From c663e8e29c9a18d9bcdd7bd519dd30c7c42c6bb5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 13:37:10 +0000 Subject: [PATCH 01/61] docs: add missing prerequisite for installation --- content/waf/install/virtual-environment.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4b01e1634..7a8867105 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,13 +23,11 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Open Source]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md" >}}) or [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: -- [Docker](https://docs.docker.com/get-started/get-docker/) is required for NGINX Open Source or NGINX Plus type deployments. - You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} From 5fb890e71b117ce8f82d574ef3393f920f386891 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 15:15:36 +0000 Subject: [PATCH 02/61] added info about nginx x being installed with app protect --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 7a8867105..ff2ff2a22 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: From ed8493b60cd67fa1e99e335d04213fa6ac2862f2 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:08:46 +0000 Subject: [PATCH 03/61] updated kubernetes --- content/includes/waf/install-update-configuration.md | 5 ----- content/waf/install/docker.md | 5 +++++ content/waf/install/kubernetes.md | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index 23b1c63ae..3577367cf 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -121,8 +121,3 @@ server { {{% /tab %}} {{< /tabs >}} - -Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: - -- `nginx -s reload` -- `sudo systemctl reload nginx` \ No newline at end of file diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 437440c51..903bde2be 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1293,6 +1293,11 @@ CMD ["sh", "/root/entrypoint.sh"] {{< include "waf/install-update-configuration.md" >}} +Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: + +- `nginx -s reload` +- `sudo systemctl reload nginx` + F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks). ## Post-installation checks diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 1be48c5e5..f434948f3 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -226,6 +226,8 @@ From this point, the steps change based on your installation method: ### Download your JSON web token +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ### Get the Helm chart From 69635ceb86a1de2b7e09488c7336f7e73b3fe656 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:50:06 +0000 Subject: [PATCH 04/61] added supported os and Kubernetes ctl/cluster --- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 3 ++- content/waf/install/kubernetes.md | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 903bde2be..0f7d130af 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -143,7 +143,7 @@ http { ### Create a Dockerfile -In the same folder as your credential and configuration files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential and configuration files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: @@ -913,7 +913,7 @@ http { Copy or move your subscription files into a new folder. -In the same folder as the subscription files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as the subscription files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index be8357310..e1382fae7 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,7 +36,8 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: -- [A functional Kubernetes cluster]({{< ref "/waf/install/kubernetes.md" >}}) +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) - An active F5 WAF for NGINX subscription (Purchased or trial) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f434948f3..9d0eab937 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,7 +18,8 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- A functional Kubernetes cluster +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - An active F5 WAF for NGINX subscription (Purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) @@ -36,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Create a Dockerfile -In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: From 66b15ab7a0c9f8121e3f70c5f838eec39729ee14 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:39:39 +0000 Subject: [PATCH 05/61] temp --- content/waf/install/virtual-environment.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index ff2ff2a22..8f81de119 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,8 +23,9 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) + - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used Depending on your deployment type, you may have additional requirements: From 9fef0c7bcbc537c893bd7caf6b57a2cf63d45edb Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:47:59 +0000 Subject: [PATCH 06/61] test --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8f81de119..c1a68ed50 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - +- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +- this is a test Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From 0e2168faa59e6704ec7e1b728bd0055911ca87a9 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:00:26 +0000 Subject: [PATCH 07/61] test --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index c1a68ed50..2a49ec99d 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - this is a test + Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From 24e672ca7eb0a774668294561ab16a000285b20b Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:07:45 +0000 Subject: [PATCH 08/61] added link to my my5 --- content/waf/install/virtual-environment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2a49ec99d..9157d3d52 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,9 +23,8 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription (Purchased or trial). +- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- this is a test Depending on your deployment type, you may have additional requirements: From 7f91037db6d29cf12d79e333a75763b83bc1ba52 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:35:46 +0000 Subject: [PATCH 09/61] updated myf5 with link --- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 88e1a8bc9..60794d2ee 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0f7d130af..a9aa3c1f2 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,7 +16,7 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index e1382fae7..7207dfa5a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,7 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 9d0eab937..fede5f5cc 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -20,7 +20,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 9157d3d52..3488841c6 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) Depending on your deployment type, you may have additional requirements: From 229a757b4da4df57aecfc0946c90fe8c87afbf6d Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:37:25 +0000 Subject: [PATCH 10/61] added info for docker registry access --- content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 2 files changed, 2 insertions(+) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 7207dfa5a..ad8f9a565 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,6 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index fede5f5cc..0150762cd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From fd2a17ce9377b2889555062662bac68f22344cf1 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:43:43 +0000 Subject: [PATCH 11/61] test for jwt --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a9aa3c1f2..e9f87e3c9 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -45,6 +45,8 @@ The steps you should follow on this page are dependent on your configuration typ {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used + ## Configure Docker for the F5 Container Registry {{< include "waf/install-services-registry.md" >}} From f781c652578d1f73754a6f1b7843e5986c4c1cb4 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 14:36:24 +0000 Subject: [PATCH 12/61] added jwt for docker --- content/includes/waf/install-build-image.md | 1 + content/waf/install/docker.md | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 45ccc3068..1a76c8373 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -7,6 +7,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index e9f87e3c9..9877a652a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -42,10 +42,12 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. ## Download your subscription credentials +### Shared Requirements {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Configure Docker for the F5 Container Registry @@ -956,7 +958,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -998,7 +1000,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1053,7 +1055,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1099,7 +1101,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1142,7 +1144,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1184,7 +1186,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1226,7 +1228,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1281,7 +1283,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 141c86d771d3a39368323fb30b06cf5364c8c78d Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 15:39:22 +0000 Subject: [PATCH 13/61] last work before remove --- content/includes/waf/install-services-registry.md | 2 ++ content/waf/install/docker.md | 14 +++++++++++--- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index c9f686e8d..2389912d7 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,6 +5,8 @@ nd-files: - content/waf/install/kubernetes.md --- +Docker registry credentials are needed to access private-registry.nginx.com + Create a directory and copy your certificate and key to this directory: ```shell diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 9877a652a..338d9a552 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,7 +17,8 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -442,7 +443,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -818,7 +819,7 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -1311,3 +1312,10 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Next steps {{< include "waf/install-next-steps.md" >}} + +## Remove NGINX docker image +Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. + +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool + +TODO diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index ad8f9a565..c30d9e388 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -39,8 +39,8 @@ To complete this guide, you will need the following prerequisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 0150762cd..c0287c1cf 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -21,8 +21,8 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From d4c5063fc51c0a764aaaf7ed15f042bcf2f04713 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 06:44:13 +0000 Subject: [PATCH 14/61] remove line since we have the line above it --- content/waf/install/kubernetes-plm.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c30d9e388..1038132a8 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,7 +42,6 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials From 8412ee5f1e9156b50802b0715008dbc41662bd6b Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 13:48:31 +0000 Subject: [PATCH 15/61] updated docker for jwt --- content/includes/waf/install-build-image.md | 4 +- content/waf/install/docker.md | 48 +++++++++++++++++---- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 1a76c8373..dec2acb30 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -16,13 +16,13 @@ Your folder should contain the following files: To build an image, use the following command, replacing `` as appropriate: ```shell -sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` A RHEL-based system would use the following command instead: ```shell -podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` {{< call-out "note" >}} diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 338d9a552..8180f6316 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -954,12 +954,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \ apk update && apk add app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -996,12 +1000,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf -y install app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1051,12 +1059,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1097,12 +1109,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1140,12 +1156,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1186,8 +1206,12 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1224,12 +1248,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1279,12 +1307,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 803310a4014cccccf11b2cf362042b4c1d1c6e1c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 15:50:55 +0000 Subject: [PATCH 16/61] update dockerfile for nap --- .../includes/waf/dockerfiles/alpine-plus.md | 4 +++ .../includes/waf/dockerfiles/amazon-plus.md | 4 +++ .../includes/waf/dockerfiles/debian-plus.md | 4 +++ .../includes/waf/dockerfiles/oracle-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel8-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel9-plus.md | 4 +++ .../includes/waf/dockerfiles/rocky9-plus.md | 4 +++ .../includes/waf/dockerfiles/ubuntu-plus.md | 4 +++ content/includes/waf/install-build-image.md | 13 +++++++++- content/waf/install/kubernetes.md | 25 +++++++++++++------ 10 files changed, 62 insertions(+), 8 deletions(-) diff --git a/content/includes/waf/dockerfiles/alpine-plus.md b/content/includes/waf/dockerfiles/alpine-plus.md index 6fe7111c5..2818c3592 100644 --- a/content/includes/waf/dockerfiles/alpine-plus.md +++ b/content/includes/waf/dockerfiles/alpine-plus.md @@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && rm -rf /var/cache/apk/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/amazon-plus.md b/content/includes/waf/dockerfiles/amazon-plus.md index d4ec7bba2..d943b33f1 100644 --- a/content/includes/waf/dockerfiles/amazon-plus.md +++ b/content/includes/waf/dockerfiles/amazon-plus.md @@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/debian-plus.md b/content/includes/waf/dockerfiles/debian-plus.md index 204dfa633..7c8581d11 100644 --- a/content/includes/waf/dockerfiles/debian-plus.md +++ b/content/includes/waf/dockerfiles/debian-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/oracle-plus.md b/content/includes/waf/dockerfiles/oracle-plus.md index 98bd1e15b..c62d33bb1 100644 --- a/content/includes/waf/dockerfiles/oracle-plus.md +++ b/content/includes/waf/dockerfiles/oracle-plus.md @@ -29,6 +29,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel8-plus.md b/content/includes/waf/dockerfiles/rhel8-plus.md index 9f05ce79f..ac00cc4e3 100644 --- a/content/includes/waf/dockerfiles/rhel8-plus.md +++ b/content/includes/waf/dockerfiles/rhel8-plus.md @@ -45,6 +45,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel9-plus.md b/content/includes/waf/dockerfiles/rhel9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rhel9-plus.md +++ b/content/includes/waf/dockerfiles/rhel9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rocky9-plus.md b/content/includes/waf/dockerfiles/rocky9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rocky9-plus.md +++ b/content/includes/waf/dockerfiles/rocky9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/ubuntu-plus.md b/content/includes/waf/dockerfiles/ubuntu-plus.md index 89a2e7d8b..7333f22d5 100644 --- a/content/includes/waf/dockerfiles/ubuntu-plus.md +++ b/content/includes/waf/dockerfiles/ubuntu-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index dec2acb30..86a729c98 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -13,7 +13,7 @@ Your folder should contain the following files: - _Dockerfile_ - _custom_log_format.json_ (Optional) -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Plus, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -24,6 +24,17 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c0287c1cf..7fc45ba49 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -36,6 +36,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +### Download your JSON web token + +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. @@ -206,9 +212,20 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 \ + --secret id=nginx-crt,src=nginx-repo.crt \ + --secret id=nginx-key,src=nginx-repo.key \ + --secret id=license-jwt,src=license.jwt \ + -t . +``` + +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ @@ -226,12 +243,6 @@ From this point, the steps change based on your installation method: ## Use Helm to install F5 WAF for NGINX -### Download your JSON web token - -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: - -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ### Get the Helm chart To get the Helm chart, first configure Docker for the F5 Container Registry. From 6ee30b2b58af16e1988370825cadb90170639890 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:37:34 +0000 Subject: [PATCH 17/61] updated storage --- content/waf/install/kubernetes.md | 81 ++++++++++--------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 7fc45ba49..39e81f289 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -408,63 +408,34 @@ This configuration uses a _hostPath_ backed persistent volume claim. {{< /call-out >}} ```yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: PersistentVolume metadata: - name: nap5-deployment + name: nap5-bundles-pv + labels: + type: local spec: - selector: - matchLabels: - app: nap5 - replicas: 2 - template: - metadata: - labels: - app: nap5 - spec: - imagePullSecrets: - - name: regcred - containers: - - name: nginx - image: /waf: - imagePullPolicy: IfNotPresent - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: waf-enforcer - image: private-registry.nginx.com/nap/waf-enforcer: - imagePullPolicy: IfNotPresent - env: - - name: ENFORCER_PORT - value: "50000" - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: waf-config-mgr - image: private-registry.nginx.com/nap/waf-config-mgr: - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles - volumes: - - name: app-protect-bd-config - emptyDir: {} - - name: app-protect-config - emptyDir: {} - - name: app-protect-bundles - persistentVolumeClaim: - claimName: nap5-bundles-pvc + storageClassName: manual + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: "/mnt/nap5_bundles_pv_data" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nap5-bundles-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + volumeName: nap5-bundles-pv ``` {{% /tab %}} From 49e80c0c893e581b43289abadd073dcec57f3317 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:53:46 +0000 Subject: [PATCH 18/61] fixed kubernetes --- content/waf/install/kubernetes.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 39e81f289..b57873e84 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -215,17 +215,7 @@ Your folder should contain the following files: - _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: - -```shell -sudo docker build --no-cache --platform linux/amd64 \ - --secret id=nginx-crt,src=nginx-repo.crt \ - --secret id=nginx-key,src=nginx-repo.key \ - --secret id=license-jwt,src=license.jwt \ - -t . -``` - -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +To build an image, use the following command, replacing as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ From d38bb1c7f0093c2f52e1156ad48eb6228763d3a4 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:06:31 +0000 Subject: [PATCH 19/61] ohad fix 1 --- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index b57873e84..24f55efaa 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -256,7 +256,7 @@ cd nginx-app-protect You will need to edit the `values.yaml` file for a few changes: - Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). -- Update _appprotect.config.nginxJWT_ with your JSON web token +- Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus) - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials You can encode your credentials with the following command: diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3488841c6..65efd1884 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,6 +31,9 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} +### Additional Requirement for NGINX Plus Users +If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 66a6fc1bd27d5d5128846526b432ecc7d3cbaa8e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:08:14 +0000 Subject: [PATCH 20/61] chnaged title --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 65efd1884..d35cef2ec 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,7 +31,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Additional Requirement for NGINX Plus Users +### Required: Download JWT License for NGINX Plus Installation If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From 59d79a54cae5faf02beb0107cc7caa8dddcdb62e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:15:51 +0000 Subject: [PATCH 21/61] CHANGED NAME --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index d35cef2ec..8a64fad21 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) Depending on your deployment type, you may have additional requirements: @@ -32,7 +32,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "waf/install-selinux-warning.md" >}} ### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 30742e88a202afe5cc5e1ee224f65d310595b4b2 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:22:53 +0000 Subject: [PATCH 22/61] need jwt anywasy for opensouce for docker cred --- content/waf/install/kubernetes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 24f55efaa..44832a087 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -39,6 +39,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ### Download your JSON web token To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -212,7 +213,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ -- _license.jwt_ (Only necessary when using NGINX Plus) +- _license.jwt_ - _Dockerfile_ To build an image, use the following command, replacing as appropriate: From 19a47467a8fdafc40fb28cd98f3d4abdb8a84ac3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 07:18:41 +0000 Subject: [PATCH 23/61] removed todo --- content/waf/install/docker.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 8180f6316..a14bad603 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1348,6 +1348,4 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Remove NGINX docker image Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. -[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool - -TODO +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file From da02368d82b71400578a23ff2f64d420d16922a3 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:26 +0200 Subject: [PATCH 24/61] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a14bad603..945992ae6 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -819,7 +819,9 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From 9905ac3071c92f30531f0e3adc9f01cc8125c43a Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:34 +0200 Subject: [PATCH 25/61] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 945992ae6..304184394 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -443,7 +443,9 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From 854cf3c17a65939ae42eed113ffb63bff1393d11 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:06 +0200 Subject: [PATCH 26/61] Update content/includes/waf/install-build-image.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-build-image.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 86a729c98..ef28dca51 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -24,6 +24,7 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` + To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell From 40623310a46a109410c7368495133b5575cb651b Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:29 +0200 Subject: [PATCH 27/61] Update content/includes/waf/install-services-registry.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-services-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index 2389912d7..40b9135b4 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,7 +5,7 @@ nd-files: - content/waf/install/kubernetes.md --- -Docker registry credentials are needed to access private-registry.nginx.com +You will need Docker registry credentials to access private-registry.nginx.com. Create a directory and copy your certificate and key to this directory: From 1dcb81947a5f7d8d687e513fff93ebb97cd9120e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:16:37 +0000 Subject: [PATCH 28/61] made changes from suggestions --- content/includes/waf/install-build-image.md | 8 ++- content/waf/install/docker.md | 62 ++++++++++++++++++++- content/waf/install/kubernetes-plm.md | 24 +++++--- content/waf/install/kubernetes.md | 18 ++++-- content/waf/install/virtual-environment.md | 20 +++++-- 5 files changed, 109 insertions(+), 23 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index ef28dca51..c0ff97ca6 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -11,9 +11,10 @@ Your folder should contain the following files: - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ -- _custom_log_format.json_ (Optional) +- _custom_log_format.json_ -To build an image for NGINX Plus, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Plus +To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -25,7 +26,8 @@ A RHEL-based system would use the following command instead: podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Open Source +To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 304184394..0abfbbf83 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,9 +16,13 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -52,7 +56,15 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -{{< include "waf/install-services-registry.md" >}} +You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. + +Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: + +```shell +mkdir -p /etc/docker/certs.d/private-registry.nginx.com +cp /etc/docker/certs.d/private-registry.nginx.com/client.cert +cp /etc/docker/certs.d/private-registry.nginx.com/client.key +``` You should now move to the section based on your configuration type: @@ -312,7 +324,51 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu ### Build the Docker image -{{< include "waf/install-build-image.md" >}} +Your folder should contain the following files: + +- _nginx-repo.crt_ +- _nginx-repo.key_ +- _license.jwt_ +- _nginx.conf_ +- _entrypoint.sh_ +- _Dockerfile_ +- _custom_log_format.json_ + +To build an image, use the following command for system that are not RHEL-based, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +{{< call-out "note" >}} + +The `--no-cache` option is used to ensure the image is built from scratch, installing the latest versions of NGINX Plus and F5 WAF for NGINX. + +{{< /call-out >}} + +Verify that your image has been created using the `docker images` command: + +```shell +docker images +``` + +Create a container based on this image, replacing as appropriate: + +```shell +docker run --name -p 80:80 -d +``` + +Verify the new container is running using the `docker ps` command: + +```shell +docker ps +``` ### Update configuration files diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 1038132a8..c6f6fe48d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,20 +36,30 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). ## Download your subscription credentials -1. Log in to [MyF5](https://my.f5.com/manage/s/). -1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions. -1. Find your NGINX subscription, and select the **Subscription ID** for details. -1. Download the **SSL Certificate** and **Private Key files** from the subscription page. -1. Download the **JSON Web Token** file from the subscription page. +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Prepare environment variables diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 44832a087..3515c8192 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,11 +18,14 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -34,11 +37,14 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Download your subscription credentials +### General subscription credentials needed for deployments + {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Download your JSON web token +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8a64fad21..2abc4887f 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,16 +23,28 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) + Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) +- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: -You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. +You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin +## Download your subscription credentials + +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 50593b9f7550b2f23accba275acb4f0686af4d24 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:58:08 +0000 Subject: [PATCH 29/61] updated compiler doc --- content/waf/configure/compiler.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 2b609b586..9283befa6 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,8 +32,9 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. +- [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) ## Download your subscription credentials From e41def793b4a74d1e1b98888aebf0d58c88fe2b2 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:41:58 +0000 Subject: [PATCH 30/61] changes to bare metal --- content/waf/install/virtual-environment.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2abc4887f..143816562 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,11 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) -- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: From 908b86f8f3f97127e670c0f86d411fc515717d1b Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:48:04 +0000 Subject: [PATCH 31/61] updated docker --- content/waf/install/docker.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0abfbbf83..5a7ddae5d 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -30,6 +29,15 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} + +## Download your subscription credentials +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Docker deployment options There are three kinds of Docker deployments available: @@ -46,14 +54,6 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. -## Download your subscription credentials -### Shared Requirements - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional Requirement for NGINX Plus Users -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ## Configure Docker for the F5 Container Registry You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. From 39898a00c7d5275fa45e8015e01cb9148f5cd827 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:08 +0000 Subject: [PATCH 32/61] updated jwt sections --- content/waf/install/docker.md | 7 ++++--- content/waf/install/kubernetes-plm.md | 9 ++++----- content/waf/install/kubernetes.md | 9 ++++----- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 5a7ddae5d..2f6a41340 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -20,8 +20,8 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -35,7 +35,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional Requirement for NGINX Plus Users +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c6f6fe48d..98b4a1372 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,11 +41,10 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com ## Download your subscription credentials @@ -53,9 +52,9 @@ To complete this guide, you will need the following prerequisites: {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 3515c8192..d1e44191a 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -24,8 +24,8 @@ To complete this guide, you will need the following pre-requisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -41,9 +41,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus - -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 143816562..535068973 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -39,7 +39,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: From 222bbd437b40d6eb8204549af725fd8199dfdc25 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:57 +0000 Subject: [PATCH 33/61] add info about logger --- content/waf/install/docker.md | 1 + content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 3 files changed, 3 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 2f6a41340..b88f2087a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 98b4a1372..44544a007 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,6 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index d1e44191a..f0fbe1df9 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,6 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From 2765697f7b95c6981b70fa3b13362a7b1b6ac782 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:59:32 +0000 Subject: [PATCH 34/61] alan updates --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 9283befa6..2e3b23834 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 60794d2ee..697a55b39 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index b88f2087a..d9a7734a7 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,9 +18,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 44544a007..da8d5f86d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f0fbe1df9..716e0295b 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 535068973..3a97e5723 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From a51dc1cc2fb2590e6a68d2213e2364b350ccac1c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 15:31:04 +0000 Subject: [PATCH 35/61] more suggestions --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 8 ++++---- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- content/waf/install/virtual-environment.md | 8 ++++---- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 2e3b23834..f2ec298b8 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 697a55b39..5cd0b163c 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index d9a7734a7..babec5f21 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,11 +18,11 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -37,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index da8d5f86d..fd645b87a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,7 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials @@ -55,7 +55,7 @@ To complete this guide, you will need the following prerequisites: ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 716e0295b..c2f0b69ad 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,7 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -43,7 +43,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3a97e5723..4bae4ec06 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,10 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: @@ -41,7 +41,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" ### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From dc41e8df494e330fdf64d683d5c712f93ee94cf3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:39:31 +0000 Subject: [PATCH 36/61] linted --- content/waf/install/docker.md | 4 +++- content/waf/install/kubernetes.md | 5 ++++- content/waf/install/virtual-environment.md | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index babec5f21..c93770c7c 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -30,13 +30,14 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} - ## Download your subscription credentials + ### General subscription credentials needed for deployments {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -1408,6 +1409,7 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa {{< include "waf/install-next-steps.md" >}} ## Remove NGINX docker image + Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. [docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c2f0b69ad..748107bbd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -43,9 +43,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4bae4ec06..6f65c587b 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -33,6 +33,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} + ## Download your subscription credentials ### General subscription credentials needed for deployments @@ -43,7 +44,6 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: - {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 0f6bb2ecb1c299443c3c8685305f06526a69d29d Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:51:45 +0000 Subject: [PATCH 37/61] updated alan changes --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 6 ++++-- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index f2ec298b8..018a0227d 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 5cd0b163c..fae92d527 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index c93770c7c..231146cf1 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,7 +18,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) @@ -59,7 +59,7 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. +You will need Docker registry credentials to access private-registry.nginx.com for the Multi-container or Hybrid deployment options. Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index fd645b87a..993be8e8a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com @@ -57,7 +57,9 @@ To complete this guide, you will need the following prerequisites: To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 748107bbd..f3197d6a4 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 6f65c587b..866d338c4 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From d3c73a7d55e8afddbf3c16af21d1cf2ac4ec7533 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:25:01 +0000 Subject: [PATCH 38/61] fixed spelling --- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 993be8e8a..880773f70 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f3197d6a4..938be74d8 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com From 8fbef722544943d673d8b1a260eebae6ada9bd1c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:28:40 +0000 Subject: [PATCH 39/61] fixed hyperlinks --- content/waf/install/docker.md | 6 +++--- content/waf/install/kubernetes-plm.md | 6 +++--- content/waf/install/kubernetes.md | 6 +++--- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 231146cf1..709f43d47 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,9 +19,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 880773f70..64087d312 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,9 +42,9 @@ To complete this guide, you will need the following prerequisites: - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 938be74d8..02b747e4c 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,9 +23,9 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 866d338c4..9b057c22c 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. + - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From 6fed11d956e89918c0a5272a7d99d4311ed43ac7 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:45:19 +0000 Subject: [PATCH 40/61] updated note --- content/waf/install/docker.md | 5 ++++- content/waf/install/kubernetes-plm.md | 5 ++++- content/waf/install/kubernetes.md | 5 ++++- content/waf/install/virtual-environment.md | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 709f43d47..2783beccd 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -22,7 +22,6 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -30,6 +29,10 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 64087d312..d2f77fa9c 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,7 +45,10 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations + +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 02b747e4c..a158c9565 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,7 +26,6 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -36,6 +35,10 @@ There is another optional topic to [Add a read-only filesystem for Kubernetes]({ To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 9b057c22c..a415fbc33 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -26,7 +26,6 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. -- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: @@ -34,6 +33,10 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "waf/install-selinux-warning.md" >}} +## Default security policy and logging profile + +F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. + ## Download your subscription credentials ### General subscription credentials needed for deployments From 0ed490b6dc7ee01680cdbe576cf3fcee534a1711 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:51:45 +0000 Subject: [PATCH 41/61] fixed hyperlinks again --- content/waf/install/docker.md | 6 +++--- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 6 +++--- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 2783beccd..15a77711e 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,9 +19,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index d2f77fa9c..20adac9b9 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,8 +42,8 @@ To complete this guide, you will need the following prerequisites: - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index a158c9565..14e93a6fa 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,9 +23,9 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#General subscription credentials needed for deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license](#Additional subscription credentials needed for deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index a415fbc33..3948b158b 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license](#Download your subscription credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. + - Download the [SSL certificate, private key, and the JWT license](#download-your-subscription-credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. Depending on your deployment type, you may have additional requirements: From 83fcaf33ee87902c4f603cd3b5ee6c100a795ee3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 14:57:35 +0000 Subject: [PATCH 42/61] fixed compiler link --- content/waf/configure/compiler.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 018a0227d..05b359888 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -34,7 +34,7 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. -- [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com +- [Docker registry credentials](configure-docker-for-the-f5-container-registry) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) ## Download your subscription credentials From 9942f2937a0a4c9c8edaa57bc32d1e431266c9e3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 3 Dec 2025 15:00:35 +0000 Subject: [PATCH 43/61] fixed compiler hyperlink again --- content/waf/configure/compiler.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 05b359888..b7dc49c2c 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -33,7 +33,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. + - Download the [SSL certificate and private key](download-your-subscription-credentials) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials](configure-docker-for-the-f5-container-registry) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) From 9a1474f30aa43bc83f38ef35b1573618094f331e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 10:52:01 +0000 Subject: [PATCH 44/61] updated jwt location --- .../alpine-plus.md | 38 +++++++++++++ .../amazon-plus.md | 39 +++++++++++++ .../debian-plus.md | 52 +++++++++++++++++ .../oracle-plus.md | 40 +++++++++++++ .../rhel8-plus.md | 56 +++++++++++++++++++ .../rhel9-plus.md | 41 ++++++++++++++ .../rocky9-plus.md | 41 ++++++++++++++ .../ubuntu-plus.md | 52 +++++++++++++++++ .../waf/install/disconnected-environment.md | 4 ++ content/waf/install/docker.md | 8 ++- content/waf/install/kubernetes-plm.md | 2 + content/waf/install/kubernetes.md | 20 ++++--- content/waf/install/virtual-environment.md | 10 ++++ 13 files changed, 393 insertions(+), 10 deletions(-) create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md create mode 100644 content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md new file mode 100644 index 000000000..6fe7111c5 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md @@ -0,0 +1,38 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_VER's are 3.22 +ARG OS_VER="3.22" + +# Base image +FROM alpine:${OS_VER} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \ + wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \ + && printf "https://pkgs.nginx.com/plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \ + tee -a /etc/apk/repositories \ + && printf "https://pkgs.nginx.com/app-protect-x-plus/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" | \ + tee -a /etc/apk/repositories \ + && apk update \ + && apk add app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && rm -rf /var/cache/apk/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` \ No newline at end of file diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md new file mode 100644 index 000000000..d4ec7bba2 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md @@ -0,0 +1,39 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base image +FROM amazonlinux:2023 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + yum -y install wget ca-certificates shadow-utils \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/amzn/2023/\$basearch/" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-plus.repo \ + && yum -y install app-protect-module-plus \ + && yum clean all \ + && rm -rf /var/cache/yum \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md new file mode 100644 index 000000000..204dfa633 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md @@ -0,0 +1,52 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_CODENAME's are: bullseye/bookworm +ARG OS_CODENAME=bookworm + +# Base image +FROM debian:${OS_CODENAME} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + apt-get update \ + && apt-get install -y \ + apt-transport-https \ + lsb-release \ + ca-certificates \ + wget \ + gnupg2 \ + debian-archive-keyring \ + && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | \ + gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \ + && gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-plus.list \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/app-protect-x-plus/debian `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-app-protect.list \ + && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \ + && apt-get update \ + && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md new file mode 100644 index 000000000..2f8a0ace3 --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md @@ -0,0 +1,40 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base image +FROM oraclelinux:8 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates yum-utils \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-8.repo \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/8/\$basearch/" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-8-x-plus.repo \ + && dnf clean all \ + && dnf -y install app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md new file mode 100644 index 000000000..9f05ce79f --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md @@ -0,0 +1,56 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported UBI_VERSION's are 7/8/9 +ARG UBI_VERSION=8 + +# Base Image +FROM registry.access.redhat.com/ubi${UBI_VERSION}/ubi + +# Define the ARG again after FROM to use it in this stage +ARG UBI_VERSION + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + PKG_MANAGER=dnf; \ + if [ "${UBI_VERSION}" = "7" ]; then \ + PKG_MANAGER=yum; \ + NGINX_PLUS_REPO="nginx-plus-7.4.repo"; \ + elif [ "${UBI_VERSION}" = "9" ]; then \ + NGINX_PLUS_REPO="plus-${UBI_VERSION}.repo"; \ + else \ + NGINX_PLUS_REPO="nginx-plus-${UBI_VERSION}.repo"; \ + fi \ + && $PKG_MANAGER -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && $PKG_MANAGER clean all \ + && $PKG_MANAGER install -y app-protect-module-plus \ + && $PKG_MANAGER clean all \ + && rm -rf /var/cache/$PKG_MANAGER \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md new file mode 100644 index 000000000..464ba150e --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md @@ -0,0 +1,41 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base Image +FROM rockylinux:9 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && dnf clean all \ + && dnf install -y app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md new file mode 100644 index 000000000..464ba150e --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md @@ -0,0 +1,41 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Base Image +FROM rockylinux:9 + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + dnf -y install wget ca-certificates \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/dependencies.repo \ + && wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/${NGINX_PLUS_REPO} \ + && echo "[app-protect-x-plus]" > /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "name=nginx-app-protect repo" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "baseurl=https://pkgs.nginx.com/app-protect-x-plus/centos/${UBI_VERSION}/\$basearch/" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientcert=/etc/ssl/nginx/nginx-repo.crt" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "sslclientkey=/etc/ssl/nginx/nginx-repo.key" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "gpgcheck=0" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && echo "enabled=1" >> /etc/yum.repos.d/app-protect-${UBI_VERSION}-x-plus.repo \ + && dnf clean all \ + && dnf install -y app-protect-module-plus \ + && dnf clean all \ + && rm -rf /var/cache/dnf \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md new file mode 100644 index 000000000..89a2e7d8b --- /dev/null +++ b/content/includes/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md @@ -0,0 +1,52 @@ +--- +nd-files: +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +```dockerfile +# syntax=docker/dockerfile:1 + +# Supported OS_CODENAME's are: focal/jammy +ARG OS_CODENAME=jammy + +# Base image +FROM ubuntu:${OS_CODENAME} + +# Install NGINX Plus and F5 WAF for NGINX v5 module +RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \ + --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ + apt-get update \ + && apt-get install -y \ + apt-transport-https \ + lsb-release \ + ca-certificates \ + wget \ + gnupg2 \ + ubuntu-keyring \ + && wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | \ + gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null \ + && gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-plus.list \ + && printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ + https://pkgs.nginx.com/app-protect-x-plus/ubuntu `lsb_release -cs` nginx-plus\n" | \ + tee /etc/apt/sources.list.d/nginx-app-protect.list \ + && wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx \ + && apt-get update \ + && DEBIAN_FRONTEND="noninteractive" apt-get install -y app-protect-module-plus \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Expose port +EXPOSE 80 + +# Define stop signal +STOPSIGNAL SIGQUIT + +# Set default command +CMD ["nginx", "-g", "daemon off;"] +``` diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index fae92d527..aa0588d63 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -89,6 +89,10 @@ yum install --downloadonly --downloaddir=/etc/packages/ app-protect Once you've obtained the package files and transferred them to your disconnected environment, you can directly install them or add them to a local repository. +## Configure license reporting for disconnected environments + +By default, NGINX Plus automatically reports license usage to the F5 licensing endpoint, and additional configuration is not required in connected environments. However, manual configuration becomes necessary in disconnected environments. Use NGINX Instance Manager for usage reporting or use a custom path for the license file. Configuration can be done in the [`mgmt {}`](https://nginx.org/en/docs/ngx_mgmt_module.html) block of the NGINX Plus configuration file (`/etc/nginx/nginx.conf`). For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). + ## Download Docker images After pulling or building Docker images in a connected environment, you can save them to `.tar` files: diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 15a77711e..72dd6446e 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -20,7 +20,7 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#Additional subscription credentials needed for deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -44,6 +44,12 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "important" >}} +The provided Dockerfile for NGINX Plus automatically handles placing the JWT license file in `/etc/nginx/` during image build. If you use a custom Dockerfile, you must ensure the JWT license is copied to this location. +{{< /call-out >}} + +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Docker deployment options There are three kinds of Docker deployments available: diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 20adac9b9..472e09f91 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -66,6 +66,8 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Prepare environment variables Set the following environment variables, which point towards your credential files: diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 14e93a6fa..930d720b7 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,7 +23,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Open Source in your deployment. - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com @@ -55,6 +55,8 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. @@ -87,7 +89,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/alpine-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/alpine-plus.md" >}} {{% /tab %}} @@ -105,7 +107,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/amazon-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/amazon-plus.md" >}} {{% /tab %}} @@ -123,7 +125,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/debian-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/debian-plus.md" >}} {{% /tab %}} @@ -141,7 +143,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/oracle-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/oracle-plus.md" >}} {{% /tab %}} @@ -159,7 +161,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rhel8-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel8-plus.md" >}} {{% /tab %}} @@ -177,7 +179,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rhel9-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rhel9-plus.md" >}} {{% /tab %}} @@ -195,7 +197,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/rocky9-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/rocky9-plus.md" >}} {{% /tab %}} @@ -213,7 +215,7 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu {{% tab name="NGINX Plus" %}} -{{< include "/waf/dockerfiles/ubuntu-plus.md" >}} +{{< include "/waf/dockerfiles/nginx-plus-without-jwt-mount/ubuntu-plus.md" >}} {{% /tab %}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3948b158b..280b71f90 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -49,6 +49,8 @@ To use NGINX Plus, you will need to download the the JWT license file associated {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} + ## Platform-specific instructions Navigate to your chosen operating system, which are alphabetically ordered. @@ -215,6 +217,14 @@ sudo apt-get update sudo apt-get install app-protect ``` +## Install NGINX Plus license + +If you have not already copied your NGINX Plus JWT license file to the `/etc/nginx/` directory (for example, if NGINX Plus was installed automatically as a dependency), do so now: + +```shell +sudo cp .jwt /etc/nginx/license.jwt +``` + ## Update configuration files Once you have installed F5 WAF for NGINX, you must load it as a module in the main context of your NGINX configuration. From b70502434f191b5804237c5df56b9744981d36e6 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:00:43 +0000 Subject: [PATCH 45/61] missing kubctl jwt copy location --- content/waf/install/kubernetes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 930d720b7..c8711d4eb 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -57,6 +57,10 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} +{{< call-out "note" >}} +When using the provided values.yaml for Helm, setting the `appprotect.config.nginxJWT` value ensures that your JWT license is automatically copied to `/etc/nginx/license.jwt` inside the NGINX container. No additional manual copying of the file is needed when deploying with the provided YAML configuration. +{{< /call-out >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. From af39f6afd1906217b27a6725a9d3ea77a8a82faa Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:03:07 +0000 Subject: [PATCH 46/61] fixed hyperlink --- content/waf/install/kubernetes-plm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 472e09f91..7b343a87f 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -43,7 +43,7 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#Additional subscription credentials needed for a deployments with NGINX Plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile From 1d6dc86ee6088484a6a80da9851e1d951294ae7d Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 4 Dec 2025 14:17:04 +0000 Subject: [PATCH 47/61] updated shutout for jwt locations for experimental kubectl --- content/waf/install/kubernetes-plm.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 7b343a87f..1684468cd 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -68,6 +68,10 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} +{{< call-out "note" >}} +Setting `appprotect.config.nginxJWT` with the `--set` flag in your Helm command automatically copies the JWT license to `/etc/nginx/license.jwt` inside the NGINX container. No manual JWT file copying or mounting is needed. +{{< /call-out >}} + ## Prepare environment variables Set the following environment variables, which point towards your credential files: From aa33eec9ddf41906c9b27f2328aa25cfd2c20ebc Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:06 +0200 Subject: [PATCH 48/61] Update content/includes/waf/install-build-image.md Co-authored-by: yar --- content/includes/waf/install-build-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index c0ff97ca6..5ab4371ce 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -27,7 +27,7 @@ podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=ngi ``` #### Building an image with NGINX Open Source -To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `` as appropriate: +To build an image for NGINX Open Source, use the following command that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . From a5ad0161237c0478dfa9c179977b319a397a00e1 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:28 +0200 Subject: [PATCH 49/61] Update content/waf/install/virtual-environment.md Co-authored-by: yar --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 280b71f90..857525c31 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -45,7 +45,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From 461a79d7fb8c1c7d475d17d544022b3dfc59f71b Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:24:51 +0200 Subject: [PATCH 50/61] Update content/waf/install/kubernetes.md Co-authored-by: yar --- content/waf/install/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c8711d4eb..269ffeb33 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -47,7 +47,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. From d38bf0aa965509675d16eb73a8ac46f5323cc416 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:13 +0200 Subject: [PATCH 51/61] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 72dd6446e..4223532e6 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -346,7 +346,7 @@ Your folder should contain the following files: - _Dockerfile_ - _custom_log_format.json_ -To build an image, use the following command for system that are not RHEL-based, replacing `` as appropriate: +To build an image, use the following command for a system that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . From 8e3719ec5ee6ae8f09314dcbb07fc36fc620e3fa Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:34 +0200 Subject: [PATCH 52/61] Update content/includes/waf/install-build-image.md Co-authored-by: yar --- content/includes/waf/install-build-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 5ab4371ce..d7e672e49 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -14,7 +14,7 @@ Your folder should contain the following files: - _custom_log_format.json_ #### Building an image with NGINX Plus -To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `` as appropriate: +To build an image for NGINX Plus, use the following command that is not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . From 600178a3cddce2340e8d47b1c990a2b24b93d6c9 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:25:51 +0200 Subject: [PATCH 53/61] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 4223532e6..988386dce 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -41,7 +41,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} {{< call-out "important" >}} From f9a5567bf9be0f51797b20c9c66321d7ee27ee1d Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:07 +0200 Subject: [PATCH 54/61] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 988386dce..7e8f20309 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -512,7 +512,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th #### Download Docker images -[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#configure-docker-for-the-f5-container-registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} From c16cc37ce020049aeefa16a4af241dce7ac07358 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:23 +0200 Subject: [PATCH 55/61] Update content/waf/install/docker.md Co-authored-by: yar --- content/waf/install/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 7e8f20309..5b0cf6f30 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -890,7 +890,7 @@ sudo dnf install app-protect-module-plus #### Download Docker images -[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#configure-docker-for-the-f5-container-registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} From 8769c7b1ca415ca8205fe9171d90139b02894bbd Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:27:39 +0200 Subject: [PATCH 56/61] Update content/waf/install/kubernetes-plm.md Co-authored-by: yar --- content/waf/install/kubernetes-plm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 1684468cd..9e936266e 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -58,7 +58,7 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. From fcc5ec8e4067e892212e5eb9dfd5b8b7fbe173d5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Sun, 7 Dec 2025 08:34:34 +0000 Subject: [PATCH 57/61] removed extra the and fixed hyperlinks --- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/policies/bot-signatures.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 5b0cf6f30..bfc99011c 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -70,7 +70,7 @@ The steps you should follow on this page are dependent on your configuration typ You will need Docker registry credentials to access private-registry.nginx.com for the Multi-container or Hybrid deployment options. -Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: +Create a directory and copy your certificate and key to this directory: ```shell mkdir -p /etc/docker/certs.d/private-registry.nginx.com diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 9e936266e..2bf1ec54f 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -44,7 +44,7 @@ To complete this guide, you will need the following prerequisites: - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#Additional subscription credentials needed for deployments) are needed to access private-registry.nginx.com +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com ## Default security policy and logging profile @@ -1018,7 +1018,7 @@ cd nginx-app-protect kubectl apply -f crds/ ``` -Finish the the process by using `helm upgrade`: +Finish the process by using `helm upgrade`: ```shell helm upgrade . \ diff --git a/content/waf/policies/bot-signatures.md b/content/waf/policies/bot-signatures.md index f661990c9..9662817e8 100644 --- a/content/waf/policies/bot-signatures.md +++ b/content/waf/policies/bot-signatures.md @@ -18,7 +18,7 @@ This feature is enabled by default with the `bot-defense` parameter, and include ## Bot signatures -Bot signature detection works by inspecting the the User-Agent header and URI of a request. +Bot signature detection works by inspecting the User-Agent header and URI of a request. Each detected bot signature belongs to a bot class: search engine signatures such as `googlebot` are under the trusted_bots class, but F5 WAF for NGINX performs additional checks to authenticate a trusted bot. From e26f4a30ac9160634d2e7bed3c65d258f08bb4fc Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 07:17:00 +0000 Subject: [PATCH 58/61] temp --- content/waf/install/docker.md | 6 ++---- content/waf/install/kubernetes.md | 10 ++++------ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index bfc99011c..d82e15f84 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,16 +17,14 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. - An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. -To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. - {{< include "waf/install-selinux-warning.md" >}} ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 269ffeb33..f2dbc39ce 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -19,11 +19,11 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) TODO add reason for it. +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster TODO add reason for it.. +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. - An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your f5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you plan of using NGINX Open Source in your deployment. - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com @@ -33,8 +33,6 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" There is another optional topic to [Add a read-only filesystem for Kubernetes]({{< ref "/waf/configure/kubernetes-read-only.md" >}}) -To review supported operating systems, read the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}) topic. - ## Default security policy and logging profile F5 WAF for NGINX uses built-in default security policy and logging profile after installation. To use custom policies or logging profiles, update your NGINX configuration file accordingly. From 37457ec057cc8427991cd08cfd4db5f4ee794c24 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 09:50:19 +0000 Subject: [PATCH 59/61] added aviv suggestions --- .../download-jwt-ssl-key-from-myf5.md | 12 +++++++++ content/waf/configure/secure-mtls.md | 5 ++-- .../waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 20 ++++++-------- content/waf/install/kubernetes-plm.md | 26 +++++++----------- content/waf/install/kubernetes.md | 27 +++++++------------ content/waf/install/virtual-environment.md | 11 ++------ content/waf/policies/ip-intelligence.md | 4 +-- 8 files changed, 47 insertions(+), 60 deletions(-) create mode 100644 content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md diff --git a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md new file mode 100644 index 000000000..9f54304a3 --- /dev/null +++ b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md @@ -0,0 +1,12 @@ +--- +nd-files: +- content/includes/use-cases/credential-download-instructions.md +- content/waf/configure/compiler.md +- content/waf/install/docker.md +- content/waf/install/kubernetes.md +--- + +1. Log in to [MyF5](https://my.f5.com/manage/s/). +1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions. +1. Find your NGINX subscription, and select the **Subscription ID** for details. +1. Download the **SSL Certificate**, **Private Key** and **JSON Web Token** files from the subscription page. \ No newline at end of file diff --git a/content/waf/configure/secure-mtls.md b/content/waf/configure/secure-mtls.md index bf8d42ce0..978ab82ab 100644 --- a/content/waf/configure/secure-mtls.md +++ b/content/waf/configure/secure-mtls.md @@ -155,7 +155,7 @@ With a [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment {{< /call-out >}} -## Modify Docker compose file +## Modify Docker Compose file {{< call-out "warning" >}} @@ -224,5 +224,4 @@ services: app_protect_bd_config: app_protect_config: app_protect_etc_config: -``` - +``` \ No newline at end of file diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index aa0588d63..db60115e2 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -113,4 +113,4 @@ docker load -i waf-config-mgr.tar docker load -i waf-ip-intelligence.tar ``` -Ensure your Docker compose files use the tagged images you've transferred. \ No newline at end of file +Ensure your Docker Compose files use the tagged images you've transferred. \ No newline at end of file diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index d82e15f84..9233ad5c5 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license file](#additional-subscription-credentials-needed-for-deployments) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. JWT license is not needed when using NGINX Open Source. +- Access to private-registry.nginx.com using [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for pulling images need for deployment when using Multi-container and Hybrid configuration. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -33,14 +32,11 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments +{{< call-out "note" >}} +If you are using NGINX Open Source for your Multi-container or Hybrid configuration, you do not need the JWT license file. +{{< /call-out >}} -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "important" >}} The provided Dockerfile for NGINX Plus automatically handles placing the JWT license file in `/etc/nginx/` during image build. If you use a custom Dockerfile, you must ensure the JWT license is copied to this location. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 2bf1ec54f..27d127a2a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -37,14 +37,12 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- [Helm](https://helm.sh/docs/intro/install/) -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments), and the [JWT license](#additional-subscription-credentials-needed-for-a-deployments-with-nginx-plus) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. +- [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. ## Default security policy and logging profile @@ -52,13 +50,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +{{< call-out "note" >}} +To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. +{{< /call-out >}} {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. @@ -69,7 +63,7 @@ If you are deploying with Helm, you will also need the JWT license for the `dock {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} {{< call-out "note" >}} -Setting `appprotect.config.nginxJWT` with the `--set` flag in your Helm command automatically copies the JWT license to `/etc/nginx/license.jwt` inside the NGINX container. No manual JWT file copying or mounting is needed. +When using the provided values.yaml for Helm, setting the `appprotect.config.nginxJWT` value ensures that your JWT license is automatically copied to `/etc/nginx/license.jwt` inside the NGINX container. No additional manual copying of the file is needed when deploying with the provided YAML configuration. {{< /call-out >}} ## Prepare environment variables diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f2dbc39ce..9ee2e274a 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -19,15 +19,12 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) TODO add reason for it. -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster TODO add reason for it.. -- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running TODO add reason for it. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate and private key file](#general-subscription-credentials-needed-for-deployments) associated with your f5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you plan of using NGINX Open Source in your deployment. - - Download the [SSL certificate, private key, and the JWT license](#additional-subscription-credentials-needed-for-deployments) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) are needed to access private-registry.nginx.com - -You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) (installed and running). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. +- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. +- [Access credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com for pulling deployment images. +- [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -39,13 +36,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - -To use NGINX Plus and access private-registry.nginx.com, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +{{< call-out "note" >}} +To access private-registry.nginx.com, you will need to download the JWT license file even when using NGINX Open Source as a base image. +{{< /call-out >}} {{< call-out "note" >}} If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. @@ -272,7 +265,7 @@ cd nginx-app-protect You will need to edit the `values.yaml` file for a few changes: -- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). +- Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). - Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus) - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 857525c31..cc2f9cce1 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,8 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - - Download the [SSL certificate, private key, and the JWT license](#download-your-subscription-credentials) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. +- Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. Depending on your deployment type, you may have additional requirements: @@ -39,15 +38,9 @@ F5 WAF for NGINX uses built-in default security policy and logging profile after ## Download your subscription credentials -### General subscription credentials needed for deployments - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional subscription credentials needed for deployments - To use NGINX Plus, you will need to download the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} diff --git a/content/waf/policies/ip-intelligence.md b/content/waf/policies/ip-intelligence.md index 566f37711..a020023b7 100644 --- a/content/waf/policies/ip-intelligence.md +++ b/content/waf/policies/ip-intelligence.md @@ -76,7 +76,7 @@ tail -f iprepd.log Once complete, you can now [Configure policies for IP intelligence](#configure-policies-for-ip-intelligence). -### Modify Docker compose file +### Modify Docker Compose file {{< call-out "warning" >}} @@ -84,7 +84,7 @@ This section **only** applies to installations using Docker. {{< /call-out >}} -IP intelligence has its own Docker container, which can be added to an existing Docker compose file for deployment. +IP intelligence has its own Docker container, which can be added to an existing Docker Compose file for deployment. First, create the required directory: From 92c38a1fc3a864c250f9e17d908e459720fe65e4 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 10:07:21 +0000 Subject: [PATCH 60/61] updated hyperlinks --- .../licensing-and-reporting/download-jwt-ssl-key-from-myf5.md | 4 ++-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md index 9f54304a3..02fede65a 100644 --- a/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md +++ b/content/includes/licensing-and-reporting/download-jwt-ssl-key-from-myf5.md @@ -1,9 +1,9 @@ --- nd-files: -- content/includes/use-cases/credential-download-instructions.md -- content/waf/configure/compiler.md - content/waf/install/docker.md - content/waf/install/kubernetes.md +- content/waf/install/kubernetes-plm.md +- content/waf/install/virtual-environment.md --- 1. Log in to [MyF5](https://my.f5.com/manage/s/). diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 27d127a2a..0164ea059 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -58,7 +58,7 @@ To access private-registry.nginx.com, you will need to download the JWT license If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< /call-out >}} -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 9ee2e274a..243d4b3bb 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -44,7 +44,7 @@ To access private-registry.nginx.com, you will need to download the JWT license If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< /call-out >}} -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} +{{< include "licensing-and-reporting/download-jwt-ssl-key-from-myf5.md" >}} {{< call-out "note" >}} Starting from [NGINX Plus Release 33]({{< ref "nginx/releases.md#r33" >}}), a JWT file is required for each NGINX Plus instance. For more information, see [About Subscription Licenses]({{< ref "/solutions/about-subscription-licenses.md">}}). {{< /call-out >}} From 17c50e7e2b20796cbb610ddf77e9cbcdf337aec0 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 8 Dec 2025 10:21:24 +0000 Subject: [PATCH 61/61] updated hyperlinks --- content/waf/install/docker.md | 3 +-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 9233ad5c5..382cf6ecd 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -19,8 +19,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. JWT license is not needed when using NGINX Open Source. -- Access to private-registry.nginx.com using [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for pulling images need for deployment when using Multi-container and Hybrid configuration. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images for Multi-container and Hybrid configurations. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 0164ea059..49f9263b4 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker Compose) installed and running, for pulling and managing container images. - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. ## Default security policy and logging profile diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 243d4b3bb..5ede12007 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -23,7 +23,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker registry credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com, required to pull images - Ensure you have an active F5 WAF for NGINX subscription (purchased or trial) and have downloaded the associated [SSL certificate, private key, and JWT license](#download-your-subscription-credentials) file from the MyF5 Customer Portal. -- [Access credentials](#additional-subscription-credentials-needed-for-deployments) for private-registry.nginx.com for pulling deployment images. +- [Docker registry credentials](#download-your-subscription-credentials) for private-registry.nginx.com, required to pull images - [Helm](https://helm.sh/docs/intro/install/) installed, required for deployment. You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.