Merge branch 'main' into ngf-release-2.0

Author: ADubhlaoich

archetypes/concept.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: concept
+nd-content-type: concept
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

archetypes/default.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: how-to
+nd-content-type: how-to
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

archetypes/tutorial.md

@@ -6,10 +6,10 @@ weight: i00
 # Creates a table of contents and sidebar, useful for large documents
 toc: false
 # Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
-type: tutorial
+nd-content-type: tutorial
 # Intended for internal catalogue and search, case sensitive:
 # Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-product:
+nd-product:
 ---
 
 [//]: # "These are Markdown comments to guide you through document structure. Remove them as you go, as well as any unnecessary sections."

content/includes/agent/installation/install-agent-api.md

@@ -1,74 +1,75 @@
-**Note**: To complete this step, make sure that `gpg` is installed on your system. You can install NGINX Agent using various command-line tools like `curl` or `wget`. If your NGINX Instance Manager host is not set up with valid TLS certificates, you can use the insecure flags provided by those tools. See the following examples:
+---
+docs: DOCS-1031
+files:
+  - content/nim/nginx-app-protect/setup-waf-config-management.md
+---
+
+{{<note>}}Make sure `gpg` is installed on your system before continuing. You can install NGINX Agent using command-line tools like `curl` or `wget`.{{</note>}}
+
+If your NGINX Instance Manager host doesn't use valid TLS certificates, you can use the insecure flags to bypass verification. Here are some example commands:
 
 {{<tabs name="install-agent-api">}}
 
 {{%tab name="curl"%}}
 
-- Secure:
+- **Secure:**
 
   ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent | sudo sh
+  curl https://<NIM_FQDN>/install/nginx-agent | sudo sh
   ```
 
-- Insecure:
+- **Insecure:**
 
   ```bash
-  curl --insecure https://<NMS_FQDN>/install/nginx-agent | sudo sh
+  curl --insecure https://<NIM_FQDN>/install/nginx-agent | sudo sh
   ```
 
-  You can add your NGINX instance to an existing instance group or create one using `--instance-group` or `-g` flag when installing NGINX Agent.
-
-  The following example shows how to download and run the script with the optional `--instance-group` flag adding the NGINX instance to the instance group **my-instance-group**:
-
-  ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent > install.sh; chmod u+x install.sh
-  sudo ./install.sh --instance-group my-instance-group
-  ```
+To add the instance to a specific instance group during installation, use the `--instance-group` (or `-g`) flag:
 
-  By default, the install script attempts to use a secure connection when downloading packages. If, however, the script cannot create a secure connection, it uses an insecure connection instead and logs the following warning message:
+```shell
+curl https://<NIM_FQDN>/install/nginx-agent -o install.sh
+chmod u+x install.sh
+sudo ./install.sh --instance-group <instance group>
+```
 
-  ``` text
-  Warning: An insecure connection will be used during this nginx-agent installation
-  ```
+By default, the install script uses a secure connection to download packages. If it can’t establish one, it falls back to an insecure connection and logs this message:
 
-  To require a secure connection, you can set the optional flag `skip-verify` to `false`.
+```text
+Warning: An insecure connection will be used during this nginx-agent installation
+```
 
-  The following example shows how to download and run the script with an enforced secure connection:
+To enforce a secure connection, set the `--skip-verify` flag to false:
 
-  ```bash
-  curl https://<NMS_FQDN>/install/nginx-agent > install.sh chmod u+x install.sh; chmod u+x install.sh
-  sudo sh ./install.sh --skip-verify false
-  ```
+```shell
+curl https://<NIM_FQDN>/install/nginx-agent -o install.sh
+chmod u+x install.sh
+sudo ./install.sh --skip-verify false
+```
 
 {{%/tab%}}
 
 {{%tab name="wget"%}}
 
+- **Secure:**
 
-- Secure:
-
-  ```bash
-  wget https://<NMS_FQDN>/install/nginx-agent -O - | sudo sh -s --skip-verify false
+  ```shell
+  wget https://<NIM_FQDN>/install/nginx-agent -O - | sudo sh -s --skip-verify false
   ```
 
-- Insecure:
+- **Insecure:**
 
-  ```bash
-  wget --no-check-certificate https://<NMS_FQDN>/install/nginx-agent -O - | sudo sh
+  ```shell
+  wget --no-check-certificate https://<NIM_FQDN>/install/nginx-agent -O - | sudo sh
   ```
 
-   When you install the NGINX Agent, you can use the  `--instance-group` or `-g` flag to add your NGINX instance to an existing instance group or to a new group that you specify.
-
-   The following example downloads and runs the NGINX Agent install script with the optional `--instance-group` flag, adding the NGINX instance to the instance group **my-instance-group**:
-
-   ```bash
-   wget https://gnms1.npi.f5net.com/install/nginx-agent -O install.sh ; chmod u+x install.sh
-   sudo ./install.sh --instance-group my-instance-group
-   ```
+To add your instance to a group during installation, use the `--instance-group` (or `-g`) flag:
 
+```shell
+wget https://<NIM_FQDN>/install/nginx-agent -O install.sh
+chmod u+x install.sh
+sudo ./install.sh --instance-group <instance group>
+```
 
 {{%/tab%}}
-{{</tabs>}}
 
-<!-- Do not remove. Keep this code at the bottom of the include -->
-<!-- DOCS-1031 -->
+{{</tabs>}}

content/includes/licensing-and-reporting/apply-jwt.md

@@ -1,11 +1,21 @@
 ---
 docs:
+file:
+  - content/solutions/about-subscription-licenses.md
+  - content/nap-waf/v5/admin-guide/install.md
 ---
 
 1. Copy the license file to `/etc/nginx/license.jwt` on Linux or `/usr/local/etc/nginx/license.jwt` on FreeBSD for each NGINX Plus instance.
+2. Reload NGINX:
 
-1. **SELinux**: If you're running a Linux distribution with SELinux enabled, set the file security context type with the following command:
-
-   ```bash
-   chcon -t httpd_config_t /etc/nginx/license.jwt
+   ```shell
+   systemctl reload nginx
    ```
+
+**If SELinux is enabled**: 
+
+Set the correct file context so NGINX can read the license:
+
+```shell
+chcon -t httpd_config_t /etc/nginx/license.jwt
+```

content/includes/licensing-and-reporting/configure-nginx-plus-report-to-nim.md

@@ -17,5 +17,5 @@ docs:
 3. Reload NGINX:
 
     ``` bash
-    nginx -s reload
+    systemctl reload nginx
     ```

content/includes/nap-waf/build-nginx-image-cmd.md

@@ -10,7 +10,7 @@ To build the image, execute the following command in the directory containing th
 
 
 ```shell
-sudo docker build --no-cache \
+sudo docker build --no-cache --platform linux/amd64 \
   --secret id=nginx-crt,src=nginx-repo.crt \
   --secret id=nginx-key,src=nginx-repo.key \
   -t nginx-app-protect-5 .

content/includes/nim/nap-waf/restart-nms-integrations.md

@@ -0,0 +1,11 @@
+---
+docs: DOCS-000
+files:
+  - content/nim/nginx-app-protect/setup-waf-config-management.md
+---
+
+Restart the `nms-integrations` service:
+
+```shell
+sudo systemctl restart nms-integrations
+```

content/nap-dos/deployment-guide/learn-about-deployment.md

@@ -1405,7 +1405,7 @@ You need root permissions to execute the following steps.
 6. Create a Docker image:
 
     ```shell
-    docker build --no-cache -t app-protect-dos .
+    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
     ```
 
     The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.
@@ -1707,7 +1707,7 @@ RUN apt-get update && apt-get install -y apt-transport-https lsb-release ca-cert
 RUN wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 
 # Add NGINX Plus and NGINX App Protect DoS repository:
-RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg]https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
+RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-plus.list
 RUN printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://pkgs.nginx.com/app-protect-dos/ubuntu `lsb_release -cs` nginx-plus\n" | tee /etc/apt/sources.list.d/nginx-app-protect-dos.list
 
 # Download the apt configuration to `/etc/apt/apt.conf.d`:
@@ -1966,13 +1966,13 @@ Make sure to replace upstream and proxy pass directives in this example with rel
     For CentOS:
 
     ```shell
-    docker build --no-cache -t app-protect-dos .
+    docker build --no-cache --platform linux/amd64 -t app-protect-dos .
     ```
 
     For RHEL:
 
     ```shell
-    docker build --build-arg RHEL_ORGANIZATION=${RHEL_ORGANIZATION} --build-arg RHEL_ACTIVATION_KEY=${RHEL_ACTIVATION_KEY} --no-cache -t app-protect-dos .
+    docker build --platform linux/amd64 --build-arg RHEL_ORGANIZATION=${RHEL_ORGANIZATION} --build-arg RHEL_ACTIVATION_KEY=${RHEL_ACTIVATION_KEY} --no-cache -t app-protect-dos .
     ```
 
     The `--no-cache` option tells Docker to build the image from scratch and ensures the installation of the latest version of NGINX Plus and NGINX App Protect DoS. If the Dockerfile was previously used to build an image without the `--no-cache` option, the new image uses versions from the previously built image from the Docker cache.

content/nap-waf/v4/admin-guide/install.md

@@ -939,7 +939,7 @@ If a user other than **nginx** is to be used, note the following:
     - For Oracle Linux/Debian/Ubuntu/Alpine/Amazon Linux:
 
         ```shell
-        DOCKER_BUILDKIT=1 docker build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect .
+        DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect .
         ```
 
         The `DOCKER_BUILDKIT=1` enables `docker build` to recognize the `--secret` flag which allows the user to pass secret information to be used in the Dockerfile for building docker images in a safe way that will not end up stored in the final image. This is a recommended practice for the handling of the certificate and private key for NGINX repository access (`nginx-repo.crt` and `nginx-repo.key` files). More information [here](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret).
@@ -1289,7 +1289,7 @@ You need root permissions to execute the following steps.
     - For Oracle Linux/Debian/Ubuntu/Alpine/Amazon Linux:
 
         ```shell
-        DOCKER_BUILDKIT=1 docker build --no-cache --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect-converter .
+        DOCKER_BUILDKIT=1 docker build --no-cache --platform linux/amd64 --secret id=nginx-crt,src=nginx-repo.crt --secret id=nginx-key,src=nginx-repo.key -t app-protect-converter .
         ```
 
         The `DOCKER_BUILDKIT=1` enables `docker build` to recognize the `--secret` flag which allows the user to pass secret information to be used in the Dockerfile for building docker images in a safe way that will not end up stored in the final image. This is a recommended practice for the handling of the certificate and private key for NGINX repository access (`nginx-repo.crt` and `nginx-repo.key` files). More information [here](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret).