You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/ngf/overview/gateway-api-compatibility.md
-3Lines changed: 0 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -174,7 +174,6 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
174
174
-`Accepted/False/NotAllowedByListeners`
175
175
-`Accepted/False/UnsupportedValue`: Custom reason for when the HTTPRoute includes an invalid or unsupported value.
176
176
-`Accepted/False/InvalidListener`: Custom reason for when the HTTPRoute references an invalid listener.
177
-
-`Accepted/False/GatewayNotProgrammed`: Custom reason for when the Gateway is not Programmed. HTTPRoute can be valid and configured, but will maintain this status as long as the Gateway is not Programmed.
178
177
-`Accepted/False/GatewayIgnored`: Custom reason for when the Gateway is ignored by NGINX Gateway Fabric. NGINX Gateway Fabric only supports one Gateway.
179
178
-`ResolvedRefs/True/ResolvedRefs`
180
179
-`ResolvedRefs/False/InvalidKind`
@@ -220,7 +219,6 @@ See the [controller]({{< ref "/ngf/reference/cli-help.md#controller">}}) command
220
219
-`Accepted/False/NotAllowedByListeners`
221
220
-`Accepted/False/UnsupportedValue`: Custom reason for when the GRPCRoute includes an invalid or unsupported value.
222
221
-`Accepted/False/InvalidListener`: Custom reason for when the GRPCRoute references an invalid listener.
223
-
-`Accepted/False/GatewayNotProgrammed`: Custom reason for when the Gateway is not Programmed. GRPCRoute can be valid and configured, but will maintain this status as long as the Gateway is not Programmed.
224
222
-`ResolvedRefs/True/ResolvedRefs`
225
223
-`ResolvedRefs/False/InvalidKind`
226
224
-`ResolvedRefs/False/RefNotPermitted`
@@ -275,7 +273,6 @@ Fields:
275
273
-`Accepted/False/NotAllowedByListeners`
276
274
-`Accepted/False/UnsupportedValue`: Custom reason for when the TLSRoute includes an invalid or unsupported value.
277
275
-`Accepted/False/InvalidListener`: Custom reason for when the TLSRoute references an invalid listener.
278
-
-`Accepted/False/GatewayNotProgrammed`: Custom reason for when the Gateway is not Programmed. TLSRoute can be valid and configured, but will maintain this status as long as the Gateway is not Programmed.
279
276
-`Accepted/False/HostnameConflict`: Custom reason for when the TLSRoute has a hostname that conflicts with another TLSRoute on the same port.
Copy file name to clipboardExpand all lines: content/nginx/admin-guide/basic-functionality/managing-configuration-files.md
+32-9Lines changed: 32 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,11 +9,33 @@ type:
9
9
- how-to
10
10
---
11
11
12
-
Similar to other services, NGINX and NGINXPlus use a text‑based configuration file with a precise format. By default the file is named **nginx.conf** and for NGINX Plus is placed in the `/etc/nginx` directory.
12
+
NGINX and NGINXPlus use a text‑based configuration file, by default named **nginx.conf**.
13
13
14
-
For NGINX Open Source, the location depends on the package system used to install NGINX and the operating system. It is typically one of `/usr/local/nginx/conf`, `/etc/nginx`, or `/usr/local/etc/nginx`.
14
+
NGINX Plus: default location is `/etc/nginx` for Linux or `/usr/local/etc/nginx` for FreeBSD.
15
+
16
+
NGINX Open Source: location depends on the package system used to install NGINX and the operating system. It is typically one of `/usr/local/nginx/conf`, `/etc/nginx`, or `/usr/local/etc/nginx`.
17
+
18
+
You can verify the exact configuration file path with the `--conf-path=` parameter in the output of the `nginx -V` command:
--conf-path=/etc/nginx/nginx.conf # The path to your config file
31
+
--error-log-path=/var/log/nginx/error.log
32
+
--http-log-path=/var/log/nginx/access.log
33
+
--pid-path=/var/run/nginx.pid
34
+
--...<more parameters>
35
+
```
15
36
16
37
## Directives
38
+
17
39
The configuration file consists of _directives_ and their parameters. Simple (single‑line) directives end with a semicolon ( `;` ). Other directives act as “containers” which group together related directives. Containers are enclosed in curly braces ( `{}` ) and are often referred to as _blocks_. Here are some examples of simple directives.
To make the configuration easier to maintain, we recommend that you split it into a set of feature‑specific files stored in the <spanstyle="white-space: nowrap;">**/etc/nginx/conf.d**</span> directory and use the [include](https://nginx.org/en/docs/ngx_core_module.html#include) directive in the main **nginx.conf** file to reference the contents of the feature‑specific files.
49
+
To make the configuration easier to maintain, it is possible to split it into a set of feature‑specific files stored in the `/etc/nginx/conf.d` directory and use the [include](https://nginx.org/en/docs/ngx_core_module.html#include) directive in the main **nginx.conf** file to reference the contents of the feature‑specific files.
28
50
29
51
```nginx
30
52
include conf.d/http;
@@ -43,14 +65,15 @@ A few top‑level directives, referred to as _contexts_, group together the dire
43
65
44
66
Directives placed outside of these contexts are said to be in the _main_ context.
45
67
46
-
### Virtual Servers
68
+
### Virtual servers
69
+
47
70
In each of the traffic‑handling contexts, you include one or more `server` blocks to define _virtual servers_ that control the processing of requests. The directives you can include within a `server` context vary depending on the traffic type.
48
71
49
72
For HTTP traffic (the `http` context), each [server](https://nginx.org/en/docs/http/ngx_http_core_module.html#server) directive controls the processing of requests for resources at particular domains or IP addresses. One or more [location](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) contexts within a `server` context define how to process specific sets of URIs.
50
73
51
74
For mail and TCP/UDP traffic (the [mail](https://nginx.org/en/docs/mail/ngx_mail_core_module.html) and [stream](https://nginx.org/en/docs/stream/ngx_stream_core_module.html) contexts) the `server` directives each control the processing of traffic arriving at a particular TCP port or UNIX socket.
52
75
53
-
### Sample Configuration File with Multiple Contexts
76
+
### Sample configuration file with multiple contexts
54
77
55
78
The following configuration illustrates the use of contexts.
56
79
@@ -89,10 +112,10 @@ stream {
89
112
90
113
### Inheritance
91
114
92
-
In general, a _child_ context– a context contained within another context (its _parent_)– inherits the settings of directives included at the parent level. Some directives can appear in multiple contexts, in which case you can override the setting inherited from the parent by including the directive in the child context. For an example, see the [proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive.
115
+
In general, a _child_ context– a context contained within another context (its _parent_)– inherits the settings of directives included at the parent level. Some directives can appear in multiple contexts, in which case you can override the setting inherited from the parent by including the directive in the child context. For an example, see the [proxy_set_header](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header) directive.
93
116
94
-
## Reload Configuration File
117
+
## Reload configuration file
95
118
96
119
For changes to the configuration file to take effect, it must be reloaded. You can either restart the `nginx` process or send the `reload` signal to upgrade the configuration without interrupting the processing of current requests. For details, see [Control NGINX Processes at Runtime]({{< ref "/nginx/admin-guide/basic-functionality/runtime-control.md" >}}).
97
120
98
-
With NGINXPlus, you can dynamically reconfigure [load balancing]({{< ref "/nginx/admin-guide/load-balancer/dynamic-configuration-api.md" >}}) across the servers in an upstream group without reloading the configuration. You can also use the NGINXPlus API and key‑value store to dynamically control access, for example [based on client IP address]({{< ref "/nginx/admin-guide/security-controls/denylisting-ip-addresses.md" >}}).
121
+
With NGINXPlus, you can dynamically reconfigure [load balancing]({{< ref "/nginx/admin-guide/load-balancer/dynamic-configuration-api.md" >}}) across the servers in an upstream group without reloading the configuration. You can also use the NGINXPlus API and key‑value store to dynamically control access, for example [based on client IP address]({{< ref "/nginx/admin-guide/security-controls/denylisting-ip-addresses.md" >}}).
Copy file name to clipboardExpand all lines: content/nginx/admin-guide/installing-nginx/installing-nginx-plus.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -294,7 +294,7 @@ NGINX Plus can be installed on the following versions of Debian or Ubuntu:
294
294
295
295
1. {{< include "nginx-plus/install/check-nginx-binary-version.md">}}
296
296
297
-
1. {{< include "nginx-plus/install/configure-usage-reporting.md">}}
297
+
1. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager forusage reporting, or uses a custom path for the license file. Configuration can be donein the [`mgmt {}`](https://nginx.org/en/docs/ngx_mgmt_module.html) block of the NGINX Plus configuration file (`/usr/local/etc/nginx/nginx.conf`). For more information, see [About Subscription Licenses](https://docs.nginx.com/solutions/about-subscription-licenses/).
298
298
299
299
1. {{< include "nginx-plus/install/install-nginx-agent-for-nim.md">}}
300
300
@@ -398,7 +398,7 @@ NGINX Plus can be installed on the following versions of Debian or Ubuntu:
398
398
399
399
1. {{< include "nginx-plus/install/install-nginx-agent-for-nim.md" >}}
NGINX Plus functionality can be extended with dynamically loadable modules. They can be added or updated independently of the core binary, enabling powerful capabilities such as advanced security, traffic shaping, telemetry, embedded scripting, geolocation, and many more.
404
404
@@ -515,7 +515,7 @@ After installing the module, you will need to:
515
515
- enable it with the [`load_module`](https://nginx.org/en/docs/ngx_core_module.html#load_module) directive
516
516
- configure it according to the module's documentation
517
517
518
-
### Enabling Dynamic Modules {#enable_dynamic}
518
+
### Enabling dynamic modules {#enable_dynamic}
519
519
520
520
To enable a dynamic module:
521
521
@@ -694,7 +694,7 @@ For a community dynamic module to work with NGINX Plus, it must be compiled alo
694
694
695
695
After installing the module, you need to enable it in the NGINX Plus configuration file. For more information, see [Enabling Dynamic Modules](#enable_dynamic).
696
696
697
-
## NGINX Plus Unprivileged Installation {#unpriv_install}
697
+
## NGINX Plus unprivileged installation {#unpriv_install}
698
698
699
699
In some environments, access to the root account is restricted for security reasons. On Linux systems, this limitation prevents the use of package managers to install NGINX Plus without root privileges.
700
700
@@ -787,7 +787,7 @@ With this script, you can also upgrade an existing unprivileged installation of
## NGINX Plus Offline Installation {#offline_install}
790
+
## NGINX Plus offline installation {#offline_install}
791
791
792
792
This section explains how to install NGINX Plus and its [dynamic modules]({{< ref "/nginx/admin-guide/dynamic-modules/dynamic-modules.md" >}}) on a server with limited or no Internet access.
793
793
@@ -982,7 +982,7 @@ To upgrade your NGINX Plus installation to the newest version:
982
982
nginx version: nginx/1.29.0 (nginx-plus-r35)
983
983
```
984
984
985
-
## Upgrade NGINX Plus Modules {#upgrade_modules}
985
+
## Upgrade NGINX Plus modules {#upgrade_modules}
986
986
987
987
The upgrade procedure depends on how the module was supplied and installed.
988
988
@@ -992,7 +992,7 @@ The upgrade procedure depends on how the module was supplied and installed.
992
992
993
993
- [Community](#community-dynamic-modules) dynamic modules must be recompiled against the corresponding NGINX Open Source version. See [Installing NGINX Community Modules](#install_modules_oss).
Copy file name to clipboardExpand all lines: content/nginx/fips-compliance-nginx-plus.md
+33-27Lines changed: 33 additions & 27 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,36 +24,42 @@ Some industries such as finance, healthcare, energy, also adopt FIPS to enhance
24
24
25
25
Currently, both FIPS 140-2 and FIPS 140-3 certifications are accepted. However, FIPS 140-2 is being phased out as part of the [FIPS 140-3 transition plan](https://csrc.nist.gov/projects/fips-140-3-transition-effort). After September 22, 2026, only FIPS 140-3 certifications will be recognized. Organizations are encouraged to migrate to FIPS 140-3 to meet updated cryptographic security requirements.
| State and Local Gov Programs | 140-2 or 140-3 | Mandatory |
56
+
{{< /table >}}
51
57
52
58
### FIPS compliance in other countries
53
59
54
60
Although FIPS 140 is primarily a North American government cryptographic standard, it is widely recognized as a global benchmark for cryptographic security. Numerous countries outside North America align their cryptographic requirements with FIPS, especially in regulated sectors such as finance, defense, healthcare, and critical infrastructure.
| Australia | Referenced for government, defense, and cryptography systems. |
@@ -74,7 +80,7 @@ Although FIPS 140 is primarily a North American government cryptographic standar
74
80
| UAE | Trusted in finance, energy, and interoperability with the U.S. cryptography.|
75
81
| United Kingdom | Referenced for defense, health, and procurement standards. |
76
82
| United States | Mandatory for federal government systems and contractors. |
77
-
{{< /bootstrap-table >}}
83
+
{{< /table >}}
78
84
79
85
## FIPS compliant vs FIPS validated
80
86
@@ -129,7 +135,7 @@ The process uses Red Hat Enterprise Linux (RHEL) release 9.6 as an example and c
129
135
130
136
### Step 1: Configure the operating system to use FIPS mode {#os-fips-setup}
131
137
132
-
For the purposes of the following demonstration, we installed and configured a RHEL 9.6 server. The [Red Hat FIPS documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations#sec-Enabling-FIPS-Mode) explains how to switch the operating system between FIPS mode and non‑FIPS mode by editing the boot options and restarting the system.
138
+
For the purposes of the following demonstration, we installed and configured a RHEL 9.6 server. The [Red Hat FIPS documentation](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/switching-rhel-to-fips-mode_security-hardening) explains how to switch the operating system between FIPS mode and non‑FIPS mode by editing the boot options and restarting the system.
133
139
134
140
For instructions for enabling FIPS mode on other FIPS‑compliant Linux operating systems, see the operating system documentation, for example:
0 commit comments