From 6a9f0b1d4ecf642f5a7b06d68284a2d597b290da Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 13:37:10 +0000 Subject: [PATCH 01/62] docs: add missing prerequisite for installation --- content/waf/install/virtual-environment.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4b01e1634..7a8867105 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,13 +23,11 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Open Source]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md" >}}) or [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: -- [Docker](https://docs.docker.com/get-started/get-docker/) is required for NGINX Open Source or NGINX Plus type deployments. - You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} From ee80a4d60ad8f55f5308b255934b1c3c6f4fc7b0 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 15:15:36 +0000 Subject: [PATCH 02/62] added info about nginx x being installed with app protect --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 7a8867105..ff2ff2a22 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: From 178e2513c9eaa0536a1778aa0d760fc033f3ed04 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:08:46 +0000 Subject: [PATCH 03/62] updated kubernetes --- content/includes/waf/install-update-configuration.md | 5 ----- content/waf/install/docker.md | 5 +++++ content/waf/install/kubernetes.md | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index 23b1c63ae..3577367cf 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -121,8 +121,3 @@ server { {{% /tab %}} {{< /tabs >}} - -Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: - -- `nginx -s reload` -- `sudo systemctl reload nginx` \ No newline at end of file diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 437440c51..903bde2be 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1293,6 +1293,11 @@ CMD ["sh", "/root/entrypoint.sh"] {{< include "waf/install-update-configuration.md" >}} +Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: + +- `nginx -s reload` +- `sudo systemctl reload nginx` + F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks). ## Post-installation checks diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 1be48c5e5..f434948f3 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -226,6 +226,8 @@ From this point, the steps change based on your installation method: ### Download your JSON web token +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ### Get the Helm chart From af254e2ebc165223148c89d653940c78c9f88ae0 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:50:06 +0000 Subject: [PATCH 04/62] added supported os and Kubernetes ctl/cluster --- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 3 ++- content/waf/install/kubernetes.md | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 903bde2be..0f7d130af 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -143,7 +143,7 @@ http { ### Create a Dockerfile -In the same folder as your credential and configuration files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential and configuration files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: @@ -913,7 +913,7 @@ http { Copy or move your subscription files into a new folder. -In the same folder as the subscription files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as the subscription files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index be8357310..e1382fae7 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,7 +36,8 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: -- [A functional Kubernetes cluster]({{< ref "/waf/install/kubernetes.md" >}}) +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) - An active F5 WAF for NGINX subscription (Purchased or trial) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f434948f3..9d0eab937 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,7 +18,8 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- A functional Kubernetes cluster +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - An active F5 WAF for NGINX subscription (Purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) @@ -36,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Create a Dockerfile -In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: From 69f771a994b725198b55bffe76a0033ec2eaea35 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:39:39 +0000 Subject: [PATCH 05/62] temp --- content/waf/install/virtual-environment.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index ff2ff2a22..8f81de119 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,8 +23,9 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) + - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used Depending on your deployment type, you may have additional requirements: From 21912b3ed7c4676de488754ffd4fa49977387628 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:47:59 +0000 Subject: [PATCH 06/62] test --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8f81de119..c1a68ed50 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - +- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +- this is a test Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From bc549f7eaf97c82d7d6d4de9be8a712be876b945 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:00:26 +0000 Subject: [PATCH 07/62] test --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index c1a68ed50..2a49ec99d 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - this is a test + Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From 0dd1c01c87bb5e987238ddb20b2f08440dc484d1 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:07:45 +0000 Subject: [PATCH 08/62] added link to my my5 --- content/waf/install/virtual-environment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2a49ec99d..9157d3d52 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,9 +23,8 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription (Purchased or trial). +- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- this is a test Depending on your deployment type, you may have additional requirements: From 01d4b8de6d55aba9359d29c75edded51077e95d3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:35:46 +0000 Subject: [PATCH 09/62] updated myf5 with link --- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 88e1a8bc9..60794d2ee 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0f7d130af..a9aa3c1f2 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,7 +16,7 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index e1382fae7..7207dfa5a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,7 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 9d0eab937..fede5f5cc 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -20,7 +20,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 9157d3d52..3488841c6 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) Depending on your deployment type, you may have additional requirements: From 4d809bb08b3fa368468e4651a1c3b8d013d168f7 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:37:25 +0000 Subject: [PATCH 10/62] added info for docker registry access --- content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 2 files changed, 2 insertions(+) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 7207dfa5a..ad8f9a565 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,6 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index fede5f5cc..0150762cd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From 7186dc98947c8165b6f44b5a09637a4295b1ce18 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:43:43 +0000 Subject: [PATCH 11/62] test for jwt --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a9aa3c1f2..e9f87e3c9 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -45,6 +45,8 @@ The steps you should follow on this page are dependent on your configuration typ {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used + ## Configure Docker for the F5 Container Registry {{< include "waf/install-services-registry.md" >}} From ad3aa0f7540d67972f8b9992cdfc184f8cd3ef0c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 14:36:24 +0000 Subject: [PATCH 12/62] added jwt for docker --- content/includes/waf/install-build-image.md | 1 + content/waf/install/docker.md | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 45ccc3068..1a76c8373 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -7,6 +7,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index e9f87e3c9..9877a652a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -42,10 +42,12 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. ## Download your subscription credentials +### Shared Requirements {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Configure Docker for the F5 Container Registry @@ -956,7 +958,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -998,7 +1000,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1053,7 +1055,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1099,7 +1101,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1142,7 +1144,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1184,7 +1186,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1226,7 +1228,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1281,7 +1283,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 396e961c94e37225bfffad16777d185e758ebaf1 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 15:39:22 +0000 Subject: [PATCH 13/62] last work before remove --- content/includes/waf/install-services-registry.md | 2 ++ content/waf/install/docker.md | 14 +++++++++++--- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index c9f686e8d..2389912d7 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,6 +5,8 @@ nd-files: - content/waf/install/kubernetes.md --- +Docker registry credentials are needed to access private-registry.nginx.com + Create a directory and copy your certificate and key to this directory: ```shell diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 9877a652a..338d9a552 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,7 +17,8 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -442,7 +443,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -818,7 +819,7 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -1311,3 +1312,10 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Next steps {{< include "waf/install-next-steps.md" >}} + +## Remove NGINX docker image +Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. + +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool + +TODO diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index ad8f9a565..c30d9e388 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -39,8 +39,8 @@ To complete this guide, you will need the following prerequisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 0150762cd..c0287c1cf 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -21,8 +21,8 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From 1039de0819375e84e7a092a4a8e8c9aa980057e4 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 06:44:13 +0000 Subject: [PATCH 14/62] remove line since we have the line above it --- content/waf/install/kubernetes-plm.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c30d9e388..1038132a8 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,7 +42,6 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials From 35474f63d35b04eef473f8aef307c74e18de3f33 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 13:48:31 +0000 Subject: [PATCH 15/62] updated docker for jwt --- content/includes/waf/install-build-image.md | 4 +- content/waf/install/docker.md | 48 +++++++++++++++++---- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 1a76c8373..dec2acb30 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -16,13 +16,13 @@ Your folder should contain the following files: To build an image, use the following command, replacing `` as appropriate: ```shell -sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` A RHEL-based system would use the following command instead: ```shell -podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` {{< call-out "note" >}} diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 338d9a552..8180f6316 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -954,12 +954,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \ apk update && apk add app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -996,12 +1000,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf -y install app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1051,12 +1059,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1097,12 +1109,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1140,12 +1156,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1186,8 +1206,12 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1224,12 +1248,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1279,12 +1307,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 37498e9da9a9b7099e3141b7b1f9cb1f9c864aac Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 15:50:55 +0000 Subject: [PATCH 16/62] update dockerfile for nap --- .../includes/waf/dockerfiles/alpine-plus.md | 4 +++ .../includes/waf/dockerfiles/amazon-plus.md | 4 +++ .../includes/waf/dockerfiles/debian-plus.md | 4 +++ .../includes/waf/dockerfiles/oracle-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel8-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel9-plus.md | 4 +++ .../includes/waf/dockerfiles/rocky9-plus.md | 4 +++ .../includes/waf/dockerfiles/ubuntu-plus.md | 4 +++ content/includes/waf/install-build-image.md | 13 +++++++++- content/waf/install/kubernetes.md | 25 +++++++++++++------ 10 files changed, 62 insertions(+), 8 deletions(-) diff --git a/content/includes/waf/dockerfiles/alpine-plus.md b/content/includes/waf/dockerfiles/alpine-plus.md index 6fe7111c5..2818c3592 100644 --- a/content/includes/waf/dockerfiles/alpine-plus.md +++ b/content/includes/waf/dockerfiles/alpine-plus.md @@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && rm -rf /var/cache/apk/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/amazon-plus.md b/content/includes/waf/dockerfiles/amazon-plus.md index d4ec7bba2..d943b33f1 100644 --- a/content/includes/waf/dockerfiles/amazon-plus.md +++ b/content/includes/waf/dockerfiles/amazon-plus.md @@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/debian-plus.md b/content/includes/waf/dockerfiles/debian-plus.md index 204dfa633..7c8581d11 100644 --- a/content/includes/waf/dockerfiles/debian-plus.md +++ b/content/includes/waf/dockerfiles/debian-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/oracle-plus.md b/content/includes/waf/dockerfiles/oracle-plus.md index 98bd1e15b..c62d33bb1 100644 --- a/content/includes/waf/dockerfiles/oracle-plus.md +++ b/content/includes/waf/dockerfiles/oracle-plus.md @@ -29,6 +29,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel8-plus.md b/content/includes/waf/dockerfiles/rhel8-plus.md index 9f05ce79f..ac00cc4e3 100644 --- a/content/includes/waf/dockerfiles/rhel8-plus.md +++ b/content/includes/waf/dockerfiles/rhel8-plus.md @@ -45,6 +45,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel9-plus.md b/content/includes/waf/dockerfiles/rhel9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rhel9-plus.md +++ b/content/includes/waf/dockerfiles/rhel9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rocky9-plus.md b/content/includes/waf/dockerfiles/rocky9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rocky9-plus.md +++ b/content/includes/waf/dockerfiles/rocky9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/ubuntu-plus.md b/content/includes/waf/dockerfiles/ubuntu-plus.md index 89a2e7d8b..7333f22d5 100644 --- a/content/includes/waf/dockerfiles/ubuntu-plus.md +++ b/content/includes/waf/dockerfiles/ubuntu-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index dec2acb30..86a729c98 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -13,7 +13,7 @@ Your folder should contain the following files: - _Dockerfile_ - _custom_log_format.json_ (Optional) -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Plus, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -24,6 +24,17 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c0287c1cf..7fc45ba49 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -36,6 +36,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +### Download your JSON web token + +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. @@ -206,9 +212,20 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 \ + --secret id=nginx-crt,src=nginx-repo.crt \ + --secret id=nginx-key,src=nginx-repo.key \ + --secret id=license-jwt,src=license.jwt \ + -t . +``` + +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ @@ -226,12 +243,6 @@ From this point, the steps change based on your installation method: ## Use Helm to install F5 WAF for NGINX -### Download your JSON web token - -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: - -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ### Get the Helm chart To get the Helm chart, first configure Docker for the F5 Container Registry. From df0089556ac47963f8b7fe17ef40aefafd7d507c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:37:34 +0000 Subject: [PATCH 17/62] updated storage --- content/waf/install/kubernetes.md | 81 ++++++++++--------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 7fc45ba49..39e81f289 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -408,63 +408,34 @@ This configuration uses a _hostPath_ backed persistent volume claim. {{< /call-out >}} ```yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: PersistentVolume metadata: - name: nap5-deployment + name: nap5-bundles-pv + labels: + type: local spec: - selector: - matchLabels: - app: nap5 - replicas: 2 - template: - metadata: - labels: - app: nap5 - spec: - imagePullSecrets: - - name: regcred - containers: - - name: nginx - image: /waf: - imagePullPolicy: IfNotPresent - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: waf-enforcer - image: private-registry.nginx.com/nap/waf-enforcer: - imagePullPolicy: IfNotPresent - env: - - name: ENFORCER_PORT - value: "50000" - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: waf-config-mgr - image: private-registry.nginx.com/nap/waf-config-mgr: - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles - volumes: - - name: app-protect-bd-config - emptyDir: {} - - name: app-protect-config - emptyDir: {} - - name: app-protect-bundles - persistentVolumeClaim: - claimName: nap5-bundles-pvc + storageClassName: manual + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: "/mnt/nap5_bundles_pv_data" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nap5-bundles-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + volumeName: nap5-bundles-pv ``` {{% /tab %}} From 65ae1c461ab21ec03a048e5bfba9547f603c007a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:53:46 +0000 Subject: [PATCH 18/62] fixed kubernetes --- content/waf/install/kubernetes.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 39e81f289..b57873e84 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -215,17 +215,7 @@ Your folder should contain the following files: - _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: - -```shell -sudo docker build --no-cache --platform linux/amd64 \ - --secret id=nginx-crt,src=nginx-repo.crt \ - --secret id=nginx-key,src=nginx-repo.key \ - --secret id=license-jwt,src=license.jwt \ - -t . -``` - -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +To build an image, use the following command, replacing as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ From b6b573078cb36395cc771e4f31df2380d98e2d82 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:06:31 +0000 Subject: [PATCH 19/62] ohad fix 1 --- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index b57873e84..24f55efaa 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -256,7 +256,7 @@ cd nginx-app-protect You will need to edit the `values.yaml` file for a few changes: - Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). -- Update _appprotect.config.nginxJWT_ with your JSON web token +- Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus) - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials You can encode your credentials with the following command: diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3488841c6..65efd1884 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,6 +31,9 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} +### Additional Requirement for NGINX Plus Users +If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 790823c647306ef17629b3d090e3b6b6f7c00bd9 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:08:14 +0000 Subject: [PATCH 20/62] chnaged title --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 65efd1884..d35cef2ec 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,7 +31,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Additional Requirement for NGINX Plus Users +### Required: Download JWT License for NGINX Plus Installation If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From e878f41663225cb96235aa01218ab39dc6d3dac2 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:15:51 +0000 Subject: [PATCH 21/62] CHANGED NAME --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index d35cef2ec..8a64fad21 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) Depending on your deployment type, you may have additional requirements: @@ -32,7 +32,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "waf/install-selinux-warning.md" >}} ### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 30e6c633a4c5359b8adec79b0ebf2ff05207d792 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:22:53 +0000 Subject: [PATCH 22/62] need jwt anywasy for opensouce for docker cred --- content/waf/install/kubernetes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 24f55efaa..44832a087 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -39,6 +39,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ### Download your JSON web token To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -212,7 +213,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ -- _license.jwt_ (Only necessary when using NGINX Plus) +- _license.jwt_ - _Dockerfile_ To build an image, use the following command, replacing as appropriate: From 151c044fe0e7f850de8e55dd69ff1994f532edbe Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 07:18:41 +0000 Subject: [PATCH 23/62] removed todo --- content/waf/install/docker.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 8180f6316..a14bad603 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1348,6 +1348,4 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Remove NGINX docker image Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. -[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool - -TODO +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file From 44b0e801b8235076cb998bb79cada6439e644457 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:26 +0200 Subject: [PATCH 24/62] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a14bad603..945992ae6 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -819,7 +819,9 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From 83c9ae1e2da79a6fa34c5a3ccc7b999dbf9ef1b2 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:34 +0200 Subject: [PATCH 25/62] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 945992ae6..304184394 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -443,7 +443,9 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From 5b01cbfcf8d99cf21f41cc3ca7dbbb68c6187172 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:06 +0200 Subject: [PATCH 26/62] Update content/includes/waf/install-build-image.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-build-image.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 86a729c98..ef28dca51 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -24,6 +24,7 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` + To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell From fad32f42d98b187e042df42dc0b477db07d5034c Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:29 +0200 Subject: [PATCH 27/62] Update content/includes/waf/install-services-registry.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-services-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index 2389912d7..40b9135b4 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,7 +5,7 @@ nd-files: - content/waf/install/kubernetes.md --- -Docker registry credentials are needed to access private-registry.nginx.com +You will need Docker registry credentials to access private-registry.nginx.com. Create a directory and copy your certificate and key to this directory: From b0ced8a220caa52c5d90d9cc0b4f3751906aafa8 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:16:37 +0000 Subject: [PATCH 28/62] made changes from suggestions --- content/includes/waf/install-build-image.md | 8 ++- content/waf/install/docker.md | 62 ++++++++++++++++++++- content/waf/install/kubernetes-plm.md | 24 +++++--- content/waf/install/kubernetes.md | 18 ++++-- content/waf/install/virtual-environment.md | 20 +++++-- 5 files changed, 109 insertions(+), 23 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index ef28dca51..c0ff97ca6 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -11,9 +11,10 @@ Your folder should contain the following files: - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ -- _custom_log_format.json_ (Optional) +- _custom_log_format.json_ -To build an image for NGINX Plus, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Plus +To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -25,7 +26,8 @@ A RHEL-based system would use the following command instead: podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Open Source +To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 304184394..0abfbbf83 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,9 +16,13 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -52,7 +56,15 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -{{< include "waf/install-services-registry.md" >}} +You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. + +Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: + +```shell +mkdir -p /etc/docker/certs.d/private-registry.nginx.com +cp /etc/docker/certs.d/private-registry.nginx.com/client.cert +cp /etc/docker/certs.d/private-registry.nginx.com/client.key +``` You should now move to the section based on your configuration type: @@ -312,7 +324,51 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu ### Build the Docker image -{{< include "waf/install-build-image.md" >}} +Your folder should contain the following files: + +- _nginx-repo.crt_ +- _nginx-repo.key_ +- _license.jwt_ +- _nginx.conf_ +- _entrypoint.sh_ +- _Dockerfile_ +- _custom_log_format.json_ + +To build an image, use the following command for system that are not RHEL-based, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +{{< call-out "note" >}} + +The `--no-cache` option is used to ensure the image is built from scratch, installing the latest versions of NGINX Plus and F5 WAF for NGINX. + +{{< /call-out >}} + +Verify that your image has been created using the `docker images` command: + +```shell +docker images +``` + +Create a container based on this image, replacing as appropriate: + +```shell +docker run --name -p 80:80 -d +``` + +Verify the new container is running using the `docker ps` command: + +```shell +docker ps +``` ### Update configuration files diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 1038132a8..c6f6fe48d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,20 +36,30 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). ## Download your subscription credentials -1. Log in to [MyF5](https://my.f5.com/manage/s/). -1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions. -1. Find your NGINX subscription, and select the **Subscription ID** for details. -1. Download the **SSL Certificate** and **Private Key files** from the subscription page. -1. Download the **JSON Web Token** file from the subscription page. +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Prepare environment variables diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 44832a087..3515c8192 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,11 +18,14 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -34,11 +37,14 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Download your subscription credentials +### General subscription credentials needed for deployments + {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Download your JSON web token +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8a64fad21..2abc4887f 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,16 +23,28 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) + Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) +- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: -You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. +You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin +## Download your subscription credentials + +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 0f1323136f9ea1b8852b287c5d8a16475ae153e0 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:58:08 +0000 Subject: [PATCH 29/62] updated compiler doc --- content/waf/configure/compiler.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 7c5a56252..9319ab8cf 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,8 +32,9 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. +- [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) ## Download your subscription credentials From 60097618d92ace4b27fecf51573eb379e86df502 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:41:58 +0000 Subject: [PATCH 30/62] changes to bare metal --- content/waf/install/virtual-environment.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2abc4887f..143816562 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,11 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) -- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: From f0e4484647928c6ef5694369975cf36440de49ce Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:48:04 +0000 Subject: [PATCH 31/62] updated docker --- content/waf/install/docker.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0abfbbf83..5a7ddae5d 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -30,6 +29,15 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} + +## Download your subscription credentials +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Docker deployment options There are three kinds of Docker deployments available: @@ -46,14 +54,6 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. -## Download your subscription credentials -### Shared Requirements - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional Requirement for NGINX Plus Users -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ## Configure Docker for the F5 Container Registry You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. From e5984576f3f31213035fa874bbb89bd31cf6ec6a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:08 +0000 Subject: [PATCH 32/62] updated jwt sections --- content/waf/install/docker.md | 7 ++++--- content/waf/install/kubernetes-plm.md | 9 ++++----- content/waf/install/kubernetes.md | 9 ++++----- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 5a7ddae5d..2f6a41340 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -20,8 +20,8 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -35,7 +35,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional Requirement for NGINX Plus Users +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c6f6fe48d..98b4a1372 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,11 +41,10 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com ## Download your subscription credentials @@ -53,9 +52,9 @@ To complete this guide, you will need the following prerequisites: {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 3515c8192..d1e44191a 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -24,8 +24,8 @@ To complete this guide, you will need the following pre-requisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -41,9 +41,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus - -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 143816562..535068973 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -39,7 +39,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: From 34104a58daccffbeeccafecf331400ecb86d4137 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:57 +0000 Subject: [PATCH 33/62] add info about logger --- content/waf/install/docker.md | 1 + content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 3 files changed, 3 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 2f6a41340..b88f2087a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 98b4a1372..44544a007 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,6 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index d1e44191a..f0fbe1df9 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,6 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From f58e25742da90ad06f3ab6ceb8be005574c8de2f Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:59:32 +0000 Subject: [PATCH 34/62] alan updates --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 9319ab8cf..e51bcd789 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 60794d2ee..697a55b39 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index b88f2087a..d9a7734a7 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,9 +18,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 44544a007..da8d5f86d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f0fbe1df9..716e0295b 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 535068973..3a97e5723 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From 7729be5018c290e52e2759cebb71fd624033dd3f Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 15:31:04 +0000 Subject: [PATCH 35/62] more suggestions --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 8 ++++---- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- content/waf/install/virtual-environment.md | 8 ++++---- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index e51bcd789..b87c24c80 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 697a55b39..5cd0b163c 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index d9a7734a7..babec5f21 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,11 +18,11 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -37,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index da8d5f86d..fd645b87a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,7 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials @@ -55,7 +55,7 @@ To complete this guide, you will need the following prerequisites: ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 716e0295b..c2f0b69ad 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,7 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -43,7 +43,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3a97e5723..4bae4ec06 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,10 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: @@ -41,7 +41,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" ### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From 405d82c46229b8bcae62ec598ac98a377d713dd5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:39:31 +0000 Subject: [PATCH 36/62] linted --- content/waf/install/docker.md | 4 +++- content/waf/install/kubernetes.md | 5 ++++- content/waf/install/virtual-environment.md | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index babec5f21..c93770c7c 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -30,13 +30,14 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} - ## Download your subscription credentials + ### General subscription credentials needed for deployments {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -1408,6 +1409,7 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa {{< include "waf/install-next-steps.md" >}} ## Remove NGINX docker image + Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. [docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c2f0b69ad..748107bbd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -43,9 +43,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4bae4ec06..6f65c587b 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -33,6 +33,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} + ## Download your subscription credentials ### General subscription credentials needed for deployments @@ -43,7 +44,6 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: - {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 5ad29386350f739b498cc85b4bdf2eed7abe46dd Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:51:45 +0000 Subject: [PATCH 37/62] updated alan changes --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 6 ++++-- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index b87c24c80..c493ae9eb 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 5cd0b163c..fae92d527 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index c93770c7c..231146cf1 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,7 +18,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) @@ -59,7 +59,7 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. +You will need Docker registry credentials to access private-registry.nginx.com for the Multi-container or Hybrid deployment options. Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index fd645b87a..993be8e8a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com @@ -57,7 +57,9 @@ To complete this guide, you will need the following prerequisites: To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 748107bbd..f3197d6a4 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 6f65c587b..866d338c4 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From b43a607c6e2baf166214909851a3a0332c94a67a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:25:01 +0000 Subject: [PATCH 38/62] fixed spelling --- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 993be8e8a..880773f70 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f3197d6a4..938be74d8 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com From 3efb28fdc3441ab4c4be13589740b279b5b31acb Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:28:40 +0000 Subject: [PATCH 39/62] fixed hyperlinks --- content/waf/install/docker.md | 6 +++--- content/waf/install/kubernetes-plm.md | 6 +++--- content/waf/install/kubernetes.md | 6 +++--- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 231146cf1..709f43d47 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,9 +19,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 880773f70..64087d312 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,9 +42,9 @@ To complete this guide, you will need the following prerequisites: - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 938be74d8..02b747e4c 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,9 +23,9 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 866d338c4..9b057c22c 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. + - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From c7fb1e0692695515dd984f7cba478fef9d601f73 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:45:19 +0000 Subject: [PATCH 40/62] updated note --- content/waf/install/docker.md | 5 ++++- content/waf/install/kubernetes-plm.md | 5 ++++- content/waf/install/kubernetes.md | 5 ++++- content/waf/install/virtual-environment.md | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 709f43d47..2783beccd 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -22,7 +22,6 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -30,6 +29,10 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 64087d312..d2f77fa9c 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,7 +45,10 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations + +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 02b747e4c..a158c9565 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,7 +26,6 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -36,6 +35,10 @@ There is another optional topic to [Add a read-only filesystem for Kubernetes]({ To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 9b057c22c..a415fbc33 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -26,7 +26,6 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: @@ -34,6 +33,10 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "waf/install-selinux-warning.md" >}} +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments From c05d07cad6024691c4ef9e7fa275f925f7ff51ac Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:51:45 +0000 Subject: [PATCH 41/62] fixed hyperlinks again --- content/waf/install/docker.md | 6 +++--- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 6 +++--- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 2783beccd..15a77711e 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,9 +19,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index d2f77fa9c..20adac9b9 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,8 +42,8 @@ To complete this guide, you will need the following prerequisites: - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index a158c9565..14e93a6fa 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,9 +23,9 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index a415fbc33..3948b158b 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. + - Download the [SSL certificate, private key, and the JWT license](#download-your-subscription-credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. Depending on your deployment type, you may have additional requirements: From 31d8301881656f323e74165f4d3a7272786b5c2f Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:57:35 +0000 Subject: [PATCH 42/62] fixed compiler link --- content/waf/configure/compiler.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index c493ae9eb..55354f98a 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -34,7 +34,7 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. -- [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com +- [Docker registry credentials](configure-docker-for-the-f5-container-registry) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) ## Download your subscription credentials From de2b938e89596be99041642a42acfbc8fb065d5e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 15:00:35 +0000 Subject: [PATCH 43/62] fixed compiler hyperlink again --- content/waf/configure/compiler.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 55354f98a..d75d6090a 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -33,7 +33,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. + - Download the [SSL certificate and private key](download-your-subscription-credentials) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials](configure-docker-for-the-f5-container-registry) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) From 8c2355f2e9e34866f42761d25640eb96cc4e3987 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 10:52:01 +0000 Subject: [PATCH 44/62] updated jwt location --- .../alpine-plus.md | 38 +++++++++++++ .../amazon-plus.md | 39 +++++++++++++ .../debian-plus.md | 52 +++++++++++++++++ .../oracle-plus.md | 40 +++++++++++++ .../rhel8-plus.md | 56 +++++++++++++++++++ .../rhel9-plus.md | 41 ++++++++++++++ .../rocky9-plus.md | 41 ++++++++++++++ .../ubuntu-plus.md | 52 +++++++++++++++++ .../waf/install/disconnected-environment.md | 4 ++ content/waf/install/docker.md | 8 ++- content/waf/install/kubernetes-plm.md | 2 + content/waf/install/kubernetes.md | 20 ++++--- content/waf/install/virtual-environment.md | 10 ++++ 13 files changed, 393 insertions(+), 10 deletions(-) create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md new file mode 100644 index 000000000..6fe7111c5 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md @@ -0,0 +1,38 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_VER's are 3.22 +ARG OS_VER="3.22" + +# Base image +FROM alpine:${OS_VER} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \ + wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \ + && printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \ + tee -a /etc/apk/repositories \ + && printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \ + tee -a /etc/apk/repositories \ + && apk update \ + && apk add app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && rm -rf /var/cache/apk/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` \ No newline at end of file diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md new file mode 100644 index 000000000..d4ec7bba2 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md @@ -0,0 +1,39 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base image +FROM amazonlinux:2023 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + yum -y install wget ca-certificates shadow-utils \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/\$basearch/" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-plus.repo \ + && yum -y install app-protect-module-plus \ + && yum clean all \ + && rm -rf /var/cache/yum \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md new file mode 100644 index 000000000..204dfa633 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md @@ -0,0 +1,52 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_CODENAME's are: bullseye/bookworm +ARG OS_CODENAME=bookworm + +# Base image +FROM debian:${OS_CODENAME} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + apt-get update \ + && apt-get install -y \ + apt-transport-https \ + lsb-release \ + ca-certificates \ + wget \ + gnupg2 \ + debian-archive-keyring \ + && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | \ + gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \ + && gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-plus.list \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-app-protect.list \ + && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \ + && apt-get update \ + && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md new file mode 100644 index 000000000..2f8a0ace3 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md @@ -0,0 +1,40 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base image +FROM oraclelinux:8 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates yum-utils \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/\$basearch/" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && dnf clean all \ + && dnf -y install app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md new file mode 100644 index 000000000..9f05ce79f --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md @@ -0,0 +1,56 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported UBI_VERSION's are 7/8/9 +ARG UBI_VERSION=8 + +# Base Image +FROM registry.access.redhat.com/ubi${UBI_VERSION}/ubi + +# Define the ARG again after FROM to use it in this stage +ARG UBI_VERSION + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + PKG_MANAGER=dnf; \ + if [ "${UBI_VERSION}" = "7" ]; then \ + PKG_MANAGER=yum; \ + NGINX_PLUS_REPO="nginx-plus-7.4.repo"; \ + elif [ "${UBI_VERSION}" = "9" ]; then \ + NGINX_PLUS_REPO="plus-${UBI_VERSION}.repo"; \ + else \ + NGINX_PLUS_REPO="nginx-plus-${UBI_VERSION}.repo"; \ + fi \ + && $PKG_MANAGER -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && $PKG_MANAGER clean all \ + && $PKG_MANAGER install -y app-protect-module-plus \ + && $PKG_MANAGER clean all \ + && rm -rf /var/cache/$PKG_MANAGER \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md new file mode 100644 index 000000000..464ba150e --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md @@ -0,0 +1,41 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base Image +FROM rockylinux:9 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && dnf clean all \ + && dnf install -y app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md new file mode 100644 index 000000000..464ba150e --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md @@ -0,0 +1,41 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base Image +FROM rockylinux:9 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && dnf clean all \ + && dnf install -y app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md new file mode 100644 index 000000000..89a2e7d8b --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md @@ -0,0 +1,52 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_CODENAME's are: focal/jammy +ARG OS_CODENAME=jammy + +# Base image +FROM ubuntu:${OS_CODENAME} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + apt-get update \ + && apt-get install -y \ + apt-transport-https \ + lsb-release \ + ca-certificates \ + wget \ + gnupg2 \ + ubuntu-keyring \ + && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | \ + gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \ + && gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-plus.list \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-app-protect.list \ + && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \ + && apt-get update \ + && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index fae92d527..aa0588d63 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -89,6 +89,10 @@ yum install --downloadonly --downloaddir=/etc/packages/ app-protect Once you've obtained the package files and transferred them to your disconnected environment, you can directly install them or add them to a local repository. +## Configure license reporting for disconnected environments + +By default, NGINX Plus automatically reports license usage to the F5 licensing endpoint, and additional configuration is not required in connected environments. However, manual configuration becomes necessary in disconnected environments. Use NGINX Instance Manager for usage reporting or use a custom path for the license file. Configuration can be done in the [`mgmt {}`](https://nginx.org/en/docs/ngx_mgmt_module.html) block of the NGINX Plus configuration file (`/etc/nginx/nginx.conf`). For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). + ## Download Docker images After pulling or building Docker images in a connected environment, you can save them to `.tar` files: diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 15a77711e..72dd6446e 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -20,7 +20,7 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -44,6 +44,12 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "important" >}} +The provided Dockerfile for NGINX Plus automatically handles placing the JWT license file in `/etc/nginx/` during image build. If you use a custom Dockerfile, you must ensure the JWT license is copied to this location. +{{< /call-out >}} + +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Docker deployment options There are three kinds of Docker deployments available: diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 20adac9b9..472e09f91 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -66,6 +66,8 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Prepare environment variables Set the following environment variables, which point towards your credential files: diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 14e93a6fa..930d720b7 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,7 +23,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Open Source in your deployment. - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com @@ -55,6 +55,8 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. @@ -87,7 +89,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/alpine-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md" >}} {{% /tab %}} @@ -105,7 +107,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/amazon-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md" >}} {{% /tab %}} @@ -123,7 +125,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/debian-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md" >}} {{% /tab %}} @@ -141,7 +143,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/oracle-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md" >}} {{% /tab %}} @@ -159,7 +161,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rhel8-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md" >}} {{% /tab %}} @@ -177,7 +179,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rhel9-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md" >}} {{% /tab %}} @@ -195,7 +197,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rocky9-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md" >}} {{% /tab %}} @@ -213,7 +215,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/ubuntu-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md" >}} {{% /tab %}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3948b158b..280b71f90 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -49,6 +49,8 @@ To use NGINX Plus, you will need to download the the JWT license file associated {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Platform-specific instructions Navigate to your chosen operating system, which are alphabetically ordered. @@ -215,6 +217,14 @@ sudo apt-get update sudo apt-get install app-protect ``` +## Install NGINX Plus license + +If you have not already copied your NGINX Plus JWT license file to the `/etc/nginx/` directory (for example, if NGINX Plus was installed automatically as a dependency), do so now: + +```shell +sudo cp .jwt /etc/nginx/license.jwt +``` + ## Update configuration files Once you have installed F5 WAF for NGINX, you must load it as a module in the main context of your NGINX configuration. From e6dd8584cb05582687a0030129a2b916d7d8b0d5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:00:43 +0000 Subject: [PATCH 45/62] missing kubctl jwt copy location --- content/waf/install/kubernetes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 930d720b7..c8711d4eb 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -57,6 +57,10 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} +{{< call-out "note" >}} +When using the provided values.yaml for Helm, setting the `appprotect.config.nginxJWT` value ensures that your JWT license is automatically copied to `/etc/nginx/license.jwt` inside the NGINX container. No additional manual copying of the file is needed when deploying with the provided YAML configuration. +{{< /call-out >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. From 7f0f25183ad70e8ad0c45e5bb15d70d3d2a2772c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:03:07 +0000 Subject: [PATCH 46/62] fixed hyperlink --- content/waf/install/kubernetes-plm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 472e09f91..7b343a87f 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -43,7 +43,7 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile From 0b380a94010b0d14d8a6b052e8fc2a470e4983c9 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:17:04 +0000 Subject: [PATCH 47/62] updated shutout for jwt locations for experimental kubectl --- content/waf/install/kubernetes-plm.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 7b343a87f..1684468cd 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -68,6 +68,10 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} +{{< call-out "note" >}} +Setting `appprotect.config.nginxJWT` with the `--set` flag in your Helm command automatically copies the JWT license to `/etc/nginx/license.jwt` inside the NGINX container. No manual JWT file copying or mounting is needed. +{{< /call-out >}} + ## Prepare environment variables Set the following environment variables, which point towards your credential files: From 3896e6ca7cbcb226a12c40104d7e57a5f422bfd7 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:06 +0200 Subject: [PATCH 48/62] Update content/includes/waf/install-build-image.md Co-authored-by: yar --- content/includes/waf/install-build-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index c0ff97ca6..5ab4371ce 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -27,7 +27,7 @@ podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=ngi ``` #### Building an image with NGINX Open Source -To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `` as appropriate: +To build an image for NGINX Open Source, use the following command that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . From e187af574d2816896cd154d4c75d216b3a8e9a0c Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:28 +0200 Subject: [PATCH 49/62] Update content/waf/install/virtual-environment.md Co-authored-by: yar --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 280b71f90..857525c31 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -45,7 +45,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From d9f0ca93df01a00154298245c2ebb9a48d5e5afd Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:51 +0200 Subject: [PATCH 50/62] Update content/waf/install/kubernetes.md Co-authored-by: yar --- content/waf/install/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c8711d4eb..269ffeb33 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -47,7 +47,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. From ca16a381edfab3b222b2a8ab918e9190c329e885 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:13 +0200 Subject: [PATCH 51/62] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 72dd6446e..4223532e6 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -346,7 +346,7 @@ Your folder should contain the following files: - _Dockerfile_ - _custom_log_format.json_ -To build an image, use the following command for system that are not RHEL-based, replacing `` as appropriate: +To build an image, use the following command for a system that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . From 9e78bb6653230aab41a94b337dfc9a666bcb2260 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:34 +0200 Subject: [PATCH 52/62] Update content/includes/waf/install-build-image.md Co-authored-by: yar --- content/includes/waf/install-build-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 5ab4371ce..d7e672e49 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -14,7 +14,7 @@ Your folder should contain the following files: - _custom_log_format.json_ #### Building an image with NGINX Plus -To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `` as appropriate: +To build an image for NGINX Plus, use the following command that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . From 628af3c43074a416730affe6770ec760bcadc073 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:51 +0200 Subject: [PATCH 53/62] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 4223532e6..988386dce 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -41,7 +41,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} {{< call-out "important" >}} From c180b55bcfd572ef1edd475d4a9134edbbec0480 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:07 +0200 Subject: [PATCH 54/62] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 988386dce..7e8f20309 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -512,7 +512,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th #### Download Docker images -[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#configure-docker-for-the-f5-container-registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} From 15260c3b55e75d6c8c3c36d2302a76e590fc2602 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:23 +0200 Subject: [PATCH 55/62] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 7e8f20309..5b0cf6f30 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -890,7 +890,7 @@ sudo dnf install app-protect-module-plus #### Download Docker images -[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#configure-docker-for-the-f5-container-registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} From 1a594975c49d4abc31e4f68d0e4ff47184486733 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:39 +0200 Subject: [PATCH 56/62] Update content/waf/install/kubernetes-plm.md Co-authored-by: yar --- content/waf/install/kubernetes-plm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 1684468cd..9e936266e 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -58,7 +58,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. From 500a29cbe3a5a93c4e548b91f1ce062e7bed0dc8 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Sun, 7 Dec 2025 08:34:34 +0000 Subject: [PATCH 57/62] removed extra the and fixed hyperlinks --- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/policies/bot-signatures.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 5b0cf6f30..bfc99011c 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -70,7 +70,7 @@ The steps you should follow on this page are dependent on your configuration typ You will need Docker registry credentials to access private-registry.nginx.com for the Multi-container or Hybrid deployment options. -Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: +Create a directory and copy your certificate and key to this directory: ```shell mkdir -p /etc/docker/certs.d/private-registry.nginx.com diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 9e936266e..2bf1ec54f 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -44,7 +44,7 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile @@ -1018,7 +1018,7 @@ cd nginx-app-protect kubectl apply -f crds/ ``` -Finish the the process by using `helm upgrade`: +Finish the process by using `helm upgrade`: ```shell helm upgrade . \ diff --git a/content/waf/policies/bot-signatures.md b/content/waf/policies/bot-signatures.md index f661990c9..9662817e8 100644 --- a/content/waf/policies/bot-signatures.md +++ b/content/waf/policies/bot-signatures.md @@ -18,7 +18,7 @@ This feature is enabled by default with the `bot-defense` parameter, and include ## Bot signatures -Bot signature detection works by inspecting the the User-Agent header and URI of a request. +Bot signature detection works by inspecting the User-Agent header and URI of a request. Each detected bot signature belongs to a bot class: search engine signatures such as `googlebot` are under the trusted_bots class, but F5 WAF for NGINX performs additional checks to authenticate a trusted bot. From 7f3be7d6e88c49ef0be63ae497a3c09c2f1429a9 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 07:17:00 +0000 Subject: [PATCH 58/62] temp --- content/waf/install/docker.md | 6 ++---- content/waf/install/kubernetes.md | 10 ++++------ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index bfc99011c..d82e15f84 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,16 +17,14 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. -To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. - {{< include "waf/install-selinux-warning.md" >}} ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 269ffeb33..f2dbc39ce 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -19,11 +19,11 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) TODO add reason for it. +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster TODO add reason for it.. +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your f5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you plan of using NGINX Open Source in your deployment. - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com @@ -33,8 +33,6 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" There is another optional topic to [Add a read-only filesystem for Kubernetes]({{< ref "/waf/configure/kubernetes-read-only.md" >}}) -To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. - ## Default security policy and logging profile F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. From c33c7f4ce875fc0ca09d85a52d48fddff1ab6ee5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 09:50:19 +0000 Subject: [PATCH 59/62] added aviv suggestions --- .../download-jwt-ssl-key-from-myf5.md | 12 +++++++++ content/waf/configure/secure-mtls.md | 5 ++-- .../waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 20 ++++++-------- content/waf/install/kubernetes-plm.md | 26 +++++++----------- content/waf/install/kubernetes.md | 27 +++++++------------ content/waf/install/virtual-environment.md | 11 ++------ content/waf/policies/ip-intelligence.md | 4 +-- 8 files changed, 47 insertions(+), 60 deletions(-) create mode 100644 content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md diff --git a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md new file mode 100644 index 000000000..9f54304a3 --- /dev/null +++ b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md @@ -0,0 +1,12 @@ +--- +nd-files: +- content/includes/use-cases/credential-download-instructions.md +- content/waf/configure/compiler.md +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +1. Log in to [MyF5](https://my.f5.com/manage/s/). +1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions. +1. Find your NGINX subscription, and select the **Subscription ID** for details. +1. Download the **SSL Certificate**, **Private Key** and **JSON Web Token** files from the subscription page. \ No newline at end of file diff --git a/content/waf/configure/secure-mtls.md b/content/waf/configure/secure-mtls.md index 9b0c37da0..389a16da6 100644 --- a/content/waf/configure/secure-mtls.md +++ b/content/waf/configure/secure-mtls.md @@ -155,7 +155,7 @@ With a [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment {{< /call-out >}} -## Modify Docker compose file +## Modify Docker Compose file {{< call-out "warning" >}} @@ -224,5 +224,4 @@ services: app_protect_bd_config: app_protect_config: app_protect_etc_config: -``` - +``` \ No newline at end of file diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index aa0588d63..db60115e2 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -113,4 +113,4 @@ docker load -i waf-config-mgr.tar docker load -i waf-ip-intelligence.tar ``` -Ensure your Docker compose files use the tagged images you've transferred. \ No newline at end of file +Ensure your Docker Compose files use the tagged images you've transferred. \ No newline at end of file diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index d82e15f84..9233ad5c5 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. JWT license is not needed when using NGINX Open Source. +- Access to private-registry.nginx.com using [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for pulling images need for deployment when using Multi-container and Hybrid configuration. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -33,14 +32,11 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments +{{< call-out "note" >}} +If you are using NGINX Open Source for your Multi-container or Hybrid configuration, you do not need the JWT license file. +{{< /call-out >}} -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "important" >}} The provided Dockerfile for NGINX Plus automatically handles placing the JWT license file in `/etc/nginx/` during image build. If you use a custom Dockerfile, you must ensure the JWT license is copied to this location. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 2bf1ec54f..27d127a2a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -37,14 +37,12 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- [Helm](https://helm.sh/docs/intro/install/) -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. +- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. ## Default security policy and logging profile @@ -52,13 +50,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +{{< call-out "note" >}} +To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. +{{< /call-out >}} {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. @@ -69,7 +63,7 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} {{< call-out "note" >}} -Setting `appprotect.config.nginxJWT` with the `--set` flag in your Helm command automatically copies the JWT license to `/etc/nginx/license.jwt` inside the NGINX container. No manual JWT file copying or mounting is needed. +When using the provided values.yaml for Helm, setting the `appprotect.config.nginxJWT` value ensures that your JWT license is automatically copied to `/etc/nginx/license.jwt` inside the NGINX container. No additional manual copying of the file is needed when deploying with the provided YAML configuration. {{< /call-out >}} ## Prepare environment variables diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f2dbc39ce..9ee2e274a 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -19,15 +19,12 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) TODO add reason for it. -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster TODO add reason for it.. -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your f5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you plan of using NGINX Open Source in your deployment. - - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com - -You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. +- [Access credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com for pulling deployment images. +- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -39,13 +36,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +{{< call-out "note" >}} +To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. +{{< /call-out >}} {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. @@ -272,7 +265,7 @@ cd nginx-app-protect You will need to edit the `values.yaml` file for a few changes: -- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). +- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). - Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus) - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 857525c31..cc2f9cce1 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,8 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license](#download-your-subscription-credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. Depending on your deployment type, you may have additional requirements: @@ -39,15 +38,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - To use NGINX Plus, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} diff --git a/content/waf/policies/ip-intelligence.md b/content/waf/policies/ip-intelligence.md index 566f37711..a020023b7 100644 --- a/content/waf/policies/ip-intelligence.md +++ b/content/waf/policies/ip-intelligence.md @@ -76,7 +76,7 @@ tail -f iprepd.log Once complete, you can now [Configure policies for IP intelligence](#configure-policies-for-ip-intelligence). -### Modify Docker compose file +### Modify Docker Compose file {{< call-out "warning" >}} @@ -84,7 +84,7 @@ This section **only** applies to installations using Docker. {{< /call-out >}} -IP intelligence has its own Docker container, which can be added to an existing Docker compose file for deployment. +IP intelligence has its own Docker container, which can be added to an existing Docker Compose file for deployment. First, create the required directory: From 5997180c81e4e9fe319588ce2a90c6331c4fa054 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 10:07:21 +0000 Subject: [PATCH 60/62] updated hyperlinks --- .../licensing-and-reporting/download-jwt-ssl-key-from-myf5.md | 4 ++-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md index 9f54304a3..02fede65a 100644 --- a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md +++ b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md @@ -1,9 +1,9 @@ --- nd-files: -- content/includes/use-cases/credential-download-instructions.md -- content/waf/configure/compiler.md - content/waf/install/docker.md - content/waf/install/kubernetes.md +- content/waf/install/kubernetes-plm.md +- content/waf/install/virtual-environment.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 27d127a2a..0164ea059 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -58,7 +58,7 @@ To access private-registry.nginx.com, you will need to download the JWT license If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< /call-out >}} -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 9ee2e274a..243d4b3bb 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -44,7 +44,7 @@ To access private-registry.nginx.com, you will need to download the JWT license If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< /call-out >}} -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} From b8fd05812f722e2182afc47259c1489a17892eef Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 10:21:24 +0000 Subject: [PATCH 61/62] updated hyperlinks --- content/waf/install/docker.md | 3 +-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 9233ad5c5..382cf6ecd 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,8 +19,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. JWT license is not needed when using NGINX Open Source. -- Access to private-registry.nginx.com using [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for pulling images need for deployment when using Multi-container and Hybrid configuration. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 0164ea059..49f9263b4 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 243d4b3bb..5ede12007 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,7 +23,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Access credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com for pulling deployment images. +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From ea72132c91bcf08bf1f89d673a14c2add988c564 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 11 Dec 2025 14:46:57 +0000 Subject: [PATCH 62/62] missing periods --- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 49f9263b4..ced81e0a1 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images. - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 5ede12007..fa212f516 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -21,14 +21,14 @@ To complete this guide, you will need the following pre-requisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images. - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. -There is another optional topic to [Add a read-only filesystem for Kubernetes]({{< ref "/waf/configure/kubernetes-read-only.md" >}}) +There is another optional topic to [Add a read-only filesystem for Kubernetes]({{< ref "/waf/configure/kubernetes-read-only.md" >}}). ## Default security policy and logging profile