nginx
diff --git a/‎.github/CODEOWNERS
Lines changed: 4 additions & 0 deletions b/‎.github/CODEOWNERS
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/labeler.yml
Lines changed: 122 additions & 0 deletions b/‎.github/labeler.yml
Lines changed: 122 additions & 0 deletions
diff --git a/‎.github/workflows/labeler.yml
Lines changed: 17 additions & 0 deletions b/‎.github/workflows/labeler.yml
Lines changed: 17 additions & 0 deletions
diff --git a/‎.github/workflows/linkchecker.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/linkchecker.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ossf_scorecard.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ossf_scorecard.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎CONTRIBUTING_DOCS.md
Lines changed: 20 additions & 1 deletion b/‎CONTRIBUTING_DOCS.md
Lines changed: 20 additions & 1 deletion
diff --git a/‎archetypes/concept.md
Lines changed: 1 addition & 3 deletions b/‎archetypes/concept.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎archetypes/default.md
Lines changed: 1 addition & 3 deletions b/‎archetypes/default.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎archetypes/tutorial.md
Lines changed: 1 addition & 3 deletions b/‎archetypes/tutorial.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/includes/security/rbac-intro.md
Lines changed: 9 additions & 0 deletions b/‎content/includes/security/rbac-intro.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎content/nginx-one/getting-started.md
Lines changed: 14 additions & 14 deletions b/‎content/nginx-one/getting-started.md
Lines changed: 14 additions & 14 deletions
diff --git a/‎content/nginx-one/rbac/_index.md
Lines changed: 6 additions & 0 deletions b/‎content/nginx-one/rbac/_index.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎content/nginx-one/rbac/overview.md
Lines changed: 13 additions & 0 deletions b/‎content/nginx-one/rbac/overview.md
Lines changed: 13 additions & 0 deletions
@@ -29,6 +29,10 @@ content/nap-dos/*           @nginx/dos-docs-approvers
 content/nap-waf/*           @nginx/nap-docs-approvers
 data/nap-waf/*              @nginx/nap-docs-approvers
 
+# NGINXaaS for Azure 
+content/nginxaas-azure/*          @nginx/n4a-docs
+content/includes/nginxaas-azure/* @nginx/n4a-docs
+
 # NGINX Gateway Fabric
 content/ngf/*               @nginx/nginx-gateway-fabric
 content/includes/ngf/*      @nginx/nginx-gateway-fabric
 
@@ -0,0 +1,122 @@
+# Label PRs based on modified file paths (v5 format)
+# https://github.com/actions/labeler
+
+# General documentation
+
+documentation:
+  - changed-files:
+    - any-glob-to-any-file:
+      - 'content/**'
+      - 'assets/**'
+      - 'static/**'
+      - 'data/**'
+
+# Product labels
+
+product/agent:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/agent/**'
+          - 'content/includes/agent/**'
+
+product/amplify:
+  - changed-files:
+      - any-glob-to-any-file: 'content/amplify/**'
+
+product/controller:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/controller/**'
+          - 'content/includes/controller/**'
+
+product/mesh:
+  - changed-files:
+      - any-glob-to-any-file: 'content/mesh/**'
+
+product/modsec-waf:
+  - changed-files:
+      - any-glob-to-any-file: 'content/modsec-waf/**'
+
+product/nap-dos:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nap-dos/**'
+          - 'content/includes/nap-dos/**'
+
+product/nap-waf:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nap-waf/**'
+          - 'content/includes/nap-waf/**'
+
+product/ngf:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/ngf/**'
+          - 'content/includes/ngf/**'
+
+product/nginx-plus:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nginx/**'
+          - 'content/includes/nginx-plus/**'
+
+product/nginx-one:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nginx-one/**'
+          - 'content/includes/nginx-one/**'
+
+product/nginxaas:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nginxaas-azure/**'
+          - 'content/includes/nginxaas-azure/**'
+
+product/nim:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nim/**'
+          - 'content/includes/nim/**'
+
+product/nms:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/nms/**'
+          - 'content/includes/nms/**'
+
+product/unit:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'content/unit/**'
+          - 'content/includes/unit/**'
+
+# Other labels
+
+process documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'templates/**'
+          - '*.md'
+          - 'LICENSE'
+
+tooling:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'layouts/**'
+          - '.github/**'
+          - '.cloudcannon/**'
+          - 'styles/**'
+          - 'layouts/**'
+          - 'config/**'
+          - 'archetypes/**'
+          - '*.yml'
+          - '*.yaml'
+          - '*.json'
+          - '*.ts'
+          - '*.sh'
+          - '*.js'
+          - 'Makefile'
+          - '.vale.ini'
+          - '.gitignore'
+          - '.gitattributes'
@@ -0,0 +1,17 @@
+name: PR Labeler
+
+on:
+- pull_request_target
+
+permissions:
+  contents: read  # Required to read the labeler.yml file
+  pull-requests: write  # Required to apply labels to PRs
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Apply labels based on file paths
+        uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -104,7 +104,7 @@ jobs:
       # Run LinkChecker
       - name: Run LinkChecker on ${{ matrix.doc_paths }}
         continue-on-error: ${{ env.isProduction != 'true' }}
-        uses: nick-fields/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+        uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
         with:
           timeout_minutes: 10
           max_attempts: 3
 
@@ -56,6 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload SARIF results to code scanning
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
         with:
           sarif_file: results.sarif
@@ -64,7 +64,7 @@ We have templates for the following types of documentation:
 
 ## How to format docs
 
-### Basic markdown formatting
+### Basic Markdown formatting
 
 There are multiple ways to format text: for consistency and clarity, these are our conventions:
 
@@ -152,6 +152,25 @@ Here are some other shortcodes:
 - `readfile`: Include the content of another file in the current file, which can be in an arbitrary location.
 - `bootstrap-table`: formats a table using Bootstrap classes; accepts any bootstrap table classes as additional arguments, e.g. `{{< bootstrap-table "table-bordered table-hover" }}`
 
+### How to use Hugo includes
+
+As mentioned above, [Hugo includes](https://gohugo.io/contribute/documentation/#include) are a custom shortcode that allows you to reference reusable content stored in the [`/content/includes` directory](https://github.com/nginx/documentation/tree/main/content/includes).
+
+For example, if the [`controller/add-existing-instance.md`](https://github.com/nginx/documentation/blob/main/content/includes/controller/add-existing-instance.md) file contains instructions on adding an instance to the NGINX Controller, you can reuse it on multiple pages by adding:
+
+```md
+{{< include "controller/add-existing-instance.md" >}}
+```
+
+The `controller/add-existing-instance.md` file is included in the following pages on the NGINX Docs Site:
+
+- [Add an NGINX App Protect Instance](https://github.com/nginx/documentation/blob/main/content/controller/infrastructure/instances/add-nap-instance.md?plain=1#L35)
+- [Manage Your NGINX Instances](https://github.com/nginx/documentation/blob/main/content/controller/infrastructure/instances/manage-instances.md?plain=1#L29)
+- [Trial NGINX Controller with NGINX Plus](https://github.com/nginx/documentation/blob/main/content/controller/admin-guides/install/try-nginx-controller.md?plain=1#L277)
+- [Trial NGINX Controller with App Security](https://github.com/nginx/documentation/blob/main/content/controller/admin-guides/install/try-nginx-controller-app-sec.md?plain=1#L290)
+
+This ensures that content is defined once and referenced in multiple places without duplication.
+
 ## Linting
 
 To run the markdownlint check, run the following command, which uses the .markdownlint.yaml file to specify rules. For `<content>`, specify the path to your Markdown files:
 
@@ -10,8 +10,6 @@ type: concept
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
 product:
-# Intended for internal catalogue
-docs: "DOCS-000"
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."
@@ -71,4 +69,4 @@ Starting from the <top/left> of the diagram, you can see that <thing> is connect
 
 ## See also
 
-[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
+[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
@@ -10,8 +10,6 @@ type: how-to
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
 product:
-# Intended for internal catalogue
-docs: "DOCS-000"
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."
@@ -87,4 +85,4 @@ To complete this guide, you will need the following prerequisites:
 
 ## See also
 
-[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
+[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
@@ -10,8 +10,6 @@ type: tutorial
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
 product:
-# Intended for internal catalogue
-docs: "DOCS-000"
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."
@@ -119,4 +117,4 @@ To verify the creation of <component>, you can also inspect information about it
 
 ## See also
 
-[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
+[//]: # "Link to related documents, such as concepts, reference material or similar use cases."
@@ -0,0 +1,9 @@
+---
+files:
+  - content/nginx-one/rbac/overview.md
+  - content/nim/admin-guide/rbac/overview-rbac.md
+docs: DOCS-000
+---
+Role-based access control (RBAC) is a security system that governs access to resources within a software application. By assigning specific roles to users or groups, RBAC ensures that only authorized individuals have the ability to perform certain actions or access particular areas.
+
+The value of RBAC lies in its ability to provide clear and structured control over what users can see and do. This makes it easier to maintain security, streamline user management, and ensure compliance with internal policies or regulations. By giving users only the permissions they need to fulfill their roles, RBAC reduces the risk of unauthorized access and fosters a more efficient and secure operating environment.
@@ -7,26 +7,26 @@ product: NGINX One
 docs: DOCS-1393
 ---
 
-This guide provides step-by-step instructions on how to activate and start using the F5 NGINX One Console. NGINX One is a management console for monitoring and managing NGINX data plane instances.
+This guide provides step-by-step instructions on how to activate and start using F5 NGINX One Console. NGINX One is a management console for monitoring and managing NGINX data plane instances.
 
 ## Enable the NGINX One service {#enable-nginx-one}
 
 To get started using NGINX One, enable the service on F5 Distributed Cloud.
 
-1. Log in to the [F5 Distributed Console](https://www.f5.com/cloud/products/distributed-cloud-console).
+1. Log in to [F5 Distributed Console](https://www.f5.com/cloud/products/distributed-cloud-console).
 1. Select **NGINX One** from the list of services.
 1. Select **Enable Service**.
-1. After the service has been enabled, select **Visit Service** to load the NGINX One console.
+1. After the service has been enabled, select **Visit Service** to load NGINX One Console.
 
 ---
 
 ## Add your NGINX instances to NGINX One
 
-Next, add your NGINX instances to NGINX One. You'll need to create a data plane key and then install the NGINX Agent on each instance you want to monitor.
+Next, add your NGINX instances to NGINX One. You'll need to create a data plane key and then install NGINX Agent on each instance you want to monitor.
 
 ### Add an instance
 
-Depending on whether this is your first time using the NGINX One console or you've used it before, follow the appropriate steps to add an instance:
+Depending on whether this is your first time using NGINX One Console or you've used it before, follow the appropriate steps to add an instance:
 
 - **For first-time users:** On the welcome screen, select **Add Instance**.
 - **For returning users:** If you've added instances previously and want to add more, select **Instances** on the left menu, then select **Add Instance**.
@@ -51,17 +51,17 @@ Data plane keys expire after one year. You can change this expiration date later
 
 ### Install NGINX Agent
 
-After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install the NGINX Agent. Once installed, the NGINX Agent typically registers with NGINX One within a few seconds.
+After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install NGINX Agent. Once installed, NGINX Agent typically registers with NGINX One within a few seconds.
 
 {{<call-out "important" "Connecting to NGINX One" >}}
-The NGINX Agent must be able to establish a connection to the NGINX One Console's Agent endpoint (`agent.connect.nginx.com`). Ensure that any firewall rules you have in place for your NGINX hosts allows network traffic to port `443` for all of the following IPs:
+NGINX Agent must be able to establish a connection to NGINX One Console's Agent endpoint (`agent.connect.nginx.com`). Ensure that any firewall rules you have in place for your NGINX hosts allows network traffic to port `443` for all of the following IPs:
 
 - `3.135.72.139`
 - `3.133.232.50`
 - `52.14.85.249`
 {{</call-out>}}
 
-To install the NGINX Agent on an NGINX instance:
+To install NGINX Agent on an NGINX instance:
 
 1. **Check if NGINX is running and start it if it's not:**
 
@@ -79,7 +79,7 @@ To install the NGINX Agent on an NGINX instance:
 
 2. **Install NGINX Agent:**
 
-    Next, use the `curl` command provided to you to install the NGINX Agent:
+    Next, use the `curl` command provided to you to install NGINX Agent:
 
     ``` shell
     curl https://agent.connect.nginx.com/nginx-agent/install | DATA_PLANE_KEY="YOUR_DATA_PLANE_KEY" sh -s -- -y
@@ -105,11 +105,11 @@ If you followed the [Installation and upgrade](https://docs.nginx.com/nginx-agen
 
 <span style="display: inline-block; margin-top: 20px;" >
 
-{{<call-out "note" "Note: NGINX Agent poll interval" >}} We recommend keeping `dataplane.status.poll_interval` between `30s` and `60s` in the NGINX Agent config (`/etc/nginx-agent/nginx-agent.conf`). If the interval is set above `60s`, the NGINX One Console may report incorrect instance statuses.{{</call-out>}}
+{{<call-out "note" "Note: NGINX Agent poll interval" >}} We recommend keeping `dataplane.status.poll_interval` between `30s` and `60s` in the NGINX Agent config (`/etc/nginx-agent/nginx-agent.conf`). If the interval is set above `60s`, NGINX One Console may report incorrect instance statuses.{{</call-out>}}
 
 <br>
 
-<i class="fa fa-check-circle" aria-hidden="true"></i> Make sure your Linux operating system is listed below. The installation script for the NGINX Agent is compatible with these distributions and versions.
+<i class="fa fa-check-circle" aria-hidden="true"></i> Make sure your Linux operating system is listed below. The installation script for NGINX Agent is compatible with these distributions and versions.
 
 #### NGINX Agent installation script: supported distributions
 
@@ -136,7 +136,7 @@ If you followed the [Installation and upgrade](https://docs.nginx.com/nginx-agen
 
 ## Enable NGINX metrics reporting
 
-In order for the NGINX One console to show specific traffic and system metrics, you need to enable the appropriate API on your NGINX data plane instances. The sections below provide step-by-step instructions for both NGINX Plus and NGINX Open Source (OSS).
+In order for NGINX One Console to show specific traffic and system metrics, you need to enable the appropriate API on your NGINX data plane instances. The sections below provide step-by-step instructions for both NGINX Plus and NGINX Open Source (OSS).
 
 ### Enable NGINX Plus API
 
@@ -154,7 +154,7 @@ After connecting your NGINX instances to NGINX One, you can monitor their perfor
 
 ### Log in to NGINX One
 
-1. Log in to the [F5 Distributed Console](https://www.f5.com/cloud/products/distributed-cloud-console).
+1. Log in to [F5 Distributed Console](https://www.f5.com/cloud/products/distributed-cloud-console).
 1. Select **NGINX One > Visit Service**.
 
 ### Overview of the NGINX One dashboard
@@ -172,7 +172,7 @@ Navigating the dashboard:
 **NGINX One dashboard metrics**
 | Metric | Description | Details |
 |---|---|---|
-| <i class="fas fa-heartbeat"></i> **Instance availability** | Understand the operational status of your NGINX instances. | - **Online**: The NGINX instance is actively connected and functioning properly. <br> - **Offline**: The NGINX Agent is connected but the NGINX instance isn't running, isn't installed, or can't communicate with the NGINX Agent. <br> - **Unavailable**: The connection between the NGINX Agent and NGINX One has been lost or the instance has been decommissioned. <br> - **Unknown**: The current state can't be determined at the moment. |
+| <i class="fas fa-heartbeat"></i> **Instance availability** | Understand the operational status of your NGINX instances. | - **Online**: The NGINX instance is actively connected and functioning properly. <br> - **Offline**: NGINX Agent is connected but the NGINX instance isn't running, isn't installed, or can't communicate with NGINX Agent. <br> - **Unavailable**: The connection between NGINX Agent and NGINX One has been lost or the instance has been decommissioned. <br> - **Unknown**: The current state can't be determined at the moment. |
 | <i class="fas fa-code-branch"></i> **NGINX versions by instance** | See which NGINX versions are in use across your instances. | |
 | <i class="fas fa-desktop"></i> **Operating systems** | Find out which operating systems your instances are running on. | |
 | <i class="fas fa-certificate"></i> **Certificates** | Monitor the status of your SSL certificates to know which are expiring soon and which are still valid. | |
 
@@ -0,0 +1,6 @@
+---
+title: Role-based access control
+description:
+weight: 300
+url: /nginx-one/rbac
+---
@@ -0,0 +1,13 @@
+---
+title: "Role-based access control overview"
+weight: 400
+toc: true
+type: reference
+product: NGINX One
+docs: DOCS-000
+---
+
+{{< include "security/rbac-intro.md" >}}
+
+The NGINX One Console uses the **[F5 Distributed Cloud User Management](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt)** system for access controls and user permissions.
+General information can be found on the User Management documentation for **[F5 Distributed Cloud](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt)**. This document provides guidance and reference material for utilizing those features to grant and restrict access within the NGINX One Console.