Merge branch 'main' into update-pr-template

Author: ADubhlaoich

CONTRIBUTING.md

@@ -30,7 +30,7 @@ To suggest a feature or enhancement, open an issue on GitHub with the label
 `feature` or `enhancement` using the available feature request issue template.
 Please ensure the feature or enhancement has not already been suggested.
 
-## Open a discussion
+## Open a Discussion
 
 If you want to start a conversation with the community and maintainers,
 we encourage you to use
@@ -48,7 +48,7 @@ To contribute to F5 NGINX documentation, follow these steps:
 Alternatively, you're welcome to suggest improvements to highlight problems with
 our documentation as described in our [support](./SUPPORT.md) page.
 
-### Git Style Guide
+### Git style guide
 
 - Keep a clean, concise and meaningful Git commit history on your branch, rebasing locally and squashing before you submit a PR
 - Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/>
@@ -61,6 +61,15 @@ our documentation as described in our [support](./SUPPORT.md) page.
   - Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in
     your text editor to write a good message instead of `git commit -am`)
 
+#### Branch protection rules
+
+This repository has the following branch protection rules in place:
+
+- **Pushing branches that contain the "internal/" prefix is not allowed.** This ensures internal development branches are not accidentally or purposefully pushed to this repo.
+- **Two approvers are required for all merges to main and release branches.** This ensures all code that is approved for release to production is appropriately reviewed. This rule applies to all branches with `*release*` in the branch name.
+- **Only NGINX DocOps Team members can create release branches.** This ensures the docs team is aware of all branches supporting specific product releases. This rule applies to all branches with `*release*` in the branch name.
+- **Pushes (force or otherwise) directly to main or release branches is not allowed.** Release branches serve as "main" for the release they are associated with. Restricting pushes directly to main and release branches ensures all content changes are reviewed and approved. This rule applies to all branches with `*release*` in the branch name and to "main".
+
 ### Documentation style guide
 
 For detailed guidance, see our documentation [style guide](./templates/style-guide.md).

CONTRIBUTING_DOCS.md

@@ -146,7 +146,7 @@ Here are some other shortcodes:
 - `tab`: Create mutually exclusive tabbed window panes, useful for parallel instructions
 - `table`: Add scrollbars to wide tables for browsers with smaller viewports
 - `link`: Link to a file, prepending its path with the Hugo baseUrl
-- `openapi`: Loads an OpenAPI specifcation and render it as HTML using ReDoc
+- `openapi`: Loads an OpenAPI specification and render it as HTML using ReDoc
 - `include`: Include the content of a file in another file; the included file must be present in the '/content/includes/' directory
 - `raw-html`: Include a block of raw HTML
 - `readfile`: Include the content of another file in the current file, which can be in an arbitrary location.

content/amplify/faq/nginx-amplify-agent.md

@@ -13,16 +13,16 @@ The F5 NGINX Amplify Agent is currently officially packaged and supported for th
 
   * Ubuntu 22.04 "jammy" (amd64/arm64)
   * Ubuntu 20.04 "focal" (amd64/arm64)
-  * Ubuntu 18.04 "bionic" (amd64/arm64)
   * Debian 12 "bookworm" (amd64/arm64)
   * Debian 11 "bullseye" (amd64/arm64)
-  * Debian 10 "buster" (amd64/arm64)
   * RHEL/CentOS/OEL 9 (amd64/arm64)
   * Amazon Linux 2 LTS (amd64/arm64)
 
 The following platforms are no longer supported but still can be used with older agent packages powered by Python 3:
 
   * RHEL/CentOS/OEL 8 (amd64/arm64)
+  * Ubuntu 18.04 "bionic" (amd64/arm64)
+  * Debian 10 "buster" (amd64/arm64)
 
 The following platforms are no longer supported but still can be used with older agent packages powered by Python 2:
 

content/amplify/nginx-amplify-agent/install/installing-amplify-agent.md

@@ -9,7 +9,7 @@ docs: "DOCS-968"
 
 To use F5 NGINX Amplify to monitor your infrastructure, you need to install NGINX Amplify Agent on each system you wish to monitor.
 
-{{< note >}} NGINX Amplify Agent will drop *root* privileges on startup. It will then use the user ID of the user `nginx` to set its effective user ID. The package install procedure will add the `nginx` user automatically unless it's already found in the system. If the [user](http://nginx.org/en/docs/ngx_core_module.html#user) directive appears in the NGINX configuration, NGINX Amplify Agent will pick up the user specified in the NGINX config for its effective user ID (e.g. `www-data`). {{< /note >}}
+{{< note >}} NGINX Amplify Agent will drop *root* privileges on startup. It will then use the user ID of the user `nginx` to set its effective user ID. The package install procedure will add the `nginx` user automatically unless it's already found in the system. If the [user](https://nginx.org/en/docs/ngx_core_module.html#user) directive appears in the NGINX configuration, NGINX Amplify Agent will pick up the user specified in the NGINX config for its effective user ID (e.g. `www-data`). {{< /note >}}
 
 ## Using the Install Script
 
@@ -39,30 +39,30 @@ Take the following steps to install NGINX Amplify Agent:
 1. Add the NGINX public key.
 
    ```bash
-   curl -fs http://nginx.org/keys/nginx_signing.key | apt-key add -
+   curl -fs https://nginx.org/keys/nginx_signing.key | apt-key add -
    ```
 
    or
 
    ```bash
    wget -q -O - \
-   http://nginx.org/keys/nginx_signing.key | apt-key add -
+   https://nginx.org/keys/nginx_signing.key | apt-key add -
    ```
 
 2. Configure the repository as follows.
 
     ```bash
     codename=`lsb_release -cs` && \
     os=`lsb_release -is | tr '[:upper:]' '[:lower:]'` && \
-    echo "deb http://packages.amplify.nginx.com/${os}/ ${codename} amplify-agent" > \
+    echo "deb https://packages.amplify.nginx.com/py3/${os} ${codename} amplify-agent" > \
     /etc/apt/sources.list.d/nginx-amplify.list
     ```
 
-3. Verify the repository config file (Ubuntu 14.04 example follows).
+3. Verify the repository config file (Ubuntu 22.04 example follows).
 
     ```bash
     cat /etc/apt/sources.list.d/nginx-amplify.list
-    deb http://packages.amplify.nginx.com/ubuntu/ trusty amplify-agent
+    deb https://packages.amplify.nginx.com/py3/ubuntu jammy amplify-agent
     ```
 
 4. Update the package index files.
@@ -82,14 +82,14 @@ Take the following steps to install NGINX Amplify Agent:
 1. Add the NGINX public key.
 
     ```bash
-    curl -sS -L -O http://nginx.org/keys/nginx_signing.key && \
+    curl -sS -L -O https://nginx.org/keys/nginx_signing.key && \
     rpm --import nginx_signing.key
     ```
 
    or
 
     ```bash
-    wget -q -O nginx_signing.key http://nginx.org/keys/nginx_signing.key && \
+    wget -q -O nginx_signing.key https://nginx.org/keys/nginx_signing.key && \
     rpm --import nginx_signing.key
     ```
 
@@ -99,23 +99,23 @@ Take the following steps to install NGINX Amplify Agent:
 
     ```bash
     release="7" && \
-    printf "[nginx-amplify]\nname=nginx amplify repo\nbaseurl=http://packages.amplify.nginx.com/centos/${release}/\$basearch\ngpgcheck=1\nenabled=1\n" > \
+    printf "[nginx-amplify]\nname=nginx amplify repo\nbaseurl=https://packages.amplify.nginx.com/py3/centos/${release}/\$basearch\ngpgcheck=1\nenabled=1\n" > \
     /etc/yum.repos.d/nginx-amplify.repo
     ```
 
     ```bash
     release="latest" && \
-    printf "[nginx-amplify]\nname=nginx amplify repo\nbaseurl=http://packages.amplify.nginx.com/amzn/${release}/\$basearch\ngpgcheck=1\nenabled=1\n" > \
+    printf "[nginx-amplify]\nname=nginx amplify repo\nbaseurl=https://packages.amplify.nginx.com/py3/amzn/${release}/\$basearch\ngpgcheck=1\nenabled=1\n" > \
     /etc/yum.repos.d/nginx-amplify.repo
     ```
 
-3. Verify the repository config file (RHEL 7.1 example follows).
+3. Verify the repository config file (RHEL 9.5 example follows).
 
     ```bash
     cat /etc/yum.repos.d/nginx-amplify.repo
     [nginx-amplify]
     name=nginx repo
-    baseurl=http://packages.amplify.nginx.com/centos/7/$basearch
+    baseurl=https://packages.amplify.nginx.com/centos/9/$basearch
     gpgcheck=1
     enabled=1
     ```

content/nap-waf/v4/logging-overview/security-log.md

@@ -274,7 +274,6 @@ The table below lists attributes that are generated in the security logs. When u
 | enforced_bot_anomalies | Comma-separated list of anomalies that caused the request to be blocked. | default, grpc |
 | grpc_method | The method name of the gRPC request (derived from the URI). Not to be confused with `http_method`. Applicable only to requests that are processed by a gRPC Content Profile. The value is `N/A` in other cases. | grpc |
 | grpc_service | The service name of the gRPC request (derived from the URI). Applicable only to requests that are processed by a gRPC Content Profile. The value is `N/A` in other cases. | grpc |
-| grpc_message | The value of the `grpc-message` header | grpc |
 | compression_method | The compression algorithm used for the present message. Currently one of: <ul><li>gzip</li><li>deflate</li><li>none</li><li>n/a</li></ul> | grpc |
 |headers | The headers part of the request including the query string but not the body. | grpc |
 |ip_client | The source IP of the client initiating the request<br>       Note: if a proxy is being used, this may differ from the IP in the `X-Forwarded-For` header. | default, grpc |

content/nap-waf/v5/logging-overview/security-log.md

@@ -256,7 +256,6 @@ The table below lists attributes that are generated in the security logs. When u
 | enforced_bot_anomalies | Comma-separated list of anomalies that caused the request to be blocked. | default, grpc |
 | grpc_method | The method name of the gRPC request (derived from the URI). Not to be confused with 'http_method`. Applicable only to requests that are processed by a gRPC Content Profile. The value is `N/A` in other cases. | grpc |
 | grpc_service | The service name of the gRPC request (derived from the URI). Applicable only to requests that are processed by a gRPC Content Profile. The value is `N/A` in other cases. | grpc |
-| grpc_message | The value of the `grpc-message` header | grpc |
 | compression_method | The compression algorithm used for the present message. Currently one of: <ul><li>gzip</li><li>deflate</li><li>none</li><li>n/a</li></ul> | grpc |
 |headers | The headers part of the request including the query string but not the body. | grpc |
 |ip_client | The source IP of the client initiating the request<br>       Note: if a proxy is being used, this may differ from the IP in the `X-Forwarded-For` header. | default, grpc |

content/nginx-one/getting-started.md

@@ -51,6 +51,14 @@ Data plane keys expire after one year. You can change this expiration date later
 
 After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install the NGINX Agent. Once installed, the NGINX Agent typically registers with NGINX One within a few seconds.
 
+{{<call-out "important" "Connecting to NGINX One" >}}
+The NGINX Agent must be able to establish a connection to the NGINX One Console's Agent endpoint (`agent.connect.nginx.com`). Ensure that any firewall rules you have in place for your NGINX hosts allows network traffic to port `443` for all of the following IPs:
+
+- `3.135.72.139`
+- `3.133.232.50`
+- `52.14.85.249`
+{{</call-out>}}
+
 To install the NGINX Agent on an NGINX instance:
 
 1. **Check if NGINX is running and start it if it's not:**

content/nginx-one/how-to/data-plane-keys/create-manage-data-plane-keys.md

@@ -60,11 +60,11 @@ If you need to deactivate a data plane key before its expiration date, follow th
 4. A confirmation dialog will appear. Select **Revoke** to confirm.
 
 
-## Delete a data plane key (API only)
+## Delete a data plane key
 
-In this release, you need to use the NGINX One REST API to delete a data plane key. However, before you can delete a key, it must be revoked. You can revoke a key either through the NGINX One console, as explained above, or by using the REST API.
+Before you can delete a key, it must be expired or revoked. You can revoke a key either through the NGINX One console, as explained above, or by using the REST API. Once deleted, all information about the data plane key is permanently removed.
 
-To delete a data plane key using the NGINX One REST API, see these guides:
-
-- [Authenticate with the NGINX One REST API]({{< relref "nginx-one/api/authentication.md" >}})
-- [Delete a data plane key: NGINX One API Reference]({{< relref "nginx-one/api/api-reference-guide.md#operation/deleteDataPlaneKey" >}})
+1. On the left menu, select **Data Plane Keys**.
+2. Find the key you want to revoke in the list of expired or revoked keys.
+3. Next to the key name, select the check box. You can select multiple keys at the same time.
+4. Select **Delete selected**.

content/nginx-one/how-to/nginx-configs/add-instance.md

@@ -37,13 +37,15 @@ In either case, NGINX One Console gives you a choice for data plane keys:
 - Create a new key
 - Use an existing key
 
-NGINX One Console takes the option you use, and adds the data plane key to a command that you'd use to register your target instance. You should see the call in the **Add Instance** screen in the console. The command looks like:
+NGINX One Console takes the option you use, and adds the data plane key to a command that you'd use to register your target instance. You should see the command in the **Add Instance** screen in the console.
+
+Connect to the host where your NGINX instance is running. Run the provided command to [install NGINX Agent]({{< relref "/nginx-one/getting-started#install-nginx-agent" >}}) dependencies and packages on that host.
 
 ```bash
-curl https://<tenant URL>/nginx-agent/install | DATA_PLANE_KEY="<data_plane_key>" sh -s -- -y
+curl https://agent.connect.nginx.com/nginx-agent/install | DATA_PLANE_KEY="<data_plane_key>" sh -s -- -y
 ```
 
-Sign in to the instance that you want to add. Run that command. If needed, the script [installs NGINX Agent]({{< relref "/nginx-one/getting-started#install-nginx-agent" >}}) dependencies and packages. Once the process is complete, you can configure that instance in your NGINX One Console.
+Once the process is complete, you can configure that instance in your NGINX One Console.
 
 ## Managed and Unmanaged Certificates