/installation/install-gateway-api-experimental-features.md index d57046ebf..7d46d0bdd 100644 --- a/content/includes/ngf/installation/install-gateway-api-experimental-features.md +++ b/content/includes/ngf/installation/install-gateway-api-experimental-features.md @@ -1,5 +1,8 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/ngf/traffic-management/tls-passthrough.md +- content/ngf/traffic-security/secure-backend.md --- To use Gateway API experimental resources, the Gateway API resources from the experimental channel must be installed before deploying NGINX Gateway Fabric. Additionally, NGINX Gateway Fabric must have experimental features enabled. diff --git a/content/includes/ngf/installation/install-gateway-api-resources.md b/content/includes/ngf/installation/install-gateway-api-resources.md index 859c33c72..abbf29263 100644 --- a/content/includes/ngf/installation/install-gateway-api-resources.md +++ b/content/includes/ngf/installation/install-gateway-api-resources.md @@ -1,5 +1,10 @@ --- -nd-docs: "DOCS-1438" +nd-docs: DOCS-1438 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md +- content/nginx-one-console/k8s/add-ngf-helm.md +- content/nginx-one-console/k8s/add-ngf-manifests.md --- {{< call-out "note" >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginx/nginx-gateway-fabric/blob/v{{< version-ngf >}}/README.md#technical-specifications). {{< /call-out >}} diff --git a/content/includes/ngf/installation/install-manifests-prereqs.md b/content/includes/ngf/installation/install-manifests-prereqs.md index 3b22598dc..b96374582 100644 --- a/content/includes/ngf/installation/install-manifests-prereqs.md +++ b/content/includes/ngf/installation/install-manifests-prereqs.md @@ -1,8 +1,7 @@ --- -nd-docs: "DOCS-000" -files: -- content/ngf/install/manifests.md -- content/nginx-one-console/ngf/add-ngf-manifests.md +nd-docs: DOCS-000 +nd-files: +- content/nginx-one-console/k8s/add-ngf-manifests.md --- To complete this guide, you'll need to install: diff --git a/content/includes/ngf/installation/jwt-password-note.md b/content/includes/ngf/installation/jwt-password-note.md index dba68ea16..1cc605f25 100644 --- a/content/includes/ngf/installation/jwt-password-note.md +++ b/content/includes/ngf/installation/jwt-password-note.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md +- content/ngf/install/nginx-plus.md --- {{< call-out "note" >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history: diff --git a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md index 70946b287..d421f30b8 100644 --- a/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md +++ b/content/includes/ngf/installation/nginx-plus/docker-registry-secret.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md +- content/ngf/install/nginx-plus.md --- {{< call-out "note" >}} If you would rather pull the NGINX Plus image and push to a private registry, you can skip this specific step and instead follow [this step]({{< ref "/ngf/install/nginx-plus.md#pull-an-image-for-local-use" >}}). {{< /call-out >}} diff --git a/content/includes/ngf/installation/nginx-plus/download-jwt.md b/content/includes/ngf/installation/nginx-plus/download-jwt.md index 63880f204..dc3db70cd 100644 --- a/content/includes/ngf/installation/nginx-plus/download-jwt.md +++ b/content/includes/ngf/installation/nginx-plus/download-jwt.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md +- content/ngf/install/nginx-plus.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md b/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md index be8a0b9f4..d2ee842a5 100644 --- a/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md +++ b/content/includes/ngf/installation/nginx-plus/nginx-plus-secret.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/ngf/install/helm.md +- content/ngf/install/manifests.md +- content/ngf/install/nginx-plus.md --- Place the JWT in a file called `license.jwt`. Create a Kubernetes Secret using the contents of the JWT file. diff --git a/content/includes/ngf/installation/uninstall-gateway-api-resources.md b/content/includes/ngf/installation/uninstall-gateway-api-resources.md index d123bf43c..c16b40fb6 100644 --- a/content/includes/ngf/installation/uninstall-gateway-api-resources.md +++ b/content/includes/ngf/installation/uninstall-gateway-api-resources.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-1436" +nd-docs: DOCS-1436 +nd-files: +- content/ngf/how-to/gateway-api-inference-extension.md +- content/ngf/install/helm.md +- content/ngf/install/manifests.md --- {{< call-out "warning" >}} This will remove all corresponding custom resources in your entire cluster, across all namespaces. Double-check to make sure you don't have any custom resources you need to keep, and confirm that there are no other Gateway API implementations active in your cluster. {{< /call-out >}} diff --git a/content/includes/ngf/installation/upgrade-api-resources.md b/content/includes/ngf/installation/upgrade-api-resources.md deleted file mode 100644 index adaed0b1a..000000000 --- a/content/includes/ngf/installation/upgrade-api-resources.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -nd-docs: DOCS-000 ---- - -To upgrade your Gateway API resources, take the following steps: - -- Use [Technical specifications]({{< ref "/ngf/reference/technical-specifications.md" >}}) to verify your Gateway API resources are compatible with your NGINX Gateway Fabric version. -- Review the [release notes](https://github.com/kubernetes-sigs/gateway-api/releases) for any important upgrade-specific information. - -To upgrade the Gateway API resources, run the following command: - -```shell -kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v{{< version-ngf >}}" | kubectl apply -f - -``` - -If you installed NGINX Gateway the from the experimental channel, use this instead: - -```shell -kubectl kustomize "https://github.com/nginx/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v{{< version-ngf >}}" | kubectl apply -f - -``` \ No newline at end of file diff --git a/content/includes/nginx-one-console/add-file/edit-config-tip.md b/content/includes/nginx-one-console/add-file/edit-config-tip.md index 713096a07..943033729 100644 --- a/content/includes/nginx-one-console/add-file/edit-config-tip.md +++ b/content/includes/nginx-one-console/add-file/edit-config-tip.md @@ -1,5 +1,8 @@ --- nd-product: NONECO +nd-files: +- content/nginx-one-console/nginx-configs/config-sync-groups/add-file-csg.md +- content/nginx-one-console/nginx-configs/one-instance/add-file.md --- From this window, select the file of your choice. If you want to delete this diff --git a/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md b/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md index 2d26afc33..affe22343 100644 --- a/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md +++ b/content/includes/nginx-one-console/add-file/existing-ssl-bundle.md @@ -1,5 +1,8 @@ --- nd-product: NONECO +nd-files: +- content/nginx-one-console/nginx-configs/config-sync-groups/add-file-csg.md +- content/nginx-one-console/nginx-configs/one-instance/add-file.md --- With this option, you can incorporate [Managed certificates]({{< ref "/nginx-one-console/nginx-configs/certificates/manage-certificates.md#managed-and-unmanaged-certificates" >}}). diff --git a/content/includes/nginx-one-console/add-file/new-ssl-bundle.md b/content/includes/nginx-one-console/add-file/new-ssl-bundle.md index fe014ac79..00c9aaf2f 100644 --- a/content/includes/nginx-one-console/add-file/new-ssl-bundle.md +++ b/content/includes/nginx-one-console/add-file/new-ssl-bundle.md @@ -1,5 +1,8 @@ --- nd-product: NONECO +nd-files: +- content/nginx-one-console/nginx-configs/config-sync-groups/add-file-csg.md +- content/nginx-one-console/nginx-configs/one-instance/add-file.md --- First you can select the toggle to allow NGINX One Console to manage the new certificate or bundle. diff --git a/content/includes/nginx-one-console/add-file/overview.md b/content/includes/nginx-one-console/add-file/overview.md index a686f97c9..d776d1b0f 100644 --- a/content/includes/nginx-one-console/add-file/overview.md +++ b/content/includes/nginx-one-console/add-file/overview.md @@ -1,5 +1,8 @@ --- nd-product: NONECO +nd-files: +- content/nginx-one-console/nginx-configs/config-sync-groups/add-file-csg.md +- content/nginx-one-console/nginx-configs/one-instance/add-file.md --- This guide explains how to add files in the F5 NGINX One Console. While you can manage files in the CLI, the NGINX One Console supports editing in a UI that resembles an Integrated Development Environment (IDE), with recommendations. diff --git a/content/includes/nginx-one-console/alert-labels.md b/content/includes/nginx-one-console/alert-labels.md index a3add6907..7202f844e 100644 --- a/content/includes/nginx-one-console/alert-labels.md +++ b/content/includes/nginx-one-console/alert-labels.md @@ -1,11 +1,10 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - - content/nginx-one-console/glossary.md +nd-files: +- content/glossary/glossary.md +- content/nginx-one-console/glossary.md --- - You can configure a variety of NGINX alerts in the F5 Distributed Cloud. If you have access to the [F5 Distributed Cloud]({{< ref "/nginx-one-console/getting-started.md#confirm-access-to-the-f5-distributed-cloud" >}}), log in and select the **Audit Logs & Alerts** tile. Go to **Notifications > Alerts**. Select the gear icon and select **Alert Name > Active Alerts**. You may see one or more of the following alerts in the **Audit Logs & Alerts** Console. diff --git a/content/includes/nginx-one-console/cloud-access-nginx.md b/content/includes/nginx-one-console/cloud-access-nginx.md index 7354911f4..e3918a759 100644 --- a/content/includes/nginx-one-console/cloud-access-nginx.md +++ b/content/includes/nginx-one-console/cloud-access-nginx.md @@ -1,7 +1,8 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md --- 1. Go to `https://.console.ves.volterra.io/` to access F5 Distributed Cloud, and sign in. diff --git a/content/includes/nginx-one-console/cloud-access.md b/content/includes/nginx-one-console/cloud-access.md index c534be1e3..700c9ecb8 100644 --- a/content/includes/nginx-one-console/cloud-access.md +++ b/content/includes/nginx-one-console/cloud-access.md @@ -1,9 +1,9 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - - content/nginx-one-console/getting-started.md - - content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md +- content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md --- Confirm that an F5 Distributed Cloud tenant has been provisioned for you. To do so: diff --git a/content/includes/nginx-one-console/conf/nginx-agent-conf.md b/content/includes/nginx-one-console/conf/nginx-agent-conf.md index ed6e7dfad..d77b588ca 100644 --- a/content/includes/nginx-one-console/conf/nginx-agent-conf.md +++ b/content/includes/nginx-one-console/conf/nginx-agent-conf.md @@ -1,8 +1,8 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/getting-started.md - - content/nginx-one-console/agent/containers/run-agent-container.md +nd-files: +- content/nginx-one-console/agent/containers/run-agent-container.md +- content/nginx-one-console/getting-started.md --- ```yaml diff --git a/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md b/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md index 5ab31aaa9..02967dbd9 100644 --- a/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md +++ b/content/includes/nginx-one-console/config-snippets/enable-nplus-api-dashboard.md @@ -1,7 +1,7 @@ --- nd-product: NONECO -files: -- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md +nd-files: +- content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md - content/includes/use-cases/monitoring/enable-nginx-plus-api.md --- diff --git a/content/includes/nginx-one-console/how-to/add-instance.md b/content/includes/nginx-one-console/how-to/add-instance.md index 41b7bff4d..ba2d17daf 100644 --- a/content/includes/nginx-one-console/how-to/add-instance.md +++ b/content/includes/nginx-one-console/how-to/add-instance.md @@ -1,8 +1,8 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/connect-instances/add-instance.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/connect-instances/add-instance.md +- content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md --- You can add an instance to NGINX One Console in the following ways: diff --git a/content/includes/nginx-one-console/how-to/generate-data-plane-key.md b/content/includes/nginx-one-console/how-to/generate-data-plane-key.md index 8bc1793e9..4a7d3d42f 100644 --- a/content/includes/nginx-one-console/how-to/generate-data-plane-key.md +++ b/content/includes/nginx-one-console/how-to/generate-data-plane-key.md @@ -1,11 +1,10 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - - content/nginx-one-console/getting-started.md - - content/nginx-one-console/ngf/add-nic.md - - content/nginx-one-console/ngf/add-ngf-helm.md - - content/nginx-one-console/ngf/add-ngf-manifests.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/k8s/add-ngf-helm.md +- content/nginx-one-console/k8s/add-ngf-manifests.md +- content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md --- A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One. diff --git a/content/includes/nginx-one-console/how-to/install-nginx-agent.md b/content/includes/nginx-one-console/how-to/install-nginx-agent.md index f8c49af32..d9c6e84af 100644 --- a/content/includes/nginx-one-console/how-to/install-nginx-agent.md +++ b/content/includes/nginx-one-console/how-to/install-nginx-agent.md @@ -1,8 +1,7 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md --- After entering your data plane key, you'll see a `curl` command to install NGINX Agent, similar to the one below. Copy and run this command on each NGINX instance. Once installed, NGINX Agent typically registers with NGINX One within a few seconds. diff --git a/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md b/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md index eec574de7..3170a0f62 100644 --- a/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md +++ b/content/includes/nginx-one-console/how-to/k8s-secret-dp-key.md @@ -1,8 +1,8 @@ --- nd-product: NONECO -files: -- content/nginx-one-console/k8s/add-ngf-manifests.md +nd-files: - content/nginx-one-console/k8s/add-ngf-helm.md +- content/nginx-one-console/k8s/add-ngf-manifests.md --- To create a Kubernetes secret, you'll need: diff --git a/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md b/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md index 6c9e8f8dc..f79f1d560 100644 --- a/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md +++ b/content/includes/nginx-one-console/how-to/ngf-troubleshooting.md @@ -1,8 +1,8 @@ --- nd-product: NONECO -files: -- content/nginx-one-console/k8s/add-ngf-manifests.md +nd-files: - content/nginx-one-console/k8s/add-ngf-helm.md +- content/nginx-one-console/k8s/add-ngf-manifests.md --- If you encounter issues connecting your instances to NGINX One Console, try the following commands: diff --git a/content/includes/nginx-one-console/how-to/verify-connection.md b/content/includes/nginx-one-console/how-to/verify-connection.md index 1e43d2594..5e51d14c2 100644 --- a/content/includes/nginx-one-console/how-to/verify-connection.md +++ b/content/includes/nginx-one-console/how-to/verify-connection.md @@ -1,8 +1,8 @@ --- nd-product: NONECO -files: -- content/nginx-one-console/k8s/add-ngf-manifests.md +nd-files: - content/nginx-one-console/k8s/add-ngf-helm.md +- content/nginx-one-console/k8s/add-ngf-manifests.md --- After deploying NGINX Gateway Fabric with NGINX Agent, you can verify the connection to NGINX One Console. diff --git a/content/includes/nginx-one-console/install-nginx.md b/content/includes/nginx-one-console/install-nginx.md index 578654301..09431364d 100644 --- a/content/includes/nginx-one-console/install-nginx.md +++ b/content/includes/nginx-one-console/install-nginx.md @@ -1,8 +1,7 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/secure-your-fleet/set-up-security-alerts.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/getting-started.md --- If you need to set up an instance of NGINX, you can do so in one of the following ways: diff --git a/content/includes/nginx-one-console/staged-config-overview.md b/content/includes/nginx-one-console/staged-config-overview.md index 2815e3ce9..09110f0b1 100644 --- a/content/includes/nginx-one-console/staged-config-overview.md +++ b/content/includes/nginx-one-console/staged-config-overview.md @@ -1,8 +1,9 @@ --- nd-product: NONECO -files: - - content/nginx-one-console/how-to/staged-configs/add-staged-config.md - - content/nginx-one-console/how-to/staged-configs/edit-staged-config.md +nd-files: +- content/nginx-one-console/nginx-configs/staged-configs/add-staged-config.md +- content/nginx-one-console/nginx-configs/staged-configs/edit-staged-config.md +- content/nginx-one-console/nginx-configs/staged-configs/import-export-staged-config.md --- It takes time to set up NGINX configuration files. Staged Configurations can help. They work like a draft that uses the features of NGINX One Console. The Staged Configuration does not have to be valid. diff --git a/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md b/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md index 0fdc3d3fe..cb0c52916 100644 --- a/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md +++ b/content/includes/nginx-one-console/workshops/nginx-one-env-variables.md @@ -1,9 +1,9 @@ --- nd-product: NONECO -files: +nd-files: +- content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md - content/nginx-one-console/workshops/lab4/config-sync-groups.md -- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-r34.md - +- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md --- Set these environment variables: diff --git a/content/includes/nginx-one-console/workshops/xc-account.md b/content/includes/nginx-one-console/workshops/xc-account.md index 27dbc0b5d..d22ced879 100644 --- a/content/includes/nginx-one-console/workshops/xc-account.md +++ b/content/includes/nginx-one-console/workshops/xc-account.md @@ -1,9 +1,9 @@ --- -files: - - content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md - - content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md - - content/nginx-one-console/workshops/lab4/config-sync-groups.md - - content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md +nd-files: +- content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md +- content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md +- content/nginx-one-console/workshops/lab4/config-sync-groups.md +- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md --- All labs require an **F5 Distributed Cloud (XC) account** with NGINX One enabled. If you don’t have an account or need to verify access, follow the steps in [Lab 1: Before you begin]({{< ref "/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md#before-you-begin" >}}). \ No newline at end of file diff --git a/content/includes/nginx-plus/install/back-up-config-and-logs.md b/content/includes/nginx-plus/install/back-up-config-and-logs.md index 3af37b843..99308bf7d 100644 --- a/content/includes/nginx-plus/install/back-up-config-and-logs.md +++ b/content/includes/nginx-plus/install/back-up-config-and-logs.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Back up your NGINX Plus configuration and log files if you have an older NGINX Plus package installed. For more information, see [Upgrading NGINX Plus]({{< ref "nginx/admin-guide/installing-nginx/installing-nginx-plus.md#upgrade" >}}). \ No newline at end of file diff --git a/content/includes/nginx-plus/install/check-nginx-binary-version.md b/content/includes/nginx-plus/install/check-nginx-binary-version.md index d460129b3..184938c03 100644 --- a/content/includes/nginx-plus/install/check-nginx-binary-version.md +++ b/content/includes/nginx-plus/install/check-nginx-binary-version.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Check the `nginx` version to verify that NGINX Plus is installed correctly: diff --git a/content/includes/nginx-plus/install/check-tech-specs.md b/content/includes/nginx-plus/install/check-tech-specs.md index 1152cd13e..13ba50fb6 100644 --- a/content/includes/nginx-plus/install/check-tech-specs.md +++ b/content/includes/nginx-plus/install/check-tech-specs.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Check if your operating system and architecture are supported. For a complete list of supported platforms and architectures, see the [Technical Specifications]({{< ref "nginx/technical-specs.md" >}}). diff --git a/content/includes/nginx-plus/install/configure-usage-reporting.md b/content/includes/nginx-plus/install/configure-usage-reporting.md index f2d9c5859..606821d2b 100644 --- a/content/includes/nginx-plus/install/configure-usage-reporting.md +++ b/content/includes/nginx-plus/install/configure-usage-reporting.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the [`mgmt {}`](https://nginx.org/en/docs/ngx_mgmt_module.html) block of the NGINX Plus configuration file (`/etc/nginx/nginx.conf`). For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). diff --git a/content/includes/nginx-plus/install/copy-crt-and-key.md b/content/includes/nginx-plus/install/copy-crt-and-key.md index f6a8ef8b2..68348e8bd 100644 --- a/content/includes/nginx-plus/install/copy-crt-and-key.md +++ b/content/includes/nginx-plus/install/copy-crt-and-key.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Copy the downloaded **.crt** and **.key** files to the **/etc/ssl/nginx/** directory and make sure they are named **nginx-repo.crt** and **nginx-repo.key**: diff --git a/content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md b/content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md index 546f15fd1..3d2f04961 100644 --- a/content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md +++ b/content/includes/nginx-plus/install/copy-jwt-to-etc-nginx-dir.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Copy the downloaded JWT file to the **/etc/nginx/** directory and make sure it is named **license.jwt**: diff --git a/content/includes/nginx-plus/install/create-dir-for-crt-key.md b/content/includes/nginx-plus/install/create-dir-for-crt-key.md index 679303081..777667f6d 100644 --- a/content/includes/nginx-plus/install/create-dir-for-crt-key.md +++ b/content/includes/nginx-plus/install/create-dir-for-crt-key.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Create the **/etc/ssl/nginx** directory: diff --git a/content/includes/nginx-plus/install/create-dir-for-jwt.md b/content/includes/nginx-plus/install/create-dir-for-jwt.md index c3203e0b0..5785ebf97 100644 --- a/content/includes/nginx-plus/install/create-dir-for-jwt.md +++ b/content/includes/nginx-plus/install/create-dir-for-jwt.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nap-dos/deployment-guide/learn-about-deployment.md --- Create the **/etc/nginx/** directory for the JWT license file: diff --git a/content/includes/nginx-plus/install/enable-nginx-service-at-boot.md b/content/includes/nginx-plus/install/enable-nginx-service-at-boot.md index 4e9a9596e..eea3a161f 100644 --- a/content/includes/nginx-plus/install/enable-nginx-service-at-boot.md +++ b/content/includes/nginx-plus/install/enable-nginx-service-at-boot.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- To enable the NGINX service to start at boot, run the following command: diff --git a/content/includes/nginx-plus/install/install-ca-certificates-dependency-dnf.md b/content/includes/nginx-plus/install/install-ca-certificates-dependency-dnf.md index c428a5312..230463b44 100644 --- a/content/includes/nginx-plus/install/install-ca-certificates-dependency-dnf.md +++ b/content/includes/nginx-plus/install/install-ca-certificates-dependency-dnf.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Install the **ca-certificates** dependency: diff --git a/content/includes/nginx-plus/install/install-ca-certificates-dependency-yum.md b/content/includes/nginx-plus/install/install-ca-certificates-dependency-yum.md index 33d4c62a9..dd64fcae6 100644 --- a/content/includes/nginx-plus/install/install-ca-certificates-dependency-yum.md +++ b/content/includes/nginx-plus/install/install-ca-certificates-dependency-yum.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Install the **ca-certificates** dependency: diff --git a/content/includes/nginx-plus/install/install-nginx-agent-for-nim.md b/content/includes/nginx-plus/install/install-nginx-agent-for-nim.md index 548244839..6c77587af 100644 --- a/content/includes/nginx-plus/install/install-nginx-agent-for-nim.md +++ b/content/includes/nginx-plus/install/install-nginx-agent-for-nim.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- If you are using [NGINX Instance Manager]({{}}) in your infrastructure, install and enable [NGINX Agent](https://docs.nginx.com/nginx-agent/overview/). See [Install and Configure NGINX Agent](https://github.com/nginx/agent/blob/main/README.md) for details. \ No newline at end of file diff --git a/content/includes/nginx-plus/install/install-nginx-plus-package-dnf.md b/content/includes/nginx-plus/install/install-nginx-plus-package-dnf.md index 68bf3c56c..ca4ca8b68 100644 --- a/content/includes/nginx-plus/install/install-nginx-plus-package-dnf.md +++ b/content/includes/nginx-plus/install/install-nginx-plus-package-dnf.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Install the **nginx-plus** package. Any older NGINX Plus package is automatically replaced. diff --git a/content/includes/nginx-plus/install/install-nginx-plus-package-yum.md b/content/includes/nginx-plus/install/install-nginx-plus-package-yum.md index 410451c07..4291d9854 100644 --- a/content/includes/nginx-plus/install/install-nginx-plus-package-yum.md +++ b/content/includes/nginx-plus/install/install-nginx-plus-package-yum.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- Install the **nginx-plus** package. Any older NGINX Plus package is automatically replaced. diff --git a/content/includes/nginx-plus/install/nim-disconnected-report-usage.md b/content/includes/nginx-plus/install/nim-disconnected-report-usage.md index 112246a8e..1c60a181d 100644 --- a/content/includes/nginx-plus/install/nim-disconnected-report-usage.md +++ b/content/includes/nginx-plus/install/nim-disconnected-report-usage.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- In NGINX Instance Manager, prepare and send the usage report to F5 licensing endpoint. For more information, see [Report usage to F5 in a disconnected environment]({{< ref "nim/disconnected/report-usage-disconnected-deployment.md" >}}). \ No newline at end of file diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md index 06c8afbfa..63ad3e0f8 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-debian-ubuntu-R32.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- To pin NGINX Plus to a specific version (for example, R33): diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md deleted file mode 100644 index 6e38a6922..000000000 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel7-R32.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -nd-docs: DOCS-000 ---- - -To pin NGINX Plus to a specific version (for example, R32): - -1. Edit the `/etc/yum.repos.d/nginx-plus-7.4.repo` file. -1. Update the repository base URL to the desired version: - - ```shell - baseurl=https://pkgs.nginx.com/plus/R32/centos/7/$basearch/ - ``` - -3. Save the changes and exit. \ No newline at end of file diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md index d970d82c2..cbb7eb5ec 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-rhel8-R32.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- To pin NGINX Plus to a specific version (for example, R33): diff --git a/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md b/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md index 80b5571db..5b06675c9 100644 --- a/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md +++ b/content/includes/nginx-plus/install/pin-to-version/pin-rhel9-R32.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md --- To pin NGINX Plus to a specific version (for example, R33): diff --git a/content/includes/nginx-plus/nginx-openid-repo-note.md b/content/includes/nginx-plus/nginx-openid-repo-note.md index 7bfcbdbb1..421638a7c 100644 --- a/content/includes/nginx-plus/nginx-openid-repo-note.md +++ b/content/includes/nginx-plus/nginx-openid-repo-note.md @@ -1 +1,12 @@ +--- +nd-files: +- content/nginx/deployment-guides/single-sign-on/oidc-njs/active-directory-federation-services.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/auth0.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/cognito.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/okta.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/onelogin.md +- content/nginx/deployment-guides/single-sign-on/oidc-njs/ping-identity.md +--- + You can find more information about the NGINX Plus OpenID Connect integration in the project's [GitHub repo](https://github.com/nginxinc/nginx-openid-connect#nginx-openid-connect). diff --git a/content/includes/nginx-plus/oss-plus-comparison.md b/content/includes/nginx-plus/oss-plus-comparison.md index c79b26299..be095664d 100644 --- a/content/includes/nginx-plus/oss-plus-comparison.md +++ b/content/includes/nginx-plus/oss-plus-comparison.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nginx/_index.md +- content/nginxaas-azure/overview/feature-comparison.md --- {{< call-out "note" >}}For a detailed comparison between NGINX Plus and NGINX Open Source, refer to [Differences between NGINX Open Source and NGINX Plus](https://www.f5.com/products/get-f5/nginx-open-source-vs-nginx-one-differences-in-features) on the F5 website.{{}} \ No newline at end of file diff --git a/content/includes/nginx-plus/supported-distributions.md b/content/includes/nginx-plus/supported-distributions.md index a30f9ee74..0d7767d04 100644 --- a/content/includes/nginx-plus/supported-distributions.md +++ b/content/includes/nginx-plus/supported-distributions.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nginx/technical-specs.md --- {{}} diff --git a/content/includes/nginx-plus/usage-tracking/agentless-reporting.md b/content/includes/nginx-plus/usage-tracking/agentless-reporting.md deleted file mode 100644 index 55af846c6..000000000 --- a/content/includes/nginx-plus/usage-tracking/agentless-reporting.md +++ /dev/null @@ -1,163 +0,0 @@ ---- -nd-docs: DOCS-1408 ---- - -Since [Release 31]({{< ref "/nginx/releases.md#nginxplusrelease-31-r31" >}}), NGINX Plus provides a built-in support for reporting of your NGINX Plus instances to NGINX Instance Manager without the need of installing NGINX Agent or tuning HTTP Health checks. If you participate in the [F5 Flex Consumption Program](https://www.f5.com/products/get-f5/flex-consumption-program), you will no longer need to manually track your NGINX Plus instances. - -Usage reporting is enabled by default. At each startup, NGINX Plus attempts to discover NGINX Instance Manager via a DNS lookup of the `nginx-mgmt.local` hostname. Then NGINX Plus establishes a TLS connection to NGINX Instance Manager and every `30` minutes reports its version number, hostname, and identifier. - -If NGINX instance reporting is not configured or NGINX Plus cannot provide its usage information to NGINX Instance Manager, a warning message will be logged. - -Parameters customization can be done with the [`ngx_mgmt_module`](https://nginx.org/en/docs/ngx_mgmt_module.html#mgmt) module, in particular if you need to: - -- use mTLS for enhanced security (recommended) - -- define a custom resolver - -- use an IP address or a different hostname to identify NGINX Instance Manager - -- specify other custom parameters such as reporting time, path to the reporting file, etc. - - -## Enabling Mutual Client Certificate Auth Setup (mTLS) - -It is highly recommended to secure and authorize NGINX Plus instance with NGINX Instance Manager by using client certificates unique to each endpoint. - -1. Obtain a certificate, a key, and a CA certificate on both the NGINX Instance Manager and NGINX Plus instance. See the [Secure Traffic with Certificates]({{< ref "/nim/system-configuration/secure-traffic.md" >}}) for instructions on how to generate keys. - -2. In the configuration file of NGINX Plus instance, on the `main` level, add the [`mgmt`](https://nginx.org/en/docs/ngx_mgmt_module.html#mgmt) block: - - ```nginx - mgmt { - #... - - } - ``` - -3. Set up a HTTPS server that accepts and terminates the traffic from NGINX Instance Manager. Inside the [`mgmt`](https://nginx.org/en/docs/ngx_mgmt_module.html#mgmt) block, specify the path to the client certificate and private key file with the [`ssl_certificate`](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_certificate) and [`ssl_certificate_key`](https://nginx.org/en/docs/ngx_mgmt_module.html#sl_certificate_key) directives: - - ```nginx - mgmt { - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers DEFAULT; - - ssl_certificate client_cert.pem; - ssl_certificate_key client_cert.key; - #... - } - ``` - - While the server certificate is a public entity and is sent to NMS, the private key is a secure entity and should be stored in a file with restricted access. - - -4. Configure the verification of the NMS server certificate to validate the authenticity of NMS: - - ```nginx - mgmt { - #... - ssl_trusted_certificate trusted_ca_cert.crt; - ssl_verify on; - ssl_verify_depth 2; - } - ``` - - Full configuration: - - ```nginx - mgmt { - resolver 10.0.0.1; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers DEFAULT; - - ssl_certificate client_cert.pem; - ssl_certificate_key client_cert.key; - - ssl_trusted_certificate trusted_ca_cert.crt; - ssl_verify on; - ssl_verify_depth 2; - } - ``` - -5. Reload the NGINX Plus configuration: - - ```shell - sudo nginx -s reload - ``` - -6. Make the corresponding changes on the NGINX Instance Manager server side. See [Secure Client Access and Network Traffic for NMS](https://docs.nginx.com/nginx-management-suite/admin-guides/configuration/secure-traffic/) - - -## Specifying a custom resolver - -If there is a custom DNS server in your corporate network, you can specify its address with the [`resolver`](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive in the [`mgmt`](https://nginx.org/en/docs/ngx_mgmt_module.html#mgmt) block: - -```nginx -mgmt { - resolver 10.0.0.1; - #... -} -``` - -By default, NGINX Plus re-resolves DNS records at the frequency specified by time‑to‑live (TTL) in the record, but you can override the TTL value with the valid parameter; in the example it is `300` seconds, or `5` minutes. - -Also, the optional `ipv6=off` parameter means only IPv4 addresses are used, though resolving of both IPv4 and IPv6 addresses is supported by default: - -```nginx -mgmt { - resolver 10.0.0.1 valid=300s ipv6=off; - #... -} -``` - -To make the resolver statistics appear in [Live Activity Monitoring Dashboard](https://docs.nginx.com/nginx/admin-guide/monitoring/live-activity-monitoring/)), specify the [`status_zone`](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver_status_zone) parameter of the [`resolver`](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive: - -```nginx -mgmt { - resolver 10.0.0.1 status_zone=resolver-zone1; - #... -} -``` - -## Defining custom address for NGINX Instance Manager - -There are several ways to configure the address of NGINX Instance Manager: - -- (recommended) add an `A` record to your local DNS that will associate the default hostname with the IP address of the system running NGINX Instance Manager - -- set the address with the `endpoint` parameter of the [`usage_report`](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive, by default the address is `nginx-mgmt.local`: - - ```nginx - mgmt { - resolver 10.0.0.1; - usage_report endpoint=nms.local interval=15m; - #... - } - ``` - - If the name resolves into several IP addresses, the first IP address will be used. - -## Configuration Example - -```nginx -#... - -mgmt { - usage_report endpoint=nginx-mgmt.local interval=30m; - resolver DNS_IP; - - uid_file /var/lib/nginx/nginx.id; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers DEFAULT; - - ssl_certificate client_cert.pem; - ssl_certificate_key client_cert.key; - - ssl_trusted_certificate trusted_ca_cert.crt; - ssl_verify on; - ssl_verify_depth 2; -} - -#... -``` diff --git a/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md b/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md deleted file mode 100644 index 2f8a092b1..000000000 --- a/content/includes/nginx-plus/usage-tracking/get-list-k8s-deployments.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -nd-docs: DOCS-1352 ---- - -To report your NGINX Ingress Controller clusters to F5, follow these steps: - -1. Run the following command in your terminal to get a list of NGINX Ingress Controller instances and nodes in your cluster. Remember to replace `` with the fully-qualified domain name of your NGINX Instance Manager host: - - ```sh - curl -X GET --url "https:///api/platform/v1/k8s-usage" - ``` - -2. Once you have the list of instances and nodes, send it to your F5 representative. - diff --git a/content/includes/nginx-plus/usage-tracking/http-health-check.md b/content/includes/nginx-plus/usage-tracking/http-health-check.md deleted file mode 100644 index 373d479d6..000000000 --- a/content/includes/nginx-plus/usage-tracking/http-health-check.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -nd-docs: DOCS-1351 ---- - -You can track NGINX Plus instances using an [HTTP Health Check]({{< ref "nginx/admin-guide/load-balancer/http-health-check" >}}) without installing NGINX Agent. This involves updating the NGINX Plus configuration file. Follow these steps: - -1. Open the NGINX Plus configuration file ([_/etc/nginx/conf.d_]({{< ref "nginx/admin-guide/basic-functionality/managing-configuration-files.md#feature-specific-configuration-files" >}})) and insert the following code within the `http {}` block: - - ```nginx - ### F5 / NGINX Required Configuration Code ### - ### Insert the following into the http {} block of your NGINX configuration file ### - - keyval_zone zone=uuid:32K state=/var/lib/nginx/state/instance_uuid.json; - keyval 1 $nginx_uuid zone=uuid; - - upstream receiver { - zone receiver 64k; - - # REQUIRED: Update NMS_FQDN with NGINX Instance Manager IP Address or hostname. - # If configuring with hostname, please ensure to uncomment the resolver - # directive below and define a DNS server that can resolve the hostname. - server NMS_FQDN:443; - - # OPTIONAL: Update DNS_UP with DNS server IP address that can resolve - # the hostname defined above. - #resolver DNS_IP; - } - - map CERT $repo_crt { - # OPTIONAL: Location of client certificate - #default /etc/ssl/nginx/nginx-client.crt; - } - - map KEY $repo_key { - # OPTIONAL: Location of client certificate private key - #default /etc/ssl/nginx/nginx-client.key; - } - - server { - location @ngx_usage_https { - # OPTIONAL: Configure scheme (http|https) here - proxy_pass https://receiver; - - # REQUIRED: If using NGINX APP PROTECT (NAP) on this instance, set nap=active on the following line: - proxy_set_header Nginx-Usage "Version=$nginx_version;Hostname=$hostname;uuid=$nginx_uuid;nap=inactive"; - - health_check uri=/api/nginx-usage interval=1800s; # DO NOT MODIFY - proxy_ssl_certificate $repo_crt; # DO NOT MODIFY - proxy_ssl_certificate_key $repo_key; # DO NOT MODIFY - } - - location @self { - health_check uri=/_uuid interval=1d; - proxy_pass http://self; - } - - location = /_uuid { - if ($nginx_uuid !~ .) { - set $nginx_uuid $request_id; - } - return 204; - } - - listen unix:/tmp/ngx_usage.sock; - } - - upstream self { - zone self 64k; - server unix:/tmp/ngx_usage.sock; - } - - ### End of F5 / NGINX Required Configuration Code ### - ``` - -2. Modify the configuration to suit your specific NGINX Instance Manager installation: - - - Update the `NMS_FQDN` variable in the `upstream receiver` block with your Instance Manager hostname or IP address. If using a private DNS, uncomment and update the resolver with your [DNS IP Address](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolver). - - If your Instance Manager server requires client SSL certification, specify the locations of the SSL certificate and key in the `map CERT` and `map KEY` blocks. For more details, see [Securing HTTP Traffic to Upstream Servers]({{< ref "nginx/admin-guide/security-controls/securing-http-traffic-upstream" >}}). - - If you're using NGINX App Protect, change `nap=inactive` to `nap=active` in the `location @ngx_usage_https` block. - - Optionally, you can limit access to the `/api/nginx-usage` location on your NGINX Instance Manager server based on client network address. For guidance on how to do this, refer to [Module ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). -3. Save the changes. - -{{< call-out "important" >}}If you install NGINX Agent later, remove this configuration to prevent double-counting instances.{{< /call-out >}} diff --git a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md b/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md deleted file mode 100644 index c734a234c..000000000 --- a/content/includes/nginx-plus/usage-tracking/install-nginx-agent.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -nd-docs: DOCS-1354 ---- - -When you install NGINX Agent on an NGINX Plus instance, it will establish a connection with Instance Manager and begin transmitting usage data. - -1. To install NGINX Agent, [follow these instructions]({{< ref "/nms/nginx-agent/install-nginx-agent.md" >}}). - -2. (Optional) If you're using Instance Manager primarily for tracking NGINX Plus usage, you can optimize performance by modifying the NGINX Agent configuration. Add this line to _/etc/nginx-agent/nginx-agent.conf_: - - ``` yaml - features: registration,dataplane-status - ``` - - {{< call-out "note" >}}If you upgrade to the full version of Instance Manager later, remove the `features: registration,dataplane-status` line from the configuration. This change will enable NGINX Agent to collect a broader range of metrics and manage configurations remotely.{{< /call-out >}} diff --git a/content/includes/nginx-plus/usage-tracking/install-nim.md b/content/includes/nginx-plus/usage-tracking/install-nim.md deleted file mode 100644 index d8416d0c2..000000000 --- a/content/includes/nginx-plus/usage-tracking/install-nim.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -nd-docs: DOCS-1355 ---- - -{{< call-out "note" >}}A separate license for NGINX Instance Manager is not required to track your NGINX product usage.{{< /call-out >}} - -To start reporting on your [NGINX Plus]({{< ref "nginx/" >}}) installations, you'll first need to install [NGINX Instance Manager]({{< ref "nim/" >}}) on a dedicated host. You can choose between two installation options: either on a virtual machine or bare metal server, or by deploying on a Kubernetes cluster. Instructions for both methods are below: - -#### Virtual Machine or Bare Metal - -- [Prerequisites]({{< ref "/nim/deploy/vm-bare-metal/install.md" >}}) -- [Install NGINX Instance Manager]({{< ref "/nim/deploy/vm-bare-metal/install.md" >}}) - -#### Kubernetes - -- [Deploy Instance Manager on Kubernetes]({{< ref "/nim/deploy/kubernetes/deploy-using-helm.md" >}}) diff --git a/content/includes/nginx-plus/usage-tracking/overview.md b/content/includes/nginx-plus/usage-tracking/overview.md deleted file mode 100644 index d903d54a1..000000000 --- a/content/includes/nginx-plus/usage-tracking/overview.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -nd-docs: DOCS-1349 ---- - -Start by installing NGINX Instance Manager on a dedicated host. Then, configure your NGINX Plus systems to report back to Instance Manager. Once connected, you can easily view and report on your NGINX Plus inventory using the NGINX Instance Manager REST API or web interface. You can send these reports to your F5 contact as needed. - - -{{}} -To set up automatic reporting, [add your JWT-based license to NGINX Instance Manager]({{< ref "/nim/admin-guide/add-license.md#apply-jwt-license" >}}). This license can be downloaded from [MyF5](https://account.f5.com/myf5) if needed. -{{}} diff --git a/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md b/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md deleted file mode 100644 index 4b63bbdfd..000000000 --- a/content/includes/nginx-plus/usage-tracking/view-nginx-plus-count.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -nd-docs: DOCS-1350 ---- - -Follow these steps to view and export the list of NGINX Plus instances that have successfully registered with Instance Manager: - -1. {{< include "nim/webui-nim-login.md" >}} -1. On the left menu, select **NGINX Plus**. -1. To download a list of your NGINX Plus instances, select **Export**. Note that the export will include only the instances on the current page. You can then forward this list to your F5 representative. - - - diff --git a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md index 15169836d..2a8636598 100644 --- a/content/includes/nginxaas-azure/logging-analysis-azure-storage.md +++ b/content/includes/nginxaas-azure/logging-analysis-azure-storage.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md --- If the diagnostic setting destination details included a storage account, logs show up in the storage container "insights-logs-nginxlogs" with the following format: `resourceID=//y=/m=/d=
/h=/PT1H.json` diff --git a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md index faa636ca7..29b9fe049 100644 --- a/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md +++ b/content/includes/nginxaas-azure/logging-analysis-logs-analytics.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md --- If the diagnostic setting destination details included a Logs Analytics workspace, logs show up in the table "NGXOperationLogs" with the following non-standard attributes: diff --git a/content/includes/nginxaas-azure/logging-config-access-logs.md b/content/includes/nginxaas-azure/logging-config-access-logs.md index 45b64c4c6..ea4b52a6b 100644 --- a/content/includes/nginxaas-azure/logging-config-access-logs.md +++ b/content/includes/nginxaas-azure/logging-config-access-logs.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md --- NGINX access logs are disabled by default. You can enable access logs by adding **access_log** directives to your NGINX configuration to specify the location of the logs and formats. The log path should always be configured to be inside **/var/log/nginx**. diff --git a/content/includes/nginxaas-azure/logging-config-error-logs.md b/content/includes/nginxaas-azure/logging-config-error-logs.md index 149a960ac..c2bcabdec 100644 --- a/content/includes/nginxaas-azure/logging-config-error-logs.md +++ b/content/includes/nginxaas-azure/logging-config-error-logs.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md --- By default, NGINXaaS for Azure puts the error log at **/var/log/nginx/error.log**. It includes messages with severity **error** and above. diff --git a/content/includes/nginxaas-azure/logging-limitations.md b/content/includes/nginxaas-azure/logging-limitations.md index 8e4f9722a..997990cba 100644 --- a/content/includes/nginxaas-azure/logging-limitations.md +++ b/content/includes/nginxaas-azure/logging-limitations.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/monitoring/enable-logging/logging-using-cli.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-portal.md +- content/nginxaas-azure/monitoring/enable-logging/logging-using-terraform.md --- 1. File-based logs must be configured to use the path **/var/log/nginx**. diff --git a/content/includes/nginxaas-azure/ncu-description.md b/content/includes/nginxaas-azure/ncu-description.md index 1ce73bf8e..e7dc22fa9 100644 --- a/content/includes/nginxaas-azure/ncu-description.md +++ b/content/includes/nginxaas-azure/ncu-description.md @@ -1,5 +1,8 @@ --- -nd-docs: "DOCS-1476" +nd-docs: DOCS-1476 +nd-files: +- content/nginxaas-azure/billing/overview.md +- content/nginxaas-azure/quickstart/scaling.md --- An NGINX Capacity Unit (NCU) quantifies the capacity of an NGINX instance based on the underlying compute resources. This abstraction allows you to specify the desired capacity in NCUs without having to consider the regional hardware differences. diff --git a/content/includes/nginxaas-azure/ssl-tls-prerequisites.md b/content/includes/nginxaas-azure/ssl-tls-prerequisites.md index 5663d6f42..77b6890df 100644 --- a/content/includes/nginxaas-azure/ssl-tls-prerequisites.md +++ b/content/includes/nginxaas-azure/ssl-tls-prerequisites.md @@ -1,5 +1,8 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-azure-cli.md +- content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-portal.md --- NGINXaaS natively integrates with [Azure Key Vault (AKV)](https://azure.microsoft.com/en-us/products/key-vault), so you can bring your own certificates and manage them in a centralized location. You will need: diff --git a/content/includes/nginxaas-azure/terraform-prerequisites.md b/content/includes/nginxaas-azure/terraform-prerequisites.md index 35d886ceb..20f735060 100644 --- a/content/includes/nginxaas-azure/terraform-prerequisites.md +++ b/content/includes/nginxaas-azure/terraform-prerequisites.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md +- content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md +- content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md --- - Confirm that you meet the [NGINXaaS Prerequisites]({{< ref "/nginxaas-azure/getting-started/prerequisites.md" >}}). diff --git a/content/includes/nginxaas-azure/terraform-resources.md b/content/includes/nginxaas-azure/terraform-resources.md index 0a830ca19..509887a3a 100644 --- a/content/includes/nginxaas-azure/terraform-resources.md +++ b/content/includes/nginxaas-azure/terraform-resources.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nginxaas-azure/getting-started/create-deployment/deploy-terraform.md +- content/nginxaas-azure/getting-started/nginx-configuration/nginx-configurations-terraform.md +- content/nginxaas-azure/getting-started/ssl-tls-certificates/ssl-tls-certificates-terraform.md --- - [NGINXaaS Managed Identity Documentation]({{< ref "/nginxaas-azure/getting-started/managed-identity-portal.md" >}}) diff --git a/content/includes/nginxaas-google/access-console.md b/content/includes/nginxaas-google/access-console.md index eeb92c3b6..814cd75fa 100644 --- a/content/includes/nginxaas-google/access-console.md +++ b/content/includes/nginxaas-google/access-console.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/getting-started/nginx-configuration/nginx-configuration-console.md --- - Visit [https://console.nginxaas.net/](https://console.nginxaas.net/) to access the NGINXaaS Console. diff --git a/content/includes/nginxaas-google/create-or-import-nginx-config.md b/content/includes/nginxaas-google/create-or-import-nginx-config.md index 8d806c706..052f7f4b1 100644 --- a/content/includes/nginxaas-google/create-or-import-nginx-config.md +++ b/content/includes/nginxaas-google/create-or-import-nginx-config.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/getting-started/create-deployment/deploy-console.md +- content/nginxaas-google/getting-started/nginx-configuration/nginx-configuration-console.md --- In the NGINXaaS Console, diff --git a/content/includes/nginxaas-google/logging-config-access-logs.md b/content/includes/nginxaas-google/logging-config-access-logs.md index 32540c234..548a9ccca 100644 --- a/content/includes/nginxaas-google/logging-config-access-logs.md +++ b/content/includes/nginxaas-google/logging-config-access-logs.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/monitoring/enable-nginx-logs.md --- NGINX access logs are disabled by default. You can enable access logs by adding **access_log** directives to your NGINX configuration to specify the location of the logs and formats. The log path should always be configured to be inside **/var/log/nginx**. diff --git a/content/includes/nginxaas-google/logging-config-error-logs.md b/content/includes/nginxaas-google/logging-config-error-logs.md index 05308b7bb..e3168296b 100644 --- a/content/includes/nginxaas-google/logging-config-error-logs.md +++ b/content/includes/nginxaas-google/logging-config-error-logs.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/monitoring/enable-nginx-logs.md --- NGINX error logs are disabled by default. You can enable error logs by adding **error_log** directives to your NGINX configuration to specify the location of the logs and formats. The log path should always be configured to be inside **/var/log/nginx**. diff --git a/content/includes/nginxaas-google/ncu-description.md b/content/includes/nginxaas-google/ncu-description.md deleted file mode 100644 index 17c015e54..000000000 --- a/content/includes/nginxaas-google/ncu-description.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -nd-docs: "DOCS-1476" ---- - -An NGINX Capacity Unit (NCU) quantifies the capacity of an NGINX instance based on the underlying compute resources. This abstraction allows you to specify the desired capacity in NCUs without having to consider the regional hardware differences. - -An NGINX Capacity Unit consists of the following parameters: - -* CPU: an NCU provides 20 [Azure Compute Units](https://learn.microsoft.com/en-us/azure/virtual-machines/acu) (ACUs) -* Bandwidth: an NCU provides 60 Mbps of network throughput -* Concurrent connections: an NCU provides 400 concurrent connections. This performance is not guaranteed when NGINX App Protect WAF is used with NGINXaaS diff --git a/content/includes/nginxaas-google/ssl-tls-prerequisites.md b/content/includes/nginxaas-google/ssl-tls-prerequisites.md deleted file mode 100644 index 9c21cbbcb..000000000 --- a/content/includes/nginxaas-google/ssl-tls-prerequisites.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -nd-docs: DOCS-000 ---- - -TBD SSL Prerequisites for NGINXaaS for Google Cloud \ No newline at end of file diff --git a/content/includes/nginxaas-google/terraform-prerequisites.md b/content/includes/nginxaas-google/terraform-prerequisites.md index b7cb42295..b0385db7c 100644 --- a/content/includes/nginxaas-google/terraform-prerequisites.md +++ b/content/includes/nginxaas-google/terraform-prerequisites.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/getting-started/create-deployment/deploy-terraform.md +- content/nginxaas-google/getting-started/nginx-configuration/nginx-configurations-terraform.md --- - Confirm that you meet the [NGINXaaS Prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). diff --git a/content/includes/nginxaas-google/terraform-resources.md b/content/includes/nginxaas-google/terraform-resources.md index a4b991362..55fdb697c 100644 --- a/content/includes/nginxaas-google/terraform-resources.md +++ b/content/includes/nginxaas-google/terraform-resources.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/getting-started/create-deployment/deploy-terraform.md +- content/nginxaas-google/getting-started/nginx-configuration/nginx-configurations-terraform.md --- TBD NGINXaaS for Google Cloud Terraform resources \ No newline at end of file diff --git a/content/includes/nginxaas-google/update-nginx-config.md b/content/includes/nginxaas-google/update-nginx-config.md index f4482db75..c06b5259b 100644 --- a/content/includes/nginxaas-google/update-nginx-config.md +++ b/content/includes/nginxaas-google/update-nginx-config.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nginxaas-google/getting-started/nginx-configuration/nginx-configuration-console.md +- content/nginxaas-google/getting-started/ssl-tls-certificates/ssl-tls-certificates-console.md --- 1. On the left menu, select **Configurations**. diff --git a/content/includes/nic/compatibility-tables/nic-k8s.md b/content/includes/nic/compatibility-tables/nic-k8s.md index 79308a803..0f33f373e 100644 --- a/content/includes/nic/compatibility-tables/nic-k8s.md +++ b/content/includes/nic/compatibility-tables/nic-k8s.md @@ -1,3 +1,9 @@ +--- +nd-files: +- content/nic/changelog/_index.md +- content/nic/technical-specifications.md +--- + NGINX Ingress Controller supports the following versions of [NGINX Plus]({{< ref "/nginx/" >}}) and [Kubernetes](https://kubernetes.io/): {{< table >}} diff --git a/content/includes/nic/compatibility-tables/nic-nap.md b/content/includes/nic/compatibility-tables/nic-nap.md index cf465893a..99309a8a5 100644 --- a/content/includes/nic/compatibility-tables/nic-nap.md +++ b/content/includes/nic/compatibility-tables/nic-nap.md @@ -1,3 +1,11 @@ +--- +nd-files: +- content/nic/changelog/_index.md +- content/nic/install/waf-helm.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/technical-specifications.md +--- + NGINX Ingress Controller supports the following versions of [F5 WAF for NGINX](https://docs.nginx.com/waf/): {{< table >}} diff --git a/content/includes/nic/configuration/access-control.md b/content/includes/nic/configuration/access-control.md deleted file mode 100644 index 769bfbabf..000000000 --- a/content/includes/nic/configuration/access-control.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Deploy a Policy for access control -weight: 900 -toc: true -nd-docs: DOCS-000 ---- - -This topic describes how to use F5 NGINX Ingress Controller to apply and update a Policy for access control. It demonstrates it using an example application and a [VirtualServer custom resource]({{< ref "/configuration/virtualserver-and-virtualserverroute-resources.md" >}}). - ---- - -## Before you begin - -You should have a [working NGINX Ingress Controller]({{< ref "/installation/installing-nic/installation-with-helm.md" >}}) instance. - -For ease of use in shell commands, set two shell variables: - -1. The public IP address for your NGINX Ingress Controller instance. - -```shell -IC_IP= -``` - -2. The HTTP port of the same instance. - -```shell -IC_HTTP_PORT= -``` - ---- - -## Deploy the example application - -Create the file _webapp.yaml_ with the following contents: - -{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/webapp.yaml" >}} - -Apply it using `kubectl`: - -```shell -kubectl apply -f webapp.yaml -``` - ---- - -## Deploy a Policy to create a deny rule - -Create a file named _access-control-policy-deny.yaml_. The highlighted _deny_ field will be used by the example application, and should be changed to the subnet of your machine. - -{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-deny.yaml" "hl_lines=7-8" >}} - -Apply the policy: - -```shell -kubectl apply -f access-control-policy-deny.yaml -``` - ---- - -## Configure load balancing - -Create a file named _virtual-server.yaml_ for the VirtualServer resource. The _policies_ field references the access control Policy created in the previous section. - -{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/virtual-server.yaml" "hl_lines=7-8" >}} - -Apply the policy: - -```shell -kubectl apply -f virtual-server.yaml -``` - ---- - -## Test the example application - -Use `curl` to attempt to access the application: - -```shell -curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT -``` -```text - -403 Forbidden - -

403 Forbidden

- - -``` - -The *403* response is expected, successfully blocking your machine. - ---- - -## Update the Policy to create an allow rule - -Update the Policy with the file _access-control-policy-allow.yaml_, setting the _allow_ field to the subnet of your machine. - -{{< ghcode "https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/custom-resources/access-control/access-control-policy-allow.yaml" "hl_lines=7-8" >}} - -Apply the Policy: - -```shell -kubectl apply -f access-control-policy-allow.yaml -``` - ----- - -## Verify the Policy update - -Attempt to access the application again: - -```shell -curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT -``` -```text -Server address: 10.64.0.13:8080 -Server name: webapp-5cbbc7bd78-wf85w -``` - -The successful response demonstrates that the policy has been updated. diff --git a/content/includes/nic/configuration/configuration-examples.md b/content/includes/nic/configuration/configuration-examples.md deleted file mode 100644 index c49c0790e..000000000 --- a/content/includes/nic/configuration/configuration-examples.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -nd-docs: DOCS-584 -doctypes: -- '' -title: Configuration examples -toc: true -weight: 400 ---- - -Our [GitHub repo](https://github.com/nginx/kubernetes-ingress) includes a number of configuration examples: - -- [*Examples of Custom Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources) show how to advanced NGINX features by using VirtualServer, VirtualServerRoute, TransportServer and Policy Custom Resources. -- [*Examples of Ingress Resources*](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources) show how to use advanced NGINX features in Ingress resources with annotations. diff --git a/content/includes/nic/configuration/global-configuration/command-line-arguments.md b/content/includes/nic/configuration/global-configuration/command-line-arguments.md deleted file mode 100644 index 908e4e1fa..000000000 --- a/content/includes/nic/configuration/global-configuration/command-line-arguments.md +++ /dev/null @@ -1,685 +0,0 @@ ---- -nd-docs: DOCS-585 -doctypes: -- '' -title: Command-line arguments -toc: true -weight: 100 ---- - -F5 NGINX Ingress Controller supports several command-line arguments, which are set based on installation method: - -- If you're using *Kubernetes Manifests* to install NGINX Ingress Controller, modify the Manifests to set the command-line arguments. View the [Installation with Manifests]({{}}) topic for more information. -- If you're using *Helm* to install NGINX Ingress Controller, modify the parameters of the Helm chart to set the command-line arguments. View the [Installation with Helm]({{}}) topic for more information. - - - -### -enable-snippets - -Enable custom NGINX configuration snippets in Ingress, VirtualServer, VirtualServerRoute and TransportServer resources. - -Default `false`. - - - ---- - -### -default-server-tls-secret `` - -Secret with a TLS certificate and key for TLS termination of the default server. - -- If not set, certificate and key in the file `/etc/nginx/secrets/default` are used. -- If `/etc/nginx/secrets/default` doesn't exist, NGINX Ingress Controller will configure NGINX to reject TLS connections to the default server. -- If a secret is set, but NGINX Ingress Controller is not able to fetch it from Kubernetes API, or it is not set and NGINX Ingress Controller fails to read the file "/etc/nginx/secrets/default", NGINX Ingress Controller will fail to start. - -Format: `/` - - - ---- - -### -wildcard-tls-secret `` - -A Secret with a TLS certificate and key for TLS termination of every Ingress/VirtualServer host for which TLS termination is enabled but the Secret is not specified. - -- If the argument is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection -- If the argument is set, but NGINX Ingress Controller is not able to fetch the Secret from Kubernetes API, NGINX Ingress Controller will fail to start. - -Format: `/` - - - ---- - -### -enable-custom-resources - -Enables custom resources. - -Default `true`. - - - - ---- - -### -enable-oidc - -Enables OIDC policies. - -Default `false`. - - - ---- - -### -enable-leader-election - -Enables Leader election to avoid multiple replicas of the controller reporting the status of Ingress, VirtualServer and VirtualServerRoute resources -- only one replica will report status. -Default `true`. - -See [-report-ingress-status](#cmdoption-report-ingress-status) flag. - - - ---- - -### -enable-tls-passthrough - -Enable TLS Passthrough on port 443. - -Requires [-enable-custom-resources](#cmdoption-enable-custom-resources). - - - ---- - -### -tls-passthrough-port `` - -Set the port for TLS Passthrough. -Format: `[1024 - 65535]` (default `443`) - -Requires [-enable-custom-resources](#cmdoption-enable-custom-resources). - - - ---- - -### -enable-cert-manager - -Enable x509 automated certificate management for VirtualServer resources using cert-manager (cert-manager.io). - -Requires [-enable-custom-resources](#cmdoption-enable-custom-resources). - - - ---- - -### -enable-external-dns - -Enable integration with ExternalDNS for configuring public DNS entries for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). - -Requires [-enable-custom-resources](#cmdoption-enable-custom-resources). - - ---- - -### -external-service `` - -Specifies the name of the service with the type LoadBalancer through which the NGINX Ingress Controller pods are exposed externally. The external address of the service is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. - -For Ingress resources only: Requires [-report-ingress-status](#cmdoption-report-ingress-status). - - - ---- - -### -ingresslink `` - -Specifies the name of the IngressLink resource, which exposes the NGINX Ingress Controller pods via a BIG-IP system. The IP of the BIG-IP system is used when reporting the status of Ingress, VirtualServer and VirtualServerRoute resources. - -For Ingress resources only: Requires [-report-ingress-status](#cmdoption-report-ingress-status). - - - ---- - -### -global-configuration `` - -A GlobalConfiguration resource for global configuration of NGINX Ingress Controller. - -Format: `/` - -Requires [-enable-custom-resources](#cmdoption-enable-custom-resources). - - - ---- - -### -health-status - -Adds a location "/nginx-health" to the default server. The location responds with the 200 status code for any request. - -Useful for external health-checking of NGINX Ingress Controller. - - - ---- - -### -health-status-uri `` - -Sets the URI of health status location in the default server. Requires [-health-status](#cmdoption-health-status). (default `/nginx-health`) - - - ---- - -### -ingress-class `` - -The `-ingress-class` argument refers to the name of the resource `kind: IngressClass`. An IngressClass resource with a name equal to the class must be deployed. Otherwise, NGINX Ingress Controller will fail to start. -NGINX Ingress Controller will only process Ingress resources that belong to its class (Whose `ingressClassName` value matches the value of `-ingress-class`), skipping the ones without it. It will also process all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the `ingressClassName` field. - -Default `nginx`. - - - ---- - -### -ingress-template-path `` - -Path to the ingress NGINX configuration template for an ingress resource. Default for NGINX is `nginx.ingress.tmpl`; default for NGINX Plus is `nginx-plus.ingress.tmpl`. - - - ---- - -### -leader-election-lock-name `` - -Specifies the name of the ConfigMap, within the same namespace as the controller, used as the lock for leader election. - -Requires [-enable-leader-election](#cmdoption-enable-leader-election). - - - ---- - -### -log_backtrace_at `` - -When logging hits line `file:N`, emit a stack trace. - - - ---- - -### -main-template-path `` - -Path to the main NGINX configuration template. - -- Default for NGINX is `nginx.tmpl`. -- Default for NGINX Plus is `nginx-plus.tmpl`. - - - ---- - -### -nginx-configmaps `` - -A ConfigMap resource for customizing NGINX configuration. If a ConfigMap is set, but NGINX Ingress Controller is not able to fetch it from Kubernetes API, NGINX Ingress Controller will fail to start. - -Format: `/` - - - ---- - -### -mgmt-configmap `` - -The Management ConfigMap resource is used for customizing the NGINX mgmt block. If using NGINX Plus, a Management ConfigMap must be set. If NGINX Ingress Controller is not able to fetch it from Kubernetes API, NGINX Ingress Controller will fail to start. - -Format: `/` - - - ---- - -### -nginx-debug - -Enable debugging for NGINX. Uses the nginx-debug binary. Requires 'error-log-level: debug' in the ConfigMap. - - - ---- - -### -nginx-plus - -Enable support for NGINX Plus. - - - ---- - -### -nginx-reload-timeout `` - -Timeout in milliseconds which NGINX Ingress Controller will wait for a successful NGINX reload after a change or at the initial start. - -Default is 60000. - - - ---- - -### -nginx-status - -Enable the NGINX stub_status, or the NGINX Plus API. - -Default `true`. - - - ---- - -### -nginx-status-allow-cidrs `` - -Add IP/CIDR blocks to the allow list for NGINX stub_status or the NGINX Plus API. - -Separate multiple IP/CIDR by commas. (default `127.0.0.1,::1`) - - - ---- - -### -nginx-status-port `` - -Set the port where the NGINX stub_status or the NGINX Plus API is exposed. - -Format: `[1024 - 65535]` (default `8080`) - - - ---- - -### -proxy `` - -{{< call-out "warning" >}} This argument is intended for testing purposes only. {{< /call-out >}} - -Use a proxy server to connect to Kubernetes API started with `kubectl proxy`. - -NGINX Ingress Controller does not start NGINX and does not write any generated NGINX configuration files to disk. - - - ---- - -### -report-ingress-status - -Updates the address field in the status of Ingress resources. - -Requires the [-external-service](#cmdoption-external-service) or [-ingresslink](#cmdoption-ingresslink) flag, or the `external-status-address` key in the ConfigMap. - - - ---- - -### -transportserver-template-path `` - -Path to the TransportServer NGINX configuration template for a TransportServer resource. - -- Default for NGINX is `nginx.transportserver.tmpl`. -- Default for NGINX Plus is `nginx-plus.transportserver.tmpl`. - - - ---- - -### -log-level `` - -Log level for Ingress Controller logs. Allowed values: fatal, error, warn, info, debug, trace. - -- Default is `info`. - - - ---- - -### -log-format `` - -Log format for Ingress Controller logs. Allowed values: glog, json, text. - -- Default is `glog`. - - - ---- - -### -version - -Print the version, git-commit hash and build date and exit. - - - ---- - -### -virtualserver-template-path `` - -Path to the VirtualServer NGINX configuration template for a VirtualServer resource. - -- Default for NGINX is `nginx.virtualserver.tmpl`. -- Default for NGINX Plus is `nginx-plus.virtualserver.tmpl`. - - - - ---- - -### -vmodule `` - -A comma-separated list of pattern=N settings for file-filtered logging. - - - ---- - -### -watch-namespace `` - -Comma separated list of namespaces NGINX Ingress Controller should watch for resources. By default NGINX Ingress Controller watches all namespaces. Mutually exclusive with "watch-namespace-label". - - - ---- - -### -watch-namespace-label `` - -Configures NGINX Ingress Controller to watch only those namespaces with label foo=bar. By default NGINX Ingress Controller watches all namespaces. Mutually exclusive with "watch-namespace". - - - ---- - -### -watch-secret-namespace `` - -Comma separated list of namespaces NGINX Ingress Controller should watch for secrets. If this arg is not configured, NGINX Ingress Controller watches the same namespaces for all resources, see "watch-namespace" and "watch-namespace-label". All namespaces included with this argument must be part of either `-watch-namespace` or `-watch-namespace-label`. - - - ---- - -### -enable-prometheus-metrics - -Enables exposing NGINX or NGINX Plus metrics in the Prometheus format. - - - ---- - -### -prometheus-metrics-listen-port `` - -Sets the port where the Prometheus metrics are exposed. - -Format: `[1024 - 65535]` (default `9113`) - - - ---- - -### -prometheus-tls-secret `` - -A Secret with a TLS certificate and key for TLS termination of the Prometheus metrics endpoint. - -- If the argument is not set, the Prometheus endpoint will not use a TLS connection. -- If the argument is set, but NGINX Ingress Controller is not able to fetch the Secret from Kubernetes API, NGINX Ingress Controller will fail to start. - - - ---- - -### -enable-service-insight - -Exposes the Service Insight endpoint for Ingress Controller. - - - ---- - -### -service-insight-listen-port `` - -Sets the port where the Service Insight is exposed. - -Format: `[1024 - 65535]` (default `9114`) - - - ---- - -### -service-insight-tls-secret `` - -A Secret with a TLS certificate and key for TLS termination of the Service Insight endpoint. - -- If the argument is not set, the Service Insight endpoint will not use a TLS connection. -- If the argument is set, but NGINX Ingress Controller is not able to fetch the Secret from Kubernetes API, NGINX Ingress Controller will fail to start. - -Format: `/` - - - ---- - -### -spire-agent-address `` - -Specifies the address of a running Spire agent. **For use with NGINX Service Mesh only**. - -- If the argument is set, but NGINX Ingress Controller is unable to connect to the Spire Agent, NGINX Ingress Controller will fail to start. - - - - ---- - -### -enable-internal-routes - -Enable support for internal routes with NGINX Service Mesh. **For use with NGINX Service Mesh only**. - -Requires [-spire-agent-address](#cmdoption-spire-agent-address). - -- If the argument is set, but `spire-agent-address` is not provided, NGINX Ingress Controller will fail to start. - - - ---- - -### -enable-latency-metrics - -Enable collection of latency metrics for upstreams. -Requires [-enable-prometheus-metrics](#cmdoption-enable-prometheus-metrics). - - - ---- - -### -enable-app-protect - -Enables support for App Protect. - -Requires [-nginx-plus](#cmdoption-nginx-plus). - -- If the argument is set, but `nginx-plus` is set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -app-protect-log-level `` - -Sets log level for App Protect. Allowed values: fatal, error, warn, info, debug, trace. - -Requires [-nginx-plus](#cmdoption-nginx-plus) and [-enable-app-protect](#cmdoption-enable-app-protect). - -- If the argument is set, but `nginx-plus` and `enable-app-protect` are set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -enable-app-protect-dos - -Enables support for App Protect DoS. - -Requires [-nginx-plus](#cmdoption-nginx-plus). - -- If the argument is set, but `nginx-plus` is set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -app-protect-dos-debug - -Enable debugging for App Protect DoS. - -Requires [-nginx-plus](#cmdoption-nginx-plus) and [-enable-app-protect-dos](#cmdoption-enable-app-protect-dos). - -- If the argument is set, but `nginx-plus` and `enable-app-protect-dos` are set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -app-protect-dos-max-daemons - -Max number of ADMD instances. - -Default `1`. - -Requires [-nginx-plus](#cmdoption-nginx-plus) and [-enable-app-protect-dos](#cmdoption-enable-app-protect-dos). - -- If the argument is set, but `nginx-plus` and `enable-app-protect-dos` are set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -app-protect-dos-max-workers - -Max number of nginx processes to support. - -Default `Number of CPU cores in the machine`. - -Requires [-nginx-plus](#cmdoption-nginx-plus) and [-enable-app-protect-dos](#cmdoption-enable-app-protect-dos). - -- If the argument is set, but `nginx-plus` and `enable-app-protect-dos` are set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -app-protect-dos-memory - -RAM memory size to consume in MB - -Default `50% of free RAM in the container or 80MB, the smaller`. - -Requires [-nginx-plus](#cmdoption-nginx-plus) and [-enable-app-protect-dos](#cmdoption-enable-app-protect-dos). - -- If the argument is set, but `nginx-plus` and `enable-app-protect-dos` are set to false, NGINX Ingress Controller will fail to start. - - - ---- - -### -ready-status - -Enables the readiness endpoint `/nginx-ready`. The endpoint returns a success code when NGINX has loaded all the config after the startup. - -Default `true`. - - - ---- - -### -ready-status-port - -The HTTP port for the readiness endpoint. - -Format: `[1024 - 65535]` (default `8081`) - ---- - -### -disable-ipv6 - -Disable IPV6 listeners explicitly for nodes that do not support the IPV6 stack. - -Default `false`. - - - ---- - -### -default-http-listener-port - -Sets the port for the HTTP `default_server` listener. - -Default `80`. - - - ---- - -### -default-https-listener-port - -Sets the port for the HTTPS `default_server` listener. - -Default `443`. - - - ---- - -### -ssl-dynamic-reload - -Used to activate or deactivate lazy loading for SSL Certificates. - -The default value is `true`. - - - ---- - -### -weight-changes-dynamic-reload - -Enables the ability to change the weight distribution of two-way split clients without reloading NGINX. - -Requires [-nginx-plus](#cmdoption-nginx-plus). - -Using this feature may require increasing `map_hash_bucket_size`, `map_hash_max_size`, `variable_hash_bucket_size`, and `variable_hash_max_size` in the ConfigMap based on the number of two-way splits. - -The default value is `false`. - -- If the argument is set, but `nginx-plus` is set to false, NGINX Ingress Controller will ignore the flag. - - - ---- - -### -enable-telemetry-reporting - -Enable gathering and reporting of software telemetry. - -The default value is `true`. - - - ---- - -### -agent - -Enable NGINX Agent which can used with `-enable-app-protect` to send events to Security Monitoring. - -The default value is `false`. - - - ---- - -### -agent-instance-group - -Specify the instance group name to use for the NGINX Ingress Controller deployment when using `-agent`. - - diff --git a/content/includes/nic/configuration/global-configuration/configmap-resource.md b/content/includes/nic/configuration/global-configuration/configmap-resource.md deleted file mode 100644 index b4c8ad7e3..000000000 --- a/content/includes/nic/configuration/global-configuration/configmap-resource.md +++ /dev/null @@ -1,251 +0,0 @@ ---- -title: ConfigMap resources -weight: 300 -toc: true -type: how-to -product: NIC -nd-docs: DOCS-586 ---- - -When using F5 NGINX Ingress Controller, you can customize or fine tune NGINX behavior using ConfigMap resources. Examples include setting the number of worker processes or customizing the access log format. - -## Using ConfigMap - -1. The [Installation with Manifests]({{< relref "installation/installing-nic/installation-with-manifests.md" >}}) documentation deploy an empty ConfigMap while the default installation manifests specify it in the command-line arguments of the Ingress Controller. However, if you customized the manifests, to use ConfigMap, make sure to specify the ConfigMap resource to use the [command-line arguments]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) of NGINX Ingress Controller. - -1. Create a ConfigMap file with the name *nginx-config.yaml* and set the values -that make sense for your setup: - - ```yaml - kind: ConfigMap - apiVersion: v1 - metadata: - name: nginx-config - namespace: nginx-ingress - data: - proxy-connect-timeout: "10s" - proxy-read-timeout: "10s" - client-max-body-size: "2m" - ``` - - See the section [Summary of ConfigMap Keys](#summary-of-configmap-keys) for the explanation of the available ConfigMap keys (such as `proxy-connect-timeout` in this example). - -1. Create a new (or update the existing) ConfigMap resource: - - ```shell - kubectl apply -f nginx-config.yaml - ``` - - The NGINX configuration will be updated. - ---- - -## ConfigMap and Ingress annotations - -ConfigMap applies globally, meaning that it affects every Ingress resource. In contrast, annotations always apply to their Ingress resource. Annotations can override some ConfigMap keys: an example is that the `nginx.org/proxy-connect-timeout` annotations overrides the `proxy-connect-timeout` ConfigMap key. - -For more information, view the [Advanced configuration with annotations]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations" >}}) topic. - ---- - -## ConfigMap and VirtualServer/VirtualServerRoute resources - -The ConfigMap affects every VirtualServer and VirtualServerRoute resources. However, the fields of those resources allow overriding some ConfigMap keys. For example, the `connect-timeout` field of the `upstream` overrides the `proxy-connect-timeout` ConfigMap key. - -For more information, view the [VirtualServer and VirtualServerRoute resources]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources" >}}) topic. - ---- - -## ConfigMap keys - -### Ingress Controller (Unrelated to NGINX Configuration) - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*external-status-address* | Sets the address to be reported in the status of Ingress resources. Requires the *-report-status* command-line argument. Overrides the *-external-service* argument. | N/A | [Reporting resource status]({{< ref "/nic/configuration/global-configuration/reporting-resources-status" >}}) | -{{}} - ---- - -### General customization - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* | | -|*proxy-read-timeout* | Sets the value of the [proxy_read_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout) and [grpc_read_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_read_timeout) directive. | *60s* | | -|*proxy-send-timeout* | Sets the value of the [proxy_send_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout) and [grpc_send_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_send_timeout) directive. | *60s* | | -|*client-max-body-size* | Sets the value of the [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive. | *1m* | | -|*proxy-buffering* | Enables or disables [buffering of responses](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) from the proxied server. | *True* | | -|*proxy-buffers* | Sets the value of the [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directive. | Depends on the platform. | | -|*proxy-buffer-size* | Sets the value of the [proxy_buffer_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) directives. | Depends on the platform. | | -|*proxy-busy-buffers-size* | Sets the value of the [proxy_busy_buffers_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) directive. | Depends on the platform. | | -|*proxy-max-temp-file-size* | Sets the value of the [proxy_max_temp_file_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) directive. | *1024m* | | -|*set-real-ip-from* | Sets the value of the [set_real_ip_from](https://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from) directive. | N/A | | -|*real-ip-header* | Sets the value of the [real_ip_header](https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header) directive. | *X-Real-IP* | | -|*real-ip-recursive* | Enables or disables the [real_ip_recursive](https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive) directive. | *False* | | -|*default-server-return* | Configures the [return](https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return) directive in the default server, which handles a client request if none of the hosts of Ingress or VirtualServer resources match. The default value configures NGINX to return a 404 error page. You can configure a fixed response or a redirect. For example, *default-server-return: 302 https://nginx.org* will redirect a client to *https://nginx.org*. | *404* | | -|*server-tokens* | Enables or disables the [server_tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. | *True* | | -|*worker-processes* | Sets the value of the [worker_processes](https://nginx.org/en/docs/ngx_core_module.html#worker_processes) directive. | *auto* | | -|*worker-rlimit-nofile* | Sets the value of the [worker_rlimit_nofile](https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile) directive. | N/A | | -|*worker-connections* | Sets the value of the [worker_connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) directive. | *1024* | | -|*worker-cpu-affinity* | Sets the value of the [worker_cpu_affinity](https://nginx.org/en/docs/ngx_core_module.html#worker_cpu_affinity) directive. | N/A | | -|*worker-shutdown-timeout* | Sets the value of the [worker_shutdown_timeout](https://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout) directive. | N/A | | -|*server-names-hash-bucket-size* | Sets the value of the [server_names_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_bucket_size) directive. | *256* | | -|*server-names-hash-max-size* | Sets the value of the [server_names_hash_max_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_names_hash_max_size) directive. | *1024* | | -|*map-hash-bucket-size* | Sets the value of the [map_hash_bucket_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_bucket_size) directive.| *256* | | -|*map-hash-max-size* | Sets the value of the [map_hash_max_size](http://nginx.org/en/docs/http/ngx_http_map_module.html#map_hash_max_size) directive. | *2048* | | -|*resolver-addresses* | Sets the value of the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) addresses. Note: If you use a DNS name (for example, *kube-dns.kube-system.svc.cluster.local* ) as a resolver address, NGINX Plus will resolve it using the system resolver during the start and on every configuration reload. If the name cannot be resolved or the DNS server doesn't respond, NGINX Plus will fail to start or reload. To avoid this, we recommend using IP addresses as resolver addresses instead of DNS names. Supported in NGINX Plus only. | N/A | [Support for Type ExternalName Services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/externalname-services). | -|*resolver-ipv6* | Enables IPv6 resolution in the resolver. Supported in NGINX Plus only. | *True* | [Support for Type ExternalName Services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/externalname-services). | -|*resolver-valid* | Sets the time NGINX caches the resolved DNS records. Supported in NGINX Plus only. | TTL value of a DNS record | [Support for Type ExternalName Services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/externalname-services). | -|*resolver-timeout* | Sets the [resolver_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver_timeout) for name resolution. Supported in NGINX Plus only. | *30s* | [Support for Type ExternalName Services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/externalname-services). | -|*keepalive-timeout* | Sets the value of the [keepalive_timeout](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout) directive. | *75s* | | -|*keepalive-requests* | Sets the value of the [keepalive_requests](https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests) directive. | *1000* | | -|*variables-hash-bucket-size* | Sets the value of the [variables_hash_bucket_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_bucket_size) directive. | *256* | | -|*variables-hash-max-size* | Sets the value of the [variables-hash-max-size](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables_hash_max_size) directive. | *1024* | | -{{}} - ---- - -### Logging - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*error-log-level* | Sets the global [error log level](https://nginx.org/en/docs/ngx_core_module.html#error_log) for NGINX. | *notice* | | -|*access-log* | Sets the directive [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log). A syslog destination is the only valid value. The value will be set to its default in-case user tries to configure it with location other than a syslog. -| ``/dev/stdout main`` | ``syslog:server=localhost:514`` | -|*access-log-off* | Disables the [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log). | *False* | | -|*default-server-access-log-off* | Disables the [access log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) for the default server. If access log is disabled globally (*access-log-off: "True"*), then the default server access log is always disabled. | *False* | | -|*log-format* | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | See the [template file](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx.tmpl) for the access log. | [Custom Log Format](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/shared-examples/custom-log-format). | -|*log-format-escaping* | Sets the characters escaping for the variables of the log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | | -|*stream-log-format* | Sets the custom [log format](https://nginx.org/en/docs/stream/ngx_stream_log_module.html#log_format) for TCP, UDP, and TLS Passthrough traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | See the [template file](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx.tmpl). | | -|*stream-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | | -{{}} - ---- - -### Request URI/Header manipulation - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*proxy-hide-headers* | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: *"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A | | -|*proxy-pass-headers* | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: *"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A | | -{{}} - ---- - -### Auth and SSL/TLS - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*redirect-to-https* | Sets the 301 redirect rule based on the value of the *http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* | | -|*ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* | | -|*hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/) : the HSTS header is added to the responses from backends. The *preload* directive is included in the header. | *False* | | -|*hsts-max-age* | Sets the value of the *max-age* directive of the HSTS header. | *2592000* (1 month) | | -|*hsts-include-subdomains* | Adds the *includeSubDomains* directive to the HSTS header. | *False* | | -|*hsts-behind-proxy* | Enables HSTS based on the value of the *http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the *nginx.org/redirect-to-https* annotation. | *False* | | -|*ssl-protocols* | Sets the value of the [ssl_protocols](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) directive. | *TLSv1 TLSv1.1 TLSv1.2* | | -|*ssl-prefer-server-ciphers* | Enables or disables the [ssl_prefer_server_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers) directive. | *False* | | -|*ssl-ciphers* | Sets the value of the [ssl_ciphers](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) directive. | *HIGH:!aNULL:!MD5* | | -|*ssl-dhparam-file* | Sets the content of the dhparam file. The controller will create the file and set the value of the [ssl_dhparam](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam) directive with the path of the file. | N/A | | -{{}} - ---- - -### Listeners - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*http2* | Enables HTTP/2 in servers with SSL enabled. | *False* | | -|*proxy-protocol* | Enables PROXY Protocol for incoming connections. | *False* | [Proxy Protocol](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/shared-examples/proxy-protocol). | -{{}} - ---- - -### Backend services (Upstreams) - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*lb-method* | Sets the [load balancing method](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method). To use the round-robin method, specify *"round_robin"*. | *"random two least_conn"* | | -|*max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the *server* directive. | *1* | | -|*upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256k* for NGINX, *512k* for NGINX Plus | | -|*fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the *server* directive. | *10s* | | -|*keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that *proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* | | -{{}} - ---- - -### Zone Sync - -Zone Sync enables the [ngx_stream_zone_sync_module](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html) in NGINX Ingress Controller when NGINX Plus is used. Multiple replicas are required to effectively utililise this functionality. More information is available in the [How NGINX Plus Performs Zone Synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync_details/) topic. - -Zone synchronization with TLS for NGINX Ingress Controller is not yet available with ConfigMap. If you would like to enable Zone Sync with TLS, please remove `zone-sync` from ConfigMap and add Zone Sync parameters via [`stream-snippets`]({{< ref "/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) similar to [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-config.yaml) and adding the [zone_sync_ssl directive](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_ssl) along with any other TLS parameters to the `stream-snippets`. - -You will also need to manually add the headless service, such as in [this example](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml). - -{{< call-out "caution" >}} -If you previously installed OIDC or used the `zone_sync` directive with `stream-snippets` in [v4.0.1](https://github.com/nginx/kubernetes-ingress/tree/v4.0.1) or earlier, and you plan to enable the `zone-sync` ConfigMap key, the `zone_sync` directive should be removed from `stream-snippets`. - -If you encounter the error `error [emerg] 13#13: "zone_sync" directive is duplicate in /etc/nginx/nginx.conf:164` it is likely due to `zone_sync` being enabled in both `stream-snippets` and the ConfigMap. Once upgraded, remove the [old headless service](https://github.com/nginx/kubernetes-ingress/blob/v4.0.1/examples/custom-resources/oidc/nginx-ingress-headless.yaml) deployed for OIDC. -{{< /call-out >}} - - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*zone-sync* | Enables zone synchronization between NGINX Ingress Controller Pods. This autogenerates a [zone_sync_server](https://nginx.org/en/docs/stream/ngx_stream_zone_sync_module.html#zone_sync_server) and a headless service using the `ReplicaSet`, `DaemonSet` or `StatefulSet` name. Please note that this headless service will be automatically cleaned up when uninstalling via Helm or by removing the value from the ConfigMap. The headless service will need to be manually removed if the `controller.customConfigMap` value is set via Helm or the deployment is uninstalled via Manifests. Each Ingress Controller manages its own headless service. NGINX Plus Required. | *False* | | -|*zone-sync-port* | Specifies the optional port on which NGINX Ingress Controller listens for zone sync traffic. NGINX Plus & `zone-sync` Required. | *12345* | | -|*zone-sync-resolver-addresses* | Configures optional addresses used in the [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync. This field takes a comma separated list of addresses. NGINX Plus & `zone-sync` Required | `kube-dns.kube-system.svc.cluster.local` | | -|*zone-sync-resolver-ipv6* | Configures whether the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will look up IPv6 addresses. NGINX Plus & `zone-sync` Required | `true` | | -|*zone-sync-resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the optional [resolver](https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver) directive for zone-sync will override the TTL value of responses from nameservers with. NGINX Plus & `zone-sync` Required | `5s` | | -{{}} - ---- - -### Snippets and custom templates - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*main-snippets* | Sets a custom snippet in main context. | N/A | | -|*http-snippets* | Sets a custom snippet in http context. | N/A | | -|*location-snippets* | Sets a custom snippet in location context. | N/A | | -|*server-snippets* | Sets a custom snippet in server context. | N/A | | -|*stream-snippets* | Sets a custom snippet in stream context. | N/A | [Support for TCP/UDP Load Balancing](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/tcp-udp). | -|*main-template* | Sets the main NGINX configuration template. | By default the template is read from the file in the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | -|*ingress-template* | Sets the NGINX configuration template for an Ingress resource. | By default the template is read from the file on the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | -|*virtualserver-template* | Sets the NGINX configuration template for an VirtualServer resource. | By default the template is read from the file on the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | -|*transportserver-template* | Sets the NGINX configuration template for a TransportServer resource. | By default the template is read from the file on the container. | [Custom Templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). | -{{}} - ---- - -### Modules - -{{}} -|ConfigMap Key | Description | Default | Example | -| ---| ---| ---| --- | -|*otel-exporter-endpoint* | OTLP/gRPC endpoint that will accept [OpenTelemetry](https://opentelemetry.io) data. Set `otel-trace-in-http` to *"true"* to enable OpenTelemetry at the global level. | N/A | *"https://otel-collector:4317"* | -|*otel-exporter-header-name* | The name of a custom HTTP header to add to telemetry export request. `otel-exporter-endpoint` and `otel-exporter-header-value` required. | N/A | *"X-custom-header"* | -|*otel-exporter-header-value* | The value of a custom HTTP header to add to telemetry export request. `otel-exporter-endpoint` and `otel-exporter-header-name` required. | N/A | *"custom-value"* | -|*otel-service-name* | Sets the `service.name` attribute of the OTel resource. `otel-exporter-endpoint` required. | N/A | *"nginx-ingress-controller:nginx"* | -| *otel-trace-in-http* | Enables [OpenTelemetry](https://opentelemetry.io) globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Set this to *"false"* to enable OpenTelemetry for individual routes with snippets. `otel-exporter-endpoint` required. | *"false"* | *"true"* | -|*opentracing* | Removed in v5.0.0. Enables [OpenTracing](https://opentracing.io) globally (for all Ingress, VirtualServer and VirtualServerRoute resources). Note: requires the Ingress Controller image with OpenTracing module and a tracer. See the [docs]({{< relref "/installation/integrations/opentracing.md" >}}) for more information. | *False* | | -|*opentracing-tracer* | Removed in v5.0.0. Sets the path to the vendor tracer binary plugin. | N/A | | -|*opentracing-tracer-config* | Removed in v5.0.0. Sets the tracer configuration in JSON format. | N/A | | -|*app-protect-compressed-requests-action* | Sets the *app_protect_compressed_requests_action* [global directive](/nginx-app-protect/configuration/#global-directives). | *drop* | | -|*app-protect-cookie-seed* | Sets the *app_protect_cookie_seed* [global directive](/nginx-app-protect/configuration/#global-directives). | Random automatically generated string | | -|*app-protect-failure-mode-action* | Sets the *app_protect_failure_mode_action* [global directive](/nginx-app-protect/configuration/#global-directives). | *pass* | | -|*app-protect-cpu-thresholds* | Sets the *app_protect_cpu_thresholds* [global directive](/nginx-app-protect/configuration/#global-directives). | *high=100 low=100* | | -|*app-protect-physical-memory-util-thresholds* | Sets the *app_protect_physical_memory_util_thresholds* [global directive](/nginx-app-protect/configuration/#global-directives). | *high=100 low=100* | | -|`app-protect-reconnect-period-seconds` | Sets the `app_protect_reconnect_period_seconds` [global directive](/nginx-app-protect/configuration/#global-directives). | `5` | | -|*app-protect-dos-log-format* | Sets the custom [log format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) for Dos Access log traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by *\n*). In that case, the Ingress Controller will replace every *\n* character with a space character. All *'* characters must be escaped. | `, vs_name_al=$app_protect_dos_vs_name, ip=$remote_addr, tls_fp=$app_protect_dos_tls_fp, outcome=$app_protect_dos_outcome, reason=$app_protect_dos_outcome_reason, policy_name=$app_protect_dos_policy_name, dos_version=$app_protect_dos_version, ip_tls=$remote_addr:$app_protect_dos_tls_fp,` | | -|*app-protect-dos-log-format-escaping* | Sets the characters escaping for the variables of the stream log format. Supported values: *json* (JSON escaping), *default* (the default escaping) *none* (disables escaping). | *default* | | -|*app-protect-dos-arb-fqdn* | Sets the *app-protect-dos-arb-fqdn* [directive](/nginx-app-protect-dos/directives-and-policy/learn-about-directives-and-policy/#arbitrator-fqdn-directive-app_protect_dos_arb_fqdn). | *svc-appprotect-dos-arb* | | -{{}} diff --git a/content/includes/nic/configuration/global-configuration/custom-templates.md b/content/includes/nic/configuration/global-configuration/custom-templates.md deleted file mode 100644 index 6bb99f87f..000000000 --- a/content/includes/nic/configuration/global-configuration/custom-templates.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -nd-docs: DOCS-587 -doctypes: -- '' -title: Custom templates -toc: true -weight: 500 ---- - - -F5 NGINX Ingress Controller uses templates to generate NGINX configuration for Ingress resources, VirtualServer resources and the main NGINX configuration file. You can customize the templates and apply them via the ConfigMap. See the [corresponding example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/shared-examples/custom-templates). diff --git a/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md deleted file mode 100644 index b5f88b689..000000000 --- a/content/includes/nic/configuration/global-configuration/globalconfiguration-resource.md +++ /dev/null @@ -1,183 +0,0 @@ ---- -nd-docs: DOCS-588 -doctypes: -- '' -title: GlobalConfiguration resource -toc: true -weight: 200 ---- - -This page explains how to use the GlobalConfiguration resource to define the global configuration parameters of F5 NGINX Ingress Controller. - -The resource supports configuring listeners for TCP and UDP load balancing, and is implemented as a [Custom resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - -Listeners are required by [TransportServer resources]({{< relref "/configuration/transportserver-resource.md" >}}) and can be used to [configure custom listeners for VirtualServers]({{< relref "tutorials/virtual-server-with-custom-listener-ports.md" >}}). - ---- - -## Prerequisites - -When [installing NGINX Ingress Controller using Manifests]({{< relref "/installation/installing-nic/installation-with-manifests.md" >}}), you need to reference a GlobalConfiguration resource in the [`-global-configuration`](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-global-configuration) command-line argument. NGINX Ingress Controller only needs one GlobalConfiguration resource. - ---- - -## GlobalConfiguration specification - -The GlobalConfiguration resource defines the global configuration parameters of the Ingress Controller. Below is an example: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: GlobalConfiguration -metadata: - name: nginx-configuration - namespace: nginx-ingress -spec: - listeners: - - name: dns-udp - port: 5353 - protocol: UDP - - name: dns-tcp - port: 5353 - protocol: TCP - - name: http-8083 - port: 8083 - protocol: HTTP - - name: https-8443 - port: 8443 - protocol: HTTP - ssl: true -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -| *listeners* | A list of listeners. | [listener](#listener) | No | -{{}} - -### Listener - -The `listeners:` key defines a listener (a combination of a protocol and a port) that NGINX will use to accept traffic for a [TransportServer]({{< relref "/configuration/transportserver-resource.md" >}}) and a [VirtualServer]({{< relref "/configuration/virtualserver-and-virtualserverroute-resources.md" >}}): - -```yaml -- name: dns-tcp - port: 5353 - protocol: TCP -- name: http-8083 - port: 8083 - protocol: HTTP -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -| *name* | The name of the listener. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``listener-123`` are valid. The name must be unique among all listeners. The name ``tls-passthrough`` is reserved for the built-in TLS Passthrough listener and cannot be used. | *string* | Yes | -| *port* | The port of the listener. The port must fall into the range ``1..65535`` with the following exceptions: ``80``, ``443``, the [status port](/nginx-ingress-controller/logging-and-monitoring/status-page), the [Prometheus metrics port](/nginx-ingress-controller/logging-and-monitoring/prometheus). Among all listeners, only a single combination of a port-protocol is allowed. | *int* | Yes | -| *protocol* | The protocol of the listener. Supported values: ``TCP``, ``UDP`` and ``HTTP``. | *string* | Yes | -| *ssl* | Configures the listener with SSL. This is currently only supported for ``HTTP`` listeners. Default value is ``false`` | *bool* | No | -| *ipv4* | Specifies the IPv4 address to listen on. | *string* | No | -| *ipv6* | Specifies the IPv6 address to listen on. | *string* | No | - -{{}} - ---- - -## Using GlobalConfiguration - -You can use the usual `kubectl` commands to work with a GlobalConfiguration resource. - -For example, the following command creates a GlobalConfiguration resource defined in `global-configuration.yaml` with the name `nginx-configuration`: - -```shell -kubectl apply -f global-configuration.yaml -``` -```shell -globalconfiguration.k8s.nginx.org/nginx-configuration created -``` - -Assuming the namespace of the resource is `nginx-ingress`, you can get the resource by running: - -```shell -kubectl get globalconfiguration nginx-configuration -n nginx-ingress -``` -```shell -NAME AGE -nginx-configuration 13s -``` - -With `kubectl get` and similar commands, you can use the short name `gc` instead of `globalconfiguration`. - ---- - -### Validation - -Two types of validation are available for the GlobalConfiguration resource: - -- *Structural validation* by `kubectl` and Kubernetes API server. -- *Comprehensive validation* by NGINX Ingress Controller. - - -#### Structural validation - -The custom resource definition for the GlobalConfiguration includes structural OpenAPI schema which describes the type of every field of the resource. - -If you try to create (or update) a resource that violates the structural schema (for example, you use a string value for the port field of a listener), `kubectl` and Kubernetes API server will reject such a resource: - -- Example of `kubectl` validation: - - ```shell - kubectl apply -f global-configuration.yaml - ``` - ```text - error: error validating "global-configuration.yaml": error validating data: ValidationError(GlobalConfiguration.spec.listeners[0].port): invalid type for org.nginx.k8s.v1.GlobalConfiguration.spec.listeners.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false - ``` - -- Example of Kubernetes API server validation: - - ```shell - kubectl apply -f global-configuration.yaml --validate=false - ``` - ```text - The GlobalConfiguration "nginx-configuration" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list: - spec.listeners.port in body must be of type integer: "string" - ``` - -If a resource is not rejected (it doesn't violate the structural schema), NGINX Ingress Controller will validate it further. - -#### Comprehensive validation - -NGINX Ingress Controller validates the fields of a GlobalConfiguration resource. If a GlobalConfiguration resource is partially invalid, NGINX Ingress Controller use the valid listeners and emit events about invalid listeners. - -You can check if the Ingress Controller successfully applied the configuration for a GlobalConfiguration. For our `nginx-configuration` GlobalConfiguration, we can run: - -```shell -kubectl describe gc nginx-configuration -n nginx-ingress -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal Updated 11s nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration was updated -``` - -The events section includes a Normal event with the Updated reason that informs us that the configuration was successfully applied. - -If you create a GlobalConfiguration `nginx-configuration` with two or more listeners that have the same protocol UDP and port 53, you will get: - -```shell -kubectl describe gc nginx-configuration -n nginx-ingress -``` -```text -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal Updated 55s nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration was updated - Warning AddedOrUpdatedWithError 6s nginx-ingress-controller GlobalConfiguration nginx-ingress/nginx-configuration is invalid and was rejected: spec.listeners: Duplicate value: "Duplicated port/protocol combination 53/UDP" -``` - -The events section includes a Warning event with the AddedOrUpdatedWithError reason. - - -## Using IPV4 and IPV6 Addresses with GlobalConfiguration - -You can customize the IPv4 and IPv6 Address listeners in the global configuration and apply them to your VirtualServer resources. See the corresponding example [here](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/custom-ip-listeners/virtualserver/) diff --git a/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md b/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md deleted file mode 100644 index e291de510..000000000 --- a/content/includes/nic/configuration/global-configuration/mgmt-configmap-resource.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -nd-docs: DOCS-586 -doctypes: -- '' -title: Management ConfigMap resource -toc: true -weight: 300 ---- - -When using F5 NGINX Ingress Controller with NGINX Plus, it is required to pass a [command line argument]({{< ref "/nic/configuration/global-configuration/command-line-arguments" >}}) to NGINX Ingress Controller, `--mgmt-configmap=` which specifies the ConfigMap to use. The minimal required ConfigMap must have a `license-token-secret-name` key. Helm users will not need to create this map or pass the argument, it will be created with a Helm install. - ---- - -1. Create a ConfigMap file with the name *nginx-config-mgmt.yaml* and set the values -that make sense for your setup: - - ```yaml - apiVersion: v1 - kind: ConfigMap - metadata: - name: nginx-config-mgmt - namespace: nginx-ingress - data: - license-token-secret-name: "license-token" - ``` -1. Create a new (or update the existing) ConfigMap resource: - - ```shell - kubectl apply -f nginx-config-mgmt.yaml - ``` - - The [NGINX Management](https://nginx.org/en/docs/ngx_mgmt_module.html) block configuration will be updated. ---- -## Management ConfigMap keys - -{{}} -|ConfigMap Key | Description | Default | -| ---| ---| ---| -|*license-token-secret-name* | Configures the secret used in the [license_token](https://nginx.org/en/docs/ngx_mgmt_module.html#license_token) directive. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.com/license` with the base64 encoded JWT in the `license.jwt` key. | N/A | -|*ssl-verify* | Configures the [ssl_verify](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_verify) directive, which enables or disables verification of the usage reporting endpoint certificate. | `true` | -|*enforce-initial-report* | Configures the [enforce_initial_report](https://nginx.org/en/docs/ngx_mgmt_module.html#enforce_initial_report) directive, which enables or disables the 180-day grace period for sending the initial usage report. | `false` | -|*usage-report-endpoint* | Configures the endpoint of the [usage_report](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive. This is used to configure the endpoint NGINX uses to send usage reports to NIM. | `product.connect.nginx.com` | -|*usage-report-interval* | Configures the interval of the [usage_report](https://nginx.org/en/docs/ngx_mgmt_module.html#usage_report) directive. This specifies the frequency that usage reports are sent. This field takes an [NGINX time](https://nginx.org/en/docs/syntax.html). | `1h` | -|*usage-report-proxy-host* | Configures the host name of the [proxy](https://nginx.org/en/docs/ngx_mgmt_module.html#proxy) directive with optional port. | N/A | -|*ssl-trusted-certificate-secret-name* | Configures the secret used to create the file(s) referenced the in [ssl_trusted_certifcate](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_trusted_certificate), and [ssl_crl](https://nginx.org/en/docs/ngx_mgmt_module.html#ssl_crl) directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `nginx.org/ca`, where the `ca.crt` key contains a base64 encoded trusted cert, and the optional `ca.crl` key can contain a base64 encoded CRL. If the optional `ca.crl` key is supplied, it will configure the NGINX `ssl_crl` directive. | N/A | -|*ssl-certificate-secret-name* | Configures the secret used to create the `ssl_certificate` and `ssl_certificate_key` directives. This key assumes the secret is in the Namespace that NGINX Ingress Controller is deployed in. The secret must be of type `kubernetes.io/tls`| N/A | -|*resolver-addresses* | Configures addresses used in the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive. This field takes a comma separated list of addresses. | N/A | -|*resolver-ipv6* | Configures whether the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will look up IPv6 addresses. | `true` | -|*resolver-valid* | Configures an [NGINX time](https://nginx.org/en/docs/syntax.html) that the mgmt block [resolver](https://nginx.org/en/docs/ngx_mgmt_module.html#resolver) directive will override the TTL value of responses from nameservers with. | N/A | -{{}} diff --git a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md b/content/includes/nic/configuration/global-configuration/reporting-resources-status.md deleted file mode 100644 index 20abe68d6..000000000 --- a/content/includes/nic/configuration/global-configuration/reporting-resources-status.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -nd-docs: DOCS-589 -doctypes: -- '' -title: Reporting resource status -toc: true -weight: 600 ---- - -This page describes how to view the status of resources managed by F5 NGINX Ingress Controller. - -## Ingress resources - -An Ingress resource status includes the address (an IP address or a DNS name), through which the hosts of that Ingress resource are publicly accessible. - -You can see the address in the output of the `kubectl get ingress` command, in the ADDRESS column, as shown below: - -```shell -kubectl get ingresses -``` -```text -NAME HOSTS ADDRESS PORTS AGE -cafe-ingress cafe.example.com 12.13.23.123 80, 443 2m -``` - -NGINX Ingress Controller must be configured to report an Ingress status: - -1. Use the command-line flag `-report-ingress-status`. -1. Define a source for an external address. This can be either of: - 1. A user defined address, specified in the `external-status-address` ConfigMap key. - 1. A Service of the type LoadBalancer configured with an external IP or address and specified by the `-external-service` command-line flag. - -View the [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource) and [Command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) topics for more information. - -{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of Ingress resources when it is being shut down. {{< /call-out >}} - -## VirtualServer and VirtualServerRoute resources - -A VirtualServer or VirtualServerRoute resource includes the status field with information about the state of the resource and the IP address, through which the hosts of that resource are publicly accessible. - -You can see the status in the output of the `kubectl get virtualservers` or `kubectl get virtualserverroutes` commands as shown below: - -```shell -kubectl get virtualservers -``` -```text - NAME STATE HOST IP PORTS AGE - cafe Valid cafe.example.com 12.13.23.123 [80,443] 34s -``` - -To see an external hostname address associated with a VirtualServer resource, use the `-o wide` option: - -```shell -kubectl get virtualservers -o wide -``` -```text - NAME STATE HOST IP EXTERNALHOSTNAME PORTS AGE - cafe Valid cafe.example.com ae430f41a1a0042908655abcdefghijkl-12345678.eu-west-2.elb.amazonaws.com [80,443] 106s -``` - -{{< call-out "note" >}} If there are multiple addresses, only the first one is shown. {{< /call-out >}} - -In order to see additional addresses or extra information about the `Status` of the resource, use the following command: - -```shell -kubectl describe virtualserver -``` -```text -... -Status: - External Endpoints: - Ip: 12.13.23.123 - Ports: [80,443] - Message: Configuration for cafe/cafe was added or updated - Reason: AddedOrUpdated - State: Valid -``` - -### Status specification - -The following fields are reported in both VirtualServer and VirtualServerRoute status: - -{{}} -|Field | Description | Type | -| ---| ---| --- | -|*State* | Current state of the resource. Can be ``Valid``, ``Warning`` an ``Invalid``. For more information, refer to the ``message`` field. | *string* | -|*Reason* | The reason of the last update. | *string* | -|*Message* | Additional information about the state. | *string* | -|*ExternalEndpoints* | A list of external endpoints for which the hosts of the resource are publicly accessible. | *[externalEndpoint](#externalendpoint)* | -{{}} - -The *ReferencedBy* field is reported for the VirtualServerRoute status only: - -{{}} -|Field | Description | Type | -| ---| ---| --- | -| *ReferencedBy* | The VirtualServer that references this VirtualServerRoute. Format as ``namespace/name`` | *string* | -{{}} - -### externalEndpoint - -{{}} -|Field | Description | Type | -| ---| ---| --- | -|``IP`` | The external IP address. | ``string`` | -|``Hostname`` | The external LoadBalancer Hostname address. | ``string`` | -|``Ports`` | A list of external ports. | ``string`` | -{{}} - -NGINX Ingress Controller must be configured to report a VirtualServer or VirtualServerRoute status: - -1. If you want NGINX Ingress Controller to report the `externalEndpoints`, define a source for an external address (The rest of the fields will be reported without the external address configured). This can be: - 1. A user defined address, specified in the `external-status-address` ConfigMap key. - 1. A Service of the type LoadBalancer configured with an external IP or address and specified by the `-external-service` command-line flag. - -View the [ConfigMap keys](/nginx-ingress-controller/configuration/global-configuration/configmap-resource) and [Command-line arguments](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments) topics for more information. - -{{< call-out "note" >}} NGINX Ingress Controller does not clear the status of VirtualServer and VirtualServerRoute resources when it is being shut down. {{< /call-out >}} - -## Policy resources - -A Policy resource includes the status field with information about the state of the resource. - -You can see the status in the output of the `kubectl get policy` command as shown below: - -```shell -kubectl get policy -``` -```text - NAME STATE AGE - webapp-policy Valid 30s -``` - -In order to see additional addresses or extra information about the `Status` of the resource, use the following command: - -```shell -kubectl describe policy -``` -```text -... -Status: - Message: Configuration for default/webapp-policy was added or updated - Reason: AddedOrUpdated - State: Valid -``` - -### Status specification - -The following fields are reported in Policy status: - -{{}} -|Field | Description | Type | -| ---| ---| --- | -|``State`` | Current state of the resource. Can be ``Valid`` or ``Invalid``. For more information, refer to the ``message`` field. | ``string`` | -|``Reason`` | The reason of the last update. | ``string`` | -|``Message`` | Additional information about the state. | ``string`` | -{{}} - -## TransportServer resources - -A TransportServer resource includes the status field with information about the state of the resource. - -You can see the status in the output of the `kubectl get transportserver` command as shown below: - -```shell -kubectl get transportserver -``` -```text - NAME STATE REASON AGE - dns-tcp Valid AddedOrUpdated 47m -``` - -To see additional addresses or extra information about the `Status` of the resource, use the following command: - -```shell -kubectl describe transportserver -``` -```text -Status: - Message: Configuration for default/dns-tcp was added or updated - Reason: AddedOrUpdated - State: Valid -``` - -### Status specification - -The following fields are reported in TransportServer status: - -{{}} -|Field | Description | Type | -| ---| ---| --- | -| *State* | Current state of the resource. Can be ``Valid``, ``Warning`` or ``Invalid``. For more information, refer to the ``message`` field. | *string* | -| *Reason* | The reason of the last update. | *string* | -| *Message* | Additional information about the state. | *string* | -{{}} diff --git a/content/includes/nic/configuration/host-and-listener-collisions.md b/content/includes/nic/configuration/host-and-listener-collisions.md deleted file mode 100644 index bfa284664..000000000 --- a/content/includes/nic/configuration/host-and-listener-collisions.md +++ /dev/null @@ -1,168 +0,0 @@ ---- -title: Host and Listener collisions -toc: true -weight: 800 -nd-docs: DOCS-590 ---- - -This document explains how F5 NGINX Ingress Controller handles host and listener collisions between resources. - ---- - -## Winner Selection Algorithm - -If multiple resources contend for the same host or listener, NGINX Ingress Controller will pick the winner based on the `creationTimestamp` of the resources: the oldest resource will win. In case there are more than one oldest resource (their `creationTimestamp` is the same), NGINX Ingress Controller will choose the resource with the lexicographically smallest `uid`. - -{{< call-out "note" >}} The `creationTimestamp` and `uid` fields are part of the [ObjectMeta](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/object-meta/) resource. {{< /call-out >}} - ---- - -## Host collisions - -A host collision occurs when multiple Ingress, VirtualServer, and TransportServer (configured for TLS Passthrough) resources configure the same `host`. NGINX Ingress Controller has two strategies for handling host collisions: - -- Choosing a single "winner" resource to handle the host. -- Merging the configuration of the conflicting resources. - ---- - -### Choosing the winner - -Consider the following two resources: - -- `cafe-ingress` Ingress: - - ```yaml - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: cafe-ingress - spec: - ingressClassName: nginx - rules: - - host: cafe.example.com - . . . - ``` - -- `cafe-virtual-server` VirtualServer: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: VirtualServer - metadata: - name: cafe-virtual-server - spec: - host: cafe.example.com - . . . - ``` - -If a user creates both resources in the cluster, a host collision will occur. NGINX Ingress Controller will pick the winner using the [winner selection algorithm](#winner-selection-algorithm). - -If `cafe-virtual-server` was created first, it will win the host `cafe.example.com` and NGINX Ingress Controller will reject `cafe-ingress`. This will be reflected in the events and in the resource's status field: - -```shell -kubectl describe vs cafe-virtual-server -``` -```text -... -Status: - ... - Message: Configuration for default/cafe-virtual-server was added or updated - Reason: AddedOrUpdated - State: Valid -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal AddedOrUpdated 9s nginx-ingress-controller Configuration for default/cafe-virtual-server was added or updated -``` - -```shell -kubectl describe ingress cafe-ingress -``` -```text -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 66s nginx-ingress-controller All hosts are taken by other resources -``` - -Similarly, if `cafe-ingress` was created first, it will win `cafe.example.com` and NGINX Ingress Controller will reject `cafe-virtual-server`. - -{{< call-out "note" >}} You can configure multiple hosts for Ingress resources, and its possible that an Ingress resource can be the winner for some of its hosts and a loser for the others. - -For example, if `cafe-ingress` had an additional rule host rule for `pub.example.com`, NGINX Ingress Controller would not reject the Ingress. Instead, it would allow `cafe-ingress` to handle `pub.example.com`. {{< /call-out >}} - ---- - -### Merging configuration for the same host - -It is possible to merge configuration for multiple Ingress resources for the same host. One common use case for this approach is distributing resources across multiple namespaces. - -The [Cross-namespace configuration]({{< ref "/nic/configuration/ingress-resources/cross-namespace-configuration.md">}}) topic has more information. - -It is *not* possible to merge the configurations for multiple VirtualServer resources for the same host. However, you can split the VirtualServers into multiple VirtualServerRoute resources, which a single VirtualServer can then reference. See the [corresponding example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/cross-namespace-configuration) on GitHub. - -It is *not* possible to merge configuration for multiple TransportServer resources. - ---- - -## Listener/Host collisions - -Listener/Host collisions occur when multiple TransportServer resources (configured for TCP/UDP load balancing) specify the same combination of `spec.listener.name` and `spec.host`. - -The combination of `spec.listener.name` and `spec.host` must be unique among all TransportServer resources. If two TransportServer resources specify the same spec.listener.name and spec.host, one of them will be rejected to prevent conflicts. In the case where spec.host is not specified, it is considered an empty string. - -NGINX Ingress Controller will choose the winner, which will own that listener and host combination. - ---- - -### Choosing the winner - -Consider the following two resources: - -- `tcp-1` TransportServer: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: TransportServer - metadata: - name: tcp-1 - spec: - host: dns.example.com - listener: - name: dns-tcp - protocol: TCP - . . . - ``` - -- `tcp-2` TransportServer: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: TransportServer - metadata: - name: tcp-2 - spec: - host: dns.example.com - listener: - name: dns-tcp - protocol: TCP - . . . - ``` - -If a user creates both resources in the cluster, a listener collision will occur. As a result, NGINX Ingress Controller will pick the winner using the [winner selection algorithm](#winner-selection-algorithm). - -In our example, if `tcp-1` was created first, it will win the listener `dns-tcp` and NGINX Ingress Controller will reject `tcp-2`. This will be reflected in the events and in the resource's status field: - -```shell -kubectl describe ts tcp-2 -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 10s nginx-ingress-controller Listener dns-tcp is taken by another resource -``` - -Similarly, if `tcp-2` was created first, it will win `dns-tcp` and NGINX Ingress Controller will reject `tcp-1`. diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md deleted file mode 100644 index 0cda88373..000000000 --- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ /dev/null @@ -1,226 +0,0 @@ ---- -nd-docs: DOCS-591 -doctypes: -- '' -title: Advanced configuration with Annotations -toc: true -weight: 200 ---- - -This topic explains how to enable advanced features in F5 NGINX Ingress Controller with Annotations. - -The Ingress resource can use basic NGINX features such as host or path-based routing and TLS termination. Advanced features like rewriting the request URI or inserting additional response headers can be enabled with Annotations. - -Outside of advanced features, Annotations are necessary for customizing NGINX behavior such as setting the value of connection timeouts. - -Customization is also available through the [ConfigMap]({{< relref "/configuration/global-configuration/configmap-resource.md" >}}) resources: Annotations take priority. - -## Using Annotations - -This example uses Annotations to customize the configuration for an Ingress resource: - -```yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: cafe-ingress-with-annotations - annotations: - nginx.org/proxy-connect-timeout: "30s" - nginx.org/proxy-read-timeout: "20s" - nginx.org/client-max-body-size: "4m" - nginx.org/server-snippets: | - location / { - return 302 /coffee; - } -spec: - rules: - - host: cafe.example.com - http: - paths: - - path: /tea - pathType: Prefix - backend: - service: - name: tea-svc - port: - number: 80 - - path: /coffee - pathType: Prefix - backend: - service: - name: coffee-svc - port: - number: 80 -``` - -## Validation - -NGINX Ingress Controller validates the annotations of Ingress resources. If an Ingress is invalid, NGINX Ingress Controller will reject it: the Ingress will continue to exist in the cluster, but NGINX Ingress Controller will ignore it. - -You can check if NGINX Ingress Controller successfully applied the configuration for an Ingress resource. For the example `cafe-ingress-with-annotations` Ingress, you can run: - -```shell -kubectl describe ing cafe-ingress-with-annotations -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal AddedOrUpdated 3s nginx-ingress-controller Configuration for default/cafe-ingress-with-annotations was added or updated -``` - -The events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied. - -If you create an invalid Ingress, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create an Ingress `cafe-ingress-with-annotations`, with an annotation `nginx.org/redirect-to-https` set to `yes please` instead of `true`, you will get: - -```shell -kubectl describe ing cafe-ingress-with-annotations -``` -```text -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 13s nginx-ingress-controller annotations.nginx.org/redirect-to-https: Invalid value: "yes please": must be a boolean -``` - -Note how the events section includes a Warning event with the Rejected reason. - -{{< call-out "note" >}} If you make an existing Ingress invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. {{< /call-out >}} - -The `nginx.com/jwt-token` Ingress annotation has limited validation. - -## Summary of Annotations - -The table below summarizes the available annotations. - -{{< call-out "note" >}} Annotations that start with `nginx.com` are only supported with NGINX Plus. {{< /call-out >}} - -### General customization - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/proxy-connect-timeout* | *proxy-connect-timeout* | Sets the value of the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) and [grpc_connect_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_connect_timeout) directive. | *60s* | | -| *nginx.org/proxy-read-timeout* | *proxy-read-timeout* | Sets the value of the [proxy_read_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout) and [grpc_read_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_read_timeout) directive. | *60s* | | -| *nginx.org/proxy-send-timeout* | *proxy-send-timeout* | Sets the value of the [proxy_send_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout) and [grpc_send_timeout](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_send_timeout) directive. | *60s* | | -| *nginx.org/client-max-body-size* | *client-max-body-size* | Sets the value of the [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive. | *1m* | | -| *nginx.org/proxy-buffering* | *proxy-buffering* | Enables or disables [buffering of responses](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) from the proxied server. | *True* | | -| *nginx.org/proxy-buffers* | *proxy-buffers* | Sets the value of the [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directive. | Depends on the platform. | | -| *nginx.org/proxy-buffer-size* | *proxy-buffer-size* | Sets the value of the [proxy_buffer_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) and [grpc_buffer_size](https://nginx.org/en/docs/http/ngx_http_grpc_module.html#grpc_buffer_size) directives. | Depends on the platform. | | -| *nginx.org/proxy-busy-buffers-size* | *proxy-busy-buffers-size* | Sets the value of the [proxy_busy_buffers_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) directive. | Depends on the platform. | | -| *nginx.org/proxy-max-temp-file-size* | *proxy-max-temp-file-size* | Sets the value of the [proxy_max_temp_file_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_max_temp_file_size) directive. | *1024m* | | -| *nginx.org/server-tokens* | *server-tokens* | Enables or disables the [server_tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens) directive. Additionally, with the NGINX Plus, you can specify a custom string value, including the empty string value, which disables the emission of the “Server” field. | *True* | | -| *nginx.org/path-regex* | N/A | Enables regular expression modifiers for Ingress path parameter. This translates to the NGINX [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive. You can specify one of these values: "case_sensitive", "case_insensitive", or "exact". The annotation is applied to the entire Ingress resource and its paths. While using Master and Minion Ingresses i.e. Mergeable Ingresses, this annotation can be specified on Minion types. The `path-regex` annotation specified on Master is ignored, and has no effect on paths defined on Minions. | N/A | [path-regex](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/path-regex) | -{{}} - -### Request URI/Header Manipulation - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/proxy-hide-headers* | *proxy-hide-headers* | Sets the value of one or more [proxy_hide_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directives. Example: ``"nginx.org/proxy-hide-headers": "header-a,header-b"* | N/A | | -| *nginx.org/proxy-pass-headers* | *proxy-pass-headers* | Sets the value of one or more [proxy_pass_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directives. Example: ``"nginx.org/proxy-pass-headers": "header-a,header-b"* | N/A | | -| *nginx.org/rewrites* | N/A | Configures URI rewriting using [proxy_pass](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive. | N/A | [rewrites](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/rewrites) | -|*nginx.org/proxy-set-headers* | N/A | Enables customization of proxy headers and values using the [proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive. Example: ``"nginx.org/proxy-set-headers": "header-a: valueA,header-b: valueB,header-c: valueC"`` | N/A | [Proxy Set Headers](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/proxy-set-headers). | -{{}} - -### Auth and SSL/TLS - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/redirect-to-https* | *redirect-to-https* | Sets the 301 redirect rule based on the value of the ``http_x_forwarded_proto* header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of NGINX Ingress Controller — see [115](https://github.com/nginx/kubernetes-ingress/issues/115) | *False* | | -| *ingress.kubernetes.io/ssl-redirect* | *ssl-redirect* | Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. | *True* | | -| *nginx.org/hsts* | *hsts* | Enables [HTTP Strict Transport Security (HSTS)](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/)\ : the HSTS header is added to the responses from backends. The ``preload* directive is included in the header. | *False* | | -| *nginx.org/hsts-max-age* | *hsts-max-age* | Sets the value of the ``max-age* directive of the HSTS header. | *2592000* (1 month) | | -| *nginx.org/hsts-include-subdomains* | *hsts-include-subdomains* | Adds the ``includeSubDomains* directive to the HSTS header. | *False* | | -| *nginx.org/hsts-behind-proxy* | *hsts-behind-proxy* | Enables HSTS based on the value of the ``http_x_forwarded_proto* request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of NGINX Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the ``nginx.org/redirect-to-https* annotation. | *False* | | -| *nginx.org/basic-auth-secret* | N/A | Specifies a Secret resource with a user list for HTTP Basic authentication. | N/A | | -| *nginx.org/basic-auth-realm* | N/A | Specifies a realm. | N/A | | -| *nginx.com/jwt-key* | N/A | Specifies a Secret resource with keys for validating JSON Web Tokens (JWTs). | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). | -| *nginx.com/jwt-realm* | N/A | Specifies a realm. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). | -| *nginx.com/jwt-token* | N/A | Specifies a variable that contains a JSON Web Token. | By default, a JWT is expected in the ``Authorization* header as a Bearer Token. | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). | -| *nginx.com/jwt-login-url* | N/A | Specifies a URL to which a client is redirected in case of an invalid or missing JWT. | N/A | [Support for JSON Web Tokens (JWTs)](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/jwt). | -{{}} - -### Listeners - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/listen-ports* | N/A | Configures HTTP ports that NGINX will listen on. | *[80]* | | -| *nginx.org/listen-ports-ssl* | N/A | Configures HTTPS ports that NGINX will listen on. | *[443]* | | -{{}} - -### Backend services (Upstreams) - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/lb-method* | *lb-method* | Sets the [load balancing method](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method). To use the round-robin method, specify ``"round_robin"``. | *"random two least_conn"* | | -| *nginx.org/ssl-services* | N/A | Enables HTTPS or gRPC over SSL when connecting to the endpoints of services. | N/A | [ssl-services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/ssl-services) | -| *nginx.org/grpc-services* | N/A | Enables gRPC for services. Note: requires HTTP/2 (see ``http2* ConfigMap key); only works for Ingresses with TLS termination enabled. | N/A | [grpc-services](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/grpc-services) | -| *nginx.org/websocket-services* | N/A | Enables WebSocket for services. | N/A | [websocket](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/websocket) | -| *nginx.org/max-fails* | *max-fails* | Sets the value of the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the ``server* directive. | *1* | | -| *nginx.org/max-conns* | N\A | Sets the value of the [max_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) parameter of the ``server* directive. | *0* | | -| *nginx.org/upstream-zone-size* | *upstream-zone-size* | Sets the size of the shared memory [zone](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#zone) for upstreams. For NGINX, the special value 0 disables the shared memory zones. For NGINX Plus, shared memory zones are required and cannot be disabled. The special value 0 will be ignored. | *256K* | | -| *nginx.org/fail-timeout* | *fail-timeout* | Sets the value of the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the ``server* directive. | *10s* | | -| *nginx.com/sticky-cookie-services* | N/A | Configures session persistence. | N/A | [session-persistence](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/session-persistence) | -| *nginx.org/keepalive* | *keepalive* | Sets the value of the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. Note that ``proxy_set_header Connection "";* is added to the generated configuration when the value > 0. | *0* | | -| *nginx.com/health-checks* | N/A | Enables active health checks. | *False* | [health-checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks) | -| *nginx.com/health-checks-mandatory* | N/A | Configures active health checks as mandatory. | *False* | [health-checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks) | -| *nginx.com/health-checks-mandatory-queue* | N/A | When active health checks are mandatory, creates a queue where incoming requests are temporarily stored while NGINX Plus is checking the health of the endpoints after a configuration reload. | *0* | [health-checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks) | -| *nginx.com/slow-start* | N/A | Sets the upstream server [slow-start period](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#server-slow-start). By default, slow-start is activated after a server becomes [available](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks) or [healthy](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#active-health-checks). To enable slow-start for newly-added servers, configure [mandatory active health checks](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/health-checks). | *"0s"* | | -| *nginx.org/use-cluster-ip* | N/A | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method* and ``next-upstream``) will have no effect, as NGINX Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP. | *False* | | -{{}} - -### Rate limiting - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/limit-req-rate* | N/A | Enables request-rate-limiting for this ingress by creating a [limit_req_zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) and matching [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) for each location. All servers/locations of one ingress share the same zone. Must have unit r/s or r/m. | N/A | 200r/s | -| *nginx.org/limit-req-key* | N/A | The key to which the rate limit is applied. Can contain text, variables, or a combination of them. Variables must be surrounded by ${}. | ${binary_remote_addr} | ${binary_remote_addr} | -| *nginx.org/limit-req-zone-size* | N/A | Configures the size of the created [limit_req_zone](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone). | 10m | 20m | -| *nginx.org/limit-req-delay* | N/A | Configures the delay-parameter of the [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) directive. | 0 | 100 | -| *nginx.org/limit-req-no-delay* | N/A | Configures the nodelay-parameter of the [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) directive. | false | true | -| *nginx.org/limit-req-burst* | N/A | Configures the burst-parameter of the [limit_req](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req) directive. | N/A | 100 | -| *nginx.org/limit-req-dry-run* | N/A | Enables the dry run mode. In this mode, the rate limit is not actually applied, but the number of excessive requests is accounted as usual in the shared memory zone. | false | true | -| *nginx.org/limit-req-log-level* | N/A | Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Allowed values are info, notice, warn or error. | error | info | -| *nginx.org/limit-req-reject-code* | N/A | Sets the status code to return in response to rejected requests. Must fall into the range 400..599. | 429 | 503 | -| *nginx.org/limit-req-scale* | N/A | Enables a constant rate-limit by dividing the configured rate by the number of nginx-ingress pods currently serving traffic. This adjustment ensures that the rate-limit remains consistent, even as the number of nginx-pods fluctuates due to autoscaling. Note: This will not work properly if requests from a client are not evenly distributed accross all ingress pods (sticky sessions, long lived TCP-Connections with many requests etc.). In such cases using [zone-sync]({{< ref "/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) instead would give better results. Enabling `zone-sync` will suppress this setting. | false | true | -{{}} - -### Snippets and custom templates - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *nginx.org/location-snippets* | *location-snippets* | Sets a custom snippet in location context. | N/A | | -| *nginx.org/server-snippets* | *server-snippets* | Sets a custom snippet in server context. | N/A | | -{{}} - -### F5 WAF for NGINX {#app-protect} - -{{< call-out "note" >}} The App Protect annotations only work if the F5 WAF for NGINX module is [installed]({{< relref "installation/integrations/app-protect-waf/installation.md" >}}). {{< /call-out >}} - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *appprotect.f5.com/app-protect-policy* | N/A | The name of the App Protect Policy for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace of the Ingress Resource is used. If not specified but ``appprotect.f5.com/app-protect-enable* is true, a default policy id applied. If the referenced policy resource does not exist, or policy is invalid, this annotation will be ignored, and the default policy will be applied. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) | -| *appprotect.f5.com/app-protect-enable* | N/A | Enable App Protect for the Ingress Resource. | *False* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) | -| *appprotect.f5.com/app-protect-security-log-enable* | N/A | Enable the [security log](/nginx-app-protect/troubleshooting/#app-protect-logging-overview) for App Protect. | *False* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) | -| *appprotect.f5.com/app-protect-security-log* | N/A | The App Protect log configuration for the Ingress Resource. Format is ``namespace/name``. If no namespace is specified, the same namespace as the Ingress Resource is used. If not specified the default is used which is: filter: ``illegal``, format: ``default``. Multiple configurations can be specified in a comma separated list. Both log configurations and destinations list (see below) must be of equal length. Configs and destinations are paired by the list indices. | N/A | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) | -| *appprotect.f5.com/app-protect-security-log-destination* | N/A | The destination of the security log. For more information check the [DESTINATION argument](/nginx-app-protect/troubleshooting/#app-protect-logging-overview). Multiple destinations can be specified in a comma-separated list. Both log configurations and destinations list (see above) must be of equal length. Configs and destinations are paired by the list indices. | *syslog:server=localhost:514* | [app-protect-waf](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-waf) | -{{}} - -### App Protect DoS - -{{< call-out "note" >}} The App Protect DoS annotations only work if the App Protect DoS module is [installed]({{< relref "installation/integrations/app-protect-dos/installation.md" >}}). {{< /call-out >}} - -{{}} -|Annotation | ConfigMap Key | Description | Default | Example | -| ---| ---| ---| ---| --- | -| *appprotectdos.f5.com/app-protect-dos-resource* | N/A | Enable App Protect DoS for the Ingress Resource by specifying a [DosProtectedResource]({{< relref "installation/integrations/app-protect-dos/dos-protected.md" >}}). | N/A | [app-protect-dos](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/app-protect-dos) | -{{}} diff --git a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md b/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md deleted file mode 100644 index fc4d75ace..000000000 --- a/content/includes/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -nd-docs: DOCS-592 -doctypes: -- '' -title: Advanced configuration with Snippets -toc: true -weight: 400 ---- - -Snippets allow you to insert raw NGINX config into different contexts of the NGINX configurations that F5 NGINX Ingress Controller generates. - -Snippets are intended for advanced NGINX users who need more control over the generated NGINX configuration, and can be used in cases where Annotations and ConfigMap entries would not apply. - - - -## Disadvantages of snippets - -Snippets are configured [using Annotations]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md#snippets-and-custom-templates" >}}), but are disabled by default due to their complexity. They are also available through the [ConfigMap]({{< relref "/configuration/global-configuration/configmap-resource.md#snippets-and-custom-templates" >}}) resource. - -To use snippets, set the [`enable-snippets`]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-enable-snippets" >}}) command-line argument. - -Snippets have the following disadvantages: - -- *Complexity*. Snippets require you to: - - Understand NGINX configuration primitives and implement a correct NGINX configuration. - - Understand how NGINX Ingress Controller generates NGINX configuration so that a snippet doesn't interfere with the other features in the configuration. -- *Decreased robustness*. An incorrect snippet can invalidate NGINX configuration, causing reload failures. Until the snippet is fixed, it will prevent any new configuration updates, including updates for the other Ingress resources. -- *Security implications*. Snippets give access to NGINX configuration primitives, which are not validated by NGINX Ingress Controller. For example, a snippet can configure NGINX to serve the TLS certificates and keys used for TLS termination for Ingress resources. - -{{< call-out "note" >}} If the NGINX configuration includes an invalid snippet, NGINX will continue to operate with the last valid configuration. {{< /call-out >}} - -## Using snippets - -The example below shows how to use snippets to customize the NGINX configuration template using annotations. - -```yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: cafe-ingress-with-snippets - annotations: - nginx.org/server-snippets: | - location / { - return 302 /coffee; - } - nginx.org/location-snippets: | - add_header my-test-header test-value; -spec: - rules: - - host: cafe.example.com - http: - paths: - - path: /tea - pathType: Prefix - backend: - service: - name: tea-svc - port: - number: 80 - - path: /coffee - pathType: Prefix - backend: - service: - name: coffee-svc - port: - number: 80 -``` - -These snippets generate the following NGINX configuration: - -{{< call-out "note" >}} The example is shortened for conciseness. {{< /call-out >}} - -```nginx -server { - listen 80; - - - location / { - return 302 /coffee; - } - - - location /coffee { - proxy_http_version 1.1; - - - add_header my-test-header test-value; - ... - proxy_pass http://default-cafe-ingress-with-snippets-cafe.example.com-coffee-svc-80; - } - - location /tea { - proxy_http_version 1.1; - - add_header my-test-header test-value; - ... - proxy_pass http://default-cafe-ingress-with-snippets-cafe.example.com-tea-svc-80; - } -} -``` - -## Troubleshooting - -If a snippet includes an invalid NGINX configuration, NGINX Ingress Controller will fail to reload NGINX. The error will be reported in NGINX Ingress Controller logs and an event with the error will be associated with the Ingress resource: - -An example of an error from the logs: - -```text -[emerg] 31#31: unknown directive "badd_header" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54 -Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"cafe-ingress-with-snippets", UID:"f9656dc9-63a6-41dd-a499-525b0e0309bb", APIVersion:"extensions/v1beta1", ResourceVersion:"2322030", FieldPath:""}): type: 'Warning' reason: 'AddedOrUpdatedWithError' Configuration for default/cafe-ingress-with-snippets was added or updated, but not applied: Error reloading NGINX for default/cafe-ingress-with-snippets: nginx reload failed: Command /usr/sbin/nginx -s reload stdout: "" -stderr: "nginx: [emerg] unknown directive \"badd_header\" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54\n" -finished with error: exit status 1 -``` - -An example of an event with an error (you can view events associated with the Ingress by running `kubectl describe -n nginx-ingress ingress nginx-ingress`): - -```text -Events: -Type Reason Age From Message ----- ------ ---- ---- ------- -Normal AddedOrUpdated 52m (x3 over 61m) nginx-ingress-controller Configuration for default/cafe-ingress-with-snippets was added or updated -finished with error: exit status 1 -Warning AddedOrUpdatedWithError 54s (x2 over 89s) nginx-ingress-controller Configuration for default/cafe-ingress-with-snippets was added or updated, but not applied: Error reloading NGINX for default/cafe-ingress-with-snippets: nginx reload failed: Command /usr/sbin/nginx -s reload stdout: "" -stderr: "nginx: [emerg] unknown directive \"badd_header\" in /etc/nginx/conf.d/default-cafe-ingress-with-snippets.conf:54\n" -finished with error: exit status 1 -``` - -Additionally, to help troubleshoot snippets, a number of Prometheus metrics show the stats about failed reloads – `controller_nginx_last_reload_status` and `controller_nginx_reload_errors_total`. diff --git a/content/includes/nic/configuration/ingress-resources/basic-configuration.md b/content/includes/nic/configuration/ingress-resources/basic-configuration.md deleted file mode 100644 index 3c0869a46..000000000 --- a/content/includes/nic/configuration/ingress-resources/basic-configuration.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Basic configuration -weight: 100 -toc: true -type: reference -product: NIC -nd-docs: DOCS-593 ---- - -This document shows a basic Ingress resource definition for F5 NGINX Ingress Controller. It load balances requests for two services as part of a single application. - -{{< ghcode `https://raw.githubusercontent.com/nginx/kubernetes-ingress/refs/heads/main/examples/ingress-resources/complete-example/cafe-ingress.yaml`>}} - -Here is a breakdown of what this Ingress resource definition means: - -- The `metadata.name` field defines the name of the resource `cafe‑ingress`. -- The `spec.tls` field sets up SSL/TLS termination: - - The `hosts` field applies the certificate and key to the `cafe.example.com` host. - - The `secretName` references a secret resource by its name, `cafe‑secret`. The secret must belong to the same namespace as the Ingress, of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that hold the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls>). If the secret doesn't exist or is invalid, NGINX will break any attempt to establish a TLS connection to the hosts to which the secret is applied. -- The `spec.rules` field defines a host with the domain name `cafe.example.com`. -- The `paths` field defines two path‑based rules: - - The rule with the path `/tea` instructs NGINX to distribute the requests with the `/tea` URI among the pods of the *tea* service, which is deployed with the name `tea‑svc` in the cluster. - - The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. - - Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field). - -To learn more about the Ingress resource, view [the official Kubernetes documentation for Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). - -{{< call-out "note" >}} For complete instructions on deploying Ingress and Secret resources in the cluster, see the [complete example](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/complete-example) in the GitHub repository. {{< /call-out >}} - ---- - -## New features available in Kubernetes 1.18 - -Starting from Kubernetes 1.18, you can use the following new features: - -- The host field supports wildcard domain names, such as `*.example.com`. -- The path supports different matching rules with the new field `pathType`, which takes the following values: `Prefix` for prefix-based matching, `Exact` for exact matching and `ImplementationSpecific`, which is the default type and is the same as `Prefix`. For example: - - ```yaml {hl_lines=[2, 7, 14]} - - path: /tea - pathType: Prefix - backend: - serviceName: tea-svc - servicePort: 80 - - path: /tea/green - pathType: Exact - backend: - service: - name: tea-svc - port: - number: 80 - - path: /coffee - pathType: ImplementationSpecific - backend: - service: - name: coffee-svc - port: - number: 80 - ``` - -- The `ingressClassName` field is now supported: - - ```yaml {hl_lines=[6]} - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: cafe-ingress - spec: - ingressClassName: nginx - tls: - - hosts: - - cafe.example.com - secretName: cafe-secret - rules: - - host: cafe.example.com - . . . - ``` - - When using this field you need to create the `IngressClass` resource with the corresponding `name`. View the [Create common resources]({{< relref "installation/installing-nic/installation-with-manifests.md#create-common-resources" >}}) section of the Installation with Manifests topic for more information. - ---- - -## Restrictions - -NGINX Ingress Controller imposes the following restrictions on Ingress resources: - -- When defining an Ingress resource, the `host` field is required. -- The `host` value needs to be unique among all Ingress and VirtualServer resources unless the Ingress resource is a [mergeable minion]({{< ref "/nic/configuration/ingress-resources/cross-namespace-configuration.md" >}}). View the [Host and Listener collisions]({{< ref "/nic/configuration/host-and-listener-collisions.md" >}}) topic for more information. -- The `path` field in `spec.rules[].http.paths[]` is required for `Exact` and `Prefix` `pathTypes`. -- The ImplementationSpecific `pathType` is treated as equivalent to `Prefix` `pathType`, with the exception that when this `pathType` is configured, the `path` field in `spec.rules[].http.paths[]` is not mandatory. `path` defaults to `/` if not set but the `pathType` is set to ImplementationSpecific. - ---- - -## Advanced configuration - -NGINX Ingress Controller generates NGINX configuration by executing a template file that contains the configuration options. - -These options are set with the Ingress resource and NGINX Ingress Controller's ConfigMap. - -The Ingress resource only allows you to use basic NGINX features: host and path-based routing and TLS termination. - -For advanced configuration, you have two options: - -- [Annotations]({{< ref "/configuration/ingress-resources/advanced-configuration-with-annotations.md" >}}) can be used to rewrite request URIs or inserting additional response headers. -- [Snippets]({{< ref "/configuration/ingress-resources/advanced-configuration-with-snippets" >}}) can be used to insert raw NGINX configuration, changing generated files. - -Additionally, it is possible to customize the template, described in the [Custom templates]({{< relref "/configuration/global-configuration/custom-templates.md" >}}) topic. diff --git a/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md b/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md deleted file mode 100644 index e877c906a..000000000 --- a/content/includes/nic/configuration/ingress-resources/cross-namespace-configuration.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -nd-docs: DOCS-594 -doctypes: -- '' -title: Cross-namespace configuration -toc: true -weight: 500 ---- - -This topic explains how to spread Ingress configuration across different namespaces in F5 NGINX Ingress Controller. - -You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the *same* or *different* namespaces. This enables easier management when using a large number of paths. See the [Mergeable Ingress Resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/mergeable-ingress-types) example in our GitHub repo. - -As an alternative to Mergeable Ingress resources, you can use [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/) for cross-namespace configuration. See the [Cross-Namespace Configuration](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/cross-namespace-configuration) example in our GitHub repo. diff --git a/content/includes/nic/configuration/ingress-resources/custom-annotations.md b/content/includes/nic/configuration/ingress-resources/custom-annotations.md deleted file mode 100644 index 9cd6621de..000000000 --- a/content/includes/nic/configuration/ingress-resources/custom-annotations.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -nd-docs: DOCS-595 -doctypes: -- '' -title: Custom annotations -toc: true -weight: 300 ---- - -This topic explains how you can use custom annotations with F5 NGINX Ingress Controller. - -Custom annotations enable you to quickly extend the Ingress resource to support many advanced features of NGINX, such as rate limiting, caching, etc. - -## Overview - -NGINX Ingress Controller supports a number of annotations for the Ingress resource that fine tune NGINX configuration (for example, connection timeouts) or enable additional features (for example, JWT validation). The complete list of annotations is available [here](/nginx-ingress-controller/configuration/ingress-resources/advanced-configuration-with-annotations). - -The annotations are provided only for the most common features and use cases, meaning that not every NGINX feature or a customization option is available through the annotations. Additionally, even if an annotation is available, it might not give you the satisfactory level of control of a particular NGINX feature. - -Custom annotations allow you to add an annotation for an NGINX feature that is not available as a regular annotation. In contrast with regular annotations, to add a custom annotation, you don't need to modify the Ingress Controller source code -- just modify the template. Additionally, with a custom annotation, you get full control of how the feature is implemented in NGINX configuration. - -## Usage - -The Ingress Controller generates NGINX configuration for Ingress resources by executing a configuration template. See [NGINX template](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx.ingress.tmpl) or [NGINX Plus template](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/internal/configs/version1/nginx-plus.ingress.tmpl). - -To support custom annotations, the template has access to the information about the Ingress resource - its *name*, *namespace* and *annotations*. It is possible to check if a particular annotation present in the Ingress resource and conditionally insert NGINX configuration directives at multiple NGINX contexts - `http`, `server`, `location` or `upstream`. Additionally, you can get the value that is set to the annotation. - -Consider the following excerpt from the template, which was extended to support two custom annotations: - -```jinja2 -# This is the configuration for {{$.Ingress.Name}}/{{$.Ingress.Namespace}} - -{{if index $.Ingress.Annotations "custom.nginx.org/feature-a"}} -# Insert config for feature A if the annotation is set -{{end}} - -{{with $value := index $.Ingress.Annotations "custom.nginx.org/feature-b"}} -# Insert config for feature B if the annotation is set -# Print the value assigned to the annotation: {{$value}} -{{end}} -``` - -Consider the following Ingress resource and note how we set two annotations: - -```yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: example-ingress - namespace: production - annotations: - custom.nginx.org/feature-a: "on" - custom.nginx.org/feature-b: "512" -spec: - rules: - - host: example.com - . . . -``` - -Assuming that the Ingress Controller is using that customized template, it will generate a config for the Ingress resource that will include the following part, generated by our template excerpt: - -```yaml -# This is the configuration for cafe-ingress/default - -# Insert config for feature A if the annotation is set - - - -# Insert config for feature B if the annotation is set -# Print the value assigned to the annotation: 512 -``` - -**Notes**: - -- You can customize the template to insert you custom annotations via [custom templates](/nginx-ingress-controller/configuration/global-configuration/custom-templates). -- The Ingress Controller uses go templates to generate NGINX config. You can read more information about go templates [here](https://golang.org/pkg/text/template/). - -See the examples in the next section that use custom annotations to configure NGINX features. - -### Custom Annotations with Mergeable Ingress Resources - -A Mergeable Ingress resource consists of multiple Ingress resources - one master and one or several minions. Read more about Mergeable Ingress resources [here](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration). - -If you'd like to use custom annotations with Mergeable Ingress resources, please keep the following in mind: - -- Custom annotations can be used in the Master and in Minions. For Minions, you can access them in the template only when processing locations. - - If you access `$.Ingress` anywhere in the Ingress template, you will get the master Ingress resource. To access a Minion Ingress resource, use `$location.MinionIngress`. However, it is only available when processing locations: - - ```jinja2 - {{range $location := $server.Locations}} - location {{$location.Path}} { - {{with $location.MinionIngress}} - # location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}} - {{end}} - } {{end}} - ``` - - **Note**: `$location.MinionIngress` is a pointer. When a regular Ingress resource is processed in the template, the value of the pointer is `nil`. Thus, it is important that you check that `$location.MinionIngress` is not `nil` as in the example above using the `with` action. - -- Minions do not inherent custom annotations of the master. - -### Helper Functions - -Helper functions can be used in the Ingress template to parse the values of custom annotations. - -{{% table %}} -| Function | Input Arguments | Return Arguments | Description | -| ---| ---| ---| --- | -| ``split`` | ``s, sep string`` | ``[]string`` | Splits the string ``s`` into a slice of strings separated by the ``sep``. | -| ``trim`` | ``s string`` | ``string`` | Trims the trailing and leading whitespace from the string ``s``. | -| ``contains`` | ``s, substr string`` | ``bool`` | Tests whether the string ``substr`` is a substring of the string ``s``. | -| ``hasPrefix`` | ``s, prefix string`` | ``bool`` | Tests whether the string ``prefix`` is a prefix of the string ``s``. | -| ``hasSuffix`` | ``s, suffix string`` | ``bool`` | Tests whether the string ``suffix`` is a suffix of the string ``s``. | -| ``toLower`` | ``s string`` | ``bool`` | Converts all letters in the string ``s`` to their lower case. | -| ``toUpper`` | ``s string`` | ``bool`` | Converts all letters in the string ``s`` to their upper case. | -| ``replaceAll`` | ``s, old, new string`` | ``string`` | Replaces all occurrences of ``old`` with ``new`` in the string ``s``. | -{{% /table %}} - -Consider the following custom annotation `custom.nginx.org/allowed-ips`, which expects a comma-separated list of IP addresses: - -```yaml -annotations: - custom.nginx.org/allowed-ips: "192.168.1.3, 10.0.0.13" -``` - - The helper functions can parse the value of the `custom.nginx.org/allowed-ips` annotation, so that in the template you can use each IP address separately. Consider the following template excerpt: - -```jinja2 -{{range $ip := split (index $.Ingress.Annotations "custom.nginx.org/allowed-ips") ","}} - allow {{trim $ip}}; -{{end}} -deny all; -``` - -The template excerpt will generate the following configuration: - -``` -allow 192.168.1.3; -allow 10.0.0.13; -deny all; -``` - -## Example - -See the [custom annotations example](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/ingress-resources/custom-annotations). diff --git a/content/includes/nic/configuration/policy-resource.md b/content/includes/nic/configuration/policy-resource.md deleted file mode 100644 index a6b71118f..000000000 --- a/content/includes/nic/configuration/policy-resource.md +++ /dev/null @@ -1,945 +0,0 @@ ---- -title: Policy resources -weight: 500 -toc: true -type: how-to -product: NIC -nd-docs: DOCS-596 ---- - -The Policy resource allows you to configure features like access control and rate-limiting, which you can add to your [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/). - -The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - -This document is the reference documentation for the Policy resource. An example of a Policy for access control is available in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/access-control). - -## Prerequisites - -Policies work together with [VirtualServer and VirtualServerRoute resources](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/), which you need to create separately. - -## Policy Specification - -Below is an example of a policy that allows access for clients from the subnet `10.0.0.0/8` and denies access for any other clients: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: Policy -metadata: - name: allow-localhost -spec: - accessControl: - allow: - - 10.0.0.0/8 -``` - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``accessControl`` | The access control policy based on the client IP address. | [accessControl](#accesscontrol) | No | -|``ingressClassName`` | Specifies which instance of NGINX Ingress Controller must handle the Policy resource. | ``string`` | No | -|``rateLimit`` | The rate limit policy controls the rate of processing requests per a defined key. | [rateLimit](#ratelimit) | No | -|``apiKey`` | The API Key policy configures NGINX to authorize requests which provide a valid API Key in a specified header or query param. | [apiKey](#apikey) | No | -|``basicAuth`` | The basic auth policy configures NGINX to authenticate client requests using HTTP Basic authentication credentials. | [basicAuth](#basicauth) | No | -|``jwt`` | The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens. | [jwt](#jwt) | No | -|``ingressMTLS`` | The IngressMTLS policy configures client certificate verification. | [ingressMTLS](#ingressmtls) | No | -|``egressMTLS`` | The EgressMTLS policy configures upstreams authentication and certificate verification. | [egressMTLS](#egressmtls) | No | -|``waf`` | The WAF policy configures WAF and log configuration policies for [NGINX AppProtect]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md" >}}) | [WAF](#waf) | No | -{{% /table %}} - -\* A policy must include exactly one policy. - -### AccessControl - -The access control policy configures NGINX to deny or allow requests from clients with the specified IP addresses/subnets. - -For example, the following policy allows access for clients from the subnet `10.0.0.0/8` and denies access for any other clients: - -```yaml -accessControl: - allow: - - 10.0.0.0/8 -``` - -In contrast, the policy below does the opposite: denies access for clients from `10.0.0.0/8` and allows access for any other clients: - -```yaml -accessControl: - deny: - - 10.0.0.0/8 -``` -{{< call-out "note" >}} - -The feature is implemented using the NGINX [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). NGINX Ingress Controller access control policy supports either allow or deny rules, but not both (as the module does). - -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``allow`` | Allows access for the specified networks or addresses. For example, ``192.168.1.1`` or ``10.1.1.0/16``. | ``[]string`` | No | -|``deny`` | Denies access for the specified networks or addresses. For example, ``192.168.1.1`` or ``10.1.1.0/16``. | ``[]string`` | No | \* an accessControl must include either `allow` or `deny`. | -{{% /table %}} - -#### AccessControl Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple access control policies. For example, here we reference two policies, each with configured allow lists: - -```yaml -policies: -- name: allow-policy-one -- name: allow-policy-two -``` - -When you reference more than one access control policy, NGINX Ingress Controller will merge the contents into a single allow list or a single deny list. - -Referencing both allow and deny policies, as shown in the example below, is not supported. If both allow and deny lists are referenced, NGINX Ingress Controller uses just the allow list policies. - -```yaml -policies: -- name: deny-policy -- name: allow-policy-one -- name: allow-policy-two -``` - -### RateLimit - -The rate limit policy configures NGINX to limit the processing rate of requests. - -For example, the following policy will limit all subsequent requests coming from a single IP address once a rate of 10 requests per second is exceeded: - -```yaml -rateLimit: - rate: 10r/s - zoneSize: 10M - key: ${binary_remote_addr} -``` -{{< call-out "note" >}} - -The feature is implemented using the NGINX [ngx_http_limit_req_module](https://nginx.org/en/docs/http/ngx_http_limit_req_module.html). - -{{< /call-out >}} - -{{< call-out "note" >}} - -When the [Zone Sync feature]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) is enabled with NGINX Plus, the rate limiting zone will be synchronized across all replicas in the cluster. This means all replicas are aware of the requests that have been rate limited by other replicas in the cluster. - -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``rate`` | The rate of requests permitted. The rate is specified in requests per second (r/s) or requests per minute (r/m). | ``string`` | Yes | -|``key`` | The key to which the rate limit is applied. Can contain text, variables, or a combination of them. Variables must be surrounded by ``${}``. For example: ``${binary_remote_addr}``. Accepted variables are ``$binary_remote_addr``, ``$request_uri``,``$request_method``, ``$url``, ``$http_``, ``$args``, ``$arg_``, ``$cookie_``, ``$jwt_claim_``. | ``string`` | Yes | -|``zoneSize`` | Size of the shared memory zone. Only positive values are allowed. Allowed suffixes are ``k`` or ``m``, if none are present ``k`` is assumed. | ``string`` | Yes | -|``delay`` | The delay parameter specifies a limit at which excessive requests become delayed. If not set all excessive requests are delayed. | ``int`` | No | -|``noDelay`` | Disables the delaying of excessive requests while requests are being limited. Overrides ``delay`` if both are set. | ``bool`` | No | -|``burst`` | Excessive requests are delayed until their number exceeds the ``burst`` size, in which case the request is terminated with an error. | ``int`` | No | -|``dryRun`` | Enables the dry run mode. In this mode, the rate limit is not actually applied, but the number of excessive requests is accounted as usual in the shared memory zone. | ``bool`` | No | -|``logLevel`` | Sets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Allowed values are ``info``, ``notice``, ``warn`` or ``error``. Default is ``error``. | ``string`` | No | -|``rejectCode`` | Sets the status code to return in response to rejected requests. Must fall into the range ``400..599``. Default is ``503``. | ``int`` | No | -|``scale`` | Enables a constant rate-limit by dividing the configured rate by the number of nginx-ingress pods currently serving traffic. This adjustment ensures that the rate-limit remains consistent, even as the number of nginx-pods fluctuates due to autoscaling. **This will not work properly if requests from a client are not evenly distributed across all ingress pods** (Such as with sticky sessions, long lived TCP Connections with many requests, and so forth). In such cases using [zone-sync]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#zone-sync" >}}) instead would give better results. Enabling `zone-sync` will suppress this setting. | ``bool`` | No | -|``condition`` | Add a condition to a rate-limit policy. | [ratelimit.condition](#ratelimitcondition) | No | -{{% /table %}} - -{{< call-out "note" >}} - -For each policy referenced in a VirtualServer and/or its VirtualServerRoutes, NGINX Ingress Controller will generate a single rate limiting zone defined by the [`limit_req_zone`](http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone) directive. If two VirtualServer resources reference the same policy, NGINX Ingress Controller will generate two different rate limiting zones, one zone per VirtualServer. - -{{< /call-out >}} - -#### RateLimit Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple rate limit policies. For example, here we reference two policies: - -```yaml -policies: -- name: rate-limit-policy-one -- name: rate-limit-policy-two -``` - -When you reference more than one rate limit policy, NGINX Ingress Controller will configure NGINX to use all referenced rate limits. When you define multiple policies, each additional policy inherits the `dryRun`, `logLevel`, and `rejectCode` parameters from the first policy referenced (`rate-limit-policy-one`, in the example above). - -### RateLimit.Condition - -RateLimit.Condition defines a condition for a rate limit policy. For example: - -```yaml -condition: - jwt: - claim: user_details.level - match: premium - default: true -``` - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``jwt`` | defines a JWT condition to rate limit against. | [ratelimit.condition.jwt](#ratelimitconditionjwt) | No | -|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same JWT condition, only one policy can be the default. | ``bool`` | No | -{{% /table %}} - -The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md). - -### RateLimit.Condition.JWT -{{< call-out "note" >}} - -This feature is only available with NGINX Plus. - -{{< /call-out >}} - -RateLimit.Condition.JWT defines a condition for a rate limit by JWT claim. For example, here we define a condition for a rate limit policy that only applies to requests with a JWT claim `user_details.level` with a value `premium`: - -```yaml -jwt: - claim: user_details.level - match: premium -``` - -The rate limit policy will only apply to requests that contain a JWT with the specified claim and value. For example, the following JWT payload will match the JWT condition: - -```json -{ - "user_details": { - "level": "premium" - }, - "sub": "client1" -} -``` - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``claim`` | Claim is the JWT claim to be rate limit by. Nested claims should be separated by ".". | ``string`` | Yes | -|``match`` | the value of the claim to match against. | ``string`` | Yes | -{{% /table %}} - -### APIKey - -The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy. - -{{< call-out "note" >}} - -The feature is implemented using NGINX [ngx_http_auth_request_module](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) and [NGINX JavaScript (NJS)](https://nginx.org/en/docs/njs/). - -{{< /call-out >}} - -The policies' API keys are securely stored using SHA-256 hashing. When a client sends an API Key, it is hashed by NJS and then compared to the hashed API Key in the NGINX config. - -If the hashed keys match, the NGINX JavaScript (NJS) subrequest issues a 204 No Content response to the `auth_request` directive, indicating successful authorization. Conversely, if no API Key is provided in the specified header or query parameter, a 401 Unauthorized response is returned. Similarly, if an invalid key is presented in the expected header or query parameter, a 403 Forbidden response is issued, denying access. - -It is possible to use the [errorPages](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#errorpage) property on a route, to change the default behaviour of 401 or 403 errors. - -At least one header or query param is required. - -The policy below configures NGINX Ingress Controller to require the API Key `password` in the header "my-header". - -```yaml -apiKey: - suppliedIn: - header: - - "my-header" - clientSecret: api-key-secret -``` - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: api-key-secret -type: nginx.org/apikey -data: - client1: cGFzc3dvcmQ= # password -``` - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``suppliedIn`` | `header` or `query`. | | Yes | -|``suppliedIn.header`` | An array of headers that the API Key may appear in. | ``string[]`` | No | -|``suppliedIn.query`` | An array of query params that the API Key may appear in. | ``string[]`` | No | -|``clientSecret`` | The name of the Kubernetes secret that stores the API Key(s). It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/apikey``, and the API Key(s) must be stored in a key: val format where each key is a unique clientID and each value is a unique base64 encoded API Key | ``string`` | Yes | -{{% /table %}} - -{{< call-out "important" >}}An APIKey Policy must include a minimum of one of the `suppliedIn.header` or `suppliedIn.query` parameters. Both can also be supplied.{{< /call-out >}} - -#### APIKey Merging Behavior - -A VirtualServer or VirtualServerRoute can be associated with only one API Key policy per route or subroute. However, it is possible to replace an API Key policy from a higher-level with a different policy defined on a more specific route. - -For example, a VirtualServer can implement different API Key policies at various levels. In the configuration below, the server-wide api-key-policy-server applies to /backend1 for authorization, as it lacks a more specific policy. Meanwhile, /backend2 uses the api-key-policy-route defined at the route level. - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServer -metadata: - name: virtual-server -spec: - host: virtual-server.example.com - policies: - - name: api-key-policy-server - upstreams: - - name: backend2 - service: backend2-svc - port: 80 - - name: backend1 - service: backend1-svc - port: 80 - routes: - - path: /backend1 - action: - pass: backend1 - - path: /backend2 - action: - pass: backend2 - policies: - - name: api-key-policy-route -``` - -### BasicAuth - -The basic auth policy configures NGINX to authenticate client requests using the [HTTP Basic authentication scheme](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication). - -For example, the following policy will reject all requests that do not include a valid username/password combination in the HTTP header `Authentication` - -```yaml -basicAuth: - secret: htpasswd-secret - realm: "My API" -``` -{{< call-out "note" >}} -The feature is implemented using the NGINX [ngx_http_auth_basic_module](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html). -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``secret`` | The name of the Kubernetes secret that stores the Htpasswd configuration. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/htpasswd``, and the config must be stored in the secret under the key ``htpasswd``, otherwise the secret will be rejected as invalid. | ``string`` | Yes | -|``realm`` | The realm for the basic authentication. | ``string`` | No | -{{% /table %}} - -#### BasicAuth Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple basic auth policies. However, only one can be applied. Every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: basic-auth-policy-one -- name: basic-auth-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `basic-auth-policy-one`, and ignores `basic-auth-policy-two`. - -### JWT Using Local Kubernetes Secret - -{{< call-out "note" >}} - -This feature is only available with NGINX Plus. - -{{< /call-out >}} - -The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens. - -The following example policy will reject all requests that do not include a valid JWT in the HTTP header `token`: - -```yaml -jwt: - secret: jwk-secret - realm: "My API" - token: $http_token -``` - -You can pass the JWT claims and JOSE headers to the upstream servers. For example: - -```yaml -action: - proxy: - upstream: webapp - requestHeaders: - set: - - name: user - value: ${jwt_claim_user} - - name: alg - value: ${jwt_header_alg} -``` - -We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of two headers that NGINX will pass to the upstream servers. - -The value of the `${jwt_claim_user}` variable is the `user` claim of a JWT. For other claims, use `${jwt_claim_name}`, where `name` is the name of the claim. Note that nested claims and claims that include a period (`.`) are not supported. Similarly, use `${jwt_header_name}` where `name` is the name of a header. In our example, we use the `alg` header. - -{{< call-out "note" >}} - -This feature is implemented using the NGINX Plus [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html). - -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``secret`` | The name of the Kubernetes secret that stores the JWK. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/jwk``, and the JWK must be stored in the secret under the key ``jwk``, otherwise the secret will be rejected as invalid. | ``string`` | Yes | -|``realm`` | The realm of the JWT. | ``string`` | Yes | -|``token`` | The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the ``Authorization`` header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: ``$cookie_auth_token``. Accepted variables are ``$http_``, ``$arg_``, ``$cookie_``. | ``string`` | No | -{{% /table %}} - -#### JWT Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple JWT policies. However, only one can be applied: every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: jwt-policy-one -- name: jwt-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `jwt-policy-one`, and ignores `jwt-policy-two`. - -### JWT Using JWKS From Remote Location - -{{< call-out "note" >}} - -This feature is only available with NGINX Plus. - -{{< /call-out >}} - -The JWT policy configures NGINX Plus to authenticate client requests using JSON Web Tokens, allowing import of the keys (JWKS) for JWT policy by means of a URL (for a remote server or an identity provider) as a result they don't have to be copied and updated to the IC pod. - -The following example policy will reject all requests that do not include a valid JWT in the HTTP header fetched from the identity provider: - -```yaml -jwt: - realm: MyProductAPI - token: $http_token - jwksURI: - keyCache: 1h -``` - -{{< call-out "note" >}} - -This feature is implemented using the NGINX Plus directive [auth_jwt_key_request](http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_request) under [ngx_http_auth_jwt_module](https://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html). - -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``jwksURI`` | The remote URI where the request will be sent to retrieve JSON Web Key set| ``string`` | Yes | -|``keyCache`` | Enables in-memory caching of JWKS (JSON Web Key Sets) that are obtained from the ``jwksURI`` and sets a valid time for expiration. | ``string`` | Yes | -|``realm`` | The realm of the JWT. | ``string`` | Yes | -|``token`` | The token specifies a variable that contains the JSON Web Token. By default the JWT is passed in the ``Authorization`` header as a Bearer Token. JWT may be also passed as a cookie or a part of a query string, for example: ``$cookie_auth_token``. Accepted variables are ``$http_``, ``$arg_``, ``$cookie_``. | ``string`` | No | -{{% /table %}} - -{{< call-out "note" >}} - -Content caching is enabled by default for each JWT policy with a default time of 12 hours. - -This is done to ensure to improve resiliency by allowing the JWKS (JSON Web Key Set) to be retrieved from the cache even when it has expired. - -{{< /call-out >}} - -#### JWT Merging Behavior - -This behavior is similar to using a local Kubernetes secret where a VirtualServer/VirtualServerRoute can reference multiple JWT policies. However, only one can be applied: every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: jwt-policy-one -- name: jwt-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `jwt-policy-one`, and ignores `jwt-policy-two`. - -### IngressMTLS - -The IngressMTLS policy configures client certificate verification. - -For example, the following policy will verify a client certificate using the CA certificate specified in the `ingress-mtls-secret`: - -```yaml -ingressMTLS: - clientCertSecret: ingress-mtls-secret - verifyClient: "on" - verifyDepth: 1 -``` - -Below is an example of the `ingress-mtls-secret` using the secret type `nginx.org/ca` - -```yaml -kind: Secret -metadata: - name: ingress-mtls-secret -apiVersion: v1 -type: nginx.org/ca -data: - ca.crt: -``` - -A VirtualServer that references an IngressMTLS policy must: - -- Enable [TLS termination](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualservertls). -- Reference the policy in the VirtualServer [`spec`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserver-specification). It is not allowed to reference an IngressMTLS policy in a [`route`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroute) or in a VirtualServerRoute [`subroute`](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#virtualserverroutesubroute). - -If the conditions above are not met, NGINX will send the `500` status code to clients. - -You can pass the client certificate details, including the certificate, to the upstream servers. For example: - -```yaml -action: - proxy: - upstream: webapp - requestHeaders: - set: - - name: client-cert-subj-dn - value: ${ssl_client_s_dn} # subject DN - - name: client-cert - value: ${ssl_client_escaped_cert} # client certificate in the PEM format (urlencoded) -``` - -We use the `requestHeaders` of the [Action.Proxy](/nginx-ingress-controller/configuration/virtualserver-and-virtualserverroute-resources/#actionproxy) to set the values of the two headers that NGINX will pass to the upstream servers. See the [list of embedded variables](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables) that are supported by the `ngx_http_ssl_module`, which you can use to pass the client certificate details. - -{{< call-out "note" >}} - - The feature is implemented using the NGINX [ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html). - - {{< /call-out >}} - -#### Using a Certificate Revocation List - -The IngressMTLS policy supports configuring at CRL for your policy. -This can be done in one of two ways. - -{{< call-out "note" >}} - - Only one of these configurations options can be used at a time. - -{{< /call-out >}} - -1. Adding the `ca.crl` field to the `nginx.org/ca` secret type, which accepts a base64 encoded certificate revocation list (crl). - Example YAML: - -```yaml -kind: Secret -metadata: - name: ingress-mtls-secret -apiVersion: v1 -type: nginx.org/ca -data: - ca.crt: - ca.crl: -``` - -2. Adding the `crlFileName` field to your IngressMTLS policy spec with the name of the CRL file. - -{{< call-out "note" >}} - -This configuration option should only be used when using a CRL that is larger than 1MiB. - -Otherwise we recommend using the `nginx.org/ca` secret type for managing your CRL. - -{{< /call-out >}} - -Example YAML: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: Policy -metadata: - name: ingress-mtls-policy -spec: -ingressMTLS: - clientCertSecret: ingress-mtls-secret - crlFileName: webapp.crl - verifyClient: "on" - verifyDepth: 1 -``` - -**IMPORTANT NOTE** -When configuring a CRL with the `ingressMTLS.crlFileName` field, there is additional context to keep in mind: - -1. NGINX Ingress Controller will expect the CRL, in this case `webapp.crl`, will be in `/etc/nginx/secrets`. A volume mount will need to be added to NGINX Ingress Controller deployment add your CRL to `/etc/nginx/secrets` -2. When updating the content of your CRL (e.g a new certificate has been revoked), NGINX will need to be reloaded to pick up the latest changes. Depending on your environment this may require updating the name of your CRL and applying this update to your `ingress-mtls.yaml` policy to ensure NGINX picks up the latest CRL. - -Please refer to the Kubernetes documentation on [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) to find the best implementation for your environment. - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``clientCertSecret`` | The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/ca``, and the certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid. | ``string`` | Yes | -|``verifyClient`` | Verification for the client. Possible values are ``"on"``, ``"off"``, ``"optional"``, ``"optional_no_ca"``. The default is ``"on"``. | ``string`` | No | -|``verifyDepth`` | Sets the verification depth in the client certificates chain. The default is ``1``. | ``int`` | No | -|``crlFileName`` | The file name of the Certificate Revocation List. NGINX Ingress Controller will look for this file in `/etc/nginx/secrets` | ``string`` | No | -{{% /table %}} - -#### IngressMTLS Merging Behavior - -A VirtualServer can reference only a single IngressMTLS policy. Every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: ingress-mtls-policy-one -- name: ingress-mtls-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `ingress-mtls-policy-one`, and ignores `ingress-mtls-policy-two`. - -### EgressMTLS - -The EgressMTLS policy configures upstreams authentication and certificate verification. - -For example, the following policy will use `egress-mtls-secret` to authenticate with the upstream application and `egress-trusted-ca-secret` to verify the certificate of the application: - -```yaml -egressMTLS: - tlsSecret: egress-mtls-secret - trustedCertSecret: egress-trusted-ca-secret - verifyServer: on - verifyDepth: 2 -``` - -{{< call-out "note" >}} - -The feature is implemented using the NGINX [ngx_http_proxy_module](https://nginx.org/en/docs/http/ngx_http_proxy_module.html). - -{{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``tlsSecret`` | The name of the Kubernetes secret that stores the TLS certificate and key. It must be in the same namespace as the Policy resource. The secret must be of the type ``kubernetes.io/tls``, the certificate must be stored in the secret under the key ``tls.crt``, and the key must be stored under the key ``tls.key``, otherwise the secret will be rejected as invalid. | ``string`` | No | -|``trustedCertSecret`` | The name of the Kubernetes secret that stores the CA certificate. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/ca``, and the certificate must be stored in the secret under the key ``ca.crt``, otherwise the secret will be rejected as invalid. | ``string`` | No | -|``verifyServer`` | Enables verification of the upstream HTTPS server certificate. | ``bool`` | No | -|``verifyDepth`` | Sets the verification depth in the proxied HTTPS server certificates chain. The default is ``1``. | ``int`` | No | -|``sessionReuse`` | Enables reuse of SSL sessions to the upstreams. The default is ``true``. | ``bool`` | No | -|``serverName`` | Enables passing of the server name through ``Server Name Indication`` extension. | ``bool`` | No | -|``sslName`` | Allows overriding the server name used to verify the certificate of the upstream HTTPS server. | ``string`` | No | -|``ciphers`` | Specifies the enabled ciphers for requests to an upstream HTTPS server. The default is ``DEFAULT``. | ``string`` | No | -|``protocols`` | Specifies the protocols for requests to an upstream HTTPS server. The default is ``TLSv1 TLSv1.1 TLSv1.2``. | ``string`` | No | > Note: the value of ``ciphers`` and ``protocols`` is not validated by NGINX Ingress Controller. As a result, NGINX can fail to reload the configuration. To ensure that the configuration for a VirtualServer/VirtualServerRoute that references the policy was successfully applied, check its [status](/nginx-ingress-controller/configuration/global-configuration/reporting-resources-status/#virtualserver-and-virtualserverroute-resources). The validation will be added in the future releases. | -{{% /table %}} - -#### EgressMTLS Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple EgressMTLS policies. However, only one can be applied. Every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: egress-mtls-policy-one -- name: egress-mtls-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `egress-mtls-policy-one`, and ignores `egress-mtls-policy-two`. - -### OIDC - -{{< call-out "tip" >}} - -This feature is disabled by default. To enable it, set the [enable-oidc]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-enable-oidc" >}}) command-line argument of NGINX Ingress Controller. - -{{< /call-out >}} - -The OIDC policy configures NGINX Plus as a relying party for OpenID Connect authentication. - -For example, the following policy will use the client ID `nginx-plus` and the client secret `oidc-secret` to authenticate with the OpenID Connect provider `https://idp.example.com`: - -```yaml -spec: - oidc: - clientID: nginx-plus - clientSecret: oidc-secret - authEndpoint: https://idp.example.com/openid-connect/auth - tokenEndpoint: https://idp.example.com/openid-connect/token - jwksURI: https://idp.example.com/openid-connect/certs - endSessionEndpoint: https://idp.example.com/openid-connect/logout - postLogoutRedirectURI: / - accessTokenEnable: true -``` - -NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP header `username`. - -{{< call-out "note" >}} - -The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as a relying party for OpenID Connect authentication. - -{{< /call-out >}} - -#### Prerequisites - -In order to use OIDC, you need to enable [zone synchronization](https://docs.nginx.com/nginx/admin-guide/high-availability/zone_sync/). If you don't set up zone synchronization, NGINX Plus will fail to reload. -You also need to configure a resolver, which NGINX Plus will use to resolve the IDP authorization endpoint. You can find an example configuration [in our GitHub repository](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/examples/custom-resources/oidc#step-7---configure-nginx-plus-zone-synchronization-and-resolver). - -{{< call-out "warning" >}} - -The configuration in the example doesn't enable TLS and the synchronization between the replica happens in clear text. This could lead to the exposure of tokens. - -{{< /call-out >}} - -#### Limitations - -The OIDC policy defines a few internal locations that can't be customized: `/_jwks_uri`, `/_token`, `/_refresh`, `/_id_token_validation`, `/logout`. In addition, as explained below, `/_codexch` is the default value for redirect URI, and `/_logout` is the default value for post logout redirect URI, both of which can be customized. Specifying one of these locations as a route in the VirtualServer or VirtualServerRoute will result in a collision and NGINX Plus will fail to reload. - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``clientID`` | The client ID provided by your OpenID Connect provider. | ``string`` | Yes | -|``clientSecret`` | The name of the Kubernetes secret that stores the client secret provided by your OpenID Connect provider. It must be in the same namespace as the Policy resource. The secret must be of the type ``nginx.org/oidc``, and the secret under the key ``client-secret``, otherwise the secret will be rejected as invalid. | ``string`` | Yes | -|``authEndpoint`` | URL for the authorization endpoint provided by your OpenID Connect provider. | ``string`` | Yes | -|``authExtraArgs`` | A list of extra URL arguments to pass to the authorization endpoint provided by your OpenID Connect provider. Arguments must be URL encoded, multiple arguments may be included in the list, for example ``[ arg1=value1, arg2=value2 ]`` | ``string[]`` | No | -|``tokenEndpoint`` | URL for the token endpoint provided by your OpenID Connect provider. | ``string`` | Yes | -|``endSessionEndpoint`` | URL provided by your OpenID Connect provider to request the end user be logged out. | ``string`` | No | -|``jwksURI`` | URL for the JSON Web Key Set (JWK) document provided by your OpenID Connect provider. | ``string`` | Yes | -|``scope`` | List of OpenID Connect scopes. The scope ``openid`` always needs to be present and others can be added concatenating them with a ``+`` sign, for example ``openid+profile+email``, ``openid+email+userDefinedScope``. The default is ``openid``. | ``string`` | No | -|``redirectURI`` | Allows overriding the default redirect URI. The default is ``/_codexch``. | ``string`` | No | -|``postLogoutRedirectURI`` | URI to redirect to after the logout has been performed. Requires ``endSessionEndpoint``. The default is ``/_logout``. | ``string`` | No | -|``zoneSyncLeeway`` | Specifies the maximum timeout in milliseconds for synchronizing ID/access tokens and shared values between Ingress Controller pods. The default is ``200``. | ``int`` | No | -|``accessTokenEnable`` | Option of whether Bearer token is used to authorize NGINX to access protected backend. | ``boolean`` | No | -{{% /table %}} - -{{< call-out "note" >}} - -Only one OIDC policy can be referenced in a VirtualServer and its VirtualServerRoutes. However, the same policy can still be applied to different routes in the VirtualServer and VirtualServerRoutes. - -{{< /call-out >}} - -#### OIDC Merging Behavior - -A VirtualServer/VirtualServerRoute can reference only a single OIDC policy. Every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: oidc-policy-one -- name: oidc-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `oidc-policy-one`, and ignores `oidc-policy-two`. - -## Using Policy - -You can use the usual `kubectl` commands to work with Policy resources, just as with built-in Kubernetes resources. - -For example, the following command creates a Policy resource defined in `access-control-policy-allow.yaml` with the name `webapp-policy`: - -```shell -kubectl apply -f access-control-policy-allow.yaml - -policy.k8s.nginx.org/webapp-policy configured -``` - -You can get the resource by running: - -```shell -kubectl get policy webapp-policy - -NAME AGE -webapp-policy 27m -``` - -For `kubectl get` and similar commands, you can also use the short name `pol` instead of `policy`. - -### WAF {#waf} - -{{< call-out "note" >}} The feature is implemented using [F5 WAF for NGINX]({{< ref "/waf/" >}}). {{< /call-out >}} - -The WAF policy configures NGINX Plus to secure client requests using F5 WAF for NGINX policies. - -For example, the following policy will enable the referenced APPolicy. You can configure multiple APLogConfs with log destinations: - -```yaml -waf: - enable: true - apPolicy: "default/dataguard-alarm" - securityLogs: - - enable: true - apLogConf: "default/logconf" - logDest: "syslog:server=syslog-svc.default:514" - - enable: true - apLogConf: "default/logconf" - logDest: "syslog:server=syslog-svc-secondary.default:514" -``` - -{{< call-out "note" >}} The field `waf.securityLog` is deprecated and will be removed in future releases.It will be ignored if `waf.securityLogs` is populated. {{< /call-out >}} - -{{% table %}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables F5 WAF for NGINX. | ``bool`` | Yes | -|``apPolicy`` | The [F5 WAF for NGINX policy]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-policies" >}}) of the WAF. Accepts an optional namespace. Mutually exclusive with ``apBundle``. | ``string`` | No | -|``apBundle`` | The [F5 WAF for NGINX policy bundle]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-bundles" >}}). Mutually exclusive with ``apPolicy``. | ``string`` | No | -|``securityLog.enable`` | Enables security log. | ``bool`` | No | -|``securityLog.apLogConf`` | The [F5 WAF for NGINX log conf]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-logs" >}}) resource. Accepts an optional namespace. Only works with ``apPolicy``. | ``string`` | No | -|``securityLog.apLogBundle`` | The [F5 WAF for NGINX log bundle]({{< ref "/nic/installation/integrations/app-protect-waf/configuration.md#waf-bundles" >}}) resource. Only works with ``apBundle``. | ``string`` | No | -|``securityLog.logDest`` | The log destination for the security log. Only accepted variables are ``syslog:server=:``, ``stderr``, ````. | ``string`` | No | -{{% /table %}} - -#### WAF Merging Behavior - -A VirtualServer/VirtualServerRoute can reference multiple WAF policies. However, only one can be applied. Every subsequent reference will be ignored. For example, here we reference two policies: - -```yaml -policies: -- name: waf-policy-one -- name: waf-policy-two -``` - -In this example NGINX Ingress Controller will use the configuration from the first policy reference `waf-policy-one`, and ignores `waf-policy-two`. - -### Applying Policies - -You can apply policies to both VirtualServer and VirtualServerRoute resources. For example: - -- VirtualServer: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: VirtualServer - metadata: - name: cafe - namespace: cafe - spec: - host: cafe.example.com - tls: - secret: cafe-secret - policies: # spec policies - - name: policy1 - upstreams: - - name: coffee - service: coffee-svc - port: 80 - routes: - - path: /tea - policies: # route policies - - name: policy2 - namespace: cafe - route: tea/tea - - path: /coffee - policies: # route policies - - name: policy3 - namespace: cafe - action: - pass: coffee - ``` - - For VirtualServer, you can apply a policy: - * to all routes (spec policies) - * to a specific route (route policies) - - Route policies of the *same type* override spec policies. In the example above, if the type of the policies `policy-1` and `policy-3` is `accessControl`, then for requests to `cafe.example.com/coffee`, NGINX will apply `policy-3`. - - The overriding is enforced by NGINX: the spec policies are implemented in the `server` context of the config, and the route policies are implemented in the `location` context. As a result, the route policies of the same type win. - -- VirtualServerRoute, which is referenced by the VirtualServer above: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: VirtualServerRoute - metadata: - name: tea - namespace: tea - spec: - host: cafe.example.com - upstreams: - - name: tea - service: tea-svc - port: 80 - subroutes: # subroute policies - - path: /tea - policies: - - name: policy4 - namespace: tea - action: - pass: tea - ``` - - For VirtualServerRoute, you can apply a policy to a subroute (subroute policies). - - Subroute policies of the same type override spec policies. In the example above, if the type of the policies `policy-1` (in the VirtualServer) and `policy-4` is `accessControl`, then for requests to `cafe.example.com/tea`, NGINX will apply `policy-4`. As with the VirtualServer, the overriding is enforced by NGINX. - - Subroute policies always override route policies no matter the types. For example, the policy `policy-2` in the VirtualServer route will be ignored for the subroute `/tea`, because the subroute has its own policies (in our case, only one policy `policy4`). If the subroute didn't have any policies, then the `policy-2` would be applied. This overriding is enforced by NGINX Ingress Controller -- the `location` context for the subroute will either have route policies or subroute policies, but not both. - -### Invalid Policies - -NGINX will treat a policy as invalid if one of the following conditions is met: - -- The policy doesn't pass the [comprehensive validation](#comprehensive-validation). -- The policy isn't present in the cluster. -- The policy doesn't meet its type-specific requirements. For example, an `ingressMTLS` policy requires TLS termination enabled in the VirtualServer. - -For an invalid policy, NGINX returns the 500 status code for client requests with the following rules: - -- If a policy is referenced in a VirtualServer `route` or a VirtualServerRoute `subroute`, then NGINX will return the 500 status code for requests for the URIs of that route/subroute. -- If a policy is referenced in the VirtualServer `spec`, then NGINX will return the 500 status code for requests for all URIs of that VirtualServer. - -If a policy is invalid, the VirtualServer or VirtualServerRoute will have the [status](/nginx-ingress-controller/configuration/global-configuration/reporting-resources-status#virtualserver-and-virtualserverroute-resources) with the state `Warning` and the message explaining why the policy wasn't considered invalid. - -### Validation - -Two types of validation are available for the Policy resource: - -- *Structural validation*, done by `kubectl` and the Kubernetes API server. -- *Comprehensive validation*, done by NGINX Ingress Controller. - -#### Structural Validation - -The custom resource definition for the Policy includes a structural OpenAPI schema, which describes the type of every field of the resource. - -If you try to create (or update) a resource that violates the structural schema -- for example, the resource uses a string value instead of an array of strings in the `allow` field -- `kubectl` and the Kubernetes API server will reject the resource. - -- Example of `kubectl` validation: - - ```shell - kubectl apply -f access-control-policy-allow.yaml - - error: error validating "access-control-policy-allow.yaml": error validating data: ValidationError(Policy.spec.accessControl.allow): invalid type for org.nginx.k8s.v1.Policy.spec.accessControl.allow: got "string", expected "array"; if you choose to ignore these errors, turn validation off with --validate=false - ``` - -- Example of Kubernetes API server validation: - - ```shell - kubectl apply -f access-control-policy-allow.yaml --validate=false - - The Policy "webapp-policy" is invalid: spec.accessControl.allow: Invalid value: "string": spec.accessControl.allow in body must be of type array: "string" - ``` - -If a resource passes structural validation, then NGINX Ingress Controller's comprehensive validation runs. - -#### Comprehensive Validation - -NGINX Ingress Controller validates the fields of a Policy resource. If a resource is invalid, NGINX Ingress Controller will reject it. The resource will continue to exist in the cluster, but NGINX Ingress Controller will ignore it. - -You can use `kubectl` to check whether or not NGINX Ingress Controller successfully applied a Policy configuration. For our example `webapp-policy` Policy, we can run: - -```shell -kubectl describe pol webapp-policy - -. . . -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal AddedOrUpdated 11s nginx-ingress-controller Policy default/webapp-policy was added or updated -``` - -Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied. - -If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a Policy `webapp-policy` with an invalid IP `10.0.0.` in the `allow` field, you will get: - -```shell -kubectl describe policy webapp-policy - -. . . -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 7s nginx-ingress-controller Policy default/webapp-policy is invalid and was rejected: spec.accessControl.allow[0]: Invalid value: "10.0.0.": must be a CIDR or IP -``` - -Note how the events section includes a Warning event with the Rejected reason. - -Additionally, this information is also available in the `status` field of the Policy resource. Note the Status section of the Policy: - -```shell -kubectl describe pol webapp-policy - -. . . -Status: - Message: Policy default/webapp-policy is invalid and was rejected: spec.accessControl.allow[0]: Invalid value: "10.0.0.": must be a CIDR or IP - Reason: Rejected - State: Invalid -``` - -**Note**: If you make an existing resource invalid, NGINX Ingress Controller will reject it. diff --git a/content/includes/nic/configuration/security.md b/content/includes/nic/configuration/security.md deleted file mode 100644 index 12c030627..000000000 --- a/content/includes/nic/configuration/security.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -nd-docs: DOCS-597 -doctypes: -- '' -title: Security recommendations -toc: true -weight: 300 ---- - -F5 NGINX Ingress Controller follows Kubernetes best practices: this page outlines configuration specific to NGINX Ingress Controller you may require, including links to examples in the [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples). - -For general guidance, we recommend the official Kubernetes documentation for [Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/). - -## Kubernetes recommendations - -### RBAC and Service Accounts - -Kubernetes uses [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) to control the resources and operations available to different types of users. - -NGINX Ingress Controller requires RBAC to configure a [ServiceUser](https://kubernetes.io/docs/concepts/security/service-accounts/#default-service-accounts), and provides least privilege access in its standard deployment configurations: - -- [Helm](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/deployments/rbac/rbac.yaml) -- [Manifests](https://github.com/nginx/kubernetes-ingress/blob/v{{< nic-version >}}/deployments/rbac/rbac.yaml) - -By default, the ServiceAccount has access to all Secret resources in the cluster. - -### Secrets - -[Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) are required by NGINX Ingress Controller for certificates and privacy keys, which Kubernetes stores unencrypted by default. We recommend following the [Kubernetes documentation](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) to store these Secrets using at-rest encryption. - - -## NGINX Ingress Controller recommendations - -### Configure root filesystem as read-only - -{{< call-out "caution" >}} - This feature is compatible with [F5 WAF for NGINXv5](https://docs.nginx.com/nginx-app-protect-waf/v5/). It is not compatible with [F5 WAF for NGINXv4](https://docs.nginx.com/nginx-app-protect-waf/v4/) or [F5 DoS for NGINX](https://docs.nginx.com/nginx-app-protect-dos/). -{{< /call-out >}} - -NGINX Ingress Controller is designed to be resilient against attacks in various ways, such as running the service as non-root to avoid changes to files. We recommend setting filesystems on all containers to read-only, this includes `nginx-ingress-controller`, though also includes `waf-enforcer` and `waf-config-mgr` when F5 WAF for NGINXv5 is in use. This is so that the attack surface is further reduced by limiting changes to binaries and libraries. - -This is not enabled by default, but can be enabled with **Helm** using the [**readOnlyRootFilesystem**]({{< relref "installation/installing-nic/installation-with-helm.md#configuration" >}}) argument in security contexts on all containers: `nginx-ingress-controller`, `waf_enforcer` and `waf_config_mgr`. - -For **Manifests**, uncomment the following sections of the deployment and add sections for `waf-enforcer` and `waf-config-mgr` containers: - -- `readOnlyRootFilesystem: true` -- The entire **volumeMounts** section -- The entire **initContainers** section - -The block below shows the code you will look for: - -```yaml -# volumes: -# - name: nginx-etc -# emptyDir: {} -# - name: nginx-cache # do not set this value in statefulset if volumeclaimtemplate is set -# emptyDir: {} # do not set this value in statefulset if volumeclaimtemplate is set -# - name: nginx-lib -# emptyDir: {} -# - name: nginx-lib-state -# emptyDir: {} -# - name: nginx-log -# emptyDir: {} -. -. -. -# readOnlyRootFilesystem: true -. -. -. -# volumeMounts: -# - mountPath: /etc/nginx -# name: nginx-etc -# - mountPath: /var/cache/nginx -# name: nginx-cache -# - mountPath: /var/lib/nginx -# name: nginx-lib -# - mountPath: /var/lib/nginx/state -# name: nginx-lib-state -# - mountPath: /var/log/nginx -# name: nginx-log -``` - -- Add **waf-enforcer** and **waf-config-mgr** container sections -- Add `readOnlyFilesystem: true` in both containers security context sections - -### Prometheus - -If Prometheus metrics are [enabled]({{< relref "/logging-and-monitoring/prometheus.md" >}}), we recommend [using HTTPS]({{< ref "/nic/configuration/global-configuration/command-line-arguments.md#cmdoption-prometheus-tls-secret" >}}). - -### Snippets - -Snippets allow raw NGINX configuration to be inserted into resources. They are intended for advanced NGINX users and could create vulnerabilities in a cluster if misused. - -Snippets are disabled by default. To use snippets, set the [**enable-snippets**]({{< relref"configuration/global-configuration/command-line-arguments.md#cmdoption-enable-snippets" >}}) command-line argument. - -{{< call-out "caution" >}} - Snippets are **always** enabled for ConfigMap. -{{< /call-out >}} - -For more information, read the following: - -- [Advanced configuration using Snippets]({{< relref "/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) -- [Using Snippets with VirtualServer/VirtualServerRoute]({{< ref "/nic/configuration/virtualserver-and-virtualserverroute-resources.md#using-snippets" >}}) -- [Using Snippets with TransportServer]({{< relref "/configuration/transportserver-resource.md#using-snippets" >}}) -- [ConfigMap snippets and custom templates]({{< ref "/nic/configuration/global-configuration/configmap-resource.md#snippets-and-custom-templates" >}}) diff --git a/content/includes/nic/configuration/transportserver-resource.md b/content/includes/nic/configuration/transportserver-resource.md deleted file mode 100644 index 23f287c02..000000000 --- a/content/includes/nic/configuration/transportserver-resource.md +++ /dev/null @@ -1,416 +0,0 @@ ---- -title: TransportServer resources -toc: true -weight: 600 -nd-docs: DOCS-598 ---- - -This document is reference material for the TransportServer resource used by F5 NGINX Ingress Controller. - -The TransportServer resource allows you to configure TCP, UDP, and TLS Passthrough load balancing. The resource is implemented as a [Custom Resource](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - -The GitHub repository has [examples of the resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources) for specific use cases. - -## Prerequisites - -- For TCP and UDP, the TransportServer resource must be used in conjunction with the [GlobalConfiguration resource]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}), which must be created separately. -- For TLS Passthrough, make sure to enable the [`-enable-tls-passthrough`]({{< ref "/nic/configuration/global-configuration/command-line-arguments#cmdoption-enable-tls-passthrough.md" >}}) command-line argument of NGINX Ingress Controller. - -## TransportServer Specification - -The TransportServer resource defines load balancing configuration for TCP, UDP, or TLS Passthrough traffic. Below are a few examples: - -- TCP load balancing: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: TransportServer - metadata: - name: dns-tcp - spec: - host: dns.example.com - listener: - name: dns-tcp - protocol: TCP - tls: - secret: cafe-secret - upstreams: - - name: dns-app - service: dns-service - port: 5353 - action: - pass: dns-app - ``` - -- UDP load balancing: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: TransportServer - metadata: - name: dns-udp - spec: - listener: - name: dns-udp - protocol: UDP - upstreams: - - name: dns-app - service: dns-service - port: 5353 - upstreamParameters: - udpRequests: 1 - udpResponses: 1 - action: - pass: dns-app - ``` - -- TLS passthrough load balancing: - - ```yaml - apiVersion: k8s.nginx.org/v1 - kind: TransportServer - metadata: - name: secure-app - spec: - listener: - name: tls-passthrough - protocol: TLS_PASSTHROUGH - host: app.example.com - upstreams: - - name: secure-app - service: secure-app - port: 8443 - action: - pass: secure-app - ``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``listener`` | The listener on NGINX that will accept incoming connections/datagrams. | [listener](#listener) | Yes | -|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. Wildcard domains like ``*.example.com`` are not allowed. When specified, NGINX will use this host for SNI-based routing. For TLS Passthrough, this field is required. For TCP with TLS termination, specifying the host enables SNI routing and requires specifying a TLS secret.| ``string`` | No | -|``tls`` | The TLS termination configuration. Not supported for TLS Passthrough load balancing. | [tls](#tls) | No | -|``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | Yes | -|``upstreamParameters`` | The upstream parameters. | [upstreamParameters](#upstreamparameters) | No | -|``action`` | The action to perform for a client connection/datagram. | [action](#action) | Yes | -|``ingressClassName`` | Specifies which Ingress Controller must handle the TransportServer resource. | ``string`` | No | -|``streamSnippets`` | Sets a custom snippet in the ``stream`` context. | ``string`` | No | -|``serverSnippets`` | Sets a custom snippet in the ``server`` context. | ``string`` | No | -{{}} - -\* -- Required for TLS Passthrough load balancing. - -### Listener - -The listener field references a listener that NGINX will use to accept incoming traffic for the TransportServer. For TCP and UDP, the listener must be defined in the [GlobalConfiguration resource]({{< ref "/nic/configuration/global-configuration/globalconfiguration-resource.md" >}}). When referencing a listener, both the name and the protocol must match. For TLS Passthrough, use the built-in listener with the name `tls-passthrough` and the protocol `TLS_PASSTHROUGH`. - -The combination of ``spec.listener.name`` and ``spec.host`` must be unique among all TransportServers. If two TransportServers specify the same combination of ``spec.listener.name`` and ``spec.host``, one of them will be rejected to prevent conflicts. In the case where no host is specified, it is considered an empty string. - -An example: - -```yaml -listener: - name: dns-udp - protocol: UDP -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the listener. | ``string`` | Yes | -|``protocol`` | The protocol of the listener. | ``string`` | Yes | -{{}} - -### TLS - -The tls field defines TLS configuration for a TransportServer. When using TLS termination (not TLS Passthrough), you can specify the host field to enable SNI-based routing, allowing multiple applications to share the same listener port and be distinguished by the TLS SNI hostname. Each application can use its own TLS certificate and key specified via the secret field. - -```yaml -secret: cafe-secret -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the TransportServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). | ``string`` | No | -{{}} - -### Upstream - -The upstream defines a destination for the TransportServer. For example: - -```yaml -name: secure-app -service: secure-app -port: 8443 -maxFails: 3 -maxConns: 100 -failTimeout: 30s -loadBalancingMethod: least_conn -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes | -|``service`` | The name of a [service](https://kubernetes.io/docs/concepts/services-networking/service/). The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and close client connections/ignore datagrams. | ``string`` | Yes | -|``port`` | The port of the service. If the service doesn't define that port, NGINX will assume the service has zero endpoints and close client connections/ignore datagrams. The port must fall into the range ``1..65535``. | ``int`` | Yes | -|``maxFails`` | Sets the [number](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_fails) of unsuccessful attempts to communicate with the server that should happen in the duration set by the failTimeout parameter to consider the server unavailable. The default ``1``. | ``int`` | No | -|``maxConns`` | Sets the [number](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#max_conns) of maximum connections to the proxied server. Default value is zero, meaning there is no limit. The default is ``0``. | ``int`` | No | -|``failTimeout`` | Sets the [time](https://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#fail_timeout) during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable and the period of time the server will be considered unavailable. The default is ``10s``. | ``string`` | No | -|``healthCheck`` | The health check configuration for the Upstream. See the [health_check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check) directive. Note: this feature is supported only in NGINX Plus. | [healthcheck](#upstreamhealthcheck) | No | -|``loadBalancingMethod`` | The method used to load balance the upstream servers. By default, connections are distributed between the servers using a weighted round-robin balancing method. See the [upstream](http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html#upstream) section for available methods and their details. | ``string`` | No | -|``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No | -|``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No | -{{}} - -### Upstream.Healthcheck - -The Healthcheck defines an [active health check](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html?#health_check). In the example below we enable a health check for an upstream and configure all the available parameters: - -```yaml -name: secure-app -service: secure-app -port: 8443 -healthCheck: - enable: true - interval: 20s - timeout: 30s - jitter: 3s - fails: 5 - passes: 5 - port: 8080 -``` - -{{< call-out "note" >}} This feature is only supported with NGINX Plus. {{< /call-out >}} - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No | -|``interval`` | The interval between two consecutive health checks. The default is ``5s``. | ``string`` | No | -|``timeout`` | This overrides the timeout set by [proxy_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) which is set in `SessionParameters` for health checks. The default value is ``5s``. | ``string`` | No | -|``jitter`` | The time within which each health check will be randomly delayed. By default, there is no delay. | ``string`` | No | -|``fails`` | The number of consecutive failed health checks of a particular upstream server after which this server will be considered unhealthy. The default is ``1``. | ``integer`` | No | -|``passes`` | The number of consecutive passed health checks of a particular upstream server after which the server will be considered healthy. The default is ``1``. | ``integer`` | No | -|``port`` | The port used for health check requests. By default, the [server port is used](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#health_check_port). Note: in contrast with the port of the upstream, this port is not a service port, but a port of a pod. | ``integer`` | No | -|``match`` | Controls the data to send and the response to expect for the healthcheck. | [match](#upstreamhealthcheckmatch) | No | -{{}} - -### Upstream.Healthcheck.Match - -The match controls the data to send and the response to expect for the healthcheck: - -```yaml -match: - send: 'GET / HTTP/1.0\r\nHost: localhost\r\n\r\n' - expect: "~200 OK" -``` - -Both `send` and `expect` fields can contain hexadecimal literals with the prefix `\x` followed by two hex digits, for example, `\x80`. - -See the [match](https://nginx.org/en/docs/stream/ngx_stream_upstream_hc_module.html#match) directive for details. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``send`` | A string to send to an upstream server. | ``string`` | No | -|``expect`` | A literal string or a regular expression that the data obtained from the server should match. The regular expression is specified with the preceding ``~*`` modifier (for case-insensitive matching), or the ``~`` modifier (for case-sensitive matching). NGINX Ingress Controller validates a regular expression using the RE2 syntax. | ``string`` | No | -{{}} - -### UpstreamParameters - -The upstream parameters define various parameters for the upstreams: - -```yaml -upstreamParameters: - udpRequests: 1 - udpResponses: 1 - connectTimeout: 60s - nextUpstream: true - nextUpstreamTimeout: 50s - nextUpstreamTries: 1 -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``udpRequests`` | The number of datagrams, after receiving which, the next datagram from the same client starts a new session. See the [proxy_requests](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_requests) directive. The default is ``0``. | ``int`` | No | -|``udpResponses`` | The number of datagrams expected from the proxied server in response to a client datagram. See the [proxy_responses](https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_responses) directive. By default, the number of datagrams is not limited. | ``int`` | No | -|``connectTimeout`` | The timeout for establishing a connection with a proxied server. See the [proxy_connect_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_connect_timeout) directive. The default is ``60s``. | ``string`` | No | -|``nextUpstream`` | If a connection to the proxied server cannot be established, determines whether a client connection will be passed to the next server. See the [proxy_next_upstream](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream) directive. The default is ``true``. | bool | No | -|``nextUpstreamTries`` | The number of tries for passing a connection to the next server. See the [proxy_next_upstream_tries](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_tries) directive. The default is ``0``. | ``int`` | No | -|``nextUpstreamTimeout`` | The time allowed to pass a connection to the next server. See the [proxy_next_upstream_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_next_upstream_timeout) directive. The default us ``0``. | ``string`` | No | -{{}} - -### SessionParameters - -The session parameters define various parameters for TCP connections and UDP sessions. - -```yaml -sessionParameters: - timeout: 50s -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``timeout`` | The timeout between two successive read or write operations on client or proxied server connections. See [proxy_timeout](http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout) directive. The default is ``10m``. | ``string`` | No | -{{}} - -### Action - -The action defines an action to perform for a client connection/datagram. - -In the example below, client connections/datagrams are passed to an upstream `dns-app`: - -```yaml -action: - pass: dns-app -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``pass`` | Passes connections/datagrams to an upstream. The upstream with that name must be defined in the resource. | ``string`` | Yes | -{{}} - -## Using TransportServer - -You can use the usual `kubectl` commands to work with TransportServer resources, similar to Ingress resources. - -For example, the following command creates a TransportServer resource defined in `transport-server-passthrough.yaml` with the name `secure-app`: - -```shell -kubectl apply -f transport-server-passthrough.yaml -``` -```text -transportserver.k8s.nginx.org/secure-app created -``` - -You can get the resource by running: - -```shell -kubectl get transportserver secure-app -``` -```text -NAME AGE -secure-app 46sm -``` - -In the kubectl get and similar commands, you can also use the short name `ts` instead of `transportserver`. - -### Using Snippets - -Snippets allow you to insert raw NGINX config into different contexts of NGINX configuration. In the example below, we use snippets to configure [access control](http://nginx.org/en/docs/stream/ngx_stream_access_module.html) in a TransportServer: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: TransportServer -metadata: - name: cafe -spec: - host: cafe.example.com - serverSnippets: | - deny 192.168.1.1; - allow 192.168.1.0/24; - upstreams: - - name: tea - service: tea-svc - port: 80 -``` - -Snippets can also be specified for a stream. In the example below, we use snippets to [limit the number of connections](https://nginx.org/en/docs/stream/ngx_stream_limit_conn_module.html): - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: TransportServer -metadata: - name: cafe -spec: - host: cafe.example.com - streamSnippets: limit_conn_zone $binary_remote_addr zone=addr:10m; - serverSnippets: limit_conn addr 1; - upstreams: - - name: tea - service: tea-svc - port: 80 -``` - -{{< call-out "note" >}} To configure snippets in the `stream` context, use `stream-snippets` ConfigMap key. {{< /call-out >}} - -For additional information, view the [Advanced configuration with Snippets]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) topic. - -### Validation - -Two types of validation are available for the TransportServer resource: - -- *Structural validation* by the `kubectl` and Kubernetes API server. -- *Comprehensive validation* by NGINX Ingress Controller. - -#### Structural Validation - -The custom resource definition for the TransportServer includes structural OpenAPI schema which describes the type of every field of the resource. - -If you try to create (or update) a resource that violates the structural schema (for example, you use a string value for the port field of an upstream), `kubectl` and Kubernetes API server will reject such a resource: - -- Example of `kubectl` validation: - - ```shell - kubectl apply -f transport-server-passthrough.yaml - ``` - ```text - error: error validating "transport-server-passthrough.yaml": error validating data: ValidationError(TransportServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.TransportServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false - ``` - -- Example of Kubernetes API server validation: - - ```shell - kubectl apply -f transport-server-passthrough.yaml --validate=false - ``` - ```text - The TransportServer "secure-app" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list: - spec.upstreams.port in body must be of type integer: "string" - ``` - -If a resource is not rejected (it doesn't violate the structural schema), NGINX Ingress Controller will validate it further. - -#### Comprehensive Validation - -NGINX Ingress Controller validates the fields of a TransportServer resource. If a resource is invalid, NGINX Ingress Controller will reject it: the resource will continue to exist in the cluster, but NGINX Ingress Controller will ignore it. - -You can check if NGINX Ingress Controller successfully applied the configuration for a TransportServer. For our example `secure-app` TransportServer, we can run: - -```shell -kubectl describe ts secure-app -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal AddedOrUpdated 3s nginx-ingress-controller Configuration for default/secure-app was added or updated -``` - -Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied. - -If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a TransportServer `secure-app` with a pass action that references a non-existing upstream, you will get : - -```shell -kubectl describe ts secure-app -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 2s nginx-ingress-controller TransportServer default/secure-app is invalid and was rejected: spec.action.pass: Not found: "some-app" -``` - -Note how the events section includes a Warning event with the Rejected reason. - -**Note**: If you make an existing resource invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. - -## Customization via ConfigMap - -The [ConfigMap]({{< ref "/nic/configuration/global-configuration/configmap-resource.md" >}}) keys (except for `stream-snippets`, `stream-log-format`, `resolver-addresses`, `resolver-ipv6`, `resolver-valid` and `resolver-timeout`) do not affect TransportServer resources. diff --git a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md deleted file mode 100644 index 0bfc1f97e..000000000 --- a/content/includes/nic/configuration/virtualserver-and-virtualserverroute-resources.md +++ /dev/null @@ -1,1102 +0,0 @@ ---- -title: VirtualServer and VirtualServerRoute resources -toc: true -weight: 700 -nd-docs: DOCS-599 ---- - -This document is reference material for the VirtualServer and VirtualServerRoute resources used by F5 NGINX Ingress Controller. - -VirtualServer and VirtualServerRoute resources are load balancing configurations recommended as an alternative to the Ingress resource. - -They enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing. The resources are implemented as [Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). - -The GitHub repository has [examples of the resources](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources) for specific use cases. - ---- - -## VirtualServer specification - -The VirtualServer resource defines load balancing configuration for a domain name, such as `example.com`. Below is an example of such configuration: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServer -metadata: - name: cafe -spec: - host: cafe.example.com - listener: - http: http-8083 - https: https-8443 - tls: - secret: cafe-secret - gunzip: on - upstreams: - - name: tea - service: tea-svc - port: 80 - - name: coffee - service: coffee-svc - port: 80 - routes: - - path: /tea - action: - pass: tea - - path: /coffee - action: - pass: coffee - - path: ~ ^/decaf/.*\\.jpg$ - action: - pass: coffee - - path: = /green/tea - action: - pass: tea -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes. The ``host`` value needs to be unique among all Ingress and VirtualServer resources. See also [Handling Host and Listener Collisions](/nginx-ingress-controller/configuration/host-and-listener-collisions). | ``string`` | Yes | -|``listener`` | Sets a custom HTTP and/or HTTPS listener. Valid fields are `listener.http` and `listener.https`. Each field must reference the name of a valid listener defined in a GlobalConfiguration resource | [listener](#virtualserverlistener) | No | -|``tls`` | The TLS termination configuration. | [tls](#virtualservertls) | No | -|``gunzip`` | Enables or disables [decompression](https://docs.nginx.com/nginx/admin-guide/web-server/compression/) of gzipped responses for clients. Allowed values “on”/“off”, “true”/“false” or “yes”/“no”. If the ``gunzip`` value is not set, it defaults to ``off``. | ``boolean`` | No | -|``externalDNS`` | The externalDNS configuration for a VirtualServer. | [externalDNS](#virtualserverexternaldns) | No | -|``dos`` | A reference to a DosProtectedResource, setting this enables DOS protection of the VirtualServer. | ``string`` | No | -|``policies`` | A list of policies. | [[]policy](#virtualserverpolicy) | No | -|``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | No | -|``routes`` | A list of routes. | [[]route](#virtualserverroute) | No | -|``ingressClassName`` | Specifies which Ingress Controller must handle the VirtualServer resource. | ``string`` | No | -|``internalRoute`` | Specifies if the VirtualServer resource is an internal route or not. | ``boolean`` | No | -|``http-snippets`` | Sets a custom snippet in the http context. | ``string`` | No | -|``server-snippets`` | Sets a custom snippet in server context. Overrides the ``server-snippets`` ConfigMap key. | ``string`` | No | -{{}} - -### VirtualServer.TLS - -The tls field defines TLS configuration for a VirtualServer. For example: - -```yaml -secret: cafe-secret -redirect: - enable: true -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``secret`` | The name of a secret with a TLS certificate and key. The secret must belong to the same namespace as the VirtualServer. The secret must be of the type ``kubernetes.io/tls`` and contain keys named ``tls.crt`` and ``tls.key`` that contain the certificate and private key as described [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). If the secret doesn't exist or is invalid, NGINX will break any attempt to establish a TLS connection to the host of the VirtualServer. If the secret is not specified but [wildcard TLS secret](/nginx-ingress-controller/configuration/global-configuration/command-line-arguments#cmdoption-wildcard-tls-secret) is configured, NGINX will use the wildcard secret for TLS termination. | ``string`` | No | -|``redirect`` | The redirect configuration of the TLS for a VirtualServer. | [tls.redirect](#virtualservertlsredirect) | No | ### VirtualServer.TLS.Redirect | -|``cert-manager`` | The cert-manager configuration of the TLS for a VirtualServer. | [tls.cert-manager](#virtualservertlscertmanager) | No | ### VirtualServer.TLS.CertManager | -{{}} - -### VirtualServer.TLS.Redirect - -The redirect field configures a TLS redirect for a VirtualServer: - -```yaml -enable: true -code: 301 -basedOn: scheme -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables a TLS redirect for a VirtualServer. The default is ``False``. | ``boolean`` | No | -|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No | -|``basedOn`` | The attribute of a request that NGINX will evaluate to send a redirect. The allowed values are ``scheme`` (the scheme of the request) or ``x-forwarded-proto`` (the ``X-Forwarded-Proto`` header of the request). The default is ``scheme``. | ``string`` | No | ### VirtualServer.Policy | -{{}} - -### VirtualServer.TLS.CertManager - -The cert-manager field configures x509 automated Certificate management for VirtualServer resources using cert-manager (cert-manager.io). Please see the [cert-manager configuration documentation](https://cert-manager.io/docs/configuration/) for more information on deploying and configuring Issuers. Example: - -```yaml -cert-manager: - cluster-issuer: "my-issuer-name" -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``issuer`` | the name of an Issuer. An Issuer is a cert-manager resource which describes the certificate authority capable of signing certificates. The Issuer must be in the same namespace as the VirtualServer resource. Please note that one of `issuer` and `cluster-issuer` are required, but they are mutually exclusive - one and only one must be defined. | ``string`` | No | -|``cluster-issuer`` | the name of a ClusterIssuer. A ClusterIssuer is a cert-manager resource which describes the certificate authority capable of signing certificates. It does not matter which namespace your VirtualServer resides, as ClusterIssuers are non-namespaced resources. Please note that one of `issuer` and `cluster-issuer` are required, but they are mutually exclusive - one and only one must be defined. | ``string`` | No | -|``issuer-kind`` | The kind of the external issuer resource, for example AWSPCAIssuer. This is only necessary for out-of-tree issuers. This cannot be defined if `cluster-issuer` is also defined. | ``string`` | No | -|``issuer-group`` | The API group of the external issuer controller, for example awspca.cert-manager.io. This is only necessary for out-of-tree issuers. This cannot be defined if `cluster-issuer` is also defined. | ``string`` | No | -|``common-name`` | This field allows you to configure spec.commonName for the Certificate to be generated. This configuration adds a CN to the x509 certificate. | ``string`` | No | -|``duration`` | This field allows you to configure spec.duration field for the Certificate to be generated. Must be specified using a [Go time.Duration](https://pkg.go.dev/time#ParseDuration) string format, which does not allow the d (days) suffix. You must specify these values using s, m, and h suffixes instead. | ``string`` | No | -|``renew-before`` | this annotation allows you to configure spec.renewBefore field for the Certificate to be generated. Must be specified using a [Go time.Duration](https://pkg.go.dev/time#ParseDuration) string format, which does not allow the d (days) suffix. You must specify these values using s, m, and h suffixes instead. | ``string`` | No | -|``usages`` | This field allows you to configure spec.usages field for the Certificate to be generated. Pass a string with comma-separated values i.e. ``key agreement,digital signature, server auth``. An exhaustive list of supported key usages can be found in the [the cert-manager api documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage). | ``string`` | No | -|``issue-temp-cert`` | When ``true``, ask cert-manager for a [temporary self-signed certificate](https://cert-manager.io/docs/usage/certificate/#temporary-certificates-while-issuing) pending the issuance of the Certificate. This allows HTTPS-only servers to use ACME HTTP01 challenges when the TLS secret does not exist yet. | ``boolean`` | No | -{{}} - -### VirtualServer.Listener -The listener field defines a custom HTTP and/or HTTPS listener. -The respective listeners used must reference the name of a listener defined using a [GlobalConfiguration](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/) resource. -For example: -```yaml -http: http-8083 -https: https-8443 -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``http`` | The name of am HTTP listener defined in a [GlobalConfiguration](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/) resource. | ``string`` | No | -|``https`` | The name of an HTTPS listener defined in a [GlobalConfiguration](/nginx-ingress-controller/configuration/global-configuration/globalconfiguration-resource/) resource. | ``string`` | No | -{{}} - -### VirtualServer.ExternalDNS - -The externalDNS field configures controlling DNS records dynamically for VirtualServer resources using [ExternalDNS](https://github.com/kubernetes-sigs/external-dns). Please see the [ExternalDNS configuration documentation](https://kubernetes-sigs.github.io/external-dns/) for more information on deploying and configuring ExternalDNS and Providers. Example: - -```yaml -enable: true -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables ExternalDNS integration for a VirtualServer resource. The default is ``false``. | ``string`` | No | -|``labels`` | Configure labels to be applied to the Endpoint resources that will be consumed by ExternalDNS. | ``map[string]string`` | No | -|``providerSpecific`` | Configure provider specific properties which holds the name and value of a configuration which is specific to individual DNS providers. | [[]ProviderSpecific](#virtualserverexternaldnsproviderspecific) | No | -|``recordTTL`` | TTL for the DNS record. This defaults to 0 if not defined. See [the ExternalDNS TTL documentation for provider-specific defaults](https://kubernetes-sigs.github.io/external-dns/v0.14.2/ttl/#providers) | ``int64`` | No | -|``recordType`` | The record Type that should be created, e.g. "A", "AAAA", "CNAME". This is automatically computed based on the external endpoints if not defined. | ``string`` | No | -{{}} - -### VirtualServer.ExternalDNS.ProviderSpecific - -The providerSpecific field of the externalDNS block allows the specification of provider specific properties which is a list of key value pairs of configurations which are specific to individual DNS providers. Example: - -```yaml -- name: my-name - value: my-value -- name: my-name2 - value: my-value2 -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the key value pair. | ``string`` | Yes | -|``value`` | The value of the key value pair. | ``string`` | Yes | -{{}} - -### VirtualServer.Policy - -The policy field references a [Policy resource](/nginx-ingress-controller/configuration/policy-resource/) by its name and optional namespace. For example: - -```yaml -name: access-control -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of a policy. If the policy doesn't exist or invalid, NGINX will respond with an error response with the `500` status code. | ``string`` | Yes | -|``namespace`` | The namespace of a policy. If not specified, the namespace of the VirtualServer resource is used. | ``string`` | No | -{{}} - -### VirtualServer.Route - -The route defines rules for matching client requests to actions like passing a request to an upstream. For example: - -```yaml - path: /tea - action: - pass: tea -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``path`` | The path of the route. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix (must start with ``/`` ) or an exact match (must start with ``=`` ), the path must not include any whitespace characters, ``{`` , ``}`` or ``;``. In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all routes of the VirtualServer. Check the [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) directive for more information. | ``string`` | Yes | -|``policies`` | A list of policies. The policies override the policies of the same type defined in the ``spec`` of the VirtualServer. See [Applying Policies](/nginx-ingress-controller/configuration/policy-resource/#applying-policies) for more details. | [[]policy](#virtualserverpolicy) | No | -|``action`` | The default action to perform for a request. | [action](#action) | No | -|``dos`` | A reference to a DosProtectedResource, setting this enables DOS protection of the VirtualServer route. | ``string`` | No | -|``splits`` | The default splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No | -|``matches`` | The matching rules for advanced content-based routing. Requires the default ``action`` or ``splits``. Unmatched requests will be handled by the default ``action`` or ``splits``. | [matches](#match) | No | -|``route`` | The name of a VirtualServerRoute resource that defines this route. If the VirtualServerRoute belongs to a different namespace than the VirtualServer, you need to include the namespace. For example, ``tea-namespace/tea``. | ``string`` | No | -|``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No | -|``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` ConfigMap key. | ``string`` | No | -{{}} - -\* -- a route must include exactly one of the following: `action`, `splits`, or `route`. - -## VirtualServerRoute specification - -The VirtualServerRoute resource defines a route for a VirtualServer. It can consist of one or multiple subroutes. The VirtualServerRoute is an alternative to [Mergeable Ingress types](/nginx-ingress-controller/configuration/ingress-resources/cross-namespace-configuration). - -In the example below, the VirtualServer `cafe` from the namespace `cafe-ns` defines a route with the path `/coffee`, which is further defined in the VirtualServerRoute `coffee` from the namespace `coffee-ns`. - -VirtualServer: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServer -metadata: - name: cafe - namespace: cafe-ns -spec: - host: cafe.example.com - upstreams: - - name: tea - service: tea-svc - port: 80 - routes: - - path: /tea - action: - pass: tea - - path: /coffee - route: coffee-ns/coffee -``` - -VirtualServerRoute: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServerRoute -metadata: - name: coffee - namespace: coffee-ns -spec: - host: cafe.example.com - upstreams: - - name: latte - service: latte-svc - port: 80 - - name: espresso - service: espresso-svc - port: 80 - subroutes: - - path: /coffee/latte - action: - pass: latte - - path: /coffee/espresso - action: - pass: espresso -``` - -Note that each subroute must have a `path` that starts with the same prefix (here `/coffee`), which is defined in the route of the VirtualServer. Additionally, the `host` in the VirtualServerRoute must be the same as the `host` of the VirtualServer. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes. Must be the same as the ``host`` of the VirtualServer that references this resource. | ``string`` | Yes | -|``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | No | -|``subroutes`` | A list of subroutes. | [[]subroute](#virtualserverroutesubroute) | No | -|``ingressClassName`` | Specifies which Ingress Controller must handle the VirtualServerRoute resource. Must be the same as the ``ingressClassName`` of the VirtualServer that references this resource. | ``string`` | No | -{{}} - -### VirtualServerRoute.Subroute - -The subroute defines rules for matching client requests to actions like passing a request to an upstream. For example: - -```yaml -path: /coffee -action: - pass: coffee -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``path`` | The path of the subroute. NGINX will match it against the URI of a request. Possible values are: a prefix ( ``/`` , ``/path`` ), an exact match ( ``=/exact/match`` ), a case insensitive regular expression ( ``~*^/Bar.*\.jpg`` ) or a case sensitive regular expression ( ``~^/foo.*\.jpg`` ). In the case of a prefix, the path must start with the same path as the path of the route of the VirtualServer that references this resource. In the case of an exact or regex match, the path must be the same as the path of the route of the VirtualServer that references this resource. A matching path of the route of the VirtualServer but in different type is not accepted, e.g. a regex path (`~/match`) cannot be used with a prefix path in VirtualServer (`/match`) In the case of a prefix or an exact match, the path must not include any whitespace characters, ``{`` , ``}`` or ``;``. In the case of the regex matches, all double quotes ``"`` must be escaped and the match can't end in an unescaped backslash ``\``. The path must be unique among the paths of all subroutes of the VirtualServerRoute. | ``string`` | Yes | -|``policies`` | A list of policies. The policies override *all* policies defined in the route of the VirtualServer that references this resource. The policies also override the policies of the same type defined in the ``spec`` of the VirtualServer. See [Applying Policies](/nginx-ingress-controller/configuration/policy-resource/#applying-policies) for more details. | [[]policy](#virtualserverpolicy) | No | -|``action`` | The default action to perform for a request. | [action](#action) | No | -|``dos`` | A reference to a DosProtectedResource, setting this enables DOS protection of the VirtualServerRoute subroute. | ``string`` | No | -|``splits`` | The default splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No | -|``matches`` | The matching rules for advanced content-based routing. Requires the default ``action`` or ``splits``. Unmatched requests will be handled by the default ``action`` or ``splits``. | [matches](#match) | No | -|``errorPages`` | The custom responses for error codes. NGINX will use those responses instead of returning the error responses from the upstream servers or the default responses generated by NGINX. A custom response can be a redirect or a canned response. For example, a redirect to another URL if an upstream server responded with a 404 status code. | [[]errorPage](#errorpage) | No | -|``location-snippets`` | Sets a custom snippet in the location context. Overrides the ``location-snippets`` of the VirtualServer (if set) or the ``location-snippets`` ConfigMap key. | ``string`` | No | -{{}} - -\* -- a subroute must include exactly one of the following: `action` or `splits`. - -## Common VirtualServer and VirtualServerRoute specifications - -### Upstream - -The upstream defines a destination for the routing configuration. For example: - -```yaml -name: tea -service: tea-svc -subselector: - version: canary -port: 80 -lb-method: round_robin -fail-timeout: 10s -max-fails: 1 -max-conns: 32 -keepalive: 32 -connect-timeout: 30s -read-timeout: 30s -send-timeout: 30s -next-upstream: "error timeout non_idempotent" -next-upstream-timeout: 5s -next-upstream-tries: 10 -client-max-body-size: 2m -tls: - enable: true -``` - -**Note**: The WebSocket protocol is supported without any additional configuration. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the upstream. Must be a valid DNS label as defined in RFC 1035. For example, ``hello`` and ``upstream-123`` are valid. The name must be unique among all upstreams of the resource. | ``string`` | Yes | -|``service`` | The name of a [service](https://kubernetes.io/docs/concepts/services-networking/service/). The service must belong to the same namespace as the resource. If the service doesn't exist, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. For NGINX Plus only, services of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) are also supported (check the [prerequisites](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/ingress-resources/externalname-services#prerequisites) ). | ``string`` | Yes | -|``subselector`` | Selects the pods within the service using label keys and values. By default, all pods of the service are selected. Note: the specified labels are expected to be present in the pods when they are created. If the pod labels are updated, NGINX Ingress Controller will not see that change until the number of the pods is changed. | ``map[string]string`` | No | -|``use-cluster-ip`` | Enables using the Cluster IP and port of the service instead of the default behavior of using the IP and port of the pods. When this field is enabled, the fields that configure NGINX behavior related to multiple upstream servers (like ``lb-method`` and ``next-upstream``) will have no effect, as NGINX Ingress Controller will configure NGINX with only one upstream server that will match the service Cluster IP. | ``boolean`` | No | -|``port`` | The port of the service. If the service doesn't define that port, NGINX will assume the service has zero endpoints and return a ``502`` response for requests for this upstream. The port must fall into the range ``1..65535``. | ``uint16`` | Yes | -|``lb-method`` | The load [balancing method](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-load-balancer/#choosing-a-load-balancing-method). To use the round-robin method, specify ``round_robin``. The default is specified in the ``lb-method`` ConfigMap key. | ``string`` | No | -|``fail-timeout`` | The time during which the specified number of unsuccessful attempts to communicate with an upstream server should happen to consider the server unavailable. See the [fail_timeout](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout) parameter of the server directive. The default is set in the ``fail-timeout`` ConfigMap key. | ``string`` | No | -|``max-fails`` | The number of unsuccessful attempts to communicate with an upstream server that should happen in the duration set by the ``fail-timeout`` to consider the server unavailable. See the [max_fails](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_fails) parameter of the server directive. The default is set in the ``max-fails`` ConfigMap key. | ``int`` | No | -|``max-conns`` | The maximum number of simultaneous active connections to an upstream server. See the [max_conns](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#max_conns) parameter of the server directive. By default there is no limit. Note: if keepalive connections are enabled, the total number of active and idle keepalive connections to an upstream server may exceed the ``max_conns`` value. | ``int`` | No | -|``keepalive`` | Configures the cache for connections to upstream servers. The value ``0`` disables the cache. See the [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive. The default is set in the ``keepalive`` ConfigMap key. | ``int`` | No | -|``connect-timeout`` | The timeout for establishing a connection with an upstream server. See the [proxy_connect_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout) directive. The default is specified in the ``proxy-connect-timeout`` ConfigMap key. | ``string`` | No | -|``read-timeout`` | The timeout for reading a response from an upstream server. See the [proxy_read_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout) directive. The default is specified in the ``proxy-read-timeout`` ConfigMap key. | ``string`` | No | -|``send-timeout`` | The timeout for transmitting a request to an upstream server. See the [proxy_send_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout) directive. The default is specified in the ``proxy-send-timeout`` ConfigMap key. | ``string`` | No | -|``next-upstream`` | Specifies in which cases a request should be passed to the next upstream server. See the [proxy_next_upstream](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream) directive. The default is ``error timeout``. | ``string`` | No | -|``next-upstream-timeout`` | The time during which a request can be passed to the next upstream server. See the [proxy_next_upstream_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_timeout) directive. The ``0`` value turns off the time limit. The default is ``0``. | ``string`` | No | -|``next-upstream-tries`` | The number of possible tries for passing a request to the next upstream server. See the [proxy_next_upstream_tries](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries) directive. The ``0`` value turns off this limit. The default is ``0``. | ``int`` | No | -|``client-max-body-size`` | Sets the maximum allowed size of the client request body. See the [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive. The default is set in the ``client-max-body-size`` ConfigMap key. | ``string`` | No | -|``tls`` | The TLS configuration for the Upstream. | [tls](#upstreamtls) | No | -|``healthCheck`` | The health check configuration for the Upstream. See the [health_check](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check) directive. Note: this feature is supported only in NGINX Plus. | [healthcheck](#upstreamhealthcheck) | No | -|``slow-start`` | The slow start allows an upstream server to gradually recover its weight from 0 to its nominal value after it has been recovered or became available or when the server becomes available after a period of time it was considered unavailable. By default, the slow start is disabled. See the [slow_start](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start) parameter of the server directive. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods and will be ignored. | ``string`` | No | -|``queue`` | Configures a queue for an upstream. A client request will be placed into the queue if an upstream server cannot be selected immediately while processing the request. By default, no queue is configured. Note: this feature is supported only in NGINX Plus. | [queue](#upstreamqueue) | No | -|``buffering`` | Enables buffering of responses from the upstream server. See the [proxy_buffering](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering) directive. The default is set in the ``proxy-buffering`` ConfigMap key. | ``boolean`` | No | -|``buffers`` | Configures the buffers used for reading a response from the upstream server for a single connection. | [buffers](#upstreambuffers) | No | -|``buffer-size`` | Sets the size of the buffer used for reading the first part of a response received from the upstream server. See the [proxy_buffer_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size) directive. The default is set in the ``proxy-buffer-size`` ConfigMap key. | ``string`` | No | -|``busy-buffer-size`` | Sets the size of the buffer used for reading a response from the upstream server when the response is larger than the ``buffer-size``. See the [proxy_busy_buffers_size](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_busy_buffers_size) directive. The default is set in the ``proxy-busy-buffers-size`` ConfigMap key. | ``string`` | No | -|``ntlm`` | Allows proxying requests with NTLM Authentication. See the [ntlm](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm) directive. In order for NTLM authentication to work, it is necessary to enable keepalive connections to upstream servers using the ``keepalive`` field. Note: this feature is supported only in NGINX Plus.| ``boolean`` | No | -|``type`` |The type of the upstream. Supported values are ``http`` and ``grpc``. The default is ``http``. For gRPC, it is necessary to enable HTTP/2 in the [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#listeners) and configure TLS termination in the VirtualServer. | ``string`` | No | -|``backup`` | The name of the backup service of type [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname). This will be used when the primary servers are unavailable. Note: The parameter cannot be used along with the ``random`` , ``hash`` or ``ip_hash`` load balancing methods. | ``string`` | No | -|``backupPort`` | The port of the backup service. The backup port is required if the backup service name is provided. The port must fall into the range ``1..65535``. | ``uint16`` | No | -{{}} - -### Upstream.Buffers - -The buffers field configures the buffers used for reading a response from the upstream server for a single connection: - -```yaml -number: 4 -size: 8K -``` - -See the [proxy_buffers](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers) directive for additional information. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``number`` | Configures the number of buffers. The default is set in the ``proxy-buffers`` ConfigMap key. | ``int`` | Yes | -|``size`` | Configures the size of a buffer. The default is set in the ``proxy-buffers`` ConfigMap key. | ``string`` | Yes | -{{}} - -### Upstream.TLS - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables HTTPS for requests to upstream servers. The default is ``False`` , meaning that HTTP will be used. Note: by default, NGINX will not verify the upstream server certificate. To enable the verification, configure an [EgressMTLS Policy](/nginx-ingress-controller/configuration/policy-resource/#egressmtls). | ``boolean`` | No | -{{}} - -### Upstream.Queue - -The queue field configures a queue. A client request will be placed into the queue if an upstream server cannot be selected immediately while processing the request: - -```yaml -size: 10 -timeout: 60s -``` - -See [`queue`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#queue) directive for additional information. - -Note: This feature is supported only in NGINX Plus. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``size`` | The size of the queue. | ``int`` | Yes | -|``timeout`` | The timeout of the queue. A request cannot be queued for a period longer than the timeout. The default is ``60s``. | ``string`` | No | -{{}} - -### Upstream.Healthcheck - -The Healthcheck defines an [active health check](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/). In the example below we enable a health check for an upstream and configure all the available parameters, including the `slow-start` parameter combined with [`mandatory` and `persistent`](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#mandatory-health-checks): - -```yaml -name: tea -service: tea-svc -port: 80 -slow-start: 30s -healthCheck: - enable: true - path: /healthz - interval: 20s - jitter: 3s - fails: 5 - passes: 5 - port: 8080 - tls: - enable: true - connect-timeout: 10s - read-timeout: 10s - send-timeout: 10s - headers: - - name: Host - value: my.service - statusMatch: "! 500" - mandatory: true - persistent: true - keepalive-time: 60s -``` - -Note: This feature is supported only in NGINX Plus. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables a health check for an upstream server. The default is ``false``. | ``boolean`` | No | -|``path`` | The path used for health check requests. The default is ``/``. This not configurable for gRPC type upstreams. | ``string`` | No | -|``interval`` | The interval between two consecutive health checks. The default is ``5s``. | ``string`` | No | -|``jitter`` | The time within which each health check will be randomly delayed. By default, there is no delay. | ``string`` | No | -|``fails`` | The number of consecutive failed health checks of a particular upstream server after which this server will be considered unhealthy. The default is ``1``. | ``integer`` | No | -|``passes`` | The number of consecutive passed health checks of a particular upstream server after which the server will be considered healthy. The default is ``1``. | ``integer`` | No | -|``port`` | The port used for health check requests. By default, the [server port is used](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html#health_check_port). Note: in contrast with the port of the upstream, this port is not a service port, but a port of a pod. | ``integer`` | No | -|``tls`` | The TLS configuration used for health check requests. By default, the ``tls`` field of the upstream is used. | [upstream.tls](#upstreamtls) | No | -|``connect-timeout`` | The timeout for establishing a connection with an upstream server. By default, the ``connect-timeout`` of the upstream is used. | ``string`` | No | -|``read-timeout`` | The timeout for reading a response from an upstream server. By default, the ``read-timeout`` of the upstream is used. | ``string`` | No | -|``send-timeout`` | The timeout for transmitting a request to an upstream server. By default, the ``send-timeout`` of the upstream is used. | ``string`` | No | -|``headers`` | The request headers used for health check requests. NGINX Plus always sets the ``Host`` , ``User-Agent`` and ``Connection`` headers for health check requests. | [[]header](#header) | No | -|``statusMatch`` | The expected response status codes of a health check. By default, the response should have status code 2xx or 3xx. Examples: ``"200"`` , ``"! 500"`` , ``"301-303 307"``. See the documentation of the [match](https://nginx.org/en/docs/http/ngx_http_upstream_hc_module.html?#match) directive. This not supported for gRPC type upstreams. | ``string`` | No | -|``grpcStatus`` | The expected [gRPC status code](https://github.com/grpc/grpc/blob/master/doc/statuscodes.md#status-codes-and-their-use-in-grpc) of the upstream server response to the [Check method](https://github.com/grpc/grpc/blob/master/doc/health-checking.md). Configure this field only if your gRPC services do not implement the gRPC health checking protocol. For example, configure ``12`` if the upstream server responds with `12 (UNIMPLEMENTED)` status code. Only valid on gRPC type upstreams. | ``int`` | No | -|``grpcService`` | The gRPC service to be monitored on the upstream server. Only valid on gRPC type upstreams. | ``string`` | No | -|``mandatory`` | Require every newly added server to pass all configured health checks before NGINX Plus sends traffic to it. If this is not specified, or is set to false, the server will be initially considered healthy. When combined with [slow-start](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#slow_start), it gives a new server more time to connect to databases and “warm up” before being asked to handle their full share of traffic. | ``bool`` | No | -|``persistent`` | Set the initial “up” state for a server after reload if the server was considered healthy before reload. Enabling persistent requires that the mandatory parameter is also set to `true`. | ``bool`` | No | -|``keepalive-time`` | Enables [keepalive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) connections for health checks and specifies the time during which requests can be processed through one keepalive connection. The default is ``60s``. | ``string`` | No | -{{}} - -### Upstream.SessionCookie - -The SessionCookie field configures session persistence which allows requests from the same client to be passed to the same upstream server. The information about the designated upstream server is passed in a session cookie generated by NGINX Plus. - -In the example below, we configure session persistence with a session cookie for an upstream and configure all the available parameters: - -```yaml -name: tea -service: tea-svc -port: 80 -sessionCookie: - enable: true - name: srv_id - path: / - expires: 1h - domain: .example.com - httpOnly: false - secure: true - samesite: strict -``` - -See the [`sticky`](https://nginx.org/en/docs/http/ngx_http_upstream_module.html?#sticky) directive for additional information. The session cookie corresponds to the `sticky cookie` method. - -Note: This feature is supported only in NGINX Plus. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``enable`` | Enables session persistence with a session cookie for an upstream server. The default is ``false``. | ``boolean`` | No | -|``name`` | The name of the cookie. | ``string`` | Yes | -|``path`` | The path for which the cookie is set. | ``string`` | No | -|``expires`` | The time for which a browser should keep the cookie. Can be set to the special value ``max`` , which will cause the cookie to expire on ``31 Dec 2037 23:55:55 GMT``. | ``string`` | No | -|``domain`` | The domain for which the cookie is set. | ``string`` | No | -|``httpOnly`` | Adds the ``HttpOnly`` attribute to the cookie. | ``boolean`` | No | -|``secure`` | Adds the ``Secure`` attribute to the cookie. | ``boolean`` | No | -|``samesite`` | Adds the ``SameSite`` attribute to the cookie. The allowed values are: ``strict``, ``lax``, ``none`` | ``string`` | No | -{{}} - -### Header - -The header defines an HTTP Header: - -```yaml -name: Host -value: example.com -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the header. | ``string`` | Yes | -|``value`` | The value of the header. | ``string`` | No | -{{}} - -### Action - -The action defines an action to perform for a request. - -In the example below, client requests are passed to an upstream `coffee`: - -```yaml - path: /coffee - action: - pass: coffee -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``pass`` | Passes requests to an upstream. The upstream with that name must be defined in the resource. | ``string`` | No | -|``redirect`` | Redirects requests to a provided URL. | [action.redirect](#actionredirect) | No | -|``return`` | Returns a preconfigured response. | [action.return](#actionreturn) | No | -|``proxy`` | Passes requests to an upstream with the ability to modify the request/response (for example, rewrite the URI or modify the headers). | [action.proxy](#actionproxy) | No | -{{}} - -\* -- an action must include exactly one of the following: `pass`, `redirect`, `return` or `proxy`. - -### Action.Redirect - -The redirect action defines a redirect to return for a request. - -In the example below, client requests are passed to a url `http://www.nginx.com`: - -```yaml -redirect: - url: http://www.nginx.com - code: 301 -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` , ``$http_x_forwarded_proto`` , ``$request_uri`` , ``$host``. Variables must be enclosed in curly braces. For example: ``${host}${request_uri}``. | ``string`` | Yes | -|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No | -{{}} - -### Action.Return - -The return action defines a preconfigured response for a request. - -In the example below, NGINX will respond with the preconfigured response for every request: - -```yaml -return: - code: 200 - type: text/plain - body: "Hello World\n" - headers: - - name: x-coffee - value: espresso -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``code`` | The status code of the response. The allowed values are: ``2XX``, ``4XX`` or ``5XX``. The default is ``200``. | ``int`` | No | -|``type`` | The MIME type of the response. The default is ``text/plain``. | ``string`` | No | -|``body`` | The body of the response. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``Request is ${request_uri}\n``. | ``string`` | Yes | -|``headers`` | The custom headers of the response. | [[]Action.Return.Header](#actionreturnheader) | No | -{{}} - -\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing` and `$connections_waiting`. - -### Action.Return.Header - -The header defines an HTTP Header for a canned response in an actionReturn: - -```yaml -name: x-coffee -value: espresso -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the header. | ``string`` | Yes | -|``value`` | The value of the header. | ``string`` | Yes | -{{}} - -### Action.Proxy - -The proxy action passes requests to an upstream with the ability to modify the request/response (for example, rewrite the URI or modify the headers). - -In the example below, the request URI is rewritten to `/`, and the request and the response headers are modified: - -```yaml -proxy: - upstream: coffee - requestHeaders: - pass: true - set: - - name: My-Header - value: Value - - name: Client-Cert - value: ${ssl_client_escaped_cert} - responseHeaders: - add: - - name: My-Header - value: Value - - name: IC-Nginx-Version - value: ${nginx_version} - always: true - hide: - - x-internal-version - ignore: - - Expires - - Set-Cookie - pass: - - Server - rewritePath: / -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``upstream`` | The name of the upstream which the requests will be proxied to. The upstream with that name must be defined in the resource. | ``string`` | Yes | -|``requestHeaders`` | The request headers modifications. | [action.Proxy.RequestHeaders](#actionproxyrequestheaders) | No | -|``responseHeaders`` | The response headers modifications. | [action.Proxy.ResponseHeaders](#actionproxyresponseheaders) | No | -|``rewritePath`` | The rewritten URI. If the route path is a regular expression -- starts with `~` -- the `rewritePath` can include capture groups with ``$1-9``. For example `$1` for the first group, and so on. For more information, check the [rewrite](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rewrites) example. | ``string`` | No | -{{}} - -### Action.Proxy.RequestHeaders - -The RequestHeaders field modifies the headers of the request to the proxied upstream server. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``pass`` | Passes the original request headers to the proxied upstream server. See the [proxy_pass_request_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_headers) directive for more information. Default is true. | ``bool`` | No | -|``set`` | Allows redefining or appending fields to present request headers passed to the proxied upstream servers. See the [proxy_set_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive for more information. | [[]header](#actionproxyrequestheaderssetheader) | No | -{{}} - -### Action.Proxy.RequestHeaders.Set.Header - -The header defines an HTTP Header: - -```yaml -name: My-Header -value: My-Value -``` - -It is possible to override the default value of the `Host` header, which NGINX Ingress Controller sets to [`$host`](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_host): - -```yaml -name: Host -value: example.com -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the header. | ``string`` | Yes | -|``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No | -{{}} - -\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only). - -### Action.Proxy.ResponseHeaders - -The ResponseHeaders field modifies the headers of the response to the client. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``hide`` | The headers that will not be passed* in the response to the client from a proxied upstream server. See the [proxy_hide_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header) directive for more information. | ``[]string`` | No | -|``pass`` | Allows passing the hidden header fields* to the client from a proxied upstream server. See the [proxy_pass_header](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header) directive for more information. | ``[]string`` | No | -|``ignore`` | Disables processing of certain headers** to the client from a proxied upstream server. See the [proxy_ignore_headers](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_headers) directive for more information. | ``[]string`` | No | -|``add`` | Adds headers to the response to the client. | [[]addHeader](#addheader) | No | -{{}} - -\* -- Default hidden headers are: `Date`, `Server`, `X-Pad` and `X-Accel-...`. - -\** -- The following fields can be ignored: `X-Accel-Redirect`, `X-Accel-Expires`, `X-Accel-Limit-Rate`, `X-Accel-Buffering`, `X-Accel-Charset`, `Expires`, `Cache-Control`, `Set-Cookie` and `Vary`. - -### AddHeader - -The addHeader defines an HTTP Header with an optional `always` field: - -```yaml -name: My-Header -value: My-Value -always: true -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the header. | ``string`` | Yes | -|``value`` | The value of the header. Supports NGINX variables*. Variables must be enclosed in curly brackets. For example: ``${scheme}``. | ``string`` | No | -|``always`` | If set to true, add the header regardless of the response status code**. Default is false. See the [add_header](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) directive for more information. | ``bool`` | No | -{{}} - -\* -- Supported NGINX variables: `$request_uri`, `$request_method`, `$request_body`, `$scheme`, `$http_`, `$args`, `$arg_`, `$cookie_`, `$host`, `$request_time`, `$request_length`, `$nginx_version`, `$pid`, `$connection`, `$remote_addr`, `$remote_port`, `$time_iso8601`, `$time_local`, `$server_addr`, `$server_port`, `$server_name`, `$server_protocol`, `$connections_active`, `$connections_reading`, `$connections_writing`, `$connections_waiting`, `$ssl_cipher`, `$ssl_ciphers`, `$ssl_client_cert`, `$ssl_client_escaped_cert`, `$ssl_client_fingerprint`, `$ssl_client_i_dn`, `$ssl_client_i_dn_legacy`, `$ssl_client_raw_cert`, `$ssl_client_s_dn`, `$ssl_client_s_dn_legacy`, `$ssl_client_serial`, `$ssl_client_v_end`, `$ssl_client_v_remain`, `$ssl_client_v_start`, `$ssl_client_verify`, `$ssl_curves`, `$ssl_early_data`, `$ssl_protocol`, `$ssl_server_name`, `$ssl_session_id`, `$ssl_session_reused`, `$jwt_claim_` (NGINX Plus only) and `$jwt_header_` (NGINX Plus only). - -{{< call-out "note" >}} If `always` is false, the response header is added only if the response status code is any of `200`, `201`, `204`, `206`, `301`, `302`, `303`, `304`, `307` or `308`. {{< /call-out >}} - -### Split - -The split defines a weight for an action as part of the splits configuration. - -In the example below NGINX passes 80% of requests to the upstream `coffee-v1` and the remaining 20% to `coffee-v2`: - -```yaml -splits: -- weight: 80 - action: - pass: coffee-v1 -- weight: 20 - action: - pass: coffee-v2 -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``weight`` | The weight of an action. Must fall into the range ``0..100``. The sum of the weights of all splits must be equal to ``100``. | ``int`` | Yes | -|``action`` | The action to perform for a request. | [action](#action) | Yes | -{{}} - -### Match - -The match defines a match between conditions and an action or splits. - -In the example below, NGINX routes requests with the path `/coffee` to different upstreams based on the value of the cookie `user`: - -- `user=john` -> `coffee-future` -- `user=bob` -> `coffee-deprecated` -- If the cookie is not set or not equal to either `john` or `bob`, NGINX routes to `coffee-stable` - -```yaml -path: /coffee -matches: -- conditions: - - cookie: user - value: john - action: - pass: coffee-future -- conditions: - - cookie: user - value: bob - action: - pass: coffee-deprecated -action: - pass: coffee-stable -``` - -In the next example, NGINX routes requests based on the value of the built-in [`$request_method` variable](https://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_method), which represents the HTTP method of a request: - -- all POST requests -> `coffee-post` -- all non-POST requests -> `coffee` - -```yaml -path: /coffee -matches: -- conditions: - - variable: $request_method - value: POST - action: - pass: coffee-post -action: - pass: coffee -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``conditions`` | A list of conditions. Must include at least 1 condition. | [[]condition](#condition) | Yes | -|``action`` | The action to perform for a request. | [action](#action) | No | -|``splits`` | The splits configuration for traffic splitting. Must include at least 2 splits. | [[]split](#split) | No | -{{}} - -{{< call-out "note" >}} A match must include exactly one of the following: `action` or `splits`. {{< /call-out >}} - -### Condition - -The condition defines a condition in a match. - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``header`` | The name of a header. Must consist of alphanumeric characters or ``-``. | ``string`` | No | -|``cookie`` | The name of a cookie. Must consist of alphanumeric characters or ``_``. | ``string`` | No | -|``argument`` | The name of an argument. Must consist of alphanumeric characters or ``_``. | ``string`` | No | -|``variable`` | The name of an NGINX variable. Must start with ``$``. See the list of the supported variables below the table. | ``string`` | No | -|``value`` | The value to match the condition against. How to define a value is shown below the table. | ``string`` | Yes | -{{}} - -{{< call-out "note" >}} a condition must include exactly one of the following: `header`, `cookie`, `argument` or `variable`. {{< /call-out >}} - -Supported NGINX variables: `$args`, `$http2`, `$https`, `$remote_addr`, `$remote_port`, `$query_string`, `$request`, `$request_body`, `$request_uri`, `$request_method`, `$scheme`. Find the documentation for each variable [here](https://nginx.org/en/docs/varindex.html). - -The value supports two kinds of matching: - -- *Case-insensitive string comparison*. For example: - - `john` -- case-insensitive matching that succeeds for strings, such as `john`, `John`, `JOHN`. - - `!john` -- negation of the case-insensitive matching for john that succeeds for strings, such as `bob`, `anything`, `''` (empty string). -- *Matching with a regular expression*. Note that NGINX supports regular expressions compatible with those used by the Perl programming language (PCRE). For example: - - `~^yes` -- a case-sensitive regular expression that matches any string that starts with `yes`. For example: `yes`, `yes123`. - - `!~^yes` -- negation of the previous regular expression that succeeds for strings like `YES`, `Yes123`, `noyes`. (The negation mechanism is not part of the PCRE syntax). - - `~*no$` -- a case-insensitive regular expression that matches any string that ends with `no`. For example: `no`, `123no`, `123NO`. - -{{< call-out "note" >}} A value must not include any unescaped double quotes (`"`) and must not end with an unescaped backslash (`\`). For example, the following are invalid values: `some"value`, `somevalue\`. {{< /call-out >}} - -### ErrorPage - -The errorPage defines a custom response for a route for the case when either an upstream server responds with (or NGINX generates) an error status code. The custom response can be a redirect or a canned response. See the [error_page](https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page) directive for more information. - -```yaml -path: /coffee -errorPages: -- codes: [502, 503] - redirect: - code: 301 - url: https://nginx.org -- codes: [404] - return: - code: 200 - body: "Original resource not found, but success!" -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``codes`` | A list of error status codes. | ``[]int`` | Yes | -|``redirect`` | The redirect action for the given status codes. | [errorPage.Redirect](#errorpageredirect) | No | -|``return`` | The canned response action for the given status codes. | [errorPage.Return](#errorpagereturn) | No | -{{}} - -{{< call-out "note" >}} An errorPage must include exactly one of the following: `return` or `redirect`. {{< /call-out >}} - -### ErrorPage.Redirect - -The redirect defines a redirect for an errorPage. - -In the example below, NGINX responds with a redirect when a response from an upstream server has a 404 status code. - -```yaml -codes: [404] -redirect: - code: 301 - url: ${scheme}://cafe.example.com/error.html -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``code`` | The status code of a redirect. The allowed values are: ``301`` , ``302`` , ``307`` , ``308``. The default is ``301``. | ``int`` | No | -|``url`` | The URL to redirect the request to. Supported NGINX variables: ``$scheme`` and ``$http_x_forwarded_proto``. Variables must be enclosed in curly braces. For example: ``${scheme}``. | ``string`` | Yes | -{{}} - -### ErrorPage.Return - -The return defines a canned response for an errorPage. - -In the example below, NGINX responds with a canned response when a response from an upstream server has either 401 or 403 status code. - -```yaml -codes: [401, 403] -return: - code: 200 - type: application/json - body: | - {\"msg\": \"You don't have permission to do this\"} - headers: - - name: x-debug-original-statuses - value: ${upstream_status} -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``code`` | The status code of the response. The default is the status code of the original response. | ``int`` | No | -|``type`` | The MIME type of the response. The default is ``text/html``. | ``string`` | No | -|``body`` | The body of the response. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | Yes | -|``headers`` | The custom headers of the response. | [[]errorPage.Return.Header](#errorpagereturnheader) | No | -{{}} - -### ErrorPage.Return.Header - -The header defines an HTTP Header for a canned response in an errorPage: - -```yaml -name: x-debug-original-statuses -value: ${upstream_status} -``` - -{{}} -|Field | Description | Type | Required | -| ---| ---| ---| --- | -|``name`` | The name of the header. | ``string`` | Yes | -|``value`` | The value of the header. Supported NGINX variable: ``$upstream_status`` . Variables must be enclosed in curly braces. For example: ``${upstream_status}``. | ``string`` | No | -{{}} - -## Using VirtualServer and VirtualServerRoute - -You can use the usual `kubectl` commands to work with VirtualServer and VirtualServerRoute resources, similar to Ingress resources. - -For example, the following command creates a VirtualServer resource defined in `cafe-virtual-server.yaml` with the name `cafe`: - -```shell -kubectl apply -f cafe-virtual-server.yaml -``` -```text -virtualserver.k8s.nginx.org "cafe" created -``` - -You can get the resource by running: - -```shell -kubectl get virtualserver cafe -``` -```text -NAME STATE HOST IP PORTS AGE -cafe Valid cafe.example.com 12.13.23.123 [80,443] 3m -``` - -In `kubectl get` and similar commands, you can use the short name `vs` instead of `virtualserver`. - -Similarly, for VirtualServerRoute you can use `virtualserverroute` or the short name `vsr`. - -### Using Snippets - -Snippets allow you to insert raw NGINX config into different contexts of NGINX configuration. In the example below, we use snippets to configure several NGINX features in a VirtualServer: - -```yaml -apiVersion: k8s.nginx.org/v1 -kind: VirtualServer -metadata: - name: cafe - namespace: cafe -spec: - http-snippets: | - limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s; - proxy_cache_path /tmp keys_zone=one:10m; - host: cafe.example.com - tls: - secret: cafe-secret - server-snippets: | - limit_req zone=mylimit burst=20; - upstreams: - - name: tea - service: tea-svc - port: 80 - - name: coffee - service: coffee-svc - port: 80 - routes: - - path: /tea - location-snippets: | - proxy_cache one; - proxy_cache_valid 200 10m; - action: - pass: tea - - path: /coffee - action: - pass: coffee -``` - -For additional information, view the [Advanced configuration with Snippets]({{< ref "/nic/configuration/ingress-resources/advanced-configuration-with-snippets.md" >}}) topic. - -### Validation - -Two types of validation are available for VirtualServer and VirtualServerRoute resources: - -- *Structural validation* by the `kubectl` and Kubernetes API server. -- *Comprehensive validation* by NGINX Ingress Controller. - -#### Structural Validation - -The custom resource definitions for VirtualServer and VirtualServerRoute include structural OpenAPI schema which describes the type of every field of those resources. - -If you try to create (or update) a resource that violates the structural schema (for example, you use a string value for the port field of an upstream), `kubectl` and Kubernetes API server will reject such a resource: - -- Example of `kubectl` validation: - - ```shell - kubectl apply -f cafe-virtual-server.yaml - ``` - ```text - error: error validating "cafe-virtual-server.yaml": error validating data: ValidationError(VirtualServer.spec.upstreams[0].port): invalid type for org.nginx.k8s.v1.VirtualServer.spec.upstreams.port: got "string", expected "integer"; if you choose to ignore these errors, turn validation off with --validate=false - ``` - -- Example of Kubernetes API server validation: - - ```shell - kubectl apply -f cafe-virtual-server.yaml --validate=false - ``` - ```text - The VirtualServer "cafe" is invalid: []: Invalid value: map[string]interface {}{ ... }: validation failure list: - spec.upstreams.port in body must be of type integer: "string" - ``` - -If a resource is not rejected (it doesn't violate the structural schema), NGINX Ingress Controller will validate it further. - -#### Comprehensive Validation - -NGINX Ingress Controller validates the fields of the VirtualServer and VirtualServerRoute resources. If a resource is invalid, NGINX Ingress Controller will reject it: the resource will continue to exist in the cluster, but NGINX Ingress Controller will ignore it. - -You can check if NGINX Ingress Controller successfully applied the configuration for a VirtualServer. For our example `cafe` VirtualServer, we can run: - -```shell -kubectl describe vs cafe -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal AddedOrUpdated 16s nginx-ingress-controller Configuration for default/cafe was added or updated -``` - -Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied. - -If you create an invalid resource, NGINX Ingress Controller will reject it and emit a Rejected event. For example, if you create a VirtualServer `cafe` with two upstream with the same name `tea`, you will get: - -```shell -kubectl describe vs cafe -``` -```text -... -Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Warning Rejected 12s nginx-ingress-controller VirtualServer default/cafe is invalid and was rejected: spec.upstreams[1].name: Duplicate value: "tea" -``` - -Note how the events section includes a Warning event with the Rejected reason. - -Additionally, this information is also available in the `status` field of the VirtualServer resource. Note the Status section of the VirtualServer: - -```shell -kubectl describe vs cafe -``` -```text -... -Status: - External Endpoints: - Ip: 12.13.23.123 - Ports: [80,443] - Message: VirtualServer default/cafe is invalid and was rejected: spec.upstreams[1].name: Duplicate value: "tea" - Reason: Rejected - State: Invalid -``` - -NGINX Ingress Controller validates VirtualServerRoute resources in a similar way. - -**Note**: If you make an existing resource invalid, NGINX Ingress Controller will reject it and remove the corresponding configuration from NGINX. - -## Customization using ConfigMap - -You can customize the NGINX configuration for VirtualServer and VirtualServerRoutes resources using the [ConfigMap](/nginx-ingress-controller/configuration/global-configuration/configmap-resource). Most of the ConfigMap keys are supported, with the following exceptions: - -- `proxy-hide-headers` -- `proxy-pass-headers` -- `hsts` -- `hsts-max-age` -- `hsts-include-subdomains` -- `hsts-behind-proxy` -- `redirect-to-https` -- `ssl-redirect` diff --git a/content/includes/nic/installation/create-common-resources.md b/content/includes/nic/installation/create-common-resources.md index db3ef05ea..8e07b3b5f 100644 --- a/content/includes/nic/installation/create-common-resources.md +++ b/content/includes/nic/installation/create-common-resources.md @@ -1,5 +1,9 @@ --- nd-docs: DOCS-1464 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- In this section, you'll create resources that most NGINX Ingress Controller installations require: diff --git a/content/includes/nic/installation/create-custom-resources.md b/content/includes/nic/installation/create-custom-resources.md index 6401c06a8..18d0cebdf 100644 --- a/content/includes/nic/installation/create-custom-resources.md +++ b/content/includes/nic/installation/create-custom-resources.md @@ -1,5 +1,10 @@ --- nd-docs: DOCS-1463 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- To make sure your NGINX Ingress Controller pods reach the `Ready` state, you'll need to create custom resource definitions (CRDs) for various components. diff --git a/content/includes/nic/installation/deploy-controller.md b/content/includes/nic/installation/deploy-controller.md index 489d80b7b..d67082fd0 100644 --- a/content/includes/nic/installation/deploy-controller.md +++ b/content/includes/nic/installation/deploy-controller.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-1462 +nd-files: +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- You have two options for deploying NGINX Ingress Controller: diff --git a/content/includes/nic/installation/download-jwt.md b/content/includes/nic/installation/download-jwt.md index 63880f204..f178aefe4 100644 --- a/content/includes/nic/installation/download-jwt.md +++ b/content/includes/nic/installation/download-jwt.md @@ -1,5 +1,7 @@ --- -nd-docs: "DOCS-000" +nd-docs: DOCS-000 +nd-files: +- content/nic/install/license-secret.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/includes/nic/installation/jwt-password-note.md b/content/includes/nic/installation/jwt-password-note.md index a38209fc9..af67cb0a8 100644 --- a/content/includes/nic/installation/jwt-password-note.md +++ b/content/includes/nic/installation/jwt-password-note.md @@ -1,5 +1,8 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/nic/install/images/add-image-to-cluster.md +- content/nic/install/license-secret.md --- {{< call-out "note" >}} For security, follow these practices with JSON Web Tokens (JWTs), passwords, and shell history: diff --git a/content/includes/nic/installation/manifests/daemonset.md b/content/includes/nic/installation/manifests/daemonset.md index ff9cb072b..736621396 100644 --- a/content/includes/nic/installation/manifests/daemonset.md +++ b/content/includes/nic/installation/manifests/daemonset.md @@ -1,5 +1,10 @@ --- nd-docs: DOCS-1465 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- For additional context on managing containers using Kubernetes DaemonSets, refer to the official Kubernetes [DaemonSets](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) documentation. diff --git a/content/includes/nic/installation/manifests/deployment.md b/content/includes/nic/installation/manifests/deployment.md index 1c0f4932f..d5a024fa0 100644 --- a/content/includes/nic/installation/manifests/deployment.md +++ b/content/includes/nic/installation/manifests/deployment.md @@ -1,5 +1,10 @@ --- nd-docs: DOCS-1467 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- For additional context on managing containers using Kubernetes Deployments, refer to the official Kubernetes [Deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) documentation. diff --git a/content/includes/nic/installation/manifests/statefulset.md b/content/includes/nic/installation/manifests/statefulset.md index 9c7cac0ae..de0ca6efb 100644 --- a/content/includes/nic/installation/manifests/statefulset.md +++ b/content/includes/nic/installation/manifests/statefulset.md @@ -1,5 +1,10 @@ --- nd-docs: DOCS-000 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- For additional context on managing containers using Kubernetes StatefulSets, refer to the official Kubernetes [StatefulSets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) documentation. diff --git a/content/includes/nic/installation/manifests/verify-pods-are-running.md b/content/includes/nic/installation/manifests/verify-pods-are-running.md index 79976859f..ccca983bd 100644 --- a/content/includes/nic/installation/manifests/verify-pods-are-running.md +++ b/content/includes/nic/installation/manifests/verify-pods-are-running.md @@ -1,8 +1,12 @@ --- nd-docs: DOCS-1466 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf-v5/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- - To confirm the NGINX Ingress Controller pods are operational, run: ```shell diff --git a/content/includes/nic/kubernetes-terminology.md b/content/includes/nic/kubernetes-terminology.md index ae79836b3..5b4bc92d8 100644 --- a/content/includes/nic/kubernetes-terminology.md +++ b/content/includes/nic/kubernetes-terminology.md @@ -1,7 +1,7 @@ --- -files: - - content/glossary/glossary.md - - content/nic/glossary.md +nd-files: +- content/glossary/glossary.md +- content/nic/glossary.md --- {{< table >}} diff --git a/content/includes/nic/rbac/set-up-rbac.md b/content/includes/nic/rbac/set-up-rbac.md index 03a7727f7..f9ecf8357 100644 --- a/content/includes/nic/rbac/set-up-rbac.md +++ b/content/includes/nic/rbac/set-up-rbac.md @@ -1,5 +1,9 @@ --- nd-docs: DOCS-1468 +nd-files: +- content/nic/install/manifests.md +- content/nic/integrations/app-protect-dos/installation.md +- content/nic/integrations/app-protect-waf/installation.md --- {{}}To complete these steps you need admin access to your cluster. Refer to to your Kubernetes platform's documentation to set up admin access. For Google Kubernetes Engine (GKE), you can refer to their [Role-Based Access Control guide](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control).{{}} diff --git a/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md b/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md index b24d88392..408b5d1f7 100644 --- a/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md +++ b/content/includes/nim/admin-guide/auth/basic-auth-api-requests.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-1295 +nd-files: +- content/nim/admin-guide/authentication/basic-auth/set-up-basic-authentication.md +- content/nim/fundamentals/api-overview.md --- To use basic authentication for API requests, include your base64-encoded credentials as a "Basic" token in the "Authorization" header. To create the base64-encoded credentials, run the following command: diff --git a/content/includes/nim/admin-guide/license/add-license-webui.md b/content/includes/nim/admin-guide/license/add-license-webui.md index 709d58e38..06a56c24d 100644 --- a/content/includes/nim/admin-guide/license/add-license-webui.md +++ b/content/includes/nim/admin-guide/license/add-license-webui.md @@ -1,5 +1,8 @@ --- -nd-docs: "DOCS-1660" +nd-docs: DOCS-1660 +nd-files: +- content/nim/admin-guide/add-license.md +- content/nim/disconnected/add-license-disconnected-deployment.md --- 1. Go to the FQDN of your NGINX Instance Manager host and log in. diff --git a/content/includes/nim/admin-guide/license/connected-install-license-note.md b/content/includes/nim/admin-guide/license/connected-install-license-note.md index 45214a219..cfcd8d5fe 100644 --- a/content/includes/nim/admin-guide/license/connected-install-license-note.md +++ b/content/includes/nim/admin-guide/license/connected-install-license-note.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md +- content/nim/deploy/vm-bare-metal/install.md --- A valid license is required to make full use of all the features in NGINX Instance Manager. diff --git a/content/includes/nim/clickhouse/cli-skip-clickhouse.md b/content/includes/nim/clickhouse/cli-skip-clickhouse.md index e41eea0b2..f54899e66 100644 --- a/content/includes/nim/clickhouse/cli-skip-clickhouse.md +++ b/content/includes/nim/clickhouse/cli-skip-clickhouse.md @@ -1,7 +1,6 @@ --- -files: -- content/nim/deploy/vm-bare-metal/install.md -- content/nim/disconnected/offline-install-guide.md +nd-files: +- content/includes/nim/installation/install-script-flags/skip-clickhouse.md --- If you skip installing ClickHouse, you need NGINX Agent {{< lightweight-nim-nginx-agent-version >}}. diff --git a/content/includes/nim/clickhouse/clickhouse-defaults.md b/content/includes/nim/clickhouse/clickhouse-defaults.md index 0fcb4cfd8..37e2eedfa 100644 --- a/content/includes/nim/clickhouse/clickhouse-defaults.md +++ b/content/includes/nim/clickhouse/clickhouse-defaults.md @@ -1,8 +1,8 @@ --- nd-docs: DOCS-1238 -files: -- content/nim/system-configuration/configure-clickhouse.md +nd-files: - content/nim/deploy/vm-bare-metal/install-nim-manual.md +- content/nim/system-configuration/configure-clickhouse.md --- {{}} diff --git a/content/includes/nim/clickhouse/clickhouse-install.md b/content/includes/nim/clickhouse/clickhouse-install.md index 4227d48c8..289a28aba 100644 --- a/content/includes/nim/clickhouse/clickhouse-install.md +++ b/content/includes/nim/clickhouse/clickhouse-install.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install-nim-manual.md --- diff --git a/content/includes/nim/decoupling/note-legacy-nms-references.md b/content/includes/nim/decoupling/note-legacy-nms-references.md index 89c87b10e..d3cf0f6e6 100644 --- a/content/includes/nim/decoupling/note-legacy-nms-references.md +++ b/content/includes/nim/decoupling/note-legacy-nms-references.md @@ -1,5 +1,23 @@ --- -nd-docs: "DOCS-1661" +nd-docs: DOCS-1661 +nd-files: +- content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md +- content/nim/deploy/infrastructure-as-code/build-and-deploy.md +- content/nim/deploy/infrastructure-as-code/configuration.md +- content/nim/deploy/infrastructure-as-code/overview.md +- content/nim/deploy/kubernetes/frequently-used-helm-configs.md +- content/nim/deploy/vm-bare-metal/install.md +- content/nim/disconnected/offline-install-guide.md +- content/nim/fundamentals/api-overview.md +- content/nim/nginx-instances/manage-certificates.md +- content/nim/support/k8s-support-package.md +- content/nim/support/support-package.md +- content/nim/system-configuration/configure-clickhouse.md +- content/nim/system-configuration/configure-gateway.md +- content/nim/system-configuration/configure-selinux.md +- content/nim/system-configuration/configure-vault.md +- content/nim/system-configuration/configure-with-config.md +- content/nim/system-configuration/secure-traffic.md --- {{}}Some commands, file paths, and configuration references still use `nms` due to the ongoing transition from NGINX Management Suite (NMS) to NGINX Instance Manager (NIM). These will be updated in future releases.{{}} \ No newline at end of file diff --git a/content/includes/nim/disconnected/license-usage-offline-script.md b/content/includes/nim/disconnected/license-usage-offline-script.md index 22c3ec43c..3c7d16e91 100644 --- a/content/includes/nim/disconnected/license-usage-offline-script.md +++ b/content/includes/nim/disconnected/license-usage-offline-script.md @@ -1,5 +1,8 @@ --- -nd-docs: "DOCS-1662" +nd-docs: DOCS-1662 +nd-files: +- content/nim/disconnected/add-license-disconnected-deployment.md +- content/nim/disconnected/report-usage-disconnected-deployment.md --- {{< details summary="Full license_usage_offline.sh script" >}} diff --git a/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md b/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md index 809029ed0..15c8b0c69 100644 --- a/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md +++ b/content/includes/nim/disconnected/set-mode-of-operation-disconnected.md @@ -1,5 +1,9 @@ --- -nd-docs: "DOCS-1663" +nd-docs: DOCS-1663 +nd-files: +- content/nim/disconnected/add-license-disconnected-deployment.md +- content/nim/disconnected/offline-install-guide-manual.md +- content/nim/disconnected/offline-install-guide.md --- 1. Open the `/etc/nms/nms.conf` file and add the following in the `integrations:license` section: diff --git a/content/includes/nim/docker/docker-compose-env-vars.md b/content/includes/nim/docker/docker-compose-env-vars.md index 322255d47..83a46fd42 100644 --- a/content/includes/nim/docker/docker-compose-env-vars.md +++ b/content/includes/nim/docker/docker-compose-env-vars.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md --- {{}} diff --git a/content/includes/nim/docker/docker-registry-login.md b/content/includes/nim/docker/docker-registry-login.md index b5e16a39f..df376f1ba 100644 --- a/content/includes/nim/docker/docker-registry-login.md +++ b/content/includes/nim/docker/docker-registry-login.md @@ -1,5 +1,7 @@ --- -nd-docs: "DOCS-1666" +nd-docs: DOCS-1666 +nd-files: +- content/nim/deploy/docker/deploy-nginx-instance-manager-docker-compose.md --- 1. Download your NGINX Instance Manager subscription's JSON Web Token from MyF5. You can use the same JSON Web Token as NGINX Plus in your MyF5 portal. diff --git a/content/includes/nim/how-to-access-api-docs.md b/content/includes/nim/how-to-access-api-docs.md index cb77766d9..10a0941fc 100644 --- a/content/includes/nim/how-to-access-api-docs.md +++ b/content/includes/nim/how-to-access-api-docs.md @@ -1,5 +1,9 @@ --- nd-docs: DOCS-991 +nd-files: +- content/nim/admin-guide/rbac/manage-resource-groups.md +- content/nim/fundamentals/api-overview.md +- content/nim/waf-integration/overview.md --- Access the NGINX Instance Manager API documentation from the web interface: diff --git a/content/includes/nim/how-to-access-nim-api.md b/content/includes/nim/how-to-access-nim-api.md index c4426031b..b5dcb7176 100644 --- a/content/includes/nim/how-to-access-nim-api.md +++ b/content/includes/nim/how-to-access-nim-api.md @@ -1,5 +1,18 @@ --- nd-docs: DOCS-1050 +nd-files: +- content/nim/disconnected/add-license-disconnected-deployment.md +- content/nim/disconnected/report-usage-disconnected-deployment.md +- content/nim/nginx-instances/manage-certificates.md +- content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md +- content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md +- content/nim/waf-integration/configuration/onboard-instances/verify-installation.md +- content/nim/waf-integration/policies-and-logs/_index.md +- content/nim/waf-integration/policies-and-logs/log-profiles/create-log-profile.md +- content/nim/waf-integration/policies-and-logs/log-profiles/delete-log-profile.md +- content/nim/waf-integration/policies-and-logs/log-profiles/update-log-profile.md +- content/nim/waf-integration/policies-and-logs/publish/check-publication-status.md +- content/nim/waf-integration/policies-and-logs/publish/publish-to-instances.md --- Use tools such as `curl` or [Postman](https://www.postman.com) to send requests to the NGINX Instance Manager REST API. diff --git a/content/includes/nim/installation/install-script-flags/cert.md b/content/includes/nim/installation/install-script-flags/cert.md index c249b735a..14291ac47 100644 --- a/content/includes/nim/installation/install-script-flags/cert.md +++ b/content/includes/nim/installation/install-script-flags/cert.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide.md --- diff --git a/content/includes/nim/installation/install-script-flags/clickhouse-version.md b/content/includes/nim/installation/install-script-flags/clickhouse-version.md index 6bd05034b..8d2c553ed 100644 --- a/content/includes/nim/installation/install-script-flags/clickhouse-version.md +++ b/content/includes/nim/installation/install-script-flags/clickhouse-version.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide.md --- diff --git a/content/includes/nim/installation/install-script-flags/distribution.md b/content/includes/nim/installation/install-script-flags/distribution.md index 77dd42049..fc461c9a8 100644 --- a/content/includes/nim/installation/install-script-flags/distribution.md +++ b/content/includes/nim/installation/install-script-flags/distribution.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide.md --- diff --git a/content/includes/nim/installation/install-script-flags/key.md b/content/includes/nim/installation/install-script-flags/key.md index e0ac0308a..0784ffa0e 100644 --- a/content/includes/nim/installation/install-script-flags/key.md +++ b/content/includes/nim/installation/install-script-flags/key.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide.md --- diff --git a/content/includes/nim/installation/install-script-flags/skip-clickhouse.md b/content/includes/nim/installation/install-script-flags/skip-clickhouse.md index 7452b6495..f7a0730fd 100644 --- a/content/includes/nim/installation/install-script-flags/skip-clickhouse.md +++ b/content/includes/nim/installation/install-script-flags/skip-clickhouse.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide.md --- diff --git a/content/includes/nim/installation/optional-steps/configure-clickhouse.md b/content/includes/nim/installation/optional-steps/configure-clickhouse.md index 35218b16b..97ce6bb52 100644 --- a/content/includes/nim/installation/optional-steps/configure-clickhouse.md +++ b/content/includes/nim/installation/optional-steps/configure-clickhouse.md @@ -1,9 +1,9 @@ --- -files: -- content/nim/deploy/vm-bare-metal/install.md +nd-files: - content/nim/deploy/vm-bare-metal/install-nim-manual.md -- content/nim/disconnected/offline-install-guide.md +- content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide-manual.md +- content/nim/disconnected/offline-install-guide.md --- If you installed ClickHouse and set a password (the default is an empty string), you must add it to the `clickhouse.password` setting in the `/etc/nms/nms.conf` file after installing NGINX Instance Manager. If the password is missing or incorrect, NGINX Instance Manager will not start. diff --git a/content/includes/nim/installation/optional-steps/configure-selinux.md b/content/includes/nim/installation/optional-steps/configure-selinux.md index bf1b7f29b..805cec04d 100644 --- a/content/includes/nim/installation/optional-steps/configure-selinux.md +++ b/content/includes/nim/installation/optional-steps/configure-selinux.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install-nim-manual.md - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide-manual.md diff --git a/content/includes/nim/installation/optional-steps/disable-metrics-collection.md b/content/includes/nim/installation/optional-steps/disable-metrics-collection.md index 658206c5d..f6f25a588 100644 --- a/content/includes/nim/installation/optional-steps/disable-metrics-collection.md +++ b/content/includes/nim/installation/optional-steps/disable-metrics-collection.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide-manual.md - content/nim/disconnected/offline-install-guide.md diff --git a/content/includes/nim/installation/optional-steps/install-configure-vault.md b/content/includes/nim/installation/optional-steps/install-configure-vault.md index 2a4034472..85c985c76 100644 --- a/content/includes/nim/installation/optional-steps/install-configure-vault.md +++ b/content/includes/nim/installation/optional-steps/install-configure-vault.md @@ -1,5 +1,5 @@ --- -files: +nd-files: - content/nim/deploy/vm-bare-metal/install-nim-manual.md - content/nim/deploy/vm-bare-metal/install.md - content/nim/disconnected/offline-install-guide-manual.md diff --git a/content/includes/nim/kubernetes/access-webui-helm.md b/content/includes/nim/kubernetes/access-webui-helm.md index b95ec65c7..91af95170 100644 --- a/content/includes/nim/kubernetes/access-webui-helm.md +++ b/content/includes/nim/kubernetes/access-webui-helm.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-1323 +nd-files: +- content/nim/deploy/kubernetes/deploy-using-helm.md --- You can access the NGINX Instance Manager web interface using the external IP address for the API Gateway. diff --git a/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md b/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md index 1f9fee946..fced3a43a 100644 --- a/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md +++ b/content/includes/nim/kubernetes/nms-chart-supported-module-versions.md @@ -1,5 +1,7 @@ --- nd-docs: DOCS-1324 +nd-files: +- content/nim/deploy/kubernetes/deploy-using-helm.md --- {{}} diff --git a/content/includes/nim/rbac/assign-roles-to-user-groups.md b/content/includes/nim/rbac/assign-roles-to-user-groups.md index 9c3b03292..3256a3aeb 100644 --- a/content/includes/nim/rbac/assign-roles-to-user-groups.md +++ b/content/includes/nim/rbac/assign-roles-to-user-groups.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-1301 +nd-files: +- content/nim/admin-guide/rbac/assign-roles.md +- content/nim/security-monitoring/give-access-to-security-monitoring-dashboards.md --- {{< call-out "important" "User groups require an OIDC identity provider" >}}User groups require an external identity provider configured for OpenID Connect (OIDC) authentication, as described in [Getting started with OIDC]({{< ref "/nim/admin-guide/authentication/oidc/getting-started.md" >}}). Users from an external identity provider cannot be assigned roles directly in NGINX Instance Manager. Instead, they inherit roles based on their group membership.{{< /call-out >}} diff --git a/content/includes/nim/rbac/assign-roles-to-users.md b/content/includes/nim/rbac/assign-roles-to-users.md index 040a4cf52..edc948978 100644 --- a/content/includes/nim/rbac/assign-roles-to-users.md +++ b/content/includes/nim/rbac/assign-roles-to-users.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-1025 +nd-files: +- content/nim/admin-guide/rbac/assign-roles.md +- content/nim/security-monitoring/give-access-to-security-monitoring-dashboards.md --- To assign roles to a user in NGINX Instance Manager, follow these steps: diff --git a/content/includes/nim/rbac/create-roles.md b/content/includes/nim/rbac/create-roles.md index 1fd1d37f8..85cb2f7e9 100644 --- a/content/includes/nim/rbac/create-roles.md +++ b/content/includes/nim/rbac/create-roles.md @@ -1,5 +1,11 @@ --- nd-docs: DOCS-1028 +nd-files: +- content/nim/admin-guide/authentication/oidc/getting-started.md +- content/nim/admin-guide/authentication/oidc/keycloak-setup.md +- content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md +- content/nim/admin-guide/rbac/create-roles.md +- content/nim/security-monitoring/give-access-to-security-monitoring-dashboards.md --- Roles in NGINX Instance Manager are a critical part of [role-based access control (RBAC)]({{< ref "/nim/admin-guide/rbac/overview-rbac.md" >}}). By creating roles, you define the access levels and permissions for different user groups that correspond to groups in your Identity Provider (IdP). diff --git a/content/includes/nim/rbac/create-user-groups.md b/content/includes/nim/rbac/create-user-groups.md index 70da4af28..1f598eb72 100644 --- a/content/includes/nim/rbac/create-user-groups.md +++ b/content/includes/nim/rbac/create-user-groups.md @@ -1,5 +1,9 @@ --- nd-docs: DOCS-1027 +nd-files: +- content/nim/admin-guide/authentication/oidc/getting-started.md +- content/nim/admin-guide/authentication/oidc/keycloak-setup.md +- content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md --- {{< call-out "important" "Group names must match with your IdP" >}}To ensure that NGINX Instance Manager and your IdP work together seamlessly, group names must exactly match between the two systems. If the group names don’t match, the OIDC integration will fail, preventing users from accessing NGINX Instance Manager. For example, if you have a group called "app-developers" in your IdP, you must create a user group called "app-developers" in NGINX Instance Manager. The group claim must also be part of the token your IdP generates. Refer to your IdP's documentation for guidance on adding group claims.{{}} diff --git a/content/includes/nim/rbac/what-is-rbac.md b/content/includes/nim/rbac/what-is-rbac.md deleted file mode 100644 index 93fb5b72c..000000000 --- a/content/includes/nim/rbac/what-is-rbac.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -nd-docs: DOCS-1179 ---- - -RBAC (Role-Based Access Control) is a security framework that provides access control based on roles assigned to users or user groups. This framework defines the roles and responsibilities of users within the system and restricts access to resources according to the user’s role. RBAC ensures only authorized users have access to specific resources and prevents unauthorized access. - diff --git a/content/includes/nim/security-monitoring/update-security-monitoring-attack-signature-database.md b/content/includes/nim/security-monitoring/update-security-monitoring-attack-signature-database.md index 20002d9c0..3a00e89a4 100644 --- a/content/includes/nim/security-monitoring/update-security-monitoring-attack-signature-database.md +++ b/content/includes/nim/security-monitoring/update-security-monitoring-attack-signature-database.md @@ -1,7 +1,8 @@ --- -docs: -files: - - /nim/security-monitoring/update-signatures.md +docs: null +nd-files: +- content/nim/security-monitoring/update-signatures.md +- content/nim/waf-integration/configuration/setup-signatures-and-threats/update-security-monitoring-signature-db.md --- 1. Open an SSH connection to the data plane host and log in. diff --git a/content/includes/nim/system-configuration/trust-proxy-ca-certificates.md b/content/includes/nim/system-configuration/trust-proxy-ca-certificates.md deleted file mode 100644 index 88bdd7bce..000000000 --- a/content/includes/nim/system-configuration/trust-proxy-ca-certificates.md +++ /dev/null @@ -1,17 +0,0 @@ ---- ---- - -1. Copy the proxy CA certificate into the system’s trusted certificate directory, for example **/usr/local/share/ca-certificates/** or **/etc/ssl/certs/** (path varies by distribution). -1. Run the appropriate command to update the system’s trusted certificates: - - - **Debian/Ubuntu**: - - ```shell - sudo update-ca-certificates - ``` - - - **RHEL/CentOS**: - - ```shell - sudo update-ca-trust - ``` diff --git a/content/includes/nim/tech-specs/nim-app-protect-support.md b/content/includes/nim/tech-specs/nim-app-protect-support.md index 151449219..3a1fea76f 100644 --- a/content/includes/nim/tech-specs/nim-app-protect-support.md +++ b/content/includes/nim/tech-specs/nim-app-protect-support.md @@ -1,5 +1,8 @@ --- nd-docs: DOCS-1068 +nd-files: +- content/nim/fundamentals/tech-specs.md +- content/nim/releases/release-notes.md --- NGINX Instance Manager supports the following versions of [F5 WAF for NGINX](https://docs.nginx.com/waf/): diff --git a/content/includes/nim/tech-specs/security-data-plane-dependencies.md b/content/includes/nim/tech-specs/security-data-plane-dependencies.md deleted file mode 100644 index f2216300e..000000000 --- a/content/includes/nim/tech-specs/security-data-plane-dependencies.md +++ /dev/null @@ -1,25 +0,0 @@ -The Security Monitoring module requires the following versions of [F5 WAF for NGINX](https://docs.nginx.com/nginx-app-protect/) and [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) for the **data plane**: - -{{< call-out "note" >}} -In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually. -From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed. -{{< /call-out >}} - -{{}} - -| Security Monitoring | F5 WAF for NGINX | -|---------------------|----------------------------------------| -| 1.7.1 | Release 4.7.0–4.12.0, 5.1.0–5.4.0 | -| 1.7.0 | Release 4.4.0–4.7.0 | -| 1.6.0 | Release 4.3.0–4.4.0 | -| 1.5.0 | Release 4.3.0 | -| 1.4.0 | Release 4.2.0 | -| 1.3.0 | Release 3.12.2–4.2.0 | -| 1.2.0 | Release 3.12.2–4.1.0 | -| 1.1.0 | Release 3.12.2–4.0.0 | -| 1.0.0 | Release 3.12.2 | - -{{}} - - - diff --git a/content/includes/nim/tech-specs/security-management-plane-dependencies.md b/content/includes/nim/tech-specs/security-management-plane-dependencies.md deleted file mode 100644 index b05818bde..000000000 --- a/content/includes/nim/tech-specs/security-management-plane-dependencies.md +++ /dev/null @@ -1,25 +0,0 @@ -The Security Monitoring module requires the following versions of NGINX Instance Manager to be installed on the **management plane**. - -{{< call-out "note" >}} -In NGINX Instance Manager 2.18.0 and under, the Security Monitoring module was a separate package that was installed manually. -From NGINX Instance Manager 2.19.0 onward, Security Monitoring is part of the NGINX Instance Manager feature-set and is packaged by default; no manual installation or upgrade is needed. -{{< /call-out >}} - -{{}} - -| Security Monitoring | Instance Manager | -|---------------------|-------------------| -| 1.7.1 | 2.14.1–2.18.0 | -| 1.7.0 | 2.14.0 | -| 1.6.0 | 2.12.0–2.13.0 | -| 1.5.0 | 2.11.0 | -| 1.4.0 | 2.10.0–2.10.1 | -| 1.3.0 | 2.9.0 | -| 1.2.0 | 2.8.0 | -| 1.1.0 | 2.7.0 | -| 1.0.0 | 2.6.0 | - -{{}} - - - diff --git a/content/includes/nim/tech-specs/supported-distros.md b/content/includes/nim/tech-specs/supported-distros.md index 1abfed6ae..cf8fd4bd1 100644 --- a/content/includes/nim/tech-specs/supported-distros.md +++ b/content/includes/nim/tech-specs/supported-distros.md @@ -1,6 +1,7 @@ --- nd-docs: DOCS-1071 -files: +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md - content/nim/fundamentals/tech-specs.md --- diff --git a/content/includes/nim/tech-specs/supported-nginx-versions.md b/content/includes/nim/tech-specs/supported-nginx-versions.md index f0a45e11b..675cbad36 100644 --- a/content/includes/nim/tech-specs/supported-nginx-versions.md +++ b/content/includes/nim/tech-specs/supported-nginx-versions.md @@ -1,6 +1,7 @@ --- nd-docs: DOCS-1075 -files: +nd-files: +- content/nim/deploy/vm-bare-metal/install-nim-manual.md - content/nim/fundamentals/tech-specs.md --- diff --git a/content/includes/nim/templates/additional-templating-resources.md b/content/includes/nim/templates/additional-templating-resources.md index 9eae64a38..abf4440c0 100644 --- a/content/includes/nim/templates/additional-templating-resources.md +++ b/content/includes/nim/templates/additional-templating-resources.md @@ -1,5 +1,13 @@ --- nd-docs: DOCS-1500 +nd-files: +- content/nim/nginx-configs/config-templates/concepts/augment-templates.md +- content/nim/nginx-configs/config-templates/concepts/config-templates.md +- content/nim/nginx-configs/config-templates/concepts/default-base-template.md +- content/nim/nginx-configs/config-templates/concepts/template-resources.md +- content/nim/nginx-configs/config-templates/how-to/manage-nginx-configs-with-templates.md +- content/nim/nginx-configs/config-templates/how-to/rbac-config-templates-and-submissions.md +- content/nim/nginx-configs/config-templates/reference/json-schema-reference.md ---
diff --git a/content/includes/nim/uninstall/uninstall-nim.md b/content/includes/nim/uninstall/uninstall-nim.md index 0b5993e83..cdb177d73 100644 --- a/content/includes/nim/uninstall/uninstall-nim.md +++ b/content/includes/nim/uninstall/uninstall-nim.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/nim/deploy/vm-bare-metal/install.md +- content/nim/disconnected/offline-install-guide.md --- Follow the steps below to uninstall NGINX Instance Manager and ClickHouse. diff --git a/content/includes/nim/waf/nim-waf-before-you-begin.md b/content/includes/nim/waf/nim-waf-before-you-begin.md index 742260d4b..b4d2b35cc 100644 --- a/content/includes/nim/waf/nim-waf-before-you-begin.md +++ b/content/includes/nim/waf/nim-waf-before-you-begin.md @@ -1,9 +1,9 @@ --- -docs: -files: - - content/nim/waf-integration/configuration/_index.md - - content/nim/waf-integration/configuration/install-waf-compiler/install.md - - content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md +docs: null +nd-files: +- content/nim/waf-integration/configuration/_index.md +- content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md +- content/nim/waf-integration/configuration/install-waf-compiler/install.md --- Make sure you’ve completed the following tasks: diff --git a/content/includes/nim/waf/restart-nms-integrations.md b/content/includes/nim/waf/restart-nms-integrations.md index f761f114b..3d6cfb369 100644 --- a/content/includes/nim/waf/restart-nms-integrations.md +++ b/content/includes/nim/waf/restart-nms-integrations.md @@ -1,7 +1,10 @@ --- nd-docs: DOCS-000 -files: - - content/nim/waf-integration/configuration/setup-waf-config-management.md +nd-files: +- content/nim/waf-integration/configuration/compiler-resource-pruning.md +- content/nim/waf-integration/configuration/install-waf-compiler/download-from-myf5.md +- content/nim/waf-integration/configuration/install-waf-compiler/install.md +- content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md --- Restart the `nms-integrations` service: diff --git a/content/includes/nim/waf/upload-cert-and-key.md b/content/includes/nim/waf/upload-cert-and-key.md index 82f3d24ea..d13146b23 100644 --- a/content/includes/nim/waf/upload-cert-and-key.md +++ b/content/includes/nim/waf/upload-cert-and-key.md @@ -1,7 +1,8 @@ --- -doc: -files: - - content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md +doc: null +nd-files: +- content/nim/waf-integration/configuration/install-waf-compiler/automatic-download.md +- content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md --- Follow these steps to get and upload the certificate and key: diff --git a/content/includes/nim/webui-nim-login.md b/content/includes/nim/webui-nim-login.md index 85bbf101d..769611656 100644 --- a/content/includes/nim/webui-nim-login.md +++ b/content/includes/nim/webui-nim-login.md @@ -1,5 +1,11 @@ --- nd-docs: DOCS-1334 +nd-files: +- content/nim/nginx-instances/manage-instance-groups.md +- content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md +- content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md +- content/nim/waf-integration/configuration/manage-waf-configurations/verify-configuration.md +- content/nim/waf-integration/configuration/onboard-instances/verify-installation.md --- In a web browser, go to the FQDN for your NGINX Instance Manager host and log in. Then, select **Instance Manager** from the Launchpad menu. diff --git a/content/includes/security/jwt-password-note.md b/content/includes/security/jwt-password-note.md index f5a9f816b..e06afbb37 100644 --- a/content/includes/security/jwt-password-note.md +++ b/content/includes/security/jwt-password-note.md @@ -1,5 +1,9 @@ --- nd-product: NONECO +nd-files: +- content/nginx-one-console/connect-instances/connect-nginx-plus-container-images-to-nginx-one.md +- content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md +- content/nim/fundamentals/api-overview.md --- {{}} diff --git a/content/includes/security/rbac-intro.md b/content/includes/security/rbac-intro.md index 0be0d25b7..0e9886656 100644 --- a/content/includes/security/rbac-intro.md +++ b/content/includes/security/rbac-intro.md @@ -1,10 +1,11 @@ --- -files: - - content/nginx-one-console/rbac/overview.md - - content/nim/admin-guide/rbac/overview-rbac.md nd-docs: DOCS-000 nd-product: MSC +nd-files: +- content/nginx-one-console/rbac/overview.md +- content/nim/admin-guide/rbac/overview-rbac.md --- + Role-based access control (RBAC) is a security system that governs access to resources within a software application. By assigning specific roles to users or groups, RBAC ensures that only authorized individuals have the ability to perform certain actions or access particular areas. The value of RBAC lies in its ability to provide clear and structured control over what users can see and do. This makes it easier to maintain security, streamline user management, and ensure compliance with internal policies or regulations. By giving users only the permissions they need to fulfill their roles, RBAC reduces the risk of unauthorized access and fosters a more efficient and secure operating environment. diff --git a/content/includes/support/how-to-get-support.md b/content/includes/support/how-to-get-support.md new file mode 100644 index 000000000..a65bb69e1 --- /dev/null +++ b/content/includes/support/how-to-get-support.md @@ -0,0 +1,12 @@ +--- +nd-docs: DOCS-1225 +nd-files: +- content/nim/security-monitoring/troubleshooting.md +- content/nim/troubleshooting.md +--- + +If you need additional assistance, refer to the following topics for guidance on how to contact Support and create a Support Package: + +- [Contact Support]({{< ref "/nim/support/contact-support.md" >}}) +- [Create a Support Package]({{< ref "/nim/support/support-package.md" >}}) + diff --git a/content/includes/use-cases/credential-download-instructions.md b/content/includes/use-cases/credential-download-instructions.md index 2b3b1fbfa..98509c3ac 100644 --- a/content/includes/use-cases/credential-download-instructions.md +++ b/content/includes/use-cases/credential-download-instructions.md @@ -1,8 +1,8 @@ --- nd-product: MSC -files: +nd-files: - content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md -- content/nic/installation/nic-images/registry-download.md +- content/nic/install/images/registry-download.md --- In order to obtain a container image, you will need the JSON Web Token file or SSL certificate and private key files provided with your NGINX Plus subscription. diff --git a/content/includes/use-cases/docker-registry-instructions.md b/content/includes/use-cases/docker-registry-instructions.md index 2cf690e8c..c224a88f8 100644 --- a/content/includes/use-cases/docker-registry-instructions.md +++ b/content/includes/use-cases/docker-registry-instructions.md @@ -1,8 +1,8 @@ --- nd-product: MSC -files: +nd-files: - content/nginx/admin-guide/installing-nginx/installing-nginx-docker.md -- content/nic/installation/nic-images/registry-download.md +- content/nic/install/images/registry-download.md --- This step describes how to use Docker to communicate with the F5 Container Registry located at `private-registry.nginx.com`. diff --git a/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md b/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md index edee475fe..3b137a8ff 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md +++ b/content/includes/use-cases/monitoring/enable-nginx-oss-stub-status.md @@ -1,8 +1,10 @@ --- nd-product: MSC -files: - - content/nim/monitoring/overview-metrics.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/nginx-configs/metrics/enable-metrics.md +- content/nim/monitoring/overview-metrics.md +- content/nim/nginx-instances/add-instance.md --- To collect basic metrics about server activity for NGINX Open Source, add the following to your NGINX configuration file: diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md index e425fb685..de8a33842 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api-with-config-sync-group.md @@ -1,8 +1,8 @@ --- nd-product: MSC -files: -- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md +nd-files: - content/nginx-one-console/nginx-configs/metrics/enable-metrics.md +- content/nginx-one-console/workshops/lab5/upgrade-nginx-plus-to-latest-version.md --- 1. In the NGINX One Console, select **Manage > Config Sync Groups**, then pick your config sync group's name. diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md index cca2a9665..43eef5704 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-api.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-api.md @@ -1,8 +1,10 @@ --- nd-product: MSC -files: - - content/nim/monitoring/overview-metrics.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/nginx-configs/metrics/enable-metrics.md +- content/nim/monitoring/overview-metrics.md +- content/nim/nginx-instances/add-instance.md --- To collect comprehensive metrics for NGINX Plus, including bytes streamed, information about upstream systems and caches, and counts of all HTTP status codes, add the following to your NGINX Plus configuration file, for example `/etc/nginx/nginx.conf` or an included file: diff --git a/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md b/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md index 684e1f200..ad66ce359 100644 --- a/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md +++ b/content/includes/use-cases/monitoring/enable-nginx-plus-status-zone-limited.md @@ -1,7 +1,7 @@ --- nd-product: MSC -files: - - content/nginx-one-console/nginx-configs/metrics/enable-metrics.md +nd-files: +- content/nginx-one-console/nginx-configs/metrics/enable-metrics.md --- To make NGINX Plus metrics available on the NGINX One Console, you must enable shared memory zones for the virtual servers being monitored. Shared memory zones store configuration and runtime state information shared across NGINX worker processes. diff --git a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md index c4b8dca72..ec75b783b 100644 --- a/content/includes/use-cases/monitoring/n1c-dashboard-overview.md +++ b/content/includes/use-cases/monitoring/n1c-dashboard-overview.md @@ -1,8 +1,8 @@ --- nd-product: MSC -files: - - content/nginx-one-console/metrics/enable-metrics.md - - content/nginx-one-console/getting-started.md +nd-files: +- content/nginx-one-console/getting-started.md +- content/nginx-one-console/nginx-configs/metrics/review-metrics.md --- Navigating the dashboard: diff --git a/content/includes/waf/dockerfiles/alpine-oss.md b/content/includes/waf/dockerfiles/alpine-oss.md index ae961c065..6c4cb614b 100644 --- a/content/includes/waf/dockerfiles/alpine-oss.md +++ b/content/includes/waf/dockerfiles/alpine-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/alpine-plus.md b/content/includes/waf/dockerfiles/alpine-plus.md index 7d7430b33..07551a6cd 100644 --- a/content/includes/waf/dockerfiles/alpine-plus.md +++ b/content/includes/waf/dockerfiles/alpine-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/amazon-oss.md b/content/includes/waf/dockerfiles/amazon-oss.md index 43d6f6c86..3f2de4972 100644 --- a/content/includes/waf/dockerfiles/amazon-oss.md +++ b/content/includes/waf/dockerfiles/amazon-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/amazon-plus.md b/content/includes/waf/dockerfiles/amazon-plus.md index ec39e7492..d4ec7bba2 100644 --- a/content/includes/waf/dockerfiles/amazon-plus.md +++ b/content/includes/waf/dockerfiles/amazon-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/debian-oss.md b/content/includes/waf/dockerfiles/debian-oss.md index 366ab9bcc..3021396cb 100644 --- a/content/includes/waf/dockerfiles/debian-oss.md +++ b/content/includes/waf/dockerfiles/debian-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/debian-plus.md b/content/includes/waf/dockerfiles/debian-plus.md index 68a4a424a..204dfa633 100644 --- a/content/includes/waf/dockerfiles/debian-plus.md +++ b/content/includes/waf/dockerfiles/debian-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/official-oss.md b/content/includes/waf/dockerfiles/official-oss.md index db06c6265..6b72a6019 100644 --- a/content/includes/waf/dockerfiles/official-oss.md +++ b/content/includes/waf/dockerfiles/official-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/oracle-oss.md b/content/includes/waf/dockerfiles/oracle-oss.md index 4d49a495d..c264a490a 100644 --- a/content/includes/waf/dockerfiles/oracle-oss.md +++ b/content/includes/waf/dockerfiles/oracle-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/oracle-plus.md b/content/includes/waf/dockerfiles/oracle-plus.md index 41fcc82a7..98bd1e15b 100644 --- a/content/includes/waf/dockerfiles/oracle-plus.md +++ b/content/includes/waf/dockerfiles/oracle-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rhel8-oss.md b/content/includes/waf/dockerfiles/rhel8-oss.md index 17e6603dc..44ca38bf6 100644 --- a/content/includes/waf/dockerfiles/rhel8-oss.md +++ b/content/includes/waf/dockerfiles/rhel8-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rhel8-plus.md b/content/includes/waf/dockerfiles/rhel8-plus.md index 24172d128..9f05ce79f 100644 --- a/content/includes/waf/dockerfiles/rhel8-plus.md +++ b/content/includes/waf/dockerfiles/rhel8-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rhel9-oss.md b/content/includes/waf/dockerfiles/rhel9-oss.md index 17e6603dc..44ca38bf6 100644 --- a/content/includes/waf/dockerfiles/rhel9-oss.md +++ b/content/includes/waf/dockerfiles/rhel9-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rhel9-plus.md b/content/includes/waf/dockerfiles/rhel9-plus.md index 1429ffd6f..464ba150e 100644 --- a/content/includes/waf/dockerfiles/rhel9-plus.md +++ b/content/includes/waf/dockerfiles/rhel9-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rocky9-oss.md b/content/includes/waf/dockerfiles/rocky9-oss.md index d69784b81..611c919c8 100644 --- a/content/includes/waf/dockerfiles/rocky9-oss.md +++ b/content/includes/waf/dockerfiles/rocky9-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/rocky9-plus.md b/content/includes/waf/dockerfiles/rocky9-plus.md index 1429ffd6f..464ba150e 100644 --- a/content/includes/waf/dockerfiles/rocky9-plus.md +++ b/content/includes/waf/dockerfiles/rocky9-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/ubuntu-oss.md b/content/includes/waf/dockerfiles/ubuntu-oss.md index 016646dc0..8f5e6670b 100644 --- a/content/includes/waf/dockerfiles/ubuntu-oss.md +++ b/content/includes/waf/dockerfiles/ubuntu-oss.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/dockerfiles/ubuntu-plus.md b/content/includes/waf/dockerfiles/ubuntu-plus.md index 76621a1a4..89a2e7d8b 100644 --- a/content/includes/waf/dockerfiles/ubuntu-plus.md +++ b/content/includes/waf/dockerfiles/ubuntu-plus.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- ```dockerfile diff --git a/content/includes/waf/f5-waf-for-nginx-compiler-compatibility.md b/content/includes/waf/f5-waf-for-nginx-compiler-compatibility.md index dccab021b..3060cd83f 100644 --- a/content/includes/waf/f5-waf-for-nginx-compiler-compatibility.md +++ b/content/includes/waf/f5-waf-for-nginx-compiler-compatibility.md @@ -1,8 +1,8 @@ --- -docs: -files: - - /nim/waf-integration/configuration/install-waf-compiler/install.md - - /nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md +docs: null +nd-files: +- content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md +- content/nim/waf-integration/configuration/install-waf-compiler/install.md --- {{}} diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index a83c2ee86..45ccc3068 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/waf/install/docker.md --- Your folder should contain the following files: diff --git a/content/includes/waf/install-create-configuration.md b/content/includes/waf/install-create-configuration.md index 813bf21aa..c10187a12 100644 --- a/content/includes/waf/install-create-configuration.md +++ b/content/includes/waf/install-create-configuration.md @@ -1,4 +1,6 @@ --- +nd-files: +- content/waf/install/docker.md --- Copy or move your subscription files into a new folder. diff --git a/content/includes/waf/install-next-steps.md b/content/includes/waf/install-next-steps.md index 7e9564b76..c83798096 100644 --- a/content/includes/waf/install-next-steps.md +++ b/content/includes/waf/install-next-steps.md @@ -1,5 +1,9 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +- content/waf/install/virtual-environment.md --- Once you have successfully installed F5 WAF for NGINX, there are some topics you may want to follow afterwards: diff --git a/content/includes/waf/install-post-checks.md b/content/includes/waf/install-post-checks.md index d4dc729ac..584312619 100644 --- a/content/includes/waf/install-post-checks.md +++ b/content/includes/waf/install-post-checks.md @@ -1,5 +1,9 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +- content/waf/install/virtual-environment.md --- The following steps check that F5 WAF for NGINX enforcement is operational. diff --git a/content/includes/waf/install-selinux-warning.md b/content/includes/waf/install-selinux-warning.md index 442ebeb4e..02dc798fc 100644 --- a/content/includes/waf/install-selinux-warning.md +++ b/content/includes/waf/install-selinux-warning.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/install/docker.md +- content/waf/install/virtual-environment.md --- {{< call-out "caution" >}} diff --git a/content/includes/waf/install-services-compose.md b/content/includes/waf/install-services-compose.md index d7714e8ab..ce4f059c3 100644 --- a/content/includes/waf/install-services-compose.md +++ b/content/includes/waf/install-services-compose.md @@ -1,5 +1,7 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md --- Create a _docker-compose.yml_ file with the following contents in your host environment, replacing image tags as appropriate: diff --git a/content/includes/waf/install-services-docker.md b/content/includes/waf/install-services-docker.md index 83de453f3..9d577d3ba 100644 --- a/content/includes/waf/install-services-docker.md +++ b/content/includes/waf/install-services-docker.md @@ -1,5 +1,7 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md --- First, create new directories for the services: diff --git a/content/includes/waf/install-services-images.md b/content/includes/waf/install-services-images.md index f7a01d2a9..d1a1023a2 100644 --- a/content/includes/waf/install-services-images.md +++ b/content/includes/waf/install-services-images.md @@ -1,5 +1,7 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md --- Download the `waf-enforcer` and `waf-config-mgr` images. diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index 596f50bed..c9f686e8d 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -1,5 +1,8 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- Create a directory and copy your certificate and key to this directory: diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index 89aed3f0a..23b1c63ae 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -1,5 +1,8 @@ --- -nd-docs: +nd-docs: null +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md --- Once you have installed F5 WAF for NGINX, you must load it as a module in the main context of your NGINX configuration. diff --git a/content/includes/waf/table-policy-features.md b/content/includes/waf/table-policy-features.md index 8e8f2bc8c..aba7a42b9 100644 --- a/content/includes/waf/table-policy-features.md +++ b/content/includes/waf/table-policy-features.md @@ -1,4 +1,7 @@ --- +nd-files: +- content/waf/fundamentals/technical-specifications.md +- content/waf/policies/configuration.md --- {{< table >}} diff --git a/content/includes/waf/terminology.md b/content/includes/waf/terminology.md index b0b06c5d1..5dd7f2a87 100644 --- a/content/includes/waf/terminology.md +++ b/content/includes/waf/terminology.md @@ -1,7 +1,7 @@ --- -files: - - content/glossary/glossary.md - - content/waf/fundamentals/terminology.md +nd-files: +- content/glossary/glossary.md +- content/waf/fundamentals/terminology.md --- {{< table >}} From 137508de51f4cd5d54e5f9f9cfd5e247eb7f0f63 Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 25 Nov 2025 17:03:15 +0000 Subject: [PATCH 3/5] fix: move include to nim folder --- content/includes/{ => nim}/support/how-to-get-support.md | 0 content/nim/security-monitoring/troubleshooting.md | 2 +- content/nim/troubleshooting.md | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename content/includes/{ => nim}/support/how-to-get-support.md (100%) diff --git a/content/includes/support/how-to-get-support.md b/content/includes/nim/support/how-to-get-support.md similarity index 100% rename from content/includes/support/how-to-get-support.md rename to content/includes/nim/support/how-to-get-support.md diff --git a/content/nim/security-monitoring/troubleshooting.md b/content/nim/security-monitoring/troubleshooting.md index fde43751a..abbe9c9eb 100644 --- a/content/nim/security-monitoring/troubleshooting.md +++ b/content/nim/security-monitoring/troubleshooting.md @@ -41,4 +41,4 @@ F5 WAF for NGINX supports logging to multiple destinations. This allows users to ## How to get support -{{< include "support/how-to-get-support.md" >}} +{{< include "nim/support/how-to-get-support.md" >}} diff --git a/content/nim/troubleshooting.md b/content/nim/troubleshooting.md index 8c78cd501..de7261b98 100644 --- a/content/nim/troubleshooting.md +++ b/content/nim/troubleshooting.md @@ -144,5 +144,5 @@ For a failure when publishing a certificate to an instance or instance group, en ## How to Get Support -{{< include "support/how-to-get-support.md" >}} +{{< include "nim/support/how-to-get-support.md" >}} From ae79c01b15a53e40193c401104a9e7bc1a1d371c Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 25 Nov 2025 17:41:29 +0000 Subject: [PATCH 4/5] feat: update archetypes --- archetypes/concept.md | 2 +- archetypes/default.md | 2 +- archetypes/landing-page.md | 2 +- archetypes/tutorial.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/archetypes/concept.md b/archetypes/concept.md index 6ef0b90ee..a4767a317 100644 --- a/archetypes/concept.md +++ b/archetypes/concept.md @@ -8,7 +8,7 @@ toc: false # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: concept # Intended for internal catalogue and search, case sensitive: -# AGE, DOS, NAZ, NGC, NGF, NIC, NIM, NGF, ONE, NOS, NPL, SOL, WAF +# NAGENT, NAZURE, NGOOGL, FABRIC, INGRESS, NIMNGR, NONECO, NGPLUS, SOLUTI, F5WAFN, F5DOSN, MISCEL nd-product: --- diff --git a/archetypes/default.md b/archetypes/default.md index 5e58d6feb..97438854c 100644 --- a/archetypes/default.md +++ b/archetypes/default.md @@ -8,7 +8,7 @@ toc: false # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: -# AGE, DOS, NAZ, NGC, NGF, NIC, NIM, NGF, ONE, NOS, NPL, SOL, WAF +# NAGENT, NAZURE, NGOOGL, FABRIC, INGRESS, NIMNGR, NONECO, NGPLUS, SOLUTI, F5WAFN, F5DOSN, MISCEL nd-product: --- diff --git a/archetypes/landing-page.md b/archetypes/landing-page.md index 184527cf6..152d37447 100644 --- a/archetypes/landing-page.md +++ b/archetypes/landing-page.md @@ -14,7 +14,7 @@ nd-landing-page: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: landing-page # Intended for internal catalogue and search, case sensitive: -# AGE, DOS, NAZ, NGC, NGF, NIC, NIM, NGF, ONE, NOS, NPL, SOL, WAF +# NAGENT, NAZURE, NGOOGL, FABRIC, INGRESS, NIMNGR, NONECO, NGPLUS, SOLUTI, F5WAFN, F5DOSN, MISCEL nd-product: --- diff --git a/archetypes/tutorial.md b/archetypes/tutorial.md index a9ae12e45..3b0033314 100644 --- a/archetypes/tutorial.md +++ b/archetypes/tutorial.md @@ -8,7 +8,7 @@ toc: false # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: tutorial # Intended for internal catalogue and search, case sensitive: -# AGE, DOS, NAZ, NGC, NGF, NIC, NIM, NGF, ONE, NOS, NPL, SOL, WAF +# NAGENT, NAZURE, NGOOGL, FABRIC, INGRESS, NIMNGR, NONECO, NGPLUS, SOLUTI, F5WAFN, F5DOSN, MISCEL nd-product: --- From fb7b86a7f7796e190abf2cd3ada9834f26a9b8fb Mon Sep 17 00:00:00 2001 From: Jon Cahill-Torre Date: Tue, 25 Nov 2025 17:51:07 +0000 Subject: [PATCH 5/5] feat: update nd-product metadata to new convention --- content/agent/installation-upgrade/installation-unprivileged.md | 2 +- content/agent/support.md | 2 +- content/ngf/_index.md | 2 +- content/ngf/changelog.md | 2 +- content/ngf/get-started.md | 2 +- content/ngf/how-to/control-plane-configuration.md | 2 +- content/ngf/how-to/data-plane-configuration.md | 2 +- content/ngf/how-to/gateway-api-inference-extension.md | 2 +- content/ngf/how-to/scaling.md | 2 +- content/ngf/how-to/upgrade-apps-without-downtime.md | 2 +- content/ngf/install/build-image.md | 2 +- content/ngf/install/deploy-data-plane.md | 2 +- content/ngf/install/helm.md | 2 +- content/ngf/install/ingress-to-gateway.md | 2 +- content/ngf/install/manifests.md | 2 +- content/ngf/install/nginx-plus.md | 2 +- content/ngf/install/openshift.md | 2 +- content/ngf/install/secure-certificates.md | 2 +- content/ngf/install/upgrade-version.md | 2 +- content/ngf/monitoring/dashboard.md | 2 +- content/ngf/monitoring/prometheus.md | 2 +- content/ngf/monitoring/tracing.md | 2 +- content/ngf/overview/custom-policies.md | 2 +- content/ngf/overview/gateway-api-compatibility.md | 2 +- content/ngf/overview/gateway-architecture.md | 2 +- content/ngf/overview/nginx-plus.md | 2 +- content/ngf/overview/product-telemetry.md | 2 +- content/ngf/overview/resource-validation.md | 2 +- content/ngf/reference/api.md | 2 +- content/ngf/reference/cli-help.md | 2 +- content/ngf/reference/permissions.md | 2 +- content/ngf/reference/technical-specifications.md | 2 +- content/ngf/support.md | 2 +- content/ngf/traffic-management/advanced-routing.md | 2 +- content/ngf/traffic-management/basic-routing.md | 2 +- content/ngf/traffic-management/client-settings.md | 2 +- content/ngf/traffic-management/https-termination.md | 2 +- content/ngf/traffic-management/mirror.md | 2 +- content/ngf/traffic-management/redirects-and-rewrites.md | 2 +- content/ngf/traffic-management/request-response-headers.md | 2 +- content/ngf/traffic-management/snippets.md | 2 +- content/ngf/traffic-management/tls-passthrough.md | 2 +- content/ngf/traffic-management/upstream-settings.md | 2 +- content/ngf/traffic-security/integrate-cert-manager.md | 2 +- content/ngf/traffic-security/secure-backend.md | 2 +- content/ngf/troubleshooting.md | 2 +- .../nginx-one-console/agent/containers/run-agent-container.md | 2 +- .../nginx-one-console/nginx-configs/metrics/enable-metrics.md | 2 +- .../nginx-one-console/nginx-configs/metrics/review-metrics.md | 2 +- .../nginx-configs/staged-configs/add-staged-config.md | 2 +- .../nginx-configs/staged-configs/api-staged-config.md | 2 +- .../workshops/lab1/getting-started-with-nginx-one-console.md | 2 +- .../workshops/lab2/run-workshop-components-with-docker.md | 2 +- .../workshops/lab3/explore-nginx-one-console-features.md | 2 +- content/nginx-one-console/workshops/lab4/config-sync-groups.md | 2 +- content/nginxaas-azure/_index.md | 2 +- content/nginxaas-azure/disaster-recovery.md | 2 +- .../getting-started/create-deployment/deploy-azure-portal.md | 2 +- .../getting-started/ssl-tls-certificates/overview.md | 2 +- content/nginxaas-azure/quickstart/security-controls/oidc.md | 2 +- .../quickstart/security-controls/private-link-to-upstreams.md | 2 +- .../quickstart/security-controls/private-subnet-oidc-entra.md | 2 +- content/nic/_index.md | 2 +- content/nic/changelog/2019.md | 2 +- content/nic/changelog/2020.md | 2 +- content/nic/changelog/2021.md | 2 +- content/nic/changelog/2022.md | 2 +- content/nic/changelog/2023.md | 2 +- content/nic/changelog/2024.md | 2 +- content/nic/changelog/_index.md | 2 +- content/nic/community.md | 2 +- content/nic/configuration/access-control.md | 2 +- .../global-configuration/command-line-arguments.md | 2 +- .../configuration/global-configuration/configmap-resource.md | 2 +- .../global-configuration/globalconfiguration-resource.md | 2 +- .../global-configuration/reporting-resources-status.md | 2 +- .../advanced-configuration-with-annotations.md | 2 +- .../nic/configuration/ingress-resources/basic-configuration.md | 2 +- .../ingress-resources/cross-namespace-configuration.md | 2 +- .../nic/configuration/ingress-resources/custom-annotations.md | 2 +- content/nic/configuration/policy-resource.md | 2 +- content/nic/configuration/security.md | 2 +- .../virtualserver-and-virtualserverroute-resources.md | 2 +- content/nic/install/build.md | 2 +- content/nic/install/helm.md | 2 +- content/nic/install/images/add-image-to-cluster.md | 2 +- content/nic/install/images/registry-download.md | 2 +- content/nic/install/license-secret.md | 2 +- content/nic/install/manifests.md | 2 +- content/nic/install/migrate-ingress-nginx.md | 2 +- content/nic/install/multiple-controllers.md | 2 +- content/nic/install/operator.md | 2 +- content/nic/install/upgrade.md | 2 +- content/nic/install/waf-helm.md | 2 +- content/nic/integrations/app-protect-dos/configuration.md | 2 +- content/nic/integrations/app-protect-dos/dos-protected.md | 2 +- content/nic/integrations/app-protect-dos/installation.md | 2 +- .../app-protect-dos/troubleshoot-app-protect-dos.md | 2 +- .../nic/integrations/app-protect-waf-v5/compile-waf-policies.md | 2 +- content/nic/integrations/app-protect-waf-v5/configuration.md | 2 +- content/nic/integrations/app-protect-waf-v5/installation.md | 2 +- .../app-protect-waf-v5/troubleshoot-app-protect-waf.md | 2 +- content/nic/integrations/app-protect-waf/configuration.md | 2 +- content/nic/integrations/app-protect-waf/installation.md | 2 +- content/nic/integrations/f5-ingresslink.md | 2 +- content/nic/logging-and-monitoring/logging.md | 2 +- content/nic/logging-and-monitoring/opentelemetry.md | 2 +- content/nic/logging-and-monitoring/opentracing.md | 2 +- content/nic/logging-and-monitoring/prometheus.md | 2 +- content/nic/logging-and-monitoring/service-insight.md | 2 +- content/nic/logging-and-monitoring/status-page.md | 2 +- content/nic/overview/about.md | 2 +- content/nic/overview/controller-comparison.md | 2 +- content/nic/overview/design.md | 2 +- content/nic/technical-specifications.md | 2 +- content/nic/troubleshooting/troubleshoot-common.md | 2 +- content/nic/tutorials/ingress-path-regex-annotation.md | 2 +- content/nic/tutorials/nginx-dynamic-module.md | 2 +- content/nic/tutorials/nginx-ingress-istio.md | 2 +- content/nic/tutorials/nginx-ingress-linkerd.md | 2 +- content/nic/tutorials/nginx-ingress-osm.md | 2 +- content/nic/tutorials/oidc-custom-configuration.md | 2 +- content/nic/tutorials/security-monitoring.md | 2 +- .../nic/tutorials/virtual-server-with-custom-listener-ports.md | 2 +- content/nic/usage-reporting.md | 2 +- content/nim/admin-guide/authentication/oidc/getting-started.md | 2 +- .../admin-guide/authentication/oidc/microsoft-entra-setup.md | 2 +- content/nim/deploy/kubernetes/helm-config-settings.md | 2 +- content/nim/deploy/vm-bare-metal/install-nim-manual.md | 2 +- content/nim/disconnected/add-license-disconnected-deployment.md | 2 +- content/nim/monitoring/view-events-metrics.md | 2 +- content/nim/nginx-instances/add-instance.md | 2 +- content/nim/nginx-instances/scan-instances.md | 2 +- content/nim/releases/release-notes.md | 2 +- content/nim/security-monitoring/set-up-app-protect-instances.md | 2 +- content/nim/system-configuration/secure-traffic.md | 2 +- .../waf-integration/configuration/compiler-resource-pruning.md | 2 +- .../configuration/install-waf-compiler/automatic-download.md | 2 +- .../configuration/install-waf-compiler/download-from-myf5.md | 2 +- .../configuration/install-waf-compiler/install-disconnected.md | 2 +- .../configuration/install-waf-compiler/install.md | 2 +- .../manage-waf-configurations/add-configuration.md | 2 +- .../manage-waf-configurations/edit-waf-configuration.md | 2 +- .../onboard-custom-security-policies.md | 2 +- .../manage-waf-configurations/verify-configuration.md | 2 +- .../configuration/onboard-instances/configure-docker-compose.md | 2 +- .../configuration/onboard-instances/configure-nginx-agent.md | 2 +- .../configuration/onboard-instances/install-nginx-agent.md | 2 +- .../configuration/onboard-instances/verify-installation.md | 2 +- .../setup-signatures-and-threats/automatic-download.md | 2 +- .../configuration/setup-signatures-and-threats/manual-update.md | 2 +- .../update-security-monitoring-signature-db.md | 2 +- content/nim/waf-integration/configuration/troubleshooting.md | 2 +- .../waf-integration/policies-and-logs/bundles/create-bundle.md | 2 +- .../policies-and-logs/bundles/download-bundle.md | 2 +- .../waf-integration/policies-and-logs/bundles/list-bundles.md | 2 +- .../policies-and-logs/log-profiles/create-log-profile.md | 2 +- .../policies-and-logs/log-profiles/delete-log-profile.md | 2 +- .../policies-and-logs/log-profiles/update-log-profile.md | 2 +- .../policies-and-logs/policies/add-signature-sets.md | 2 +- .../policies-and-logs/policies/cookies-parameters-urls.md | 2 +- .../waf-integration/policies-and-logs/policies/create-policy.md | 2 +- .../waf-integration/policies-and-logs/policies/delete-policy.md | 2 +- .../waf-integration/policies-and-logs/policies/review-policy.md | 2 +- .../waf-integration/policies-and-logs/policies/update-policy.md | 2 +- .../policies-and-logs/policies/waf-policy-matching-types.md | 2 +- .../policies-and-logs/publish/check-publication-status.md | 2 +- .../policies-and-logs/publish/publish-to-instances.md | 2 +- .../solutions/about-subscription-licenses/getting-started.md | 2 +- .../about-subscription-licenses/instructional-videos.md | 2 +- .../nginx-plus-licensing-workflows.md | 2 +- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/logging/custom-dimensions.md | 2 +- content/waf/logging/security-logs.md | 2 +- content/waf/policies/configuration.md | 2 +- content/waf/policies/grpc-protection.md | 2 +- content/waf/policies/ip-intelligence.md | 2 +- content/waf/policies/user-urls-parameters.md | 2 +- 182 files changed, 182 insertions(+), 182 deletions(-) diff --git a/content/agent/installation-upgrade/installation-unprivileged.md b/content/agent/installation-upgrade/installation-unprivileged.md index 8c36246be..75f704be5 100644 --- a/content/agent/installation-upgrade/installation-unprivileged.md +++ b/content/agent/installation-upgrade/installation-unprivileged.md @@ -4,7 +4,7 @@ weight: 450 toc: true nd-content-type: - how-to -product: Agent +nd-product: NAGENT nd-docs: DOCS-1781 --- diff --git a/content/agent/support.md b/content/agent/support.md index 363925c75..622036b40 100644 --- a/content/agent/support.md +++ b/content/agent/support.md @@ -3,7 +3,7 @@ title: Support weight: 800 toc: false nd-content-type: reference -product: Agent +nd-product: NAGENT nd-docs: DOCS-1883 --- diff --git a/content/ngf/_index.md b/content/ngf/_index.md index 6ea82a7c2..67b974f39 100644 --- a/content/ngf/_index.md +++ b/content/ngf/_index.md @@ -20,7 +20,7 @@ nd-landing-page: true nd-content-type: landing-page # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGF +nd-product: FABRIC --- ## About diff --git a/content/ngf/changelog.md b/content/ngf/changelog.md index 4e16a7465..0ff28db3a 100644 --- a/content/ngf/changelog.md +++ b/content/ngf/changelog.md @@ -3,7 +3,7 @@ title: Changelog toc: true weight: 900 nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1359 --- diff --git a/content/ngf/get-started.md b/content/ngf/get-started.md index 4c8fd8d36..beb65dcb7 100644 --- a/content/ngf/get-started.md +++ b/content/ngf/get-started.md @@ -3,7 +3,7 @@ title: Get started weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1834 --- diff --git a/content/ngf/how-to/control-plane-configuration.md b/content/ngf/how-to/control-plane-configuration.md index 245b454ed..db158e041 100644 --- a/content/ngf/how-to/control-plane-configuration.md +++ b/content/ngf/how-to/control-plane-configuration.md @@ -3,7 +3,7 @@ title: Control plane configuration weight: 400 toc: true type: how-to -product: NGF +nd-product: FABRIC nd-docs: DOCS-1839 --- diff --git a/content/ngf/how-to/data-plane-configuration.md b/content/ngf/how-to/data-plane-configuration.md index 1fb00c9c2..e291e802d 100644 --- a/content/ngf/how-to/data-plane-configuration.md +++ b/content/ngf/how-to/data-plane-configuration.md @@ -3,7 +3,7 @@ title: Data plane configuration weight: 500 toc: true type: how-to -product: NGF +nd-product: FABRIC nd-docs: DOCS-1838 --- diff --git a/content/ngf/how-to/gateway-api-inference-extension.md b/content/ngf/how-to/gateway-api-inference-extension.md index 2e4992112..fa3db5272 100644 --- a/content/ngf/how-to/gateway-api-inference-extension.md +++ b/content/ngf/how-to/gateway-api-inference-extension.md @@ -3,7 +3,7 @@ title: Gateway API Inference Extension weight: 800 toc: true nd-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-0000 --- diff --git a/content/ngf/how-to/scaling.md b/content/ngf/how-to/scaling.md index b316cf1d0..2571aa263 100644 --- a/content/ngf/how-to/scaling.md +++ b/content/ngf/how-to/scaling.md @@ -3,7 +3,7 @@ title: Scaling the control plane and data plane weight: 700 toc: true type: how-to -product: NGF +nd-product: FABRIC nd-docs: DOCS-1840 --- diff --git a/content/ngf/how-to/upgrade-apps-without-downtime.md b/content/ngf/how-to/upgrade-apps-without-downtime.md index bff6032f5..36718c39e 100644 --- a/content/ngf/how-to/upgrade-apps-without-downtime.md +++ b/content/ngf/how-to/upgrade-apps-without-downtime.md @@ -3,7 +3,7 @@ title: Upgrade applications without downtime weight: 600 toc: true type: how-to -product: NGF +nd-product: FABRIC nd-docs: DOCS-1841 --- diff --git a/content/ngf/install/build-image.md b/content/ngf/install/build-image.md index 5211f5e17..7b4b60501 100644 --- a/content/ngf/install/build-image.md +++ b/content/ngf/install/build-image.md @@ -3,7 +3,7 @@ title: Build NGINX Gateway Fabric weight: 500 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1431 --- diff --git a/content/ngf/install/deploy-data-plane.md b/content/ngf/install/deploy-data-plane.md index 0c18df5d3..302c4bf10 100644 --- a/content/ngf/install/deploy-data-plane.md +++ b/content/ngf/install/deploy-data-plane.md @@ -3,7 +3,7 @@ title: Deploy a Gateway for data plane instances weight: 600 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1854 --- diff --git a/content/ngf/install/helm.md b/content/ngf/install/helm.md index 219133acc..bf0eec54c 100644 --- a/content/ngf/install/helm.md +++ b/content/ngf/install/helm.md @@ -3,7 +3,7 @@ title: Install NGINX Gateway Fabric with Helm weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1430 --- diff --git a/content/ngf/install/ingress-to-gateway.md b/content/ngf/install/ingress-to-gateway.md index 782331973..675892a84 100644 --- a/content/ngf/install/ingress-to-gateway.md +++ b/content/ngf/install/ingress-to-gateway.md @@ -3,7 +3,7 @@ title: Migrate from NGINX Ingress Controller to NGINX Gateway Fabric weight: 800 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: --- diff --git a/content/ngf/install/manifests.md b/content/ngf/install/manifests.md index c656b3798..ef1fb6665 100644 --- a/content/ngf/install/manifests.md +++ b/content/ngf/install/manifests.md @@ -3,7 +3,7 @@ title: Install NGINX Gateway Fabric with Manifests weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1429 --- diff --git a/content/ngf/install/nginx-plus.md b/content/ngf/install/nginx-plus.md index b097f76ab..746104345 100644 --- a/content/ngf/install/nginx-plus.md +++ b/content/ngf/install/nginx-plus.md @@ -3,7 +3,7 @@ title: Install NGINX Gateway Fabric with NGINX Plus weight: 300 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1853 --- diff --git a/content/ngf/install/openshift.md b/content/ngf/install/openshift.md index a739d6355..180d71683 100644 --- a/content/ngf/install/openshift.md +++ b/content/ngf/install/openshift.md @@ -4,7 +4,7 @@ description: Deploy F5 NGINX Gateway Fabric on Red Hat OpenShift through Operato weight: 400 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC --- ## Overview diff --git a/content/ngf/install/secure-certificates.md b/content/ngf/install/secure-certificates.md index 01c46e240..fc94557d3 100644 --- a/content/ngf/install/secure-certificates.md +++ b/content/ngf/install/secure-certificates.md @@ -3,7 +3,7 @@ title: Add certificates for secure authentication weight: 100 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1851 --- diff --git a/content/ngf/install/upgrade-version.md b/content/ngf/install/upgrade-version.md index da79dbdc5..7a8b02373 100644 --- a/content/ngf/install/upgrade-version.md +++ b/content/ngf/install/upgrade-version.md @@ -3,7 +3,7 @@ title: Upgrade NGINX Gateway Fabric weight: 700 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1852 --- diff --git a/content/ngf/monitoring/dashboard.md b/content/ngf/monitoring/dashboard.md index 7dd873fc5..5be07048f 100644 --- a/content/ngf/monitoring/dashboard.md +++ b/content/ngf/monitoring/dashboard.md @@ -3,7 +3,7 @@ title: Access the NGINX Plus dashboard weight: 300 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1417 --- diff --git a/content/ngf/monitoring/prometheus.md b/content/ngf/monitoring/prometheus.md index 0ce414ebd..573919ac0 100644 --- a/content/ngf/monitoring/prometheus.md +++ b/content/ngf/monitoring/prometheus.md @@ -3,7 +3,7 @@ title: Monitoring with Prometheus and Grafana weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1418 --- diff --git a/content/ngf/monitoring/tracing.md b/content/ngf/monitoring/tracing.md index 22ed240ff..6ad4d62ff 100644 --- a/content/ngf/monitoring/tracing.md +++ b/content/ngf/monitoring/tracing.md @@ -3,7 +3,7 @@ title: Configure tracing weight: 100 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1844 --- diff --git a/content/ngf/overview/custom-policies.md b/content/ngf/overview/custom-policies.md index 400e2353d..7d904fdaf 100644 --- a/content/ngf/overview/custom-policies.md +++ b/content/ngf/overview/custom-policies.md @@ -3,7 +3,7 @@ title: Custom policies weight: 600 toc: true nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1835 --- diff --git a/content/ngf/overview/gateway-api-compatibility.md b/content/ngf/overview/gateway-api-compatibility.md index 6ad9b4116..79a5b503e 100644 --- a/content/ngf/overview/gateway-api-compatibility.md +++ b/content/ngf/overview/gateway-api-compatibility.md @@ -3,7 +3,7 @@ title: Gateway API Compatibility weight: 200 toc: true nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1412 --- diff --git a/content/ngf/overview/gateway-architecture.md b/content/ngf/overview/gateway-architecture.md index 1d0d05d34..0a19f9943 100644 --- a/content/ngf/overview/gateway-architecture.md +++ b/content/ngf/overview/gateway-architecture.md @@ -3,7 +3,7 @@ title: Gateway architecture weight: 100 toc: true nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1413 --- diff --git a/content/ngf/overview/nginx-plus.md b/content/ngf/overview/nginx-plus.md index b19de51fc..923947786 100644 --- a/content/ngf/overview/nginx-plus.md +++ b/content/ngf/overview/nginx-plus.md @@ -2,7 +2,7 @@ title: Advanced features with NGINX Plus weight: 300 type: reference -product: NGF +nd-product: FABRIC nd-docs: DOCS-1837 --- diff --git a/content/ngf/overview/product-telemetry.md b/content/ngf/overview/product-telemetry.md index 22da85415..714d83ea2 100644 --- a/content/ngf/overview/product-telemetry.md +++ b/content/ngf/overview/product-telemetry.md @@ -2,7 +2,7 @@ title: Product telemetry weight: 500 nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1836 --- diff --git a/content/ngf/overview/resource-validation.md b/content/ngf/overview/resource-validation.md index 64c2d3188..f4200948e 100644 --- a/content/ngf/overview/resource-validation.md +++ b/content/ngf/overview/resource-validation.md @@ -3,7 +3,7 @@ title: Resource validation weight: 400 toc: true nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1414 --- diff --git a/content/ngf/reference/api.md b/content/ngf/reference/api.md index 549a0444f..407093f42 100644 --- a/content/ngf/reference/api.md +++ b/content/ngf/reference/api.md @@ -2,7 +2,7 @@ title: API reference weight: 100 type: reference -product: NGF +nd-product: FABRIC nd-docs: DOCS-1855 --- ## Overview diff --git a/content/ngf/reference/cli-help.md b/content/ngf/reference/cli-help.md index b7a97a692..4d5392ccf 100644 --- a/content/ngf/reference/cli-help.md +++ b/content/ngf/reference/cli-help.md @@ -3,7 +3,7 @@ title: Command-line reference guide weight: 100 toc: true type: reference -product: NGF +nd-product: FABRIC nd-docs: DOCS-1843 --- diff --git a/content/ngf/reference/permissions.md b/content/ngf/reference/permissions.md index ad95e3bef..1700b2473 100644 --- a/content/ngf/reference/permissions.md +++ b/content/ngf/reference/permissions.md @@ -4,7 +4,7 @@ description: NGINX Gateway Fabric permissions required by components. weight: 300 toc: true type: reference -product: NGF +nd-product: FABRIC --- ## Overview diff --git a/content/ngf/reference/technical-specifications.md b/content/ngf/reference/technical-specifications.md index cd8658f51..5641986d5 100644 --- a/content/ngf/reference/technical-specifications.md +++ b/content/ngf/reference/technical-specifications.md @@ -4,7 +4,7 @@ description: NGINX Gateway Fabric technical specifications. weight: 200 toc: true type: reference -product: NGF +nd-product: FABRIC nd-docs: DOCS-1842 --- diff --git a/content/ngf/support.md b/content/ngf/support.md index d2cde2020..c9d4f9c83 100644 --- a/content/ngf/support.md +++ b/content/ngf/support.md @@ -3,7 +3,7 @@ title: Support weight: 800 toc: true nd-content-type: reference -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1411 --- diff --git a/content/ngf/traffic-management/advanced-routing.md b/content/ngf/traffic-management/advanced-routing.md index 66c05c594..cca1e83da 100644 --- a/content/ngf/traffic-management/advanced-routing.md +++ b/content/ngf/traffic-management/advanced-routing.md @@ -3,7 +3,7 @@ title: Application routes using HTTP matching conditions weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1422 --- diff --git a/content/ngf/traffic-management/basic-routing.md b/content/ngf/traffic-management/basic-routing.md index e121c8935..58be430bd 100644 --- a/content/ngf/traffic-management/basic-routing.md +++ b/content/ngf/traffic-management/basic-routing.md @@ -3,7 +3,7 @@ title: Routing traffic to applications weight: 100 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1426 --- diff --git a/content/ngf/traffic-management/client-settings.md b/content/ngf/traffic-management/client-settings.md index 588991b10..20bdf9d0e 100644 --- a/content/ngf/traffic-management/client-settings.md +++ b/content/ngf/traffic-management/client-settings.md @@ -3,7 +3,7 @@ title: Client Settings Policy API toc: true weight: 800 nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1846 --- diff --git a/content/ngf/traffic-management/https-termination.md b/content/ngf/traffic-management/https-termination.md index 299bdd1f7..e8d8b0842 100644 --- a/content/ngf/traffic-management/https-termination.md +++ b/content/ngf/traffic-management/https-termination.md @@ -3,7 +3,7 @@ title: HTTPS termination weight: 500 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1421 --- diff --git a/content/ngf/traffic-management/mirror.md b/content/ngf/traffic-management/mirror.md index cf13c924f..c9bde4cf8 100644 --- a/content/ngf/traffic-management/mirror.md +++ b/content/ngf/traffic-management/mirror.md @@ -3,7 +3,7 @@ title: Configure Request Mirroring toc: true weight: 700 nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1847 --- diff --git a/content/ngf/traffic-management/redirects-and-rewrites.md b/content/ngf/traffic-management/redirects-and-rewrites.md index 8cbacbf79..58c9e15f9 100644 --- a/content/ngf/traffic-management/redirects-and-rewrites.md +++ b/content/ngf/traffic-management/redirects-and-rewrites.md @@ -3,7 +3,7 @@ title: HTTP redirects and rewrites weight: 400 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1424 --- diff --git a/content/ngf/traffic-management/request-response-headers.md b/content/ngf/traffic-management/request-response-headers.md index d6fe3806f..225cfc8e2 100644 --- a/content/ngf/traffic-management/request-response-headers.md +++ b/content/ngf/traffic-management/request-response-headers.md @@ -3,7 +3,7 @@ title: Modify HTTP request and response headers weight: 600 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1849 --- diff --git a/content/ngf/traffic-management/snippets.md b/content/ngf/traffic-management/snippets.md index 75b3a0fb5..c84b9294e 100644 --- a/content/ngf/traffic-management/snippets.md +++ b/content/ngf/traffic-management/snippets.md @@ -3,7 +3,7 @@ title: Use the SnippetsFilter API weight: 800 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1848 --- diff --git a/content/ngf/traffic-management/tls-passthrough.md b/content/ngf/traffic-management/tls-passthrough.md index fb56bec2c..663c1ed21 100644 --- a/content/ngf/traffic-management/tls-passthrough.md +++ b/content/ngf/traffic-management/tls-passthrough.md @@ -3,7 +3,7 @@ title: Configure TLS passthrough weight: 800 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1850 --- diff --git a/content/ngf/traffic-management/upstream-settings.md b/content/ngf/traffic-management/upstream-settings.md index d13d1b8cf..b27fe738d 100644 --- a/content/ngf/traffic-management/upstream-settings.md +++ b/content/ngf/traffic-management/upstream-settings.md @@ -3,7 +3,7 @@ title: Upstream Settings Policy API weight: 900 toc: true type: how-to -product: NGF +nd-product: FABRIC nd-docs: DOCS-1845 --- diff --git a/content/ngf/traffic-security/integrate-cert-manager.md b/content/ngf/traffic-security/integrate-cert-manager.md index 575ced75a..00a2a11c8 100644 --- a/content/ngf/traffic-security/integrate-cert-manager.md +++ b/content/ngf/traffic-security/integrate-cert-manager.md @@ -3,7 +3,7 @@ title: Secure traffic using Let's Encrypt and cert-manager weight: 100 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1425 --- diff --git a/content/ngf/traffic-security/secure-backend.md b/content/ngf/traffic-security/secure-backend.md index 652d10235..3475fd966 100644 --- a/content/ngf/traffic-security/secure-backend.md +++ b/content/ngf/traffic-security/secure-backend.md @@ -3,7 +3,7 @@ title: Securing backend traffic weight: 200 toc: true nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1423 --- diff --git a/content/ngf/troubleshooting.md b/content/ngf/troubleshooting.md index 9e3bb4c09..3c5fe2914 100644 --- a/content/ngf/troubleshooting.md +++ b/content/ngf/troubleshooting.md @@ -3,7 +3,7 @@ title: Troubleshooting toc: true weight: 600 nd-content-type: how-to -nd-product: NGF +nd-product: FABRIC nd-docs: DOCS-1419 --- diff --git a/content/nginx-one-console/agent/containers/run-agent-container.md b/content/nginx-one-console/agent/containers/run-agent-container.md index 8e52c59f7..f75269e39 100644 --- a/content/nginx-one-console/agent/containers/run-agent-container.md +++ b/content/nginx-one-console/agent/containers/run-agent-container.md @@ -3,7 +3,7 @@ title: Run the NGINX Agent in a container weight: 100 toc: true nd-content-type: how-to -product: Agent +nd-product: NAGENT nd-docs: DOCS-1872 --- diff --git a/content/nginx-one-console/nginx-configs/metrics/enable-metrics.md b/content/nginx-one-console/nginx-configs/metrics/enable-metrics.md index def4a8e8c..9d447eff7 100644 --- a/content/nginx-one-console/nginx-configs/metrics/enable-metrics.md +++ b/content/nginx-one-console/nginx-configs/metrics/enable-metrics.md @@ -9,7 +9,7 @@ toc: true nd-content-type: tutorial # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX-One +nd-product: NONECO --- The NGINX One Console dashboard and metrics views present system metrics and detailed NGINX metrics gathered through the NGINX Plus API or the Stub Status API (for NGINX Open Source). diff --git a/content/nginx-one-console/nginx-configs/metrics/review-metrics.md b/content/nginx-one-console/nginx-configs/metrics/review-metrics.md index 2920ca63e..27c3a73e4 100644 --- a/content/nginx-one-console/nginx-configs/metrics/review-metrics.md +++ b/content/nginx-one-console/nginx-configs/metrics/review-metrics.md @@ -9,7 +9,7 @@ toc: true nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NGINX-One +nd-product: NONECO --- After connecting your NGINX instances to NGINX One, you can monitor their performance and health. The NGINX One dashboard is designed for this purpose, offering an easy-to-use interface. diff --git a/content/nginx-one-console/nginx-configs/staged-configs/add-staged-config.md b/content/nginx-one-console/nginx-configs/staged-configs/add-staged-config.md index f14cbff41..3764e5f42 100644 --- a/content/nginx-one-console/nginx-configs/staged-configs/add-staged-config.md +++ b/content/nginx-one-console/nginx-configs/staged-configs/add-staged-config.md @@ -9,7 +9,7 @@ toc: true type: tutorial # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -product: NGINX-One +nd-product: NONECO --- ## Overview diff --git a/content/nginx-one-console/nginx-configs/staged-configs/api-staged-config.md b/content/nginx-one-console/nginx-configs/staged-configs/api-staged-config.md index 9fd9b3cde..db3c6a77d 100644 --- a/content/nginx-one-console/nginx-configs/staged-configs/api-staged-config.md +++ b/content/nginx-one-console/nginx-configs/staged-configs/api-staged-config.md @@ -8,7 +8,7 @@ toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this type: tutorial # Intended for internal catalogue and search, case sensitive: -product: NGINX-One +nd-product: NONECO --- You can use F5 NGINX One Console API to manage your Staged Configurations. With our API, you can: diff --git a/content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md b/content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md index cfc847cd2..581f64bfb 100644 --- a/content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md +++ b/content/nginx-one-console/workshops/lab1/getting-started-with-nginx-one-console.md @@ -3,7 +3,7 @@ title: "Lab 1: Get started with NGINX One Console" weight: 100 toc: true nd-content-type: tutorial -nd-product: NGINX-ONE +nd-product: NONECO --- ## Introduction diff --git a/content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md b/content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md index 14ac57238..dc4961590 100644 --- a/content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md +++ b/content/nginx-one-console/workshops/lab2/run-workshop-components-with-docker.md @@ -3,7 +3,7 @@ title: "Lab 2: Run workshop components with Docker" weight: 200 toc: true nd-content-type: tutorial -nd-product: nginx-one +nd-product: NONECO --- ## Introduction diff --git a/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md b/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md index 9f59516d4..f4175bc93 100644 --- a/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md +++ b/content/nginx-one-console/workshops/lab3/explore-nginx-one-console-features.md @@ -3,7 +3,7 @@ title: "Lab 3: Explore NGINX One Console features" weight: 300 toc: true nd-content-type: tutorial -nd-product: nginx-one +nd-product: NONECO --- ## Introduction diff --git a/content/nginx-one-console/workshops/lab4/config-sync-groups.md b/content/nginx-one-console/workshops/lab4/config-sync-groups.md index bdd25517f..7b91de6d1 100644 --- a/content/nginx-one-console/workshops/lab4/config-sync-groups.md +++ b/content/nginx-one-console/workshops/lab4/config-sync-groups.md @@ -3,7 +3,7 @@ title: "Lab 4: Config Sync Groups" weight: 400 toc: true nd-content-type: tutorial -nd-product: nginx-one +nd-product: NONECO --- ## Introduction diff --git a/content/nginxaas-azure/_index.md b/content/nginxaas-azure/_index.md index c63b39ec3..a8f2f1271 100644 --- a/content/nginxaas-azure/_index.md +++ b/content/nginxaas-azure/_index.md @@ -6,7 +6,7 @@ nd-landing-page: true cascade: logo: F5-NGINXaaS-icon.svg nd-content-type: landing-page -nd-product: N4Azure +nd-product: NAZURE --- diff --git a/content/nginxaas-azure/disaster-recovery.md b/content/nginxaas-azure/disaster-recovery.md index 675ca4c06..c105963a8 100644 --- a/content/nginxaas-azure/disaster-recovery.md +++ b/content/nginxaas-azure/disaster-recovery.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/disaster-recovery/ toc: true weight: 650 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE --- This guide describes how to configure disaster recovery (DR) for F5 NGINXaaS for Azure deployments in separate (ideally [paired](https://learn.microsoft.com/en-us/azure/reliability/regions-paired)) Azure regions, ensuring upstream access remains available even if the primary NGINXaaS deployment in a region fails. The deployment architecture ensures users can access backend application servers (upstreams) continuously from an alternative region if the primary NGINXaaS deployment becomes unavailable. The solution leverages Terraform, Azure Traffic Manager, Azure Virtual Network (VNet) peering, and unique subnets to support failover. diff --git a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md index 1c0ee5d90..195afb20f 100644 --- a/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md +++ b/content/nginxaas-azure/getting-started/create-deployment/deploy-azure-portal.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/getting-started/create-deployment/deploy-azure-portal/ toc: true weight: 100 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE nd-docs: DOCS-878 --- diff --git a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md index 2e340c567..02e9cbf6c 100644 --- a/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md +++ b/content/nginxaas-azure/getting-started/ssl-tls-certificates/overview.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/getting-started/ssl-tls-certificates/overview/ toc: true weight: 50 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE --- F5 NGINXaaS for Azure (NGINXaaS) enables customers to secure traffic by adding SSL/TLS certificates to a deployment. NGINXaaS can fetch certificates directly from Azure Key Vault, rotate certificates, and provide observability on the status of your certificates. diff --git a/content/nginxaas-azure/quickstart/security-controls/oidc.md b/content/nginxaas-azure/quickstart/security-controls/oidc.md index 9dde16912..e13ebec26 100644 --- a/content/nginxaas-azure/quickstart/security-controls/oidc.md +++ b/content/nginxaas-azure/quickstart/security-controls/oidc.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/quickstart/security-controls/oidc/ toc: true weight: 300 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE nd-docs: DOCS-1646 --- diff --git a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md index e5ee31ac4..b5d5fb1fc 100644 --- a/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md +++ b/content/nginxaas-azure/quickstart/security-controls/private-link-to-upstreams.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/quickstart/security-controls/private-link-to-upstreams/ toc: true weight: 400 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE --- [Azure Private Link](https://learn.microsoft.com/en-us/azure/private-link/private-link-overview) eliminates exposure to the public internet by handling traffic over Microsoft's backbone network. This is especially useful if your NGINXaaS deployment and your upstreams are in different virtual networks. diff --git a/content/nginxaas-azure/quickstart/security-controls/private-subnet-oidc-entra.md b/content/nginxaas-azure/quickstart/security-controls/private-subnet-oidc-entra.md index 7819c0aaa..ec9f09ddd 100644 --- a/content/nginxaas-azure/quickstart/security-controls/private-subnet-oidc-entra.md +++ b/content/nginxaas-azure/quickstart/security-controls/private-subnet-oidc-entra.md @@ -4,7 +4,7 @@ url: /nginxaas/azure/quickstart/security-controls/private-subnet-oidc-entra/ toc: true weight: 350 nd-content-type: how-to -nd-product: N4Azure +nd-product: NAZURE --- ## Overview diff --git a/content/nic/_index.md b/content/nic/_index.md index d0a01958a..add25c92b 100644 --- a/content/nic/_index.md +++ b/content/nic/_index.md @@ -15,7 +15,7 @@ nd-landing-page: true nd-content-type: landing-page # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NIC +nd-product: INGRESS --- ## About diff --git a/content/nic/changelog/2019.md b/content/nic/changelog/2019.md index 0b847842e..6a681aa4c 100644 --- a/content/nic/changelog/2019.md +++ b/content/nic/changelog/2019.md @@ -6,7 +6,7 @@ weight: 600 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 1.6.0 diff --git a/content/nic/changelog/2020.md b/content/nic/changelog/2020.md index 7dfd1f85c..3035ed3a5 100644 --- a/content/nic/changelog/2020.md +++ b/content/nic/changelog/2020.md @@ -6,7 +6,7 @@ weight: 500 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 1.9.1 diff --git a/content/nic/changelog/2021.md b/content/nic/changelog/2021.md index f2af68315..b10d60154 100644 --- a/content/nic/changelog/2021.md +++ b/content/nic/changelog/2021.md @@ -6,7 +6,7 @@ weight: 400 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 2.0.3 diff --git a/content/nic/changelog/2022.md b/content/nic/changelog/2022.md index 4940e7f83..a6d055a03 100644 --- a/content/nic/changelog/2022.md +++ b/content/nic/changelog/2022.md @@ -6,7 +6,7 @@ weight: 300 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 2.4.2 diff --git a/content/nic/changelog/2023.md b/content/nic/changelog/2023.md index 7c80c7eb2..e2bb727b7 100644 --- a/content/nic/changelog/2023.md +++ b/content/nic/changelog/2023.md @@ -6,7 +6,7 @@ weight: 200 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 3.4.0 diff --git a/content/nic/changelog/2024.md b/content/nic/changelog/2024.md index 7355a88ac..6750bd55f 100644 --- a/content/nic/changelog/2024.md +++ b/content/nic/changelog/2024.md @@ -6,7 +6,7 @@ weight: 100 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: NIC +nd-product: INGRESS --- ## 4.0.0 diff --git a/content/nic/changelog/_index.md b/content/nic/changelog/_index.md index c8de195ea..e92c197cf 100644 --- a/content/nic/changelog/_index.md +++ b/content/nic/changelog/_index.md @@ -4,7 +4,7 @@ url: /nginx-ingress-controller/changelog weight: 10200 nd-landing-page: true nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-616 --- diff --git a/content/nic/community.md b/content/nic/community.md index 0c291dabe..c4e045855 100644 --- a/content/nic/community.md +++ b/content/nic/community.md @@ -2,7 +2,7 @@ title: Community and contributing weight: 10000 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1447 --- diff --git a/content/nic/configuration/access-control.md b/content/nic/configuration/access-control.md index 232949b1d..8e95270a5 100644 --- a/content/nic/configuration/access-control.md +++ b/content/nic/configuration/access-control.md @@ -3,7 +3,7 @@ title: Deploy a Policy for access control weight: 900 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1858 --- diff --git a/content/nic/configuration/global-configuration/command-line-arguments.md b/content/nic/configuration/global-configuration/command-line-arguments.md index 398761b18..aaf18eb01 100644 --- a/content/nic/configuration/global-configuration/command-line-arguments.md +++ b/content/nic/configuration/global-configuration/command-line-arguments.md @@ -3,7 +3,7 @@ title: Command-line arguments toc: true weight: 100 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-585 --- diff --git a/content/nic/configuration/global-configuration/configmap-resource.md b/content/nic/configuration/global-configuration/configmap-resource.md index 65f025611..330aad98a 100644 --- a/content/nic/configuration/global-configuration/configmap-resource.md +++ b/content/nic/configuration/global-configuration/configmap-resource.md @@ -3,7 +3,7 @@ title: ConfigMap resources weight: 300 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-586 --- diff --git a/content/nic/configuration/global-configuration/globalconfiguration-resource.md b/content/nic/configuration/global-configuration/globalconfiguration-resource.md index 3fa4ae583..8276bc8df 100644 --- a/content/nic/configuration/global-configuration/globalconfiguration-resource.md +++ b/content/nic/configuration/global-configuration/globalconfiguration-resource.md @@ -3,7 +3,7 @@ title: GlobalConfiguration resource toc: true weight: 200 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-588 --- diff --git a/content/nic/configuration/global-configuration/reporting-resources-status.md b/content/nic/configuration/global-configuration/reporting-resources-status.md index 4da8b5123..8e08da1eb 100644 --- a/content/nic/configuration/global-configuration/reporting-resources-status.md +++ b/content/nic/configuration/global-configuration/reporting-resources-status.md @@ -3,7 +3,7 @@ title: Reporting resource status toc: true weight: 600 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-589 --- diff --git a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md index d85e547ad..8250054df 100644 --- a/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md +++ b/content/nic/configuration/ingress-resources/advanced-configuration-with-annotations.md @@ -3,7 +3,7 @@ title: Advanced configuration with Annotations toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-591 --- diff --git a/content/nic/configuration/ingress-resources/basic-configuration.md b/content/nic/configuration/ingress-resources/basic-configuration.md index 75d371ae5..d1f84bd78 100644 --- a/content/nic/configuration/ingress-resources/basic-configuration.md +++ b/content/nic/configuration/ingress-resources/basic-configuration.md @@ -3,7 +3,7 @@ title: Basic configuration weight: 100 toc: true nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-593 --- diff --git a/content/nic/configuration/ingress-resources/cross-namespace-configuration.md b/content/nic/configuration/ingress-resources/cross-namespace-configuration.md index 8a443b4fd..5982b481f 100644 --- a/content/nic/configuration/ingress-resources/cross-namespace-configuration.md +++ b/content/nic/configuration/ingress-resources/cross-namespace-configuration.md @@ -3,7 +3,7 @@ title: Cross-namespace configuration toc: true weight: 500 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-594 --- diff --git a/content/nic/configuration/ingress-resources/custom-annotations.md b/content/nic/configuration/ingress-resources/custom-annotations.md index a7dd3db81..521081fcc 100644 --- a/content/nic/configuration/ingress-resources/custom-annotations.md +++ b/content/nic/configuration/ingress-resources/custom-annotations.md @@ -3,7 +3,7 @@ title: Custom annotations toc: true weight: 300 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-595 --- diff --git a/content/nic/configuration/policy-resource.md b/content/nic/configuration/policy-resource.md index 2f46c94a7..4d00accf2 100644 --- a/content/nic/configuration/policy-resource.md +++ b/content/nic/configuration/policy-resource.md @@ -3,7 +3,7 @@ title: Policy resources weight: 500 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-596 --- diff --git a/content/nic/configuration/security.md b/content/nic/configuration/security.md index aadc7e800..0335f1ada 100644 --- a/content/nic/configuration/security.md +++ b/content/nic/configuration/security.md @@ -3,7 +3,7 @@ title: Security recommendations toc: true weight: 300 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-597 --- diff --git a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md index 761929b9e..000238a43 100644 --- a/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md +++ b/content/nic/configuration/virtualserver-and-virtualserverroute-resources.md @@ -3,7 +3,7 @@ title: VirtualServer and VirtualServerRoute resources toc: true weight: 700 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-599 --- diff --git a/content/nic/install/build.md b/content/nic/install/build.md index aec43077f..560377044 100644 --- a/content/nic/install/build.md +++ b/content/nic/install/build.md @@ -3,7 +3,7 @@ title: Build NGINX Ingress Controller toc: true weight: 700 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1453 --- diff --git a/content/nic/install/helm.md b/content/nic/install/helm.md index ae304d71a..289a84c0d 100644 --- a/content/nic/install/helm.md +++ b/content/nic/install/helm.md @@ -3,7 +3,7 @@ title: Install NGINX Ingress Controller with Helm toc: true weight: 100 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-602 --- diff --git a/content/nic/install/images/add-image-to-cluster.md b/content/nic/install/images/add-image-to-cluster.md index 3aa61f0bf..8d5fb63d4 100644 --- a/content/nic/install/images/add-image-to-cluster.md +++ b/content/nic/install/images/add-image-to-cluster.md @@ -3,7 +3,7 @@ title: Add an NGINX Ingress Controller image to your cluster toc: true weight: 150 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1454 --- diff --git a/content/nic/install/images/registry-download.md b/content/nic/install/images/registry-download.md index aa11fc887..e844c2f70 100644 --- a/content/nic/install/images/registry-download.md +++ b/content/nic/install/images/registry-download.md @@ -3,7 +3,7 @@ title: Download NGINX Ingress Controller from the F5 Registry toc: true weight: 100 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-605 --- diff --git a/content/nic/install/license-secret.md b/content/nic/install/license-secret.md index 85bb5c5ee..a0dd9e2db 100644 --- a/content/nic/install/license-secret.md +++ b/content/nic/install/license-secret.md @@ -3,7 +3,7 @@ title: Create a license Secret toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1860 --- diff --git a/content/nic/install/manifests.md b/content/nic/install/manifests.md index 1ed374ad8..301168d39 100644 --- a/content/nic/install/manifests.md +++ b/content/nic/install/manifests.md @@ -3,7 +3,7 @@ title: Install NGINX Ingress Controller with Manifests toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-603 --- diff --git a/content/nic/install/migrate-ingress-nginx.md b/content/nic/install/migrate-ingress-nginx.md index 58bf97cbe..62066bda5 100644 --- a/content/nic/install/migrate-ingress-nginx.md +++ b/content/nic/install/migrate-ingress-nginx.md @@ -3,7 +3,7 @@ title: Migrate from Ingress-NGINX Controller to NGINX Ingress Controller toc: true weight: 1000 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1469 --- diff --git a/content/nic/install/multiple-controllers.md b/content/nic/install/multiple-controllers.md index 568916d55..144e6131d 100644 --- a/content/nic/install/multiple-controllers.md +++ b/content/nic/install/multiple-controllers.md @@ -3,7 +3,7 @@ title: Run multiple NGINX Ingress Controllers toc: true weight: 800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-606 --- diff --git a/content/nic/install/operator.md b/content/nic/install/operator.md index 95e5ed1f7..d5480411a 100644 --- a/content/nic/install/operator.md +++ b/content/nic/install/operator.md @@ -3,7 +3,7 @@ title: Install NGINX Ingress Controller with NGINX Ingress Operator toc: true weight: 500 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-604 --- diff --git a/content/nic/install/upgrade.md b/content/nic/install/upgrade.md index 3cfde6acd..79724c2e9 100644 --- a/content/nic/install/upgrade.md +++ b/content/nic/install/upgrade.md @@ -9,7 +9,7 @@ toc: true nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NIC +nd-product: INGRESS --- This document describes how to upgrade F5 NGINX Ingress Controller when a new version releases. diff --git a/content/nic/install/waf-helm.md b/content/nic/install/waf-helm.md index c249dceb8..a0b9f3b5c 100644 --- a/content/nic/install/waf-helm.md +++ b/content/nic/install/waf-helm.md @@ -3,7 +3,7 @@ title: Install NGINX Ingress Controller and F5 WAF for NGINX with Docker and Hel toc: true weight: 400 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1861 --- diff --git a/content/nic/integrations/app-protect-dos/configuration.md b/content/nic/integrations/app-protect-dos/configuration.md index 8ce84d042..6a8de2c27 100644 --- a/content/nic/integrations/app-protect-dos/configuration.md +++ b/content/nic/integrations/app-protect-dos/configuration.md @@ -3,7 +3,7 @@ title: Configuration toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-580 --- diff --git a/content/nic/integrations/app-protect-dos/dos-protected.md b/content/nic/integrations/app-protect-dos/dos-protected.md index 24cdb78af..af03978e2 100644 --- a/content/nic/integrations/app-protect-dos/dos-protected.md +++ b/content/nic/integrations/app-protect-dos/dos-protected.md @@ -3,7 +3,7 @@ title: DoS protected resource specification toc: true weight: 300 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-581 --- diff --git a/content/nic/integrations/app-protect-dos/installation.md b/content/nic/integrations/app-protect-dos/installation.md index 0d6a90e11..6ab719885 100644 --- a/content/nic/integrations/app-protect-dos/installation.md +++ b/content/nic/integrations/app-protect-dos/installation.md @@ -3,7 +3,7 @@ title: Build NGINX Ingress Controller with F5 DoS for NGINX weight: 100 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-583 --- diff --git a/content/nic/integrations/app-protect-dos/troubleshoot-app-protect-dos.md b/content/nic/integrations/app-protect-dos/troubleshoot-app-protect-dos.md index 1a7af9625..f61052959 100644 --- a/content/nic/integrations/app-protect-dos/troubleshoot-app-protect-dos.md +++ b/content/nic/integrations/app-protect-dos/troubleshoot-app-protect-dos.md @@ -3,7 +3,7 @@ title: Troubleshoot F5 DoS for NGINX toc: true weight: 400 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1456 --- diff --git a/content/nic/integrations/app-protect-waf-v5/compile-waf-policies.md b/content/nic/integrations/app-protect-waf-v5/compile-waf-policies.md index 9db69e66e..a41d22f02 100644 --- a/content/nic/integrations/app-protect-waf-v5/compile-waf-policies.md +++ b/content/nic/integrations/app-protect-waf-v5/compile-waf-policies.md @@ -3,7 +3,7 @@ title: Compile F5 WAF for NGINX policies using NGINX Instance Manager weight: 300 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1863 --- diff --git a/content/nic/integrations/app-protect-waf-v5/configuration.md b/content/nic/integrations/app-protect-waf-v5/configuration.md index a489ebcc4..d493873d3 100644 --- a/content/nic/integrations/app-protect-waf-v5/configuration.md +++ b/content/nic/integrations/app-protect-waf-v5/configuration.md @@ -3,7 +3,7 @@ title: Configure NGINX App Protect with NGINX Ingress Controller weight: 200 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1866 --- diff --git a/content/nic/integrations/app-protect-waf-v5/installation.md b/content/nic/integrations/app-protect-waf-v5/installation.md index bfb08ca54..a8e2a2b0a 100644 --- a/content/nic/integrations/app-protect-waf-v5/installation.md +++ b/content/nic/integrations/app-protect-waf-v5/installation.md @@ -3,7 +3,7 @@ title: Build NGINX Ingress Controller with F5 WAF for NGINX weight: 100 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1865 --- diff --git a/content/nic/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md b/content/nic/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md index cee3595d1..76c84c8b2 100644 --- a/content/nic/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md +++ b/content/nic/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md @@ -3,7 +3,7 @@ title: Troubleshoot F5 WAF for NGINX weight: 400 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1864 --- diff --git a/content/nic/integrations/app-protect-waf/configuration.md b/content/nic/integrations/app-protect-waf/configuration.md index 6d10930ff..7531fc298 100644 --- a/content/nic/integrations/app-protect-waf/configuration.md +++ b/content/nic/integrations/app-protect-waf/configuration.md @@ -3,7 +3,7 @@ title: Configure NGINX App Protect with NGINX Ingress Controller weight: 200 toc: true type: how-to -product: NIC +nd-product: INGRESS nd-docs: DOCS-578 --- diff --git a/content/nic/integrations/app-protect-waf/installation.md b/content/nic/integrations/app-protect-waf/installation.md index a7b52cb3c..66ce8fd58 100644 --- a/content/nic/integrations/app-protect-waf/installation.md +++ b/content/nic/integrations/app-protect-waf/installation.md @@ -3,7 +3,7 @@ title: Build NGINX Ingress Controller with F5 WAF for NGINX weight: 100 toc: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-579 --- diff --git a/content/nic/integrations/f5-ingresslink.md b/content/nic/integrations/f5-ingresslink.md index b4e28c7f5..9cf3de9ec 100644 --- a/content/nic/integrations/f5-ingresslink.md +++ b/content/nic/integrations/f5-ingresslink.md @@ -3,7 +3,7 @@ title: F5 BIG-IP toc: true weight: 400 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-600 --- diff --git a/content/nic/logging-and-monitoring/logging.md b/content/nic/logging-and-monitoring/logging.md index 97c725a64..869082e04 100644 --- a/content/nic/logging-and-monitoring/logging.md +++ b/content/nic/logging-and-monitoring/logging.md @@ -3,7 +3,7 @@ title: Logs available from NGINX Ingress Controller toc: true weight: 100 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-613 --- diff --git a/content/nic/logging-and-monitoring/opentelemetry.md b/content/nic/logging-and-monitoring/opentelemetry.md index 53a52be95..c731e6103 100644 --- a/content/nic/logging-and-monitoring/opentelemetry.md +++ b/content/nic/logging-and-monitoring/opentelemetry.md @@ -9,7 +9,7 @@ toc: true nd-content-type: how-to # Intended for internal catalogue and search, case sensitive: # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit -nd-product: NIC +nd-product: INGRESS --- This topic describes how to enable [OpenTelemetry](https://opentelemetry.io/) for F5 NGINX Ingress Controller using the [native NGINX module](https://nginx.org/en/docs/ngx_otel_module.html). diff --git a/content/nic/logging-and-monitoring/opentracing.md b/content/nic/logging-and-monitoring/opentracing.md index 06a57a5c5..8f069a19d 100644 --- a/content/nic/logging-and-monitoring/opentracing.md +++ b/content/nic/logging-and-monitoring/opentracing.md @@ -3,7 +3,7 @@ title: Enable OpenTracing (Removed in v5.0.0) toc: true weight: 700 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-618 --- diff --git a/content/nic/logging-and-monitoring/prometheus.md b/content/nic/logging-and-monitoring/prometheus.md index 88b86791e..8cce055fe 100644 --- a/content/nic/logging-and-monitoring/prometheus.md +++ b/content/nic/logging-and-monitoring/prometheus.md @@ -3,7 +3,7 @@ title: Enable Prometheus metrics toc: true weight: 400 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-614 --- diff --git a/content/nic/logging-and-monitoring/service-insight.md b/content/nic/logging-and-monitoring/service-insight.md index 02435124c..e2737478c 100644 --- a/content/nic/logging-and-monitoring/service-insight.md +++ b/content/nic/logging-and-monitoring/service-insight.md @@ -3,7 +3,7 @@ title: Enable Service Insight toc: true weight: 600 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1180 --- diff --git a/content/nic/logging-and-monitoring/status-page.md b/content/nic/logging-and-monitoring/status-page.md index 4cfda9d50..f02af59ad 100644 --- a/content/nic/logging-and-monitoring/status-page.md +++ b/content/nic/logging-and-monitoring/status-page.md @@ -3,7 +3,7 @@ title: View the NGINX status page toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-615 --- diff --git a/content/nic/overview/about.md b/content/nic/overview/about.md index ef6bdeaf6..e6b535858 100644 --- a/content/nic/overview/about.md +++ b/content/nic/overview/about.md @@ -2,7 +2,7 @@ title: About weight: 100 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-612 --- diff --git a/content/nic/overview/controller-comparison.md b/content/nic/overview/controller-comparison.md index f4770395c..1a48ecc92 100644 --- a/content/nic/overview/controller-comparison.md +++ b/content/nic/overview/controller-comparison.md @@ -4,7 +4,7 @@ toc: true draft: true weight: 400 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-610 --- diff --git a/content/nic/overview/design.md b/content/nic/overview/design.md index 716307345..8b53a9ab0 100644 --- a/content/nic/overview/design.md +++ b/content/nic/overview/design.md @@ -3,7 +3,7 @@ title: The design of NGINX Ingress Controller toc: true weight: 200 nd-content-type: concept -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-609 --- diff --git a/content/nic/technical-specifications.md b/content/nic/technical-specifications.md index c89ed8b0e..cf2890a04 100644 --- a/content/nic/technical-specifications.md +++ b/content/nic/technical-specifications.md @@ -3,7 +3,7 @@ title: Technical specifications toc: true weight: 200 nd-content-type: reference -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-617 --- diff --git a/content/nic/troubleshooting/troubleshoot-common.md b/content/nic/troubleshooting/troubleshoot-common.md index 923b1c6ef..359601324 100644 --- a/content/nic/troubleshooting/troubleshoot-common.md +++ b/content/nic/troubleshooting/troubleshoot-common.md @@ -3,7 +3,7 @@ title: Troubleshooting common issues toc: true weight: 200 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1459 --- diff --git a/content/nic/tutorials/ingress-path-regex-annotation.md b/content/nic/tutorials/ingress-path-regex-annotation.md index 9cee69351..1876dfbd4 100644 --- a/content/nic/tutorials/ingress-path-regex-annotation.md +++ b/content/nic/tutorials/ingress-path-regex-annotation.md @@ -3,7 +3,7 @@ title: Ingresses Path Matching Using Path-Regex Annotation toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1451 --- diff --git a/content/nic/tutorials/nginx-dynamic-module.md b/content/nic/tutorials/nginx-dynamic-module.md index 46eb19a3c..ba0748f19 100644 --- a/content/nic/tutorials/nginx-dynamic-module.md +++ b/content/nic/tutorials/nginx-dynamic-module.md @@ -3,7 +3,7 @@ title: Using NGINX Ingress Controller with NGINX Dynamic Modules toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1231 --- diff --git a/content/nic/tutorials/nginx-ingress-istio.md b/content/nic/tutorials/nginx-ingress-istio.md index 0a200ae92..432a686c3 100644 --- a/content/nic/tutorials/nginx-ingress-istio.md +++ b/content/nic/tutorials/nginx-ingress-istio.md @@ -3,7 +3,7 @@ title: NGINX Ingress Controller and Istio Service Mesh toc: true weight: 1800 nd-content-type: concept -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-889 --- diff --git a/content/nic/tutorials/nginx-ingress-linkerd.md b/content/nic/tutorials/nginx-ingress-linkerd.md index a2e04d7cd..5636e650a 100644 --- a/content/nic/tutorials/nginx-ingress-linkerd.md +++ b/content/nic/tutorials/nginx-ingress-linkerd.md @@ -3,7 +3,7 @@ title: NGINX Ingress Controller and Linkerd toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1450 --- diff --git a/content/nic/tutorials/nginx-ingress-osm.md b/content/nic/tutorials/nginx-ingress-osm.md index e7a10a564..8f6057424 100644 --- a/content/nic/tutorials/nginx-ingress-osm.md +++ b/content/nic/tutorials/nginx-ingress-osm.md @@ -3,7 +3,7 @@ title: NGINX Ingress Controller and Open Service Mesh toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1181 --- diff --git a/content/nic/tutorials/oidc-custom-configuration.md b/content/nic/tutorials/oidc-custom-configuration.md index a1aee1e13..ad5390c8f 100644 --- a/content/nic/tutorials/oidc-custom-configuration.md +++ b/content/nic/tutorials/oidc-custom-configuration.md @@ -3,7 +3,7 @@ title: Customize OIDC Configuration with NGINX Ingress Controller weight: 1800 toc: true type: how-to -product: NIC +nd-product: INGRESS nd-docs: DOCS-1448 --- diff --git a/content/nic/tutorials/security-monitoring.md b/content/nic/tutorials/security-monitoring.md index f115d7637..b404cfe91 100644 --- a/content/nic/tutorials/security-monitoring.md +++ b/content/nic/tutorials/security-monitoring.md @@ -3,7 +3,7 @@ title: Connect F5 WAF for NGINX to NGINX Security Monitoring toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1856 --- diff --git a/content/nic/tutorials/virtual-server-with-custom-listener-ports.md b/content/nic/tutorials/virtual-server-with-custom-listener-ports.md index 3a93fbe73..626bf5e9c 100644 --- a/content/nic/tutorials/virtual-server-with-custom-listener-ports.md +++ b/content/nic/tutorials/virtual-server-with-custom-listener-ports.md @@ -3,7 +3,7 @@ title: Configuring VirtualServer with custom HTTP and HTTPS listener ports toc: true weight: 1800 nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1452 --- diff --git a/content/nic/usage-reporting.md b/content/nic/usage-reporting.md index 6a910abe0..9a08643b2 100644 --- a/content/nic/usage-reporting.md +++ b/content/nic/usage-reporting.md @@ -5,7 +5,7 @@ weight: 1800 noindex: true headless: true nd-content-type: how-to -nd-product: NIC +nd-product: INGRESS nd-docs: DOCS-1445 --- diff --git a/content/nim/admin-guide/authentication/oidc/getting-started.md b/content/nim/admin-guide/authentication/oidc/getting-started.md index a51cc25e0..e9d9ebaa0 100644 --- a/content/nim/admin-guide/authentication/oidc/getting-started.md +++ b/content/nim/admin-guide/authentication/oidc/getting-started.md @@ -3,7 +3,7 @@ title: Get started with OIDC toc: true weight: 1 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-1267 --- diff --git a/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md b/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md index d493bbb38..0439f5247 100644 --- a/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md +++ b/content/nim/admin-guide/authentication/oidc/microsoft-entra-setup.md @@ -3,7 +3,7 @@ title: 'Microsoft Entra: Set up OIDC authentication' toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-795 --- diff --git a/content/nim/deploy/kubernetes/helm-config-settings.md b/content/nim/deploy/kubernetes/helm-config-settings.md index 784c8df62..8f7f2e523 100644 --- a/content/nim/deploy/kubernetes/helm-config-settings.md +++ b/content/nim/deploy/kubernetes/helm-config-settings.md @@ -5,7 +5,7 @@ toc: true weight: 300 nd-content-type: - reference -nd-product: NIM +nd-product: NIMNGR --- This reference guide lists the configurable Helm chart parameters and default settings for NGINX Instance Manager. diff --git a/content/nim/deploy/vm-bare-metal/install-nim-manual.md b/content/nim/deploy/vm-bare-metal/install-nim-manual.md index 9793e656d..005d32456 100644 --- a/content/nim/deploy/vm-bare-metal/install-nim-manual.md +++ b/content/nim/deploy/vm-bare-metal/install-nim-manual.md @@ -4,7 +4,7 @@ toc: true weight: 10 noindex: true nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-1211 --- diff --git a/content/nim/disconnected/add-license-disconnected-deployment.md b/content/nim/disconnected/add-license-disconnected-deployment.md index f845ad036..1f5398326 100644 --- a/content/nim/disconnected/add-license-disconnected-deployment.md +++ b/content/nim/disconnected/add-license-disconnected-deployment.md @@ -3,7 +3,7 @@ title: Add a license (disconnected) weight: 200 toc: true nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-1657 --- diff --git a/content/nim/monitoring/view-events-metrics.md b/content/nim/monitoring/view-events-metrics.md index af9561e15..72d1d9e31 100644 --- a/content/nim/monitoring/view-events-metrics.md +++ b/content/nim/monitoring/view-events-metrics.md @@ -4,7 +4,7 @@ description: Learn how to view events and metrics in F5 NGINX Instance Manager. toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-847 --- diff --git a/content/nim/nginx-instances/add-instance.md b/content/nim/nginx-instances/add-instance.md index 760052759..f694dc170 100644 --- a/content/nim/nginx-instances/add-instance.md +++ b/content/nim/nginx-instances/add-instance.md @@ -3,7 +3,7 @@ title: "Add an NGINX instance" weight: 100 toc: false nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR --- This guide shows you how to add NGINX Open Source and NGINX Plus instances to F5 NGINX Instance Manager so you can manage them from a central dashboard. diff --git a/content/nim/nginx-instances/scan-instances.md b/content/nim/nginx-instances/scan-instances.md index 6a55d8f18..a6f045125 100644 --- a/content/nim/nginx-instances/scan-instances.md +++ b/content/nim/nginx-instances/scan-instances.md @@ -4,7 +4,7 @@ description: Follow the steps in this guide to scan for and discover NGINX insta toc: true weight: 110 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-828 --- diff --git a/content/nim/releases/release-notes.md b/content/nim/releases/release-notes.md index ada5ba8ae..615ba1d52 100644 --- a/content/nim/releases/release-notes.md +++ b/content/nim/releases/release-notes.md @@ -3,7 +3,7 @@ title: Release notes weight: 100 toc: true nd-content-type: reference -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-938 --- diff --git a/content/nim/security-monitoring/set-up-app-protect-instances.md b/content/nim/security-monitoring/set-up-app-protect-instances.md index 8290c1e27..f27c269f8 100644 --- a/content/nim/security-monitoring/set-up-app-protect-instances.md +++ b/content/nim/security-monitoring/set-up-app-protect-instances.md @@ -3,7 +3,7 @@ title: Set up F5 WAF for NGINX instances for Security Monitoring weight: 100 toc: true nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-1107 --- diff --git a/content/nim/system-configuration/secure-traffic.md b/content/nim/system-configuration/secure-traffic.md index 8612bd6dd..c719a9612 100644 --- a/content/nim/system-configuration/secure-traffic.md +++ b/content/nim/system-configuration/secure-traffic.md @@ -3,7 +3,7 @@ title: Secure client access and network traffic toc: true weight: 600 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: DOCS-794 --- diff --git a/content/nim/waf-integration/configuration/compiler-resource-pruning.md b/content/nim/waf-integration/configuration/compiler-resource-pruning.md index 1575aa8ee..c49aea4e6 100644 --- a/content/nim/waf-integration/configuration/compiler-resource-pruning.md +++ b/content/nim/waf-integration/configuration/compiler-resource-pruning.md @@ -4,7 +4,7 @@ description: Automatically remove unused compiled security resources in NGINX In toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/install-waf-compiler/automatic-download.md b/content/nim/waf-integration/configuration/install-waf-compiler/automatic-download.md index 8e01c0260..d99e5320d 100644 --- a/content/nim/waf-integration/configuration/install-waf-compiler/automatic-download.md +++ b/content/nim/waf-integration/configuration/install-waf-compiler/automatic-download.md @@ -4,7 +4,7 @@ description: Enable NGINX Instance Manager to automatically download and install toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/install-waf-compiler/download-from-myf5.md b/content/nim/waf-integration/configuration/install-waf-compiler/download-from-myf5.md index 721cbe247..3a64ed46c 100644 --- a/content/nim/waf-integration/configuration/install-waf-compiler/download-from-myf5.md +++ b/content/nim/waf-integration/configuration/install-waf-compiler/download-from-myf5.md @@ -4,7 +4,7 @@ description: Download and install the WAF compiler manually from MyF5 when your toc: true weight: 400 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md b/content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md index f22880079..18beeeb6c 100644 --- a/content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md +++ b/content/nim/waf-integration/configuration/install-waf-compiler/install-disconnected.md @@ -4,7 +4,7 @@ description: Install the WAF compiler on a system without internet access by gen toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/install-waf-compiler/install.md b/content/nim/waf-integration/configuration/install-waf-compiler/install.md index 609aaee0a..5c16b08a2 100644 --- a/content/nim/waf-integration/configuration/install-waf-compiler/install.md +++ b/content/nim/waf-integration/configuration/install-waf-compiler/install.md @@ -4,7 +4,7 @@ description: Install the WAF compiler on the NGINX Instance Manager host to prec toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/manage-waf-configurations/add-configuration.md b/content/nim/waf-integration/configuration/manage-waf-configurations/add-configuration.md index 8f9eff61f..9a4d06a7b 100644 --- a/content/nim/waf-integration/configuration/manage-waf-configurations/add-configuration.md +++ b/content/nim/waf-integration/configuration/manage-waf-configurations/add-configuration.md @@ -4,7 +4,7 @@ description: Add default or custom WAF policies to your NGINX instances. toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md b/content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md index 531bef035..102a14d6a 100644 --- a/content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md +++ b/content/nim/waf-integration/configuration/manage-waf-configurations/edit-waf-configuration.md @@ -4,7 +4,7 @@ description: Apply F5 WAF for NGINX directives in your NGINX configuration files toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md b/content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md index 2a70bf43e..3c56dbc8a 100644 --- a/content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md +++ b/content/nim/waf-integration/configuration/manage-waf-configurations/onboard-custom-security-policies.md @@ -4,7 +4,7 @@ description: Upload and prepare your own security policy bundles for use with NG toc: true weight: 400 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/manage-waf-configurations/verify-configuration.md b/content/nim/waf-integration/configuration/manage-waf-configurations/verify-configuration.md index 3a32f7911..6870c2c19 100644 --- a/content/nim/waf-integration/configuration/manage-waf-configurations/verify-configuration.md +++ b/content/nim/waf-integration/configuration/manage-waf-configurations/verify-configuration.md @@ -4,7 +4,7 @@ description: Confirm that F5 WAF for NGINX is active and running correctly on yo toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/onboard-instances/configure-docker-compose.md b/content/nim/waf-integration/configuration/onboard-instances/configure-docker-compose.md index c5a6f9ce2..cf4d13dfb 100644 --- a/content/nim/waf-integration/configuration/onboard-instances/configure-docker-compose.md +++ b/content/nim/waf-integration/configuration/onboard-instances/configure-docker-compose.md @@ -4,7 +4,7 @@ description: Update your Docker Compose file to run F5 WAF for NGINX. toc: true weight: 400 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/onboard-instances/configure-nginx-agent.md b/content/nim/waf-integration/configuration/onboard-instances/configure-nginx-agent.md index 22df7f6e7..62a98b769 100644 --- a/content/nim/waf-integration/configuration/onboard-instances/configure-nginx-agent.md +++ b/content/nim/waf-integration/configuration/onboard-instances/configure-nginx-agent.md @@ -4,7 +4,7 @@ description: Update the NGINX Agent configuration to enable F5 WAF for NGINX. toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/onboard-instances/install-nginx-agent.md b/content/nim/waf-integration/configuration/onboard-instances/install-nginx-agent.md index 758cd7e0e..11f6b9386 100644 --- a/content/nim/waf-integration/configuration/onboard-instances/install-nginx-agent.md +++ b/content/nim/waf-integration/configuration/onboard-instances/install-nginx-agent.md @@ -4,7 +4,7 @@ description: Install NGINX Agent on each F5 WAF for NGINX instance to connect it toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/onboard-instances/verify-installation.md b/content/nim/waf-integration/configuration/onboard-instances/verify-installation.md index 14747c422..99595261b 100644 --- a/content/nim/waf-integration/configuration/onboard-instances/verify-installation.md +++ b/content/nim/waf-integration/configuration/onboard-instances/verify-installation.md @@ -4,7 +4,7 @@ description: Verify that F5 WAF for NGINX instances are connected and reporting toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md b/content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md index c23b2333b..c936900a4 100644 --- a/content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md +++ b/content/nim/waf-integration/configuration/setup-signatures-and-threats/automatic-download.md @@ -4,7 +4,7 @@ description: Enable automatic updates in NGINX Instance Manager to keep F5 WAF f toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/setup-signatures-and-threats/manual-update.md b/content/nim/waf-integration/configuration/setup-signatures-and-threats/manual-update.md index 519e83b34..c10e88cd4 100644 --- a/content/nim/waf-integration/configuration/setup-signatures-and-threats/manual-update.md +++ b/content/nim/waf-integration/configuration/setup-signatures-and-threats/manual-update.md @@ -4,7 +4,7 @@ description: Manually download and upload F5 WAF for NGINX security packages to toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/setup-signatures-and-threats/update-security-monitoring-signature-db.md b/content/nim/waf-integration/configuration/setup-signatures-and-threats/update-security-monitoring-signature-db.md index 72df36b44..b6fa4ac07 100644 --- a/content/nim/waf-integration/configuration/setup-signatures-and-threats/update-security-monitoring-signature-db.md +++ b/content/nim/waf-integration/configuration/setup-signatures-and-threats/update-security-monitoring-signature-db.md @@ -4,7 +4,7 @@ description: Keep your Security Monitoring dashboards accurate by updating the a toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/configuration/troubleshooting.md b/content/nim/waf-integration/configuration/troubleshooting.md index eeb4b7365..0cbcad23a 100644 --- a/content/nim/waf-integration/configuration/troubleshooting.md +++ b/content/nim/waf-integration/configuration/troubleshooting.md @@ -4,7 +4,7 @@ description: Resolve common issues with F5 WAF for NGINX and NGINX Instance Mana toc: true weight: 1000 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/bundles/create-bundle.md b/content/nim/waf-integration/policies-and-logs/bundles/create-bundle.md index 3a2dc00c2..5d9328337 100644 --- a/content/nim/waf-integration/policies-and-logs/bundles/create-bundle.md +++ b/content/nim/waf-integration/policies-and-logs/bundles/create-bundle.md @@ -4,7 +4,7 @@ description: Create a precompiled security bundle that packages your F5 WAF for toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/bundles/download-bundle.md b/content/nim/waf-integration/policies-and-logs/bundles/download-bundle.md index e29c432f6..1ac443b61 100644 --- a/content/nim/waf-integration/policies-and-logs/bundles/download-bundle.md +++ b/content/nim/waf-integration/policies-and-logs/bundles/download-bundle.md @@ -4,7 +4,7 @@ description: Download a compiled F5 WAF for NGINX security bundle from NGINX Ins toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/bundles/list-bundles.md b/content/nim/waf-integration/policies-and-logs/bundles/list-bundles.md index f3299c6fb..6641d798f 100644 --- a/content/nim/waf-integration/policies-and-logs/bundles/list-bundles.md +++ b/content/nim/waf-integration/policies-and-logs/bundles/list-bundles.md @@ -4,7 +4,7 @@ description: View and filter the list of compiled F5 WAF for NGINX security bund toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/log-profiles/create-log-profile.md b/content/nim/waf-integration/policies-and-logs/log-profiles/create-log-profile.md index 78c4c8d24..a0f916021 100644 --- a/content/nim/waf-integration/policies-and-logs/log-profiles/create-log-profile.md +++ b/content/nim/waf-integration/policies-and-logs/log-profiles/create-log-profile.md @@ -4,7 +4,7 @@ description: Create and upload a new F5 WAF for NGINX security log profile to NG toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/log-profiles/delete-log-profile.md b/content/nim/waf-integration/policies-and-logs/log-profiles/delete-log-profile.md index 8bf195759..dab64354d 100644 --- a/content/nim/waf-integration/policies-and-logs/log-profiles/delete-log-profile.md +++ b/content/nim/waf-integration/policies-and-logs/log-profiles/delete-log-profile.md @@ -4,7 +4,7 @@ description: Remove an existing F5 WAF for NGINX security log profile from NGINX toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/log-profiles/update-log-profile.md b/content/nim/waf-integration/policies-and-logs/log-profiles/update-log-profile.md index f83d0e93b..2219a12ed 100644 --- a/content/nim/waf-integration/policies-and-logs/log-profiles/update-log-profile.md +++ b/content/nim/waf-integration/policies-and-logs/log-profiles/update-log-profile.md @@ -4,7 +4,7 @@ description: Update an existing F5 WAF for NGINX security log profile or create toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/add-signature-sets.md b/content/nim/waf-integration/policies-and-logs/policies/add-signature-sets.md index fd833c14f..468330773 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/add-signature-sets.md +++ b/content/nim/waf-integration/policies-and-logs/policies/add-signature-sets.md @@ -4,7 +4,7 @@ description: Configure attack signature sets and exceptions in F5 WAF for NGINX weight: 400 toc: true nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR --- This topic describes how to configure signature sets and signature exceptions in F5 WAF for NGINX policies. When you add or edit a policy, NGINX Instance Manager provides options to customize attack signatures to better protect your applications. diff --git a/content/nim/waf-integration/policies-and-logs/policies/cookies-parameters-urls.md b/content/nim/waf-integration/policies-and-logs/policies/cookies-parameters-urls.md index c7d6e5b18..dc3646e8d 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/cookies-parameters-urls.md +++ b/content/nim/waf-integration/policies-and-logs/policies/cookies-parameters-urls.md @@ -4,7 +4,7 @@ description: Configure cookie, parameter, and URL protections in your F5 WAF for toc: true weight: 500 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/create-policy.md b/content/nim/waf-integration/policies-and-logs/policies/create-policy.md index 09abb4947..b22e1c797 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/create-policy.md +++ b/content/nim/waf-integration/policies-and-logs/policies/create-policy.md @@ -4,7 +4,7 @@ description: Create and customize F5 WAF for NGINX security policies in NGINX In toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/delete-policy.md b/content/nim/waf-integration/policies-and-logs/policies/delete-policy.md index d9b8cfbe7..8bf6e414e 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/delete-policy.md +++ b/content/nim/waf-integration/policies-and-logs/policies/delete-policy.md @@ -4,7 +4,7 @@ description: Remove an existing F5 WAF for NGINX security policy using the NGINX toc: true weight: 300 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/review-policy.md b/content/nim/waf-integration/policies-and-logs/policies/review-policy.md index fddb9611e..a41ad3543 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/review-policy.md +++ b/content/nim/waf-integration/policies-and-logs/policies/review-policy.md @@ -4,7 +4,7 @@ description: Review and manage stored F5 WAF for NGINX policies and their versio toc: true weight: 600 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/update-policy.md b/content/nim/waf-integration/policies-and-logs/policies/update-policy.md index b2a719933..d7eb05ddb 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/update-policy.md +++ b/content/nim/waf-integration/policies-and-logs/policies/update-policy.md @@ -4,7 +4,7 @@ description: Update an existing F5 WAF for NGINX policy using the NGINX Instance toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/policies/waf-policy-matching-types.md b/content/nim/waf-integration/policies-and-logs/policies/waf-policy-matching-types.md index c4ab83aa4..0499c073d 100644 --- a/content/nim/waf-integration/policies-and-logs/policies/waf-policy-matching-types.md +++ b/content/nim/waf-integration/policies-and-logs/policies/waf-policy-matching-types.md @@ -4,7 +4,7 @@ description: Learn how explicit and wildcard matching determine how F5 WAF for N toc: true weight: 700 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/publish/check-publication-status.md b/content/nim/waf-integration/policies-and-logs/publish/check-publication-status.md index 007d1f1f4..24618bc39 100644 --- a/content/nim/waf-integration/policies-and-logs/publish/check-publication-status.md +++ b/content/nim/waf-integration/policies-and-logs/publish/check-publication-status.md @@ -4,7 +4,7 @@ description: Verify the deployment status of published F5 WAF for NGINX security toc: true weight: 200 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/nim/waf-integration/policies-and-logs/publish/publish-to-instances.md b/content/nim/waf-integration/policies-and-logs/publish/publish-to-instances.md index 7d1493e97..e24b8f08a 100644 --- a/content/nim/waf-integration/policies-and-logs/publish/publish-to-instances.md +++ b/content/nim/waf-integration/policies-and-logs/publish/publish-to-instances.md @@ -4,7 +4,7 @@ description: Deploy updated F5 WAF for NGINX security policies, log profiles, si toc: true weight: 100 nd-content-type: how-to -nd-product: NIM +nd-product: NIMNGR nd-docs: --- diff --git a/content/solutions/about-subscription-licenses/getting-started.md b/content/solutions/about-subscription-licenses/getting-started.md index 3ac87172f..bede71484 100644 --- a/content/solutions/about-subscription-licenses/getting-started.md +++ b/content/solutions/about-subscription-licenses/getting-started.md @@ -3,7 +3,7 @@ title: Getting started toc: true weight: 200 nd-content-type: how-to -nd-product: Solutions +nd-product: SOLUTI nd-resource: https://lucid.app/lucidchart/0abcb9d3-b36e-40af-b56a-e74771b384d5/edit?invitationId=inv_8ccda3dc-2306-468c-9cb6-b4684be1360f&page=0_0# nd-docs: DOCS-1780 --- diff --git a/content/solutions/about-subscription-licenses/instructional-videos.md b/content/solutions/about-subscription-licenses/instructional-videos.md index 59fe7cdac..2fac70968 100644 --- a/content/solutions/about-subscription-licenses/instructional-videos.md +++ b/content/solutions/about-subscription-licenses/instructional-videos.md @@ -4,7 +4,7 @@ title: "NGINX Plus subscription licensing videos" weight: 300 toc: false nd-content-type: reference -nd-product: Solutions +nd-product: SOLUTI --- These videos show how to set up usage reporting in internet-connected and network-restricted environments, and how to install or upgrade to NGINX Plus R33 or later. diff --git a/content/solutions/about-subscription-licenses/nginx-plus-licensing-workflows.md b/content/solutions/about-subscription-licenses/nginx-plus-licensing-workflows.md index 53d5931be..1b76f191f 100644 --- a/content/solutions/about-subscription-licenses/nginx-plus-licensing-workflows.md +++ b/content/solutions/about-subscription-licenses/nginx-plus-licensing-workflows.md @@ -4,7 +4,7 @@ toc: true weight: 100 nd-content-type: - reference -nd-product: Solutions +nd-product: SOLUTI nd-docs: --- diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 7dbe55566..2b609b586 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -7,7 +7,7 @@ weight: 300 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to -nd-product: WAF +nd-product: F5WAFN --- This document describes how to use the F5 WAF for NGINX compiler, a tool for converting security policies and logging profiles from JSON to a bundle file that F5 WAF can process and apply. diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index f954b6f40..88e1a8bc9 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -7,7 +7,7 @@ weight: 500 toc: false # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to -nd-product: WAF +nd-product: F5WAFN --- This topic describes how to install F5 WAF for NGINX in a disconnected or air-gapped environment. diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 4c4f7091a..bbd372b61 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -7,7 +7,7 @@ weight: 400 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to -nd-product: WAF +nd-product: F5WAFN --- This page describes how to install F5 WAF for NGINX using Docker. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index b53ef0998..7407e9af8 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -11,7 +11,7 @@ nd-banner: md: /_banners/waf-early-availability.md # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- There are two new features available for Kubernetes through early access: diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 296cd1c3a..fa484c842 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -7,7 +7,7 @@ weight: 200 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to -nd-product: WAF +nd-product: F5WAFN --- This page describes how to install F5 WAF for NGINX using Kubernetes. diff --git a/content/waf/logging/custom-dimensions.md b/content/waf/logging/custom-dimensions.md index 57f56b30e..8f74ffded 100644 --- a/content/waf/logging/custom-dimensions.md +++ b/content/waf/logging/custom-dimensions.md @@ -3,7 +3,7 @@ title: Custom dimensions for log entries toc: false weight: 200 nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- F5 WAF for NGINX can configure custom dimensions for log entries using the directive `app_protect_custom_log_attribute`. diff --git a/content/waf/logging/security-logs.md b/content/waf/logging/security-logs.md index 0105df5bb..415b06426 100644 --- a/content/waf/logging/security-logs.md +++ b/content/waf/logging/security-logs.md @@ -3,7 +3,7 @@ title: Security logs toc: true weight: 300 nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- **Security logs** (also known as **Request logs** or **Traffic logs**) contain information on HTTP requests and responses, how F5 WAF for NGINX processes them, and the final decision made based on the configured policy parameters. The policy configuration defines the information contained in the Security log, such as whether requests are passed, blocked or alerted, due to violations, attack signatures, and other criteria. diff --git a/content/waf/policies/configuration.md b/content/waf/policies/configuration.md index 52f940dad..4946da30a 100644 --- a/content/waf/policies/configuration.md +++ b/content/waf/policies/configuration.md @@ -7,7 +7,7 @@ weight: 100 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: how-to -nd-product: WAF +nd-product: F5WAFN --- This page describes the security features available with F5 WAF for NGINX and how to configure policies. diff --git a/content/waf/policies/grpc-protection.md b/content/waf/policies/grpc-protection.md index 17f1e405d..53db568b4 100644 --- a/content/waf/policies/grpc-protection.md +++ b/content/waf/policies/grpc-protection.md @@ -7,7 +7,7 @@ weight: 1200 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- This topic describes the gRPC protection feature for F5 WAF for NGINX. diff --git a/content/waf/policies/ip-intelligence.md b/content/waf/policies/ip-intelligence.md index 71f8624b5..566f37711 100644 --- a/content/waf/policies/ip-intelligence.md +++ b/content/waf/policies/ip-intelligence.md @@ -7,7 +7,7 @@ weight: 1600 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- F5 WAF for NGINX has an IP intelligence feature which allows you to customize enforcement based on the source IP address of a request. This allows you to limit access from specific IP addresses. diff --git a/content/waf/policies/user-urls-parameters.md b/content/waf/policies/user-urls-parameters.md index bf8f1e3f7..ab498b597 100644 --- a/content/waf/policies/user-urls-parameters.md +++ b/content/waf/policies/user-urls-parameters.md @@ -7,7 +7,7 @@ weight: 2150 toc: true # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this nd-content-type: reference -nd-product: WAF +nd-product: F5WAFN --- This topic describes the user-defined URLs and parameters feature of F5 WAF for NGINX.