made changes from suggestions

dkleinF5 · dkleinF5 · commit dad821008673 · 2025-12-04T12:23:25.000Z
diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md
@@ -11,9 +11,10 @@ Your folder should contain the following files:
 - _nginx.conf_
 - _entrypoint.sh_
 - _Dockerfile_
-- _custom_log_format.json_ (Optional)
+- _custom_log_format.json_ 
 
-To build an image for NGINX Plus, use the following command, replacing `<your-image-name>` as appropriate:
+#### Building an image with NGINX Plus
+To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `<your-image-name>` as appropriate:
 
 ```shell
 sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
@@ -25,7 +26,8 @@ A RHEL-based system would use the following command instead:
 podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
 ```
 
-To build an image for NGINX Open Source, use the following command, replacing `<your-image-name>` as appropriate:
+#### Building an image with NGINX Open Source
+To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `<your-image-name>` as appropriate:
 
 ```shell
 sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
@@ -16,9 +16,13 @@ This page describes how to install F5 WAF for NGINX using Docker.
 
 To complete this guide, you will need the following prerequisites:
 
+- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
 - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
 - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
-- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration)
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial).
+  - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment.
+  - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
+- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration)
 
 You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
@@ -52,7 +56,15 @@ The steps you should follow on this page are dependent on your configuration typ
 
 ## Configure Docker for the F5 Container Registry
 
-{{< include "waf/install-services-registry.md" >}}
+You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration.
+
+Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory:
+
+```shell
+mkdir -p /etc/docker/certs.d/private-registry.nginx.com
+cp <path-to-your-nginx-repo.crt> /etc/docker/certs.d/private-registry.nginx.com/client.cert
+cp <path-to-your-nginx-repo.key> /etc/docker/certs.d/private-registry.nginx.com/client.key
+```
 
 You should now move to the section based on your configuration type:
 
@@ -312,7 +324,51 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu
 
 ### Build the Docker image
 
-{{< include "waf/install-build-image.md" >}}
+Your folder should contain the following files:
+
+- _nginx-repo.crt_
+- _nginx-repo.key_
+- _license.jwt_
+- _nginx.conf_
+- _entrypoint.sh_
+- _Dockerfile_
+- _custom_log_format.json_ 
+
+To build an image, use the following command for system that are not RHEL-based, replacing `<your-image-name>` as appropriate:
+
+```shell
+sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
+```
+
+A RHEL-based system would use the following command instead:
+
+```shell
+podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
+```
+
+{{< call-out "note" >}}
+
+The `--no-cache` option is used to ensure the image is built from scratch, installing the latest versions of NGINX Plus and F5 WAF for NGINX.
+
+{{< /call-out >}}
+
+Verify that your image has been created using the `docker images` command:
+
+```shell
+docker images <your-image-name>
+```
+
+Create a container based on this image, replacing <your-container-name> as appropriate:
+
+```shell
+docker run --name <your-container-name> -p 80:80 -d <your-image-name>
+```
+
+Verify the new container is running using the `docker ps` command:
+
+```shell
+docker ps
+```
 
 ### Update configuration files
 
diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md
@@ -36,20 +36,30 @@ These enhancements are  only available for Helm-based deployments.
 
 To complete this guide, you will need the following prerequisites:
 
+- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
 - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
 - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
 - [Helm](https://helm.sh/docs/intro/install/)
 - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
-- Docker registry credentials are needed to access private-registry.nginx.com
-- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**.
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial).
+  - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment.
+  - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
+- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus).
 
 ## Download your subscription credentials 
 
-1. Log in to [MyF5](https://my.f5.com/manage/s/).
-1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions.
-1. Find your NGINX subscription, and select the **Subscription ID** for details.
-1. Download the **SSL Certificate** and **Private Key files** from the subscription page.
-1. Download the **JSON Web Token** file from the subscription page.
+### General subscription credentials needed for deployments 
+
+{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
+
+### Additional subscription credentials needed for a deployments with NGINX Plus 
+
+To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
+
+> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`.
+
+{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
 
 ## Prepare environment variables
 
diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md
@@ -18,11 +18,14 @@ It explains the common steps necessary for any Kubernetes-based deployment, then
 
 To complete this guide, you will need the following pre-requisites:
 
-- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
-- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
-- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
+- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
+- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/).
+- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster.
 - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
-- Docker registry credentials are needed to access private-registry.nginx.com
+- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial).
+  - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment.
+  - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
+- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ).
 
 You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment.
 
@@ -34,11 +37,14 @@ To review supported operating systems, read the [Technical specifications]({{< r
 
 ## Download your subscription credentials 
 
+### General subscription credentials needed for deployments 
+
 {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
 
-### Download your JSON web token
+### Additional subscription credentials needed for a deployments with NGINX Plus 
+
+To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
 
-To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal:
 > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`.
 
 {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md
@@ -23,16 +23,28 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare
 To complete this guide, you will need the following prerequisites:
 
 - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}).
-- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
+ Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial).
+  - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment.
+  - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment.
 - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation)
+- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations
 
 Depending on your deployment type, you may have additional requirements:
 
-You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.
+You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately.
 
 {{< include "waf/install-selinux-warning.md" >}}
-### Required: Download JWT License for NGINX Plus Installation
-If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin
+## Download your subscription credentials 
+
+### General subscription credentials needed for deployments 
+
+{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}
+
+### Additional subscription credentials needed for a deployments with NGINX Plus
+
+To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal:
+
+
 {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}
 
 ## Platform-specific instructions
