Merge branch 'main' into ngf-release-2.0

Author: ADubhlaoich

archetypes/concept.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: concept
+nd-content-type: concept
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

archetypes/default.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: how-to
+nd-content-type: how-to
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

archetypes/tutorial.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: tutorial
+nd-content-type: tutorial
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

content/includes/agent/installation/install-agent-api.md

@@ -1,74 +1,75 @@
-**Note**: To complete this step, make sure that `gpg` is installed on your system. You can install NGINX Agent using various command-line tools like `curl` or `wget`. If your NGINX Instance Manager host is not set up with valid TLS certificates, you can use the insecure flags provided by those tools. See the following examples:
+---
+docs: DOCS-1031
+files:
+  - content/nim/nginx-app-protect/setup-waf-config-management.md
+---
+
+{{<note>}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{</note>}}
+
+If your NGINX Instance Manager host doesn't use valid TLS certificates, you can use the insecure flags to bypass verification. Here are some example commands:
 
 {{<tabs name="install-agent-api">}}
 
 {{%tab name="curl"%}}
 
-- Secure:
+- **Secure:**
 
   ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent | sudo sh
+  curl https://<NIM_FQDN>/install/nginx-agent | sudo sh
   ```
 
-- Insecure:
+- **Insecure:**
 
   ```bash
-  curl --insecure https://<NMS_FQDN>/install/nginx-agent | sudo sh
+  curl --insecure https://<NIM_FQDN>/install/nginx-agent | sudo sh
   ```
 
-  You can add your NGINX instance to an existing instance group or create one using `--instance-group` or `-g` flag when installing NGINX Agent.
-
-  The following example shows how to download and run the script with the optional `--instance-group` flag adding the NGINX instance to the instance group **my-instance-group**:
-
-  ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent > install.sh; chmod u+x install.sh
-  sudo ./install.sh --instance-group my-instance-group
-  ```
+To add the instance to a specific instance group during installation, use the `--instance-group` (or `-g`) flag:
 
-  By default, the install script attempts to use a secure connection when downloading packages. If, however, the script cannot create a secure connection, it uses an insecure connection instead and logs the following warning message:
+```shell
+curl https://<NIM_FQDN>/install/nginx-agent -o install.sh
+chmod u+x install.sh
+sudo ./install.sh --instance-group <instance group>
+```
 
-  ``` text
-  Warning: An insecure connection will be used during this nginx-agent installation
-  ```
+By default, the install script uses a secure connection to download packages. If it can’t establish one, it falls back to an insecure connection and logs this message:
 
-  To require a secure connection, you can set the optional flag `skip-verify` to `false`.
+```text
+Warning: An insecure connection will be used during this nginx-agent installation
+```
 
-  The following example shows how to download and run the script with an enforced secure connection:
+To enforce a secure connection, set the `--skip-verify` flag to false:
 
-  ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent > install.sh chmod u+x install.sh; chmod u+x install.sh
-  sudo sh ./install.sh --skip-verify false
-  ```
+```shell
+curl https://<NIM_FQDN>/install/nginx-agent -o install.sh
+chmod u+x install.sh
+sudo ./install.sh --skip-verify false
+```
 
 {{%/tab%}}
 
 {{%tab name="wget"%}}
 
+- **Secure:**
 
-- Secure:
-
-  ```bash
-  wget https://<NMS_FQDN>/install/nginx-agent -O - | sudo sh -s --skip-verify false
+  ```shell
+  wget https://<NIM_FQDN>/install/nginx-agent -O - | sudo sh -s --skip-verify false
   ```
 
-- Insecure:
+- **Insecure:**
 
-  ```bash
-  wget --no-check-certificate https://<NMS_FQDN>/install/nginx-agent -O - | sudo sh
+  ```shell
+  wget --no-check-certificate https://<NIM_FQDN>/install/nginx-agent -O - | sudo sh
   ```
 
-   When you install the NGINX Agent, you can use the  `--instance-group` or `-g` flag to add your NGINX instance to an existing instance group or to a new group that you specify.
-
-   The following example downloads and runs the NGINX Agent install script with the optional `--instance-group` flag, adding the NGINX instance to the instance group **my-instance-group**:
-
-   ```bash
-   wget https://gnms1.npi.f5net.com/install/nginx-agent -O install.sh ; chmod u+x install.sh
-   sudo ./install.sh --instance-group my-instance-group
-   ```
+To add your instance to a group during installation, use the `--instance-group` (or `-g`) flag:
 
+```shell
+wget https://<NIM_FQDN>/install/nginx-agent -O install.sh
+chmod u+x install.sh
+sudo ./install.sh --instance-group <instance group>
+```
 
 {{%/tab%}}
-{{</tabs>}}
 
-<!-- Do not remove. Keep this code at the bottom of the include -->
-<!-- DOCS-1031 -->
+{{</tabs>}}

content/includes/licensing-and-reporting/apply-jwt.md

@@ -1,11 +1,21 @@
 ---
 docs:
+file:
+  - content/solutions/about-subscription-licenses.md
+  - content/nap-waf/v5/admin-guide/install.md
 ---
 
 1. Copy the license file to `/etc/nginx/license.jwt` on Linux or `/usr/local/etc/nginx/license.jwt` on FreeBSD for each NGINX Plus instance.
+2. Reload NGINX:
 
-1. **SELinux**: If you're running a Linux distribution with SELinux enabled, set the file security context type with the following command:
-
-   ```bash
-   chcon -t httpd_config_t /etc/nginx/license.jwt
+   ```shell
+   systemctl reload nginx
    ```
+
+**If SELinux is enabled**: 
+
+Set the correct file context so NGINX can read the license:
+
+```shell
+chcon -t httpd_config_t /etc/nginx/license.jwt
+```

content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md

@@ -17,5 +17,5 @@ docs:
 3. Reload NGINX:
 
     ``` bash
-    nginx -s reload
+    systemctl reload nginx
     ```

content/includes/nap-waf/build-nginx-image-cmd.md

@@ -10,7 +10,7 @@ To build the image, execute the following command in the directory containing th
 
 
 ```shell
-sudo docker build --no-cache \
+sudo docker build --no-cache --platform linux/amd64 \
   --secret id=nginx-crt,src=nginx-repo.crt \
   --secret id=nginx-key,src=nginx-repo.key \
   -t nginx-app-protect-5 .

content/includes/nim/nap-waf/restart-nms-integrations.md

@@ -0,0 +1,11 @@
+---
+docs: DOCS-000
+files:
+  - content/nim/nginx-app-protect/setup-waf-config-management.md
+---
+
+Restart the `nms-integrations` service:
+
+```shell
+sudo systemctl restart nms-integrations
+```

content/nap-dos/deployment-guide/learn-about-deployment.md

@@ -1405,7 +1405,7 @@ You need root permissions to execute the following steps.
 6. Create a Docker image:
 
     ```shell
-    docker build --no-cache -t app-protect-dos .
+    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
     ```
 
     The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.
@@ -1707,7 +1707,7 @@ RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-cert
 RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 
 # Add NGINX Plus and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg]https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
+RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
 RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
 
 # Download the apt configuration to `/etc/apt/apt.conf.d`:
@@ -1966,13 +1966,13 @@ Make sure to replace upstream and proxy pass directives in this example with rel
     For CentOS:
 
     ```shell
-    docker build --no-cache -t app-protect-dos .
+    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
     ```
 
     For RHEL:
 
     ```shell
-    docker build --build-arg RHEL_ORGANIZATION=${RHEL_ORGANIZATION} --build-arg RHEL_ACTIVATION_KEY=${RHEL_ACTIVATION_KEY} --no-cache -t app-protect-dos .
+    docker build --platform linux/amd64 --build-arg RHEL_ORGANIZATION=${RHEL_ORGANIZATION} --build-arg RHEL_ACTIVATION_KEY=${RHEL_ACTIVATION_KEY} --no-cache -t app-protect-dos .
     ```
 
     The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.

content/nap-waf/v4/admin-guide/install.md

@@ -939,7 +939,7 @@ If a user other than **nginx** is to be used, note the following:
     - For Oracle Linux/Debian/Ubuntu/Alpine/Amazon Linux:
 
         ```shell
-        DOCKER_BUILDKIT=1 docker build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect .
+        DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect .
         ```
 
         The `DOCKER_BUILDKIT=1` enables `docker build` to recognize the `--secret` flag which allows the user to pass secret information to be used in the Dockerfile for building docker images in a safe way that will not end up stored in the final image. This is a recommended practice for the handling of the certificate and private key for NGINX repository access (`nginx-repo.crt` and `nginx-repo.key` files). More information [here](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret).
@@ -1289,7 +1289,7 @@ You need root permissions to execute the following steps.
     - For Oracle Linux/Debian/Ubuntu/Alpine/Amazon Linux:
 
         ```shell
-        DOCKER_BUILDKIT=1 docker build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect-converter .
+        DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect-converter .
         ```
 
         The `DOCKER_BUILDKIT=1` enables `docker build` to recognize the `--secret` flag which allows the user to pass secret information to be used in the Dockerfile for building docker images in a safe way that will not end up stored in the final image. This is a recommended practice for the handling of the certificate and private key for NGINX repository access (`nginx-repo.crt` and `nginx-repo.key` files). More information [here](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret).

content/nap-waf/v5/admin-guide/compiler.md

@@ -98,7 +98,7 @@ curl -s https://private-registry.nginx.com/v2/nap/waf-compiler/tags/list --key <
     Run the command below to build your image, where `waf-compiler-<version-tag>:custom` is an example of the image tag:
 
     ```shell
-    sudo docker build --no-cache \
+    sudo docker build --no-cache --platform linux/amd64 \
     --secret id=nginx-crt,src=nginx-repo.crt \
     --secret id=nginx-key,src=nginx-repo.key \
     -t waf-compiler-<version-tag>:custom .

content/nap-waf/v5/admin-guide/overview.md

@@ -13,7 +13,7 @@ F5 NGINX App Protect WAF v5, designed for NGINX Open Source and NGINX Plus envir
 
 ### Key Advantages
 
-- Ability to work with NGINX Open Source in addition to NGINX Plus.
+- Ability to work with NGINX Open Source as well as NGINX Plus.
 - Scalable architecture, ideal for both small and large-scale deployments.
 - Seamless integration with existing DevOps and SecOps workflows.
 
@@ -44,7 +44,7 @@ NGINX App Protect WAF v5 supports the following operating systems:
 
 ## Deployment Types
 
-NGINX App Protect WAF v5 supports a range of deployment scenarios to meet various operational needs:
+NGINX App Protect WAF v5 supports a range of use cases to meet various operational needs:
 
 1. [Docker Compose Deployment]({{< ref "/nap-waf/v5/admin-guide/deploy-on-docker.md" >}})
    - Deploys both NGINX and WAF components within containers.
@@ -55,8 +55,8 @@ NGINX App Protect WAF v5 supports a range of deployment scenarios to meet variou
    - Ideal for scalable, cloud-native environments.
 
 3. [NGINX on Host/VM with Containerized WAF]({{< ref "/nap-waf/v5/admin-guide/install.md" >}})
-   - NGINX is operated directly on the host system or a virtual machine, with WAF components deployed in containers.
-   - Perfect for situations where NGINX is already in use on host systems, allowing for the addition of WAF components without disrupting the existing NGINX setup.
+   - NGINX operates on the host system or a virtual machine. WAF components are deployed in containers.
+   - Perfect for situations where NGINX is already in use on host systems. Addition of WAF components will not disrupt the existing NGINX setup.
 
 ## NGINX App Protect WAF Compiler
 
@@ -70,41 +70,41 @@ For signature updates, read the [Update App Protect Signatures]({{< ref "/nap-wa
 
 ## Transitioning from NGINX App Protect WAF v4 to v5
 
-Upgrading directly from v4 to v5 is not supported due to architectural changes in NGINX App Protect WAF v5.
+Upgrading from v4 to v5 is not supported due to architectural changes in NGINX App Protect WAF v5.
 
 {{< note >}}
-We recommend that you deploy the NGINX App Protect WAF v5 in a staging environment.  Only after you compile policies with WAF compiler and test the enforcement should you transfer the traffic from the v4 to v5. This keeps the v4 deployment for backup.
+We recommend that you deploy the NGINX App Protect WAF v5 in a staging environment.  Compile policies with WAF compiler and test the enforcement before you transfer the traffic from the v4 to v5. This keeps the v4 deployment for backup.
 {{< /note >}}
 
-1. Back up your NGINX App Protect WAF configuration files, such as NGINX configurations, JSON policies, logging profiles, user-defined signatures, and global settings.
+1. Back up your NGINX App Protect WAF configuration files. These include NGINX configurations, JSON policies, logging profiles, user-defined signatures, and global settings.
 
-1. Install NGINX App Protect WAF 5 (using either nginx OSS or nginx-plus based on the need of customer's application).
+2. Install NGINX App Protect WAF 5. Use either nginx OSS or nginx-plus based on the need of customer's application.
    - [Installing NGINX App Protect WAF]({{<ref "/nap-waf/v5/admin-guide/install.md">}})
    - [Deploying NGINX App Protect WAF on Docker]({{<ref "/nap-waf/v5/admin-guide/deploy-on-docker.md">}})
    - [Deploying NGINX App Protect WAF on Kubernetes]({{<ref "/nap-waf/v5/admin-guide/deploy-with-helm.md">}})
 
-1. Compile your `.json` policies and logging profiles to `.tgz` bundles using [compiler-image]({{<ref "/nap-waf/v5/admin-guide/compiler.md">}}) because NGINX App Protect WAF v5 supports policies and logging profiles in a compiled bundle format only.
+3. Compile your `.json` policies and logging profiles to `.tgz` bundles using [compiler-image]({{<ref "/nap-waf/v5/admin-guide/compiler.md">}}). NGINX App Protect WAF v5 supports policies and logging profiles in a compiled bundle format only.
 
    {{< note >}}
-   If you were previously using a default [logging profile]({{<ref "/nap-waf/v5/admin-guide/deploy-on-docker.md#using-policy-and-logging-profile-bundles">}}) JSON like `/opt/app_protect/share/defaults/log_all.json`, you can replace it with the default constant such as `log_all`, and then you will not need to explicitly compile the logging profile into a bundle.
+   If you were previously using a default [logging profile]({{<ref "/nap-waf/v5/admin-guide/deploy-on-docker.md#using-policy-and-logging-profile-bundles">}}) JSON like `/opt/app_protect/share/defaults/log_all.json`, you can replace it with the default constant such as `log_all`, and then you will not need to compile the logging profile into a bundle.
 
    ```nginx
    app_protect_security_log log_all /log_volume/security.log;
    ```
 
    {{< /note >}}
 
-1. Replace the `.json` references in nginx.conf with the above created `.tgz` [bundles]({{<ref "/nap-waf/v5/admin-guide/install.md#using-policy-and-logging-profile-bundles">}}).
+4. Replace the `.json` references in nginx.conf with the above created `.tgz` [bundles]({{<ref "/nap-waf/v5/admin-guide/install.md#using-policy-and-logging-profile-bundles">}}).
 
-1. Make sure that `.tgz` bundles references are accessible to the `waf-config-mgr` container.
+5. Make sure that `.tgz` bundles references are accessible to the `waf-config-mgr` container.
 
-1. Restart the deployment if it has already been initiated. Additionally, restart NGINX if utilizing the VM + containers deployment type.  After the migrations, check that the NGINX process is running in the NGINX error log and there are no issues.
+6. Restart the deployment if it has already initiated. Additionally, restart NGINX if utilizing the VM + containers deployment type.  After the migrations, check that the NGINX process is running in the NGINX error log and there are no issues.
 
 
 ---
 
 ## Troubleshooting and FAQs
 
-See common deployment challenges and solutions to ensure a smooth setup process in the [Troubleshooting Guide]({{< ref "/nap-waf/v5/troubleshooting-guide/troubleshooting.md#nginx-app-protect-5" >}}).
+Review the [Troubleshooting Guide]({{< ref "/nap-waf/v5/troubleshooting-guide/troubleshooting.md#nginx-app-protect-5" >}}) for common deployment challenges and solutions to ensure a smooth setup process.
 
 Docker images for NGINX App Protect WAF v5 are built using Ubuntu 22.04 (Jammy) binaries.