From 44146bb7a18005eeec0ae91b2a5bc345e4da432a Mon Sep 17 00:00:00 2001 From: Alan Dooley Date: Thu, 3 Apr 2025 16:19:57 +0100 Subject: [PATCH] Update NAP documentation for 4.1 release (#7579) --- .../includes/compatibility-tables/nic-nap.md | 10 ++++++ .../app-protect-waf-v5/configuration.md | 15 +++++---- .../app-protect-waf-v5/installation.md | 33 +++++++------------ .../troubleshoot-app-protect-waf.md | 10 +++--- .../app-protect-waf/configuration.md | 12 +++---- .../app-protect-waf/installation.md | 8 ++--- 6 files changed, 45 insertions(+), 43 deletions(-) create mode 100644 site/content/includes/compatibility-tables/nic-nap.md rename site/content/installation/integrations/{app-protect-waf => app-protect-waf-v5}/troubleshoot-app-protect-waf.md (97%) diff --git a/site/content/includes/compatibility-tables/nic-nap.md b/site/content/includes/compatibility-tables/nic-nap.md new file mode 100644 index 0000000000..aaf914ca11 --- /dev/null +++ b/site/content/includes/compatibility-tables/nic-nap.md @@ -0,0 +1,10 @@ +The following table shows compatibility between NGINX Ingress Controller (NIC) and NGINX App Protect WAF (NAP-WAF) versions: + +{{< bootstrap-table "table table-striped table-responsive" >}} +| NIC Version | NAP-WAF Version | Config Manager | Enforcer | +| ------------------- | --------------- | -------------- | -------- | +| {{< nic-version >}} | 34+5.332 | 5.6.0 | 5.6.0 | +| 4.0.1 | 33+5.264 | 5.5.0 | 5.5.0 | +| 3.7.2 | 32+5.1 | 5.3.0 | 5.3.0 | +| 3.6.2 | 32+5.48 | 5.2.0 | 5.2.0 | +{{% /bootstrap-table %}} diff --git a/site/content/installation/integrations/app-protect-waf-v5/configuration.md b/site/content/installation/integrations/app-protect-waf-v5/configuration.md index 2c05468397..ad1c8efed0 100644 --- a/site/content/installation/integrations/app-protect-waf-v5/configuration.md +++ b/site/content/installation/integrations/app-protect-waf-v5/configuration.md @@ -1,17 +1,17 @@ --- -docs: DOCS-000 -title: Configuration -toc: true +title: Configure NGINX App Protect with NGINX Ingress Controller weight: 200 +toc: true +type: how-to +product: NIC +docs: DOCS-000 --- ## Overview This document explains how to use F5 NGINX Ingress Controller to configure [NGINX App Protect WAF v5](https://docs.nginx.com/nginx-app-protect-waf/v5/). -{{< note >}} There are complete NGINX Ingress Controller with NGINX App Protect WAF [example resources on GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5). - -F5 recommends compiling/recompiling your NGINX AppProtect WAF Policy Bundles using the [NGINX App Protect Compiler](https://docs.nginx.com/nginx-app-protect-waf/v5/admin-guide/compiler/) with each release of NGINX Ingress Controller. This ensures Policies remain compatible and are compiled with the latest attack signatures, bot signatures, and Threat campaigns.{{< /note >}} +{{< note >}} There are complete NGINX Ingress Controller with NGINX App Protect WAF [example resources on GitHub](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/app-protect-waf-v5). {{< /note >}} ## Global configuration @@ -21,6 +21,7 @@ NGINX Ingress Controller has global configuration parameters that match those in NGINX App Protect WAF v5 can be enabled and configured for custom resources only(VirtualServer, VirtualServerRoute). You need to create a Policy Custom Resource referencing a policy bundle, then add it to the VirtualServer/VirtualServerRoute definition. Additional detail can be found in the [Policy Resource documentation]({{< relref "configuration/policy-resource.md#waf" >}}). +--- ## NGINX App Protect WAF Bundles @@ -60,6 +61,8 @@ spec: logDest: "syslog:server=syslog-svc.default:514" ``` +--- + ## Configure NGINX Plus Ingress Controller using Virtual Server resources This example shows how to deploy NGINX Ingress Controller with NGINX Plus and NGINX App Protect WAF v5, deploy a simple web application, and then configure load balancing and WAF protection for that application using the VirtualServer resource. diff --git a/site/content/installation/integrations/app-protect-waf-v5/installation.md b/site/content/installation/integrations/app-protect-waf-v5/installation.md index 22c4da5705..288d2888bd 100644 --- a/site/content/installation/integrations/app-protect-waf-v5/installation.md +++ b/site/content/installation/integrations/app-protect-waf-v5/installation.md @@ -1,20 +1,24 @@ --- -docs: DOCS-000 -doctypes: - - '' -title: Build NGINX Ingress Controller with NGINX App Protect WAF v5 -toc: true +title: Build NGINX Ingress Controller with NGINX App Protect WAF weight: 100 +toc: true +type: how-to +product: NIC +docs: DOCS-000 --- -This document explains how to build a F5 NGINX Ingress Controller image with F5 NGINX App Protect WAF v5 from source code. +This document explains how to build a F5 NGINX Ingress Controller image with NGINX App Protect WAF v5 from source code. {{}} If you'd rather not build your own NGINX Ingress Controller image, see the [pre-built image options](#pre-built-images) at the end of this guide.{{}} -## Before you start +## Before you begin - To use NGINX App Protect WAF with NGINX Ingress Controller, you must have NGINX Plus. +{{< include "/compatibility-tables/nic-nap.md" >}} + +--- + ## Prepare the environment Get your system ready for building and pushing the NGINX Ingress Controller image with NGINX App Protect WAF v5. @@ -499,18 +503,3 @@ If you prefer not to build your own NGINX Ingress Controller image, you can use - Download the image using your NGINX Ingress Controller subscription certificate and key. View the [Get NGINX Ingress Controller from the F5 Registry]({{< relref "installation/nic-images/get-registry-image.md" >}}) topic. - The [Get the NGINX Ingress Controller image with JWT]({{< relref "installation/nic-images/get-image-using-jwt.md" >}}) topic describes how to use your subscription JWT token to get the image. - ---- - -## [NGINX App Protect WAF v5 version](https://docs.nginx.com/nginx-app-protect-waf/v5/releases/) - -{{< bootstrap-table "table table-bordered table-striped table-responsive" >}} -| NIC Version | App Protect WAFv5 Version | Config Manager | Enforcer | -| --- | --- | --- | --- | -| {{< nic-version >}} | 33_5.342 | 5.6.0 | 5.6.0 | -| 4.0.1 | 33_5.264 | 5.5.0 | 5.5.0 | -| 3.7.2 | 32_5.144 | 5.3.0 | 5.3.0 | -| 3.6.2 | 32_5.48 | 5.2.0 | 5.2.0 | -{{% /bootstrap-table %}} - -{{< note >}} F5 recommends to re-compile your NGINX AppProtect WAF Policy Bundles with each release of NGINX Ingress Controller. This will ensure your Policies remain compatible and are compiled with the latest Attack Signatures, Bot Signatures, and Threat Campaigns.{{< /note >}} diff --git a/site/content/installation/integrations/app-protect-waf/troubleshoot-app-protect-waf.md b/site/content/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md similarity index 97% rename from site/content/installation/integrations/app-protect-waf/troubleshoot-app-protect-waf.md rename to site/content/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md index a0d6d6dfca..d720bbed80 100644 --- a/site/content/installation/integrations/app-protect-waf/troubleshoot-app-protect-waf.md +++ b/site/content/installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md @@ -1,17 +1,17 @@ --- -docs: DOCS-0000 -doctypes: -- '' title: Troubleshoot NGINX App Protect WAF +weight: 400 toc: true -weight: 300 +type: how-to +product: NIC +docs: DOCS-000 --- This document describes how to troubleshoot problems when using NGINX Ingress Controller and the NGINX App Protect WAF module version 5. For general troubleshooting of NGINX Ingress Controller, check the general [troubleshooting]({{< relref "troubleshooting/troubleshoot-common" >}}) documentation. -{{< see-also >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](/nginx-app-protect/v5/troubleshooting/) {{< /see-also >}}. +{{< see-also >}} You can find more troubleshooting tips in the NGINX App Protect WAF [troubleshooting guide](https://docs.nginx.com/nginx-app-protect-waf/v5/troubleshooting-guide/troubleshooting/) {{< /see-also >}}. ## Potential problems diff --git a/site/content/installation/integrations/app-protect-waf/configuration.md b/site/content/installation/integrations/app-protect-waf/configuration.md index 511efcd4d3..ce9755b471 100644 --- a/site/content/installation/integrations/app-protect-waf/configuration.md +++ b/site/content/installation/integrations/app-protect-waf/configuration.md @@ -1,10 +1,10 @@ --- -docs: DOCS-578 -doctypes: -- '' -title: Configuration -toc: true +title: Configure NGINX App Protect with NGINX Ingress Controller weight: 200 +toc: true +type: how-to +product: NIC +docs: DOCS-578 --- This document explains how to use F5 NGINX Ingress Controller to configure NGINX App Protect WAF. @@ -158,7 +158,7 @@ You can define NGINX App Protect WAF [User-Defined Signatures](/nginx-app-protec The field `revisionDatetime` is not currently supported. -`APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Read [NGINX fails to start or reload]({{< relref "installation/integrations/app-protect-waf/troubleshoot-app-protect-waf.md#nginx-fails-to-start-or-reload" >}}) for more information. +`APUserSig` resources increase the reload time of NGINX Plus compared with `APPolicy` and `APLogConf` resources. Read [NGINX fails to start or reload]({{< relref "installation/integrations/app-protect-waf-v5/troubleshoot-app-protect-waf.md#nginx-fails-to-start-or-reload" >}}) for more information. {{< /note >}} diff --git a/site/content/installation/integrations/app-protect-waf/installation.md b/site/content/installation/integrations/app-protect-waf/installation.md index 874ebdbc91..4947543b05 100644 --- a/site/content/installation/integrations/app-protect-waf/installation.md +++ b/site/content/installation/integrations/app-protect-waf/installation.md @@ -1,10 +1,10 @@ --- -docs: DOCS-579 -doctypes: -- '' title: Build NGINX Ingress Controller with NGINX App Protect WAF -toc: true weight: 100 +toc: true +type: how-to +product: NIC +docs: DOCS-579 --- This document explains how to build a F5 NGINX Ingress Controller image with F5 NGINX App Protect WAF from source code.