Skip to content

fix: add waf packages to debian and ubuntu waf + dos dockerfiles #1515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ADubhlaoich merged 10 commits into from
Dec 3, 2025
Merged

fix: add waf packages to debian and ubuntu waf + dos dockerfiles #1515

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
1a88aed
fix: add waf packages to debian and ubuntu waf + dos dockerfiles
aknot242 Dec 2, 2025
1660ab2
Update content/nap-dos/deployment-guide/learn-about-deployment.md
aknot242 Dec 2, 2025
8535eed
Update content/nap-dos/deployment-guide/learn-about-deployment.md
aknot242 Dec 2, 2025
059832c
Update content/nap-dos/deployment-guide/learn-about-deployment.md
aknot242 Dec 2, 2025
c508ed1
Update content/nap-dos/deployment-guide/learn-about-deployment.md
aknot242 Dec 2, 2025
f7a80cb
include removal of waf package list after install
aknot242 Dec 2, 2025
30051d2
Merge branch 'fix-1513' of github.com:nginx/documentation into fix-1513
aknot242 Dec 2, 2025
2de4424
add missing security updates repos
aknot242 Dec 2, 2025
42644d9
Merge branch 'main' into fix-1513
JTorreG Dec 3, 2025
e09bba9
Merge branch 'main' into fix-1513
ADubhlaoich Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions content/nap-dos/deployment-guide/learn-about-deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1509,7 +1509,7 @@ Make sure to replace upstream and proxy pass directives in this example with rel

7. In the same directory create an `entrypoint.sh` file with executable permissions, with the following content:

For Alpine / Debian / Ubuntu / UBI 8/ UBI 9:
For Alpine / Debian / Ubuntu / UBI 8 / UBI 9:

```shell
#!/usr/bin/env bash
Expand Down Expand Up @@ -1585,7 +1585,7 @@ RUN printf "https://pkgs.nginx.com/app-protect-dos/alpine/v`egrep -o '^[0-9]+\.[
printf "https://pkgs.nginx.com/app-protect/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories && \
printf "https://pkgs.nginx.com/app-protect-security-updates/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | tee -a /etc/apk/repositories

# Update the repository and install the most recent version of the F5 DoS for NGINX package (which includes NGINX Plus):
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
Expand Down Expand Up @@ -1627,11 +1627,11 @@ RUN curl -o /etc/yum.repos.d/plus-amazonlinux2023.repo https://cs.nginx.com/stat
curl -o /etc/yum.repos.d/app-protect-amazonlinux2023.repo https://cs.nginx.com/static/files/app-protect-amazonlinux2023.repo && \
curl -o /etc/yum.repos.d/dependencies.amazonlinux2023.repo https://cs.nginx.com/static/files/dependencies.amazonlinux2023.repo

# Install F5 WAF for NGINX:
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
dnf -y install app-protect app-protect-dos && \
dnf -y install app-protect app-protect-dos && \
cat license.jwt > /etc/nginx/license.jwt && \
rm /etc/yum.repos.d/plus-amazonlinux2023.repo && \
rm /etc/yum.repos.d/app-protect-dos-amazonlinux2023.repo && \
Expand Down Expand Up @@ -1664,23 +1664,25 @@ FROM debian:bullseye
# Install prerequisite packages:
RUN apt-get update && \
apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 debian-archive-keyring && \
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | tee /usr/share/keyrings/app-protect-security-updates.gpg > /dev/null

# Add NGINX Plus, NGINX App Protect and F5 DoS for NGINX repository:
RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list \
&& printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] https://pkgs.nginx.com/app-protect-security-updates/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/app-protect-security-updates.list

# Download the apt configuration to `/etc/apt/apt.conf.d`:
RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx

# Install F5 DoS for NGINX
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which includes NGINX Plus):
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect app-protect-dos && \
cat license.jwt > /etc/nginx/license.jwt && \
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*

# Forward request logs to Docker log collector:
Expand All @@ -1707,23 +1709,25 @@ FROM ubuntu:noble
# Install prerequisite packages:
RUN apt-get update && \
apt-get install -y --no-install-recommends apt-transport-https lsb-release ca-certificates wget gnupg2 ubuntu-keyring && \
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
wget -qO - https://cs.nginx.com/static/keys/app-protect-security-updates.key | gpg --dearmor | tee /usr/share/keyrings/app-protect-security-updates.gpg > /dev/null

# Add NGINX Plus, NGINX App Protect and F5 DoS for NGINX repository:
RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list \
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list \
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list
&& printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect.list \
&& printf "deb [signed-by=/usr/share/keyrings/app-protect-security-updates.gpg] https://pkgs.nginx.com/app-protect-security-updates/debian `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/app-protect-security-updates.list

# Download the apt configuration to `/etc/apt/apt.conf.d`:
RUN wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx

# Install F5 DoS for NGINX
# Update the repository and install the most recent versions of the F5 WAF and F5 DoS for NGINX packages (which include NGINX Plus):
RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
--mount=type=secret,id=license-jwt,dst=license.jwt,mode=0644 \
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-dos && \
apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect app-protect-dos && \
cat license.jwt > /etc/nginx/license.jwt && \
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx-plus.list /etc/apt/sources.list.d/nginx-app-protect.list /etc/apt/sources.list.d/nginx-app-protect-dos.list && \
rm -rf /etc/apt/apt.conf.d/90nginx /var/lib/apt/lists/*

# Forward request logs to Docker log collector:
Expand Down