feat: Finish Docker installation doc

ADubhlaoich · ADubhlaoich · commit 1ede095d53e2 · 2025-09-18T14:39:54.000+01:00
diff --git a/content/includes/waf/install-build-image.md b/content/includes/waf/install-build-image.md
@@ -0,0 +1,47 @@
+---
+---
+
+Your folder should contain the following files:
+
+- _nginx-repo.cert_
+- _nginx-repo.key_
+- _nginx.conf_
+- _entrypoint.sh_
+- _Dockerfile_
+- _custom_log_format.json_ (Optional)
+
+To build an image, use the following command, replacing `<your-image-name>` as appropriate:
+
+```shell
+sudo docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.cert --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+```
+
+A RHEL-based system would use the following command instead:
+
+```shell
+podman build --no-cache --secret id=nginx-crt,src=nginx-repo.cert --secret id=nginx-key,src=nginx-repo.key -t <your-image-name> .
+```
+
+{{< call-out "note" >}}
+
+The `--no-cache` option is used to ensure the image is built from scratch, installing the latest versions of NGINX Plus and F5 WAF for NGINX.
+
+{{< /call-out >}}
+
+Verify that your image has been created using the `docker images` command:
+
+```shell
+docker images <your-image-name>
+```
+
+Create a container based on this image, replacing <your-container-name> as appropriate:
+
+```shell
+docker run --name <your-container-name> -p 80:80 -d <your-image-name>
+```
+
+Verify the new container is running using the `docker ps` command:
+
+```shell
+docker ps
+```
diff --git a/content/includes/waf/install-create-configuration.md b/content/includes/waf/install-create-configuration.md
@@ -0,0 +1,18 @@
+---
+---
+
+Copy or move your subscription files into a new folder.
+
+In the same folder, create three files:
+
+- _nginx.conf_ - An NGINX configuration file with F5 WAF for NGINX enabled
+- _entrypoint.sh_ - A Docker startup script which spins up all F5 WAF for NGINX processes, requiring executable permissions
+- _custom_log_format.json_ - An optional user-defined security log format file
+
+{{< call-out "note" >}}
+
+If you are not using using `custom_log_format.json`, you should remove any references to it from your nginx.conf and entrypoint.sh files.
+
+{{< /call-out >}}
+
+Here are examples of the file contents: 
diff --git a/content/includes/waf/install-next-steps.md b/content/includes/waf/install-next-steps.md
@@ -4,8 +4,7 @@ nd-docs:
 
 Once you have successfully installed F5 WAF for NGINX, there are some topics you may want to follow afterwards:
 
+- [Configure NGINX features with F5 WAF]({{< ref "/waf/configure/nginx-features.md" >}}), to see common configurations
 - [Configure policies]({{< ref "/waf/policies/configuration.md" >}}), to begin customizing your deployment
-- [Secure traffic using mTLS]({{< ref "/waf/configure/secure-mtls.md" >}}), for an extra layer of security between NGINX and F5 WAF enforcer
-- [IP intelligence]({{< ref "/waf/policies/ip-intelligence.md">}}), to enable the IP intelligence feature
 - [Converter tools]({{< ref "/waf/configure/converters.md" >}}), to convert existing resources from a BIG-IP environment
 - [Changelog]({{< ref "/waf/changelog.md" >}}), to view information from the latest releases
diff --git a/content/includes/waf/install-services-compose.md b/content/includes/waf/install-services-compose.md
@@ -41,6 +41,4 @@ To start the F5 WAF for NGINX services, use `docker compose up` in the same fold
 
 ```shell
 sudo docker compose up -d
-```
-
-F5 WAF for NGINX should now be operational, and you can move onto [Post-installation checks](#post-installation-checks).
+```
diff --git a/content/includes/waf/install-update-configuration.md b/content/includes/waf/install-update-configuration.md
@@ -26,100 +26,4 @@ You should only enable F5 WAF for NGINX on _proxy_pass_ and _grpc_pass_ location
 
 {{< /call-out >}}
 
-Here are two examples of how these additions could look in configuration files:
-
-{{<tabs name="example-configuration-files">}}
-
-{{% tab name="nginx.conf" %}}
-
-`/etc/nginx/nginx.conf`
-
-```nginx
-user  nginx;
-worker_processes  auto;
-
-# F5 WAF for NGINX
-load_module modules/ngx_http_app_protect_module.so;
-
-error_log  /var/log/nginx/error.log notice;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    # F5 WAF for NGINX
-    app_protect_enforcer_address 127.0.0.1:50000;
-
-    include /etc/nginx/conf.d/*.conf;
-}
-```
-
-
-{{% /tab %}}
-
-{{% tab name="default.conf" %}}
-
-`/etc/nginx/conf.d/default.conf`
-
-```nginx
-server {
-    listen 80;
-    server_name domain.com;
-
-    proxy_http_version 1.1;
-
-    location / {
-
-        # F5 WAF for NGINX
-        app_protect_enable on;
-
-        client_max_body_size 0;
-        default_type text/html;
-        proxy_pass http://127.0.0.1:8080/;
-    }
-}
-
-server {
-    listen 8080;
-    server_name localhost;
-
-    location / {
-        root /usr/share/nginx/html;
-        index index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page 500 502 503 504 /50x.html;
-    location = /50x.html {
-        root /usr/share/nginx/html;
-    }
-}
-```
-
-{{% /tab %}}
-
-{{< /tabs >}}
-
-Once you have updated your configuration files, you can reload NGINX to apply the changes. You have two options depending on your environment:
-
-- `nginx -s reload`
-- `sudo systemctl reload nginx`
+Here are two examples of how these additions could look in configuration files:
diff --git a/content/waf/changelog.md b/content/waf/changelog.md
@@ -28,23 +28,23 @@ _September 29th, 2025_
 
 ### New features
 
-- Added Policy lifecycle management
+- Added [Policy lifecycle management]({{< ref "/waf/policies/lifecycle-management.md" >}})
 
 ### Packages
 
 {{< table >}}
 
-| Distribution name        | NGINX Open Source                                                 | NGINX Plus                                                     | V4 |
+| Distribution name        | NGINX Open Source                                                 | NGINX Plus                                                     | NGINX Plus (Virtual/Single container) |
 | ------------------------ | ----------------------------------------------------------------- | -------------------------------------------------------------- |------------------ | 
 | Alpine 3.19              | _app-protect-module-oss-1.29.0+5.498.0-r1.apk_                    | _app-protect-module-plus-35+5.498.0-r1.apk_                    | _app-protect-35.5.498.0-r1.apk_ |               
 | Amazon Linux 2023        | _app-protect-module-oss-1.29.0+5.498.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-module-plus-35+5.498.0-1.amzn2023.ngx.x86_64.rpm_ | _app-protect-35+5.498.0-1.amzn2023.ngx.x86_64.rpm_ |
 | Debian 11                | _app-protect-module-oss_1.29.0+5.498.0-1\~bullseye_amd64.deb_     | _app-protect-module-plus_35+5.498.0-1\~bullseye_amd64.deb_     | _app-protect_35+5.498.0-1\~bullseye_amd64.deb_     |
 | Debian 12                | _app-protect-module-oss_1.29.0+5.498.0-1\~bookworm_amd64.deb_     | _app-protect-module-plus_35+5.498.0-1\~bookworm_amd64.deb_     | _app-protect_35+5.498.0-1\~bookworm_amd64.deb_     |
 | Oracle Linux 8.1         | _app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm_      | _app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm_      |
-| Ubuntu 22.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_35+5.498.0-1\~jammy_amd64.deb_        | _app-protect_35+5.498.0-1\~jammy_amd64.deb_        | 
-| Ubuntu 24.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~noble_amd64.deb_        | _app-protect-module-plus_35+5.498.0-1\~noble_amd64.deb_        | _app-protect_35+5.498.0-1\~noble_amd64.deb_        |
 | RHEL 8 and Rocky Linux 8 | _app-protect-module-oss-1.29.0+5.498.0-1.el8.ngx.x86_64.rpm_      | _app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm_      | _app-protect-35+5.498.0-1.el8.ngx.x86_64.rpm_      | 
 | RHEL 9 and Rocky Linux 9 | _app-protect-module-oss-1.29.0+5.498.0-1.el9.ngx.x86_64.rpm_      | _app-protect-module-plus-35+5.498.0-1.el8.ngx.x86_64.rpm_      | _app-protect-35+5.498.0-1.el9.ngx.x86_64.rpm_      |
+| Ubuntu 22.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~jammy_amd64.deb_        | _app-protect-module-plus_35+5.498.0-1\~jammy_amd64.deb_        | _app-protect_35+5.498.0-1\~jammy_amd64.deb_        | 
+| Ubuntu 24.04             | _app-protect-module-oss_1.29.0+5.498.0-1\~noble_amd64.deb_        | _app-protect-module-plus_35+5.498.0-1\~noble_amd64.deb_        | _app-protect_35+5.498.0-1\~noble_amd64.deb_        |
 
 {{< /table >}}
 
diff --git a/content/waf/fundamentals/overview.md b/content/waf/fundamentals/overview.md
@@ -21,19 +21,20 @@ It provides protection for the OWASP Top 10, with additional functionality:
 - Meta character checking
 - Disallowing file types
 
-For more details, see the [Supported security policy features]({{< ref "/waf/fundamentals/technical-specifications.md#supported-security-policy-features">}}).
+For more details, see the [Supported security policy features]({{< ref "/waf/policies/configuration.md#supported-security-policy-features">}}).
 
-It is platform-agnostic and supports a range of deployment options for operational needs:
+It is platform-agnostic and supports a range of deployment options:
 
 1. [Virtual machine or bare metal]({{< ref "/waf/install/virtual-environment.md" >}})
-    - NGINX operates on the host system
-    - WAF components are deployed in containers
+    - NGINX and WAF components operate on the host system
     - Ideal for existing NGINX virtual environments
 1. [Kubernetes]({{< ref "/waf/install/kubernetes.md" >}})
     - Integrates NGINX and WAF components in a single pod
     - Ideal for scalable, cloud-native environments
 1. [Docker]({{< ref "/waf/install/docker.md" >}})
     - NGINX and WAF components are deployed as containers
-    - Suitable for environments with multiple deployment stages
+    - Ideal for environments with multiple deployment stages
+
+For more details, see the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}).
 
 F5 WAF for NGINX is part of the [NGINX One](https://www.f5.com/products/nginx/one) premium packages and runs natively on [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) and [NGINX Ingress Controller](https://www.f5.com/products/nginx/nginx-ingress-controller). 
diff --git a/content/waf/fundamentals/technical-specifications.md b/content/waf/fundamentals/technical-specifications.md
@@ -18,7 +18,7 @@ This page outlines the technical specifications for F5 WAF for NGINX, which incl
 
 You can deploy F5 WAF for NGINX in the following environments:
 
-- [**Virtual environment** (Bare metal)]({{< ref "/waf/install/virtual-environment.md" >}})
+- [**Virtual machine or bare metal**]({{< ref "/waf/install/virtual-environment.md" >}})
 - [**Docker**]({{< ref "/waf/install/docker.md" >}})
 - [**Kubernetes**]({{< ref "/waf/install/kubernetes.md" >}})
 
diff --git a/content/waf/install/docker.md b/content/waf/install/docker.md
diff --git a/content/waf/policies/lifecycle-management.md b/content/waf/policies/lifecycle-management.md
