Skip to content

Docs: add missing prerequisite for installation #1485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 37 commits into
base: main
Choose a base branch
from
+265 −98
Open

Docs: add missing prerequisite for installation #1485

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
8c54797
docs: add missing prerequisite for installation
dkleinF5 Nov 25, 2025
9295d78
added info about nginx x being installed with app protect
dkleinF5 Nov 25, 2025
7900ec5
updated kubernetes
dkleinF5 Nov 26, 2025
768ecf9
added supported os and Kubernetes ctl/cluster
dkleinF5 Nov 26, 2025
2a19169
temp
dkleinF5 Nov 26, 2025
7d09f78
test
dkleinF5 Nov 26, 2025
3cabdb9
test
dkleinF5 Nov 26, 2025
bc5128f
added link to my my5
dkleinF5 Nov 26, 2025
8799ed2
updated myf5 with link
dkleinF5 Nov 26, 2025
ace7369
added info for docker registry access
dkleinF5 Nov 26, 2025
398fff5
test for jwt
dkleinF5 Nov 26, 2025
254943d
added jwt for docker
dkleinF5 Nov 26, 2025
000187f
last work before remove
dkleinF5 Nov 26, 2025
c9bf78c
remove line since we have the line above it
dkleinF5 Nov 27, 2025
2c9c1a3
updated docker for jwt
dkleinF5 Nov 27, 2025
33b393c
update dockerfile for nap
dkleinF5 Nov 27, 2025
6cc69cb
updated storage
dkleinF5 Dec 1, 2025
1f38413
fixed kubernetes
dkleinF5 Dec 1, 2025
aab9646
ohad fix 1
dkleinF5 Dec 1, 2025
16a39da
chnaged title
dkleinF5 Dec 1, 2025
bddeec0
CHANGED NAME
dkleinF5 Dec 1, 2025
b009fa6
need jwt anywasy for opensouce for docker cred
dkleinF5 Dec 1, 2025
177f09d
removed todo
dkleinF5 Dec 2, 2025
615450a
Update content/waf/install/docker.md
dkleinF5 Dec 2, 2025
b441578
Update content/waf/install/docker.md
dkleinF5 Dec 2, 2025
8143047
Update content/includes/waf/install-build-image.md
dkleinF5 Dec 2, 2025
04698aa
Update content/includes/waf/install-services-registry.md
dkleinF5 Dec 2, 2025
4ad3c4d
made changes from suggestions
dkleinF5 Dec 2, 2025
bd8a5ad
updated compiler doc
dkleinF5 Dec 2, 2025
739fedf
changes to bare metal
dkleinF5 Dec 2, 2025
ef28ca6
updated docker
dkleinF5 Dec 2, 2025
cd482cb
updated jwt sections
dkleinF5 Dec 2, 2025
fccedc1
add info about logger
dkleinF5 Dec 2, 2025
8da843d
alan updates
dkleinF5 Dec 2, 2025
13f4e3e
more suggestions
dkleinF5 Dec 2, 2025
f914c39
linted
dkleinF5 Dec 2, 2025
db1f8c9
updated alan changes
dkleinF5 Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/alpine-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& rm -rf /var/cache/apk/*

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/amazon-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/debian-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/oracle-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/rhel8-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/rhel9-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/rocky9-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
4 changes: 4 additions & 0 deletions content/includes/waf/dockerfiles/ubuntu-plus.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Expose port
EXPOSE 80

Expand Down
15 changes: 14 additions & 1 deletion content/includes/waf/install-build-image.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,25 @@ Your folder should contain the following files:

- _nginx-repo.crt_
- _nginx-repo.key_
- _license.jwt_ (Only necessary when using NGINX Plus)
- _nginx.conf_
- _entrypoint.sh_
- _Dockerfile_
- _custom_log_format.json_ (Optional)

To build an image, use the following command, replacing `<your-image-name>` as appropriate:
To build an image for NGINX Plus, use the following command, replacing `<your-image-name>` as appropriate:

```shell
sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
```

A RHEL-based system would use the following command instead:

```shell
podman build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key --secret id=license-jwt,src=license.jwt -t <your-image-name> .
```

To build an image for NGINX Open Source, use the following command, replacing `<your-image-name>` as appropriate:

```shell
sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
Expand Down
2 changes: 2 additions & 0 deletions content/includes/waf/install-services-registry.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ nd-files:
- content/waf/install/kubernetes.md
---

You will need Docker registry credentials to access private-registry.nginx.com.

Create a directory and copy your certificate and key to this directory:

```shell
Expand Down
5 changes: 0 additions & 5 deletions content/includes/waf/install-update-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,3 @@ server {
{{% /tab %}}

{{< /tabs >}}

Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:

- `nginx -s reload`
- `sudo systemctl reload nginx`
2 changes: 1 addition & 1 deletion content/waf/install/disconnected-environment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ To complete this guide, you will need the following prerequisites:
- [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md#before-you-begin" >}})
- [Docker]({{< ref "/waf/install/docker.md#before-you-begin" >}})
- [Kubernetes]({{< ref "/waf/install/kubernetes.md#before-you-begin" >}})
- An active F5 WAF for NGINX subscription (Purchased or trial).
- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
- A connected environment with similar architecture
- A method to transfer files between two environments

Expand Down
59 changes: 55 additions & 4 deletions content/waf/install/docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@ This page describes how to install F5 WAF for NGINX using Docker.

To complete this guide, you will need the following prerequisites:

- An active F5 WAF for NGINX subscription (Purchased or trial)
- [Docker](https://docs.docker.com/get-started/get-docker/)
- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)
- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
- Docker registry credentials are needed to access private-registry.nginx.com (For Multi-container and Hybrid configuration)

You should read the [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md" >}}) and [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}) topics for additional set-up configuration if you want to use them immediately.

Expand All @@ -42,9 +43,13 @@ The single container configuration only supports NGINX Plus and requires a build
The steps you should follow on this page are dependent on your configuration type: after the shared steps, links will guide you to the next appropriate section.

## Download your subscription credentials
### Shared Requirements

{{< include "licensing-and-reporting/download-certificates-from-myf5.md" >}}

### Additional Requirement for NGINX Plus Users
{{< include "licensing-and-reporting/download-jwt-from-myf5.md" >}}

## Configure Docker for the F5 Container Registry

{{< include "waf/install-services-registry.md" >}}
Expand Down Expand Up @@ -143,7 +148,7 @@ http {

### Create a Dockerfile

In the same folder as your credential and configuration files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections.
In the same folder as your credential and configuration files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.

Alternatively, you may want make your own image based on a Dockerfile using the official NGINX image:

Expand Down Expand Up @@ -439,6 +444,8 @@ Once you have updated your configuration files, you can reload NGINX to apply th

#### Download Docker images

[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images

{{< include "waf/install-services-images.md" >}}

#### Create and run a Docker Compose file
Expand Down Expand Up @@ -815,6 +822,8 @@ sudo dnf install app-protect-module-plus

#### Download Docker images

[Access to NGINX repo private-registry.nginx.com]({{< ref "/waf/install/docker.md#Configure Docker for the F5 Container Registry" >}}) is needed to pull the following container images

{{< include "waf/install-services-images.md" >}}

#### Create and run a Docker Compose file
Expand Down Expand Up @@ -913,7 +922,7 @@ http {

Copy or move your subscription files into a new folder.

In the same folder as the subscription files, create a _Dockerfile_ based on your desired operating system image using an example from the following sections.
In the same folder as the subscription files, create a _Dockerfile_ based on your [desired operating system]({{< ref "/waf/fundamentals/technical-specifications.md#supported-operating-systems" >}}) image using an example from the following sections.

{{< call-out "note" >}}

Expand Down Expand Up @@ -949,6 +958,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/apk/cert.pem,mode=0644 \
--mount=type=secret,id=nginx-key,dst=/etc/apk/cert.key,mode=0644 \
apk update && apk add app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -991,6 +1004,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
dnf -y install app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -1046,6 +1063,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
apt-get install -y app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -1092,6 +1113,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
dnf install -y app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -1135,6 +1160,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
dnf install -y app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -1181,6 +1210,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Copy configuration files:
COPY nginx.conf custom_log_format.json /etc/nginx/
COPY entrypoint.sh /root/
Expand Down Expand Up @@ -1219,6 +1252,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
dnf install -y app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand Down Expand Up @@ -1274,6 +1311,10 @@ RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644
--mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
apt-get install -y app-protect-ip-intelligence

# Securely copy the JWT license:
RUN --mount=type=secret,id=license-jwt,dst=license.jwt \
cp license.jwt /etc/nginx/license.jwt

# Forward request logs to Docker log collector:
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
Expand All @@ -1293,6 +1334,11 @@ CMD ["sh", "/root/entrypoint.sh"]

{{< include "waf/install-update-configuration.md" >}}

Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:

- `nginx -s reload`
- `sudo systemctl reload nginx`

F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks).

## Post-installation checks
Expand All @@ -1302,3 +1348,8 @@ F5 WAF for NGINX should now be operational, and you can move onto [Post-installa
## Next steps

{{< include "waf/install-next-steps.md" >}}

## Remove NGINX docker image
Before removing any Docker image, it’s important to ensure that the image is no longer needed and is not in use.

[docker image rm](https://docs.docker.com/reference/cli/docker/image/rm/) tool
9 changes: 5 additions & 4 deletions content/waf/install/kubernetes-plm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,12 @@ These enhancements are only available for Helm-based deployments.

To complete this guide, you will need the following prerequisites:

- [A functional Kubernetes cluster]({{< ref "/waf/install/kubernetes.md" >}})
- [A functional Kubernetes cluster](https://kubernetes.io/docs/setup/)
- [kubectl CLI](https://kubernetes.io/docs/tasks/tools/install-kubectl/) configured and connected to your cluster
- [Helm](https://helm.sh/docs/intro/install/)
- [Docker](https://docs.docker.com/get-started/get-docker/)
- An active F5 WAF for NGINX subscription (Purchased or trial)
- Credentials to the [MyF5 Customer Portal](https://account.f5.com/myf5), provided by email from F5, Inc.
- [Docker](https://docs.docker.com/engine/install/) (with Docker compose) installed and running.
- Docker registry credentials are needed to access private-registry.nginx.com
- Active F5 NGINX App Protect WAF subscription in [MyF5](https://my.f5.com/manage/s/) (purchased or trial)

## Download your subscription credentials

Expand Down
Loading