From 8c547970e4dde15349afbf67befc9a4c73a81b72 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 13:37:10 +0000 Subject: [PATCH 01/37] docs: add missing prerequisite for installation --- content/waf/install/virtual-environment.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4b01e1634..7a8867105 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,13 +23,11 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Open Source]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-open-source.md" >}}) or [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: -- [Docker](https://docs.docker.com/get-started/get-docker/) is required for NGINX Open Source or NGINX Plus type deployments. - You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} From 9295d785233da258ede88560c8a6bc7ec04e8c93 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 25 Nov 2025 15:15:36 +0000 Subject: [PATCH 02/37] added info about nginx x being installed with app protect --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 7a8867105..ff2ff2a22 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) instance. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). Depending on your deployment type, you may have additional requirements: From 7900ec5811ba5d2aa3713ad64df021a9c15052d0 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:08:46 +0000 Subject: [PATCH 03/37] updated kubernetes --- content/includes/waf/install-update-configuration.md | 5 ----- content/waf/install/docker.md | 5 +++++ content/waf/install/kubernetes.md | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md index 23b1c63ae..3577367cf 100644 --- a/content/includes/waf/install-update-configuration.md +++ b/content/includes/waf/install-update-configuration.md @@ -121,8 +121,3 @@ server { {{% /tab %}} {{< /tabs >}} - -Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: - -- `nginx -s reload` -- `sudo systemctl reload nginx` \ No newline at end of file diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 437440c51..903bde2be 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1293,6 +1293,11 @@ CMD ["sh", "/root/entrypoint.sh"] {{< include "waf/install-update-configuration.md" >}} +Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment: + +- `nginx -s reload` +- `sudo systemctl reload nginx` + F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks). ## Post-installation checks diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 1be48c5e5..f434948f3 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -226,6 +226,8 @@ From this point, the steps change based on your installation method: ### Download your JSON web token +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ### Get the Helm chart From 768ecf9d972e28fa54aed1d9598a0a0b801a10c6 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 08:50:06 +0000 Subject: [PATCH 04/37] added supported os and Kubernetes ctl/cluster --- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 3 ++- content/waf/install/kubernetes.md | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 903bde2be..0f7d130af 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -143,7 +143,7 @@ http { ### Create a Dockerfile -In the same folder as your credential and configuration files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential and configuration files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: @@ -913,7 +913,7 @@ http { Copy or move your subscription files into a new folder. -In the same folder as the subscription files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as the subscription files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index be8357310..e1382fae7 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,7 +36,8 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: -- [A functional Kubernetes cluster]({{< ref "/waf/install/kubernetes.md" >}}) +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) - An active F5 WAF for NGINX subscription (Purchased or trial) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f434948f3..9d0eab937 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,7 +18,8 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- A functional Kubernetes cluster +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - An active F5 WAF for NGINX subscription (Purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) @@ -36,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Create a Dockerfile -In the same folder as your credential files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections. +In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image: From 2a191696d09bc17ed90f633a176885f7762cdecf Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:39:39 +0000 Subject: [PATCH 05/37] temp --- content/waf/install/virtual-environment.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index ff2ff2a22..8f81de119 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,8 +23,9 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - An active F5 WAF for NGINX subscription (Purchased or trial). +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) + - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used Depending on your deployment type, you may have additional requirements: From 7d09f782f5c870a4862e8ff6be8dc463f3350d84 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 09:47:59 +0000 Subject: [PATCH 06/37] test --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8f81de119..c1a68ed50 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) - - [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - +- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +- this is a test Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From 3cabdb9b6fc59a1dd5d73a29f4e4f690f02b4a9b Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:00:26 +0000 Subject: [PATCH 07/37] test --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index c1a68ed50..2a49ec99d 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -25,8 +25,8 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - An active F5 WAF for NGINX subscription (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- [NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used - this is a test + Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. From bc5128f46c5cf6f999922a1ac634378831f25803 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:07:45 +0000 Subject: [PATCH 08/37] added link to my my5 --- content/waf/install/virtual-environment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2a49ec99d..9157d3d52 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,9 +23,8 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription (Purchased or trial). +- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) -- this is a test Depending on your deployment type, you may have additional requirements: From 8799ed289a7f517ee31e147100e2aa6c7b684ab3 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 10:35:46 +0000 Subject: [PATCH 09/37] updated myf5 with link --- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 2 +- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 88e1a8bc9..60794d2ee 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0f7d130af..a9aa3c1f2 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,7 +16,7 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index e1382fae7..7207dfa5a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,7 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 9d0eab937..fede5f5cc 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -20,7 +20,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- An active F5 WAF for NGINX subscription (Purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 9157d3d52..3488841c6 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active [F5 WAF for NGINX subscription]({{< ref "/licensing-and-reporting/download-certificates-from-myf5.md" >}}) (Purchased or trial). +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) Depending on your deployment type, you may have additional requirements: From ace73699512b128743b5bc7ff0cf694b0d7a773a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:37:25 +0000 Subject: [PATCH 10/37] added info for docker registry access --- content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 2 files changed, 2 insertions(+) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 7207dfa5a..ad8f9a565 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -40,6 +40,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index fede5f5cc..0150762cd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/get-started/get-docker/) +- Docker registry credentials — needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From 398fff5414a528c5596a2727d3446548db947dee Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 11:43:43 +0000 Subject: [PATCH 11/37] test for jwt --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a9aa3c1f2..e9f87e3c9 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -45,6 +45,8 @@ The steps you should follow on this page are dependent on your configuration typ {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used + ## Configure Docker for the F5 Container Registry {{< include "waf/install-services-registry.md" >}} From 254943d69dcbf734a8eab6c07e1efc5b4c3b782a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 14:36:24 +0000 Subject: [PATCH 12/37] added jwt for docker --- content/includes/waf/install-build-image.md | 1 + content/waf/install/docker.md | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 45ccc3068..1a76c8373 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -7,6 +7,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index e9f87e3c9..9877a652a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -42,10 +42,12 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. ## Download your subscription credentials +### Shared Requirements {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -[NGINX Plus JWT license]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md#obtaining-and-installing-the-license" >}}) — required if NGINX Plus is used +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Configure Docker for the F5 Container Registry @@ -956,7 +958,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -998,7 +1000,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1053,7 +1055,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1099,7 +1101,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1142,7 +1144,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1184,7 +1186,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1226,7 +1228,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1281,7 +1283,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json /etc/nginx/ +COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 000187f021b2e00044667e28b1103089d36b8749 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Wed, 26 Nov 2025 15:39:22 +0000 Subject: [PATCH 13/37] last work before remove --- content/includes/waf/install-services-registry.md | 2 ++ content/waf/install/docker.md | 14 +++++++++++--- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index c9f686e8d..2389912d7 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,6 +5,8 @@ nd-files: - content/waf/install/kubernetes.md --- +Docker registry credentials are needed to access private-registry.nginx.com + Create a directory and copy your certificate and key to this directory: ```shell diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 9877a652a..338d9a552 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,7 +17,8 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -442,7 +443,7 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -818,7 +819,7 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images - +[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file @@ -1311,3 +1312,10 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Next steps {{< include "waf/install-next-steps.md" >}} + +## Remove NGINX docker image +Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. + +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool + +TODO diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index ad8f9a565..c30d9e388 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -39,8 +39,8 @@ To complete this guide, you will need the following prerequisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 0150762cd..c0287c1cf 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -21,8 +21,8 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- [Docker](https://docs.docker.com/get-started/get-docker/) -- Docker registry credentials — needed to access private-registry.nginx.com +- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. +- Docker registry credentials are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From c9bf78cdf7d92a93c51e5d8205d5a69ac396602a Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 06:44:13 +0000 Subject: [PATCH 14/37] remove line since we have the line above it --- content/waf/install/kubernetes-plm.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c30d9e388..1038132a8 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -42,7 +42,6 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Docker registry credentials are needed to access private-registry.nginx.com - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. ## Download your subscription credentials From 2c9c1a369c4630544f942f4b5da447ede295e444 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 13:48:31 +0000 Subject: [PATCH 15/37] updated docker for jwt --- content/includes/waf/install-build-image.md | 4 +- content/waf/install/docker.md | 48 +++++++++++++++++---- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 1a76c8373..dec2acb30 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -16,13 +16,13 @@ Your folder should contain the following files: To build an image, use the following command, replacing `` as appropriate: ```shell -sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` A RHEL-based system would use the following command instead: ```shell -podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` {{< call-out "note" >}} diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 338d9a552..8180f6316 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -954,12 +954,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ --mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \ apk update && apk add app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -996,12 +1000,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf -y install app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1051,12 +1059,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1097,12 +1109,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1140,12 +1156,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1186,8 +1206,12 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1224,12 +1248,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ dnf install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] @@ -1279,12 +1307,16 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \ apt-get install -y app-protect-ip-intelligence +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Forward request logs to Docker log collector: RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log # Copy configuration files: -COPY nginx.conf custom_log_format.json license.jwt /etc/nginx/ +COPY nginx.conf custom_log_format.json /etc/nginx/ COPY entrypoint.sh /root/ CMD ["sh", "/root/entrypoint.sh"] From 33b393c7ef9d931a124438a2bfc6861692dba2c5 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Thu, 27 Nov 2025 15:50:55 +0000 Subject: [PATCH 16/37] update dockerfile for nap --- .../includes/waf/dockerfiles/alpine-plus.md | 4 +++ .../includes/waf/dockerfiles/amazon-plus.md | 4 +++ .../includes/waf/dockerfiles/debian-plus.md | 4 +++ .../includes/waf/dockerfiles/oracle-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel8-plus.md | 4 +++ .../includes/waf/dockerfiles/rhel9-plus.md | 4 +++ .../includes/waf/dockerfiles/rocky9-plus.md | 4 +++ .../includes/waf/dockerfiles/ubuntu-plus.md | 4 +++ content/includes/waf/install-build-image.md | 13 +++++++++- content/waf/install/kubernetes.md | 25 +++++++++++++------ 10 files changed, 62 insertions(+), 8 deletions(-) diff --git a/content/includes/waf/dockerfiles/alpine-plus.md b/content/includes/waf/dockerfiles/alpine-plus.md index 6fe7111c5..2818c3592 100644 --- a/content/includes/waf/dockerfiles/alpine-plus.md +++ b/content/includes/waf/dockerfiles/alpine-plus.md @@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \ && ln -sf /dev/stderr /var/log/nginx/error.log \ && rm -rf /var/cache/apk/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/amazon-plus.md b/content/includes/waf/dockerfiles/amazon-plus.md index d4ec7bba2..d943b33f1 100644 --- a/content/includes/waf/dockerfiles/amazon-plus.md +++ b/content/includes/waf/dockerfiles/amazon-plus.md @@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/debian-plus.md b/content/includes/waf/dockerfiles/debian-plus.md index 204dfa633..7c8581d11 100644 --- a/content/includes/waf/dockerfiles/debian-plus.md +++ b/content/includes/waf/dockerfiles/debian-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/oracle-plus.md b/content/includes/waf/dockerfiles/oracle-plus.md index 98bd1e15b..c62d33bb1 100644 --- a/content/includes/waf/dockerfiles/oracle-plus.md +++ b/content/includes/waf/dockerfiles/oracle-plus.md @@ -29,6 +29,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel8-plus.md b/content/includes/waf/dockerfiles/rhel8-plus.md index 9f05ce79f..ac00cc4e3 100644 --- a/content/includes/waf/dockerfiles/rhel8-plus.md +++ b/content/includes/waf/dockerfiles/rhel8-plus.md @@ -45,6 +45,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rhel9-plus.md b/content/includes/waf/dockerfiles/rhel9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rhel9-plus.md +++ b/content/includes/waf/dockerfiles/rhel9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/rocky9-plus.md b/content/includes/waf/dockerfiles/rocky9-plus.md index 464ba150e..6f6c96a53 100644 --- a/content/includes/waf/dockerfiles/rocky9-plus.md +++ b/content/includes/waf/dockerfiles/rocky9-plus.md @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/dockerfiles/ubuntu-plus.md b/content/includes/waf/dockerfiles/ubuntu-plus.md index 89a2e7d8b..7333f22d5 100644 --- a/content/includes/waf/dockerfiles/ubuntu-plus.md +++ b/content/includes/waf/dockerfiles/ubuntu-plus.md @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 && apt-get clean \ && rm -rf /var/lib/apt/lists/* +# Securely copy the JWT license: +RUN --mount=type=secret,id=license-jwt,dst=license.jwt \ + cp license.jwt /etc/nginx/license.jwt + # Expose port EXPOSE 80 diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index dec2acb30..86a729c98 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -13,7 +13,7 @@ Your folder should contain the following files: - _Dockerfile_ - _custom_log_format.json_ (Optional) -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Plus, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -24,6 +24,17 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . +``` {{< call-out "note" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c0287c1cf..7fc45ba49 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -36,6 +36,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} +### Download your JSON web token + +To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Create a Dockerfile In the same folder as your credential files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections. @@ -206,9 +212,20 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ +- _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image, use the following command, replacing `` as appropriate: +To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 \ + --secret id=nginx-crt,src=nginx-repo.crt \ + --secret id=nginx-key,src=nginx-repo.key \ + --secret id=license-jwt,src=license.jwt \ + -t . +``` + +To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ @@ -226,12 +243,6 @@ From this point, the steps change based on your installation method: ## Use Helm to install F5 WAF for NGINX -### Download your JSON web token - -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: - -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ### Get the Helm chart To get the Helm chart, first configure Docker for the F5 Container Registry. From 6cc69cbc95947e07a80f84b030bbb284b87ef5a1 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:37:34 +0000 Subject: [PATCH 17/37] updated storage --- content/waf/install/kubernetes.md | 81 ++++++++++--------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 7fc45ba49..39e81f289 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -408,63 +408,34 @@ This configuration uses a _hostPath_ backed persistent volume claim. {{< /call-out >}} ```yaml -apiVersion: apps/v1 -kind: Deployment +apiVersion: v1 +kind: PersistentVolume metadata: - name: nap5-deployment + name: nap5-bundles-pv + labels: + type: local spec: - selector: - matchLabels: - app: nap5 - replicas: 2 - template: - metadata: - labels: - app: nap5 - spec: - imagePullSecrets: - - name: regcred - containers: - - name: nginx - image: /waf: - imagePullPolicy: IfNotPresent - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: waf-enforcer - image: private-registry.nginx.com/nap/waf-enforcer: - imagePullPolicy: IfNotPresent - env: - - name: ENFORCER_PORT - value: "50000" - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: waf-config-mgr - image: private-registry.nginx.com/nap/waf-config-mgr: - imagePullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - volumeMounts: - - name: app-protect-bd-config - mountPath: /opt/app_protect/bd_config - - name: app-protect-config - mountPath: /opt/app_protect/config - - name: app-protect-bundles - mountPath: /etc/app_protect/bundles - volumes: - - name: app-protect-bd-config - emptyDir: {} - - name: app-protect-config - emptyDir: {} - - name: app-protect-bundles - persistentVolumeClaim: - claimName: nap5-bundles-pvc + storageClassName: manual + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: "/mnt/nap5_bundles_pv_data" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nap5-bundles-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + volumeName: nap5-bundles-pv ``` {{% /tab %}} From 1f38413eb0b64c9cd4ac36e1810527783a69a0ab Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 11:53:46 +0000 Subject: [PATCH 18/37] fixed kubernetes --- content/waf/install/kubernetes.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 39e81f289..b57873e84 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -215,17 +215,7 @@ Your folder should contain the following files: - _license.jwt_ (Only necessary when using NGINX Plus) - _Dockerfile_ -To build an image for NGINX Pluse, use the following command, replacing `` as appropriate: - -```shell -sudo docker build --no-cache --platform linux/amd64 \ - --secret id=nginx-crt,src=nginx-repo.crt \ - --secret id=nginx-key,src=nginx-repo.key \ - --secret id=license-jwt,src=license.jwt \ - -t . -``` - -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +To build an image, use the following command, replacing as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 \ From aab9646d9cc94d7fd411817d201e0a24fa4f541d Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:06:31 +0000 Subject: [PATCH 19/37] ohad fix 1 --- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index b57873e84..24f55efaa 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -256,7 +256,7 @@ cd nginx-app-protect You will need to edit the `values.yaml` file for a few changes: - Update _appprotect.nginx.image.repository_ and _appprotect.nginx.image.tag_ with the image name chosen during when [building the Docker image](#build-the-docker-image). -- Update _appprotect.config.nginxJWT_ with your JSON web token +- Update _appprotect.config.nginxJWT_ with your JSON web token (Only necessary when using NGINX Plus) - Update _dockerConfigJson_ to contain the base64 encoded Docker registration credentials You can encode your credentials with the following command: diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3488841c6..65efd1884 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,6 +31,9 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} +### Additional Requirement for NGINX Plus Users +If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From 16a39da7d619fb3b964ce79b464d7a5d586f9341 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:08:14 +0000 Subject: [PATCH 20/37] chnaged title --- content/waf/install/virtual-environment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 65efd1884..d35cef2ec 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -31,7 +31,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Additional Requirement for NGINX Plus Users +### Required: Download JWT License for NGINX Plus Installation If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From bddeec0f4ecc4e63af7e1d3151ef5a614b4c745c Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:15:51 +0000 Subject: [PATCH 21/37] CHANGED NAME --- content/waf/install/virtual-environment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index d35cef2ec..8a64fad21 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -24,7 +24,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during App Protect installation) +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) Depending on your deployment type, you may have additional requirements: @@ -32,7 +32,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "waf/install-selinux-warning.md" >}} ### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with App Protect, make sure to download your JWT license from MyF5 before you begin +If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From b009fa69fc4e6c172c1c1c4cb0e6de77eeda6666 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Mon, 1 Dec 2025 12:22:53 +0000 Subject: [PATCH 22/37] need jwt anywasy for opensouce for docker cred --- content/waf/install/kubernetes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 24f55efaa..44832a087 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -39,6 +39,7 @@ To review supported operating systems, read the [Technical specifications]({{< r ### Download your JSON web token To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -212,7 +213,7 @@ Your folder should contain the following files: - _nginx-repo.crt_ - _nginx-repo.key_ -- _license.jwt_ (Only necessary when using NGINX Plus) +- _license.jwt_ - _Dockerfile_ To build an image, use the following command, replacing as appropriate: From 177f09d6c09fcd4dcddf228f44abdb7041f48c31 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 07:18:41 +0000 Subject: [PATCH 23/37] removed todo --- content/waf/install/docker.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 8180f6316..a14bad603 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -1348,6 +1348,4 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa ## Remove NGINX docker image Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. -[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool - -TODO +[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file From 615450abe30fd27da3a39bdd4b9178aaa39daced Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:26 +0200 Subject: [PATCH 24/37] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index a14bad603..945992ae6 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -819,7 +819,9 @@ sudo dnf install app-protect-module-plus {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From b4415788a1ecfebd9e1708f7083a312776534986 Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:19:34 +0200 Subject: [PATCH 25/37] Update content/waf/install/docker.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/waf/install/docker.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 945992ae6..304184394 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -443,7 +443,9 @@ Once you have updated your configuration files, you can reload NGINX to apply th {{< include "waf/install-services-docker.md" >}} #### Download Docker images + [Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images + {{< include "waf/install-services-images.md" >}} #### Create and run a Docker Compose file From 8143047bf7010cbd862b1989155c7b273e4ad2fe Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:06 +0200 Subject: [PATCH 26/37] Update content/includes/waf/install-build-image.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-build-image.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index 86a729c98..ef28dca51 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -24,6 +24,7 @@ A RHEL-based system would use the following command instead: ```shell podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` + To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: ```shell From 04698aa77fa8095004ca919fae9a7f4c5a8b0aad Mon Sep 17 00:00:00 2001 From: dkleinF5 <135969067+dkleinF5@users.noreply.github.com> Date: Tue, 2 Dec 2025 09:22:29 +0200 Subject: [PATCH 27/37] Update content/includes/waf/install-services-registry.md Co-authored-by: Jon Torre <78599298+JTorreG@users.noreply.github.com> --- content/includes/waf/install-services-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/includes/waf/install-services-registry.md b/content/includes/waf/install-services-registry.md index 2389912d7..40b9135b4 100644 --- a/content/includes/waf/install-services-registry.md +++ b/content/includes/waf/install-services-registry.md @@ -5,7 +5,7 @@ nd-files: - content/waf/install/kubernetes.md --- -Docker registry credentials are needed to access private-registry.nginx.com +You will need Docker registry credentials to access private-registry.nginx.com. Create a directory and copy your certificate and key to this directory: From 4ad3c4d9b27d24ef59dfdd093431f6fae62ef580 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:16:37 +0000 Subject: [PATCH 28/37] made changes from suggestions --- content/includes/waf/install-build-image.md | 8 ++- content/waf/install/docker.md | 62 ++++++++++++++++++++- content/waf/install/kubernetes-plm.md | 24 +++++--- content/waf/install/kubernetes.md | 18 ++++-- content/waf/install/virtual-environment.md | 20 +++++-- 5 files changed, 109 insertions(+), 23 deletions(-) diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md index ef28dca51..c0ff97ca6 100644 --- a/content/includes/waf/install-build-image.md +++ b/content/includes/waf/install-build-image.md @@ -11,9 +11,10 @@ Your folder should contain the following files: - _nginx.conf_ - _entrypoint.sh_ - _Dockerfile_ -- _custom_log_format.json_ (Optional) +- _custom_log_format.json_ -To build an image for NGINX Plus, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Plus +To build an image for NGINX Plus, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . @@ -25,7 +26,8 @@ A RHEL-based system would use the following command instead: podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . ``` -To build an image for NGINX Open Source, use the following command, replacing `` as appropriate: +#### Building an image with NGINX Open Source +To build an image for NGINX Open Source, use the following command that are not RHEL-based, replacing `` as appropriate: ```shell sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t . diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 304184394..0abfbbf83 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -16,9 +16,13 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -52,7 +56,15 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -{{< include "waf/install-services-registry.md" >}} +You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. + +Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: + +```shell +mkdir -p /etc/docker/certs.d/private-registry.nginx.com +cp /etc/docker/certs.d/private-registry.nginx.com/client.cert +cp /etc/docker/certs.d/private-registry.nginx.com/client.key +``` You should now move to the section based on your configuration type: @@ -312,7 +324,51 @@ If you are not using using `custom_log_format.json` or the IP intelligence featu ### Build the Docker image -{{< include "waf/install-build-image.md" >}} +Your folder should contain the following files: + +- _nginx-repo.crt_ +- _nginx-repo.key_ +- _license.jwt_ +- _nginx.conf_ +- _entrypoint.sh_ +- _Dockerfile_ +- _custom_log_format.json_ + +To build an image, use the following command for system that are not RHEL-based, replacing `` as appropriate: + +```shell +sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +A RHEL-based system would use the following command instead: + +```shell +podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t . +``` + +{{< call-out "note" >}} + +The `--no-cache` option is used to ensure the image is built from scratch, installing the latest versions of NGINX Plus and F5 WAF for NGINX. + +{{< /call-out >}} + +Verify that your image has been created using the `docker images` command: + +```shell +docker images +``` + +Create a container based on this image, replacing as appropriate: + +```shell +docker run --name -p 80:80 -d +``` + +Verify the new container is running using the `docker ps` command: + +```shell +docker ps +``` ### Update configuration files diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 1038132a8..c6f6fe48d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -36,20 +36,30 @@ These enhancements are only available for Helm-based deployments. To complete this guide, you will need the following prerequisites: +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). ## Download your subscription credentials -1. Log in to [MyF5](https://my.f5.com/manage/s/). -1. Go to **My Products & Plans > Subscriptions** to see your active subscriptions. -1. Find your NGINX subscription, and select the **Subscription ID** for details. -1. Download the **SSL Certificate** and **Private Key files** from the subscription page. -1. Download the **JSON Web Token** file from the subscription page. +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + +> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. + +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Prepare environment variables diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 44832a087..3515c8192 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -18,11 +18,14 @@ It explains the common steps necessary for any Kubernetes-based deployment, then To complete this guide, you will need the following pre-requisites: -- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/) -- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). +- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). +- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Docker registry credentials are needed to access private-registry.nginx.com +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -34,11 +37,14 @@ To review supported operating systems, read the [Technical specifications]({{< r ## Download your subscription credentials +### General subscription credentials needed for deployments + {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Download your JSON web token +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -To use NGINX Plus, you will need to download the the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 8a64fad21..2abc4887f 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,16 +23,28 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) + Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) +- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: -You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. +You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} -### Required: Download JWT License for NGINX Plus Installation -If you choose to install NGINX automatically with F5 WAF for NGINX, make sure to download your JWT license from MyF5 before you begin +## Download your subscription credentials + +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional subscription credentials needed for a deployments with NGINX Plus + +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: + + {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From bd8a5adf9b3ed5ce177a6aa12e5e0daf27824a02 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 12:58:08 +0000 Subject: [PATCH 29/37] updated compiler doc --- content/waf/configure/compiler.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 2b609b586..9283befa6 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,8 +32,9 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription (Purchased or trial) -- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc. +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. +- [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) ## Download your subscription credentials From 739fedf1b98511534419d120225522aa10df6ffd Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:41:58 +0000 Subject: [PATCH 30/37] changes to bare metal --- content/waf/install/virtual-environment.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 2abc4887f..143816562 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,11 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/virtual-environment.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}) optional if not yet installed (NGINX will be installed automatically during F5 WAF for NGINX installation) -- F5 NGINX App Protect will work by default with the default values (like default policy, logging profile, etc) unless the user sets custom configurations +- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: From ef28ca604a1427ba7946b146a8e56f3abe7d3be1 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 13:48:04 +0000 Subject: [PATCH 31/37] updated docker --- content/waf/install/docker.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 0abfbbf83..5a7ddae5d 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -17,11 +17,10 @@ This page describes how to install F5 WAF for NGINX using Docker. To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -30,6 +29,15 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} + +## Download your subscription credentials +### General subscription credentials needed for deployments + +{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} + +### Additional Requirement for NGINX Plus Users +{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} + ## Docker deployment options There are three kinds of Docker deployments available: @@ -46,14 +54,6 @@ The single container configuration only supports NGINX Plus and requires a build The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section. -## Download your subscription credentials -### Shared Requirements - -{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} - -### Additional Requirement for NGINX Plus Users -{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} - ## Configure Docker for the F5 Container Registry You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. From cd482cbbdc814635de31a2f2ddb4b948cdb328cf Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:08 +0000 Subject: [PATCH 32/37] updated jwt sections --- content/waf/install/docker.md | 7 ++++--- content/waf/install/kubernetes-plm.md | 9 ++++----- content/waf/install/kubernetes.md | 9 ++++----- content/waf/install/virtual-environment.md | 2 +- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 5a7ddae5d..2f6a41340 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -20,8 +20,8 @@ To complete this guide, you will need the following prerequisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. -- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional Requirement for NGINX Plus Users" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -35,7 +35,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional Requirement for NGINX Plus Users +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index c6f6fe48d..98b4a1372 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,11 +41,10 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial), which includes the necessary **SSL Certificate** and **Private Key files**. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) required to access private-registry.nginx.com. (Same as the **JSON Web Token** for NGINX Plus). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com ## Download your subscription credentials @@ -53,9 +52,9 @@ To complete this guide, you will need the following prerequisites: {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 3515c8192..d1e44191a 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -24,8 +24,8 @@ To complete this guide, you will need the following pre-requisites: - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. - Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. -- Docker registry credentials in [MyF5](https://my.f5.com/manage/s/) is required to access private-registry.nginx.com (Same as the SSL certificate and private key file ). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. +- [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -41,9 +41,8 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus - -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +### Additional subscription credentials needed for deployments +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 143816562..535068973 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -39,7 +39,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} -### Additional subscription credentials needed for a deployments with NGINX Plus +### Additional subscription credentials needed for deployments To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: From fccedc16a231294033901af81efc2209e0057fef Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:04:57 +0000 Subject: [PATCH 33/37] add info about logger --- content/waf/install/docker.md | 1 + content/waf/install/kubernetes-plm.md | 1 + content/waf/install/kubernetes.md | 1 + 3 files changed, 3 insertions(+) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index 2f6a41340..b88f2087a 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -22,6 +22,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 98b4a1372..44544a007 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,6 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index d1e44191a..f0fbe1df9 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,6 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com +- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. From 8da843df9a03b69b80dabd2190cd9b60408b970e Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 14:59:32 +0000 Subject: [PATCH 34/37] alan updates --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 2 +- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 9283befa6..2e3b23834 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 60794d2ee..697a55b39 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial) +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index b88f2087a..d9a7734a7 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,9 +18,9 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index 44544a007..da8d5f86d 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index f0fbe1df9..716e0295b 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 535068973..3a97e5723 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations From 13f4e3edd379e194818740521c6ad91c545695ca Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 15:31:04 +0000 Subject: [PATCH 35/37] more suggestions --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 8 ++++---- content/waf/install/kubernetes-plm.md | 4 ++-- content/waf/install/kubernetes.md | 4 ++-- content/waf/install/virtual-environment.md | 8 ++++---- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index 2e3b23834..f2ec298b8 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 697a55b39..5cd0b163c 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index d9a7734a7..babec5f21 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,11 +18,11 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately. @@ -37,7 +37,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Docker deployment options diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index da8d5f86d..fd645b87a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -45,7 +45,7 @@ To complete this guide, you will need the following prerequisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations ## Download your subscription credentials @@ -55,7 +55,7 @@ To complete this guide, you will need the following prerequisites: ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 716e0295b..c2f0b69ad 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -26,7 +26,7 @@ To complete this guide, you will need the following pre-requisites: - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations You will need [Helm](https://helm.sh/docs/intro/install/) installed for a Helm-based deployment. @@ -43,7 +43,7 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments -To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: > **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 3a97e5723..4bae4ec06 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,10 +23,10 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). - - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 NGINX App Protect subscription from the MyF5 Customer Portal. +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). + - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. -- F5 NGINX App Protect will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations +- F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations Depending on your deployment type, you may have additional requirements: @@ -41,7 +41,7 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" ### Additional subscription credentials needed for deployments -To use NGINX Plus, you will need to download the the JWT license file associated with your F5 NGINX App Protect WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: +To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} From f914c3975959f872b2744c75a676cd4b63ad513b Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:39:31 +0000 Subject: [PATCH 36/37] linted --- content/waf/install/docker.md | 4 +++- content/waf/install/kubernetes.md | 5 ++++- content/waf/install/virtual-environment.md | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index babec5f21..c93770c7c 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -30,13 +30,14 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "waf/install-selinux-warning.md" >}} - ## Download your subscription credentials + ### General subscription credentials needed for deployments {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} @@ -1408,6 +1409,7 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa {{< include "waf/install-next-steps.md" >}} ## Remove NGINX docker image + Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use. [docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool \ No newline at end of file diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index c2f0b69ad..748107bbd 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -43,9 +43,12 @@ To review supported operating systems, read the [Technical specifications]({{< r {{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}} ### Additional subscription credentials needed for deployments + To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 4bae4ec06..6f65c587b 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -33,6 +33,7 @@ Depending on your deployment type, you may have additional requirements: You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) topics for additional set-up configuration if you want to use them immediately. {{< include "waf/install-selinux-warning.md" >}} + ## Download your subscription credentials ### General subscription credentials needed for deployments @@ -43,7 +44,6 @@ You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" To use NGINX Plus, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: - {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} ## Platform-specific instructions From db1f8c901799b7cc570493f2022727d47690c660 Mon Sep 17 00:00:00 2001 From: Daniel Klein Date: Tue, 2 Dec 2025 16:51:45 +0000 Subject: [PATCH 37/37] updated alan changes --- content/waf/configure/compiler.md | 2 +- content/waf/install/disconnected-environment.md | 2 +- content/waf/install/docker.md | 4 ++-- content/waf/install/kubernetes-plm.md | 6 ++++-- content/waf/install/kubernetes.md | 2 +- content/waf/install/virtual-environment.md | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/content/waf/configure/compiler.md b/content/waf/configure/compiler.md index f2ec298b8..018a0227d 100644 --- a/content/waf/configure/compiler.md +++ b/content/waf/configure/compiler.md @@ -32,7 +32,7 @@ For more information about policies, read the [Configure policies]({{< ref "/waf To complete this guide, you will need the following prerequisites: -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key]({{< ref "/waf/install/compiler.md#Download your subscription credentials" >}}) associated with your F5 NGINX App Protect WAF subscription from the MyF5 Customer Portal. - [Docker registry credentials]({{< ref "/waf/configure/compiler.md#Configure Docker for the F5 Container Registry" >}}) are needed to access private-registry.nginx.com - [Docker](https://docs.docker.com/get-started/get-docker/) diff --git a/content/waf/install/disconnected-environment.md b/content/waf/install/disconnected-environment.md index 5cd0b163c..fae92d527 100644 --- a/content/waf/install/disconnected-environment.md +++ b/content/waf/install/disconnected-environment.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites: - [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}}) - [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}}) - [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}}) -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - A connected environment with similar architecture - A method to transfer files between two environments diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md index c93770c7c..231146cf1 100644 --- a/content/waf/install/docker.md +++ b/content/waf/install/docker.md @@ -18,7 +18,7 @@ To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX WAF subscription from the MyF5 Customer Portal if you are using NGINX Open Source in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/docker.md#General subscription credentials needed for deployments" >}}), and the [JWT license file]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal if you are using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/docker.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration) @@ -59,7 +59,7 @@ The steps you should follow on this page are dependent on your configuration typ ## Configure Docker for the F5 Container Registry -You will need Docker registry credentials to access private-registry.nginx.com for either the Multi-container or Hybrid configuration. +You will need Docker registry credentials to access private-registry.nginx.com for the Multi-container or Hybrid deployment options. Create a directory and copy your [certificate and key]({{< ref "/waf/install/docker.md#Shared Requirements" >}}) to this directory: diff --git a/content/waf/install/kubernetes-plm.md b/content/waf/install/kubernetes-plm.md index fd645b87a..993be8e8a 100644 --- a/content/waf/install/kubernetes-plm.md +++ b/content/waf/install/kubernetes-plm.md @@ -41,7 +41,7 @@ To complete this guide, you will need the following prerequisites: - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster - [Helm](https://helm.sh/docs/intro/install/) - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes-plm.md#General subscription credentials needed for deployments" >}}), and the [JWT license]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for a deployments with NGINX Plus" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes-plm.md#Additional subscription credentials needed for deployments " >}}) are needed to access private-registry.nginx.com @@ -57,7 +57,9 @@ To complete this guide, you will need the following prerequisites: To use NGINX Plus and access private-registry.nginx.com, you will need to download the the JWT license file associated with your F5 WAF for NGINX WAF subscription from the [MyF5](https://my.f5.com/manage/s/) Customer Portal: -> **Note:** If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< call-out "note" >}} +If you are deploying with Helm, you will also need the JWT license for the `dockerConfigJson`. +{{< /call-out >}} {{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}} diff --git a/content/waf/install/kubernetes.md b/content/waf/install/kubernetes.md index 748107bbd..f3197d6a4 100644 --- a/content/waf/install/kubernetes.md +++ b/content/waf/install/kubernetes.md @@ -22,7 +22,7 @@ To complete this guide, you will need the following pre-requisites: - [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/). - [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster. - [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running. -- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An ctive F5 WAF for NGINX subscription in [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate and private key file]({{< ref "/waf/install/kubernetes.md#General subscription credentials needed for deployments" >}}) associated with your 5 NGINX App Protect WAF subscription from the MyF5 Customer Portal if you do not plan of using NGINX Plus in your deployment. - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) file associated with your NGINX Plus subscription from the MyF5 Customer Portal if you plan of using NGINX Plus in your deployment. - [Docker registry credentials]({{< ref "/waf/install/kubernetes.md#Additional subscription credentials needed for deployments" >}}) are needed to access private-registry.nginx.com diff --git a/content/waf/install/virtual-environment.md b/content/waf/install/virtual-environment.md index 6f65c587b..866d338c4 100644 --- a/content/waf/install/virtual-environment.md +++ b/content/waf/install/virtual-environment.md @@ -23,7 +23,7 @@ This page describes how to install F5 WAF for NGINX in a virtual machine or bare To complete this guide, you will need the following prerequisites: - A [supported operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}). -- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (purchased or trial). +- An active F5 WAF for NGINX subscription. Available from [MyF5](https://my.f5.com/manage/s/) (Purchased or trial). - Download the [SSL certificate, private key, and the JWT license]({{< ref "/waf/install/virtual-environment.md#Download your subscription credentials" >}}) file associated with your F5 WAF for NGINX subscription from the MyF5 Customer Portal. - A working [NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-plus.md" >}}). If NGINX Plus is not installed separately it will be installed automatically during F5 WAF for NGINX installation. - F5 WAF for NGINX will work by default with the default values like default policy, logging profile, etc unless the user sets custom configurations