Merge branch 'main' into nap-release-5.5

Author: ADubhlaoich

.github/pull_request_template.md

@@ -19,20 +19,18 @@ Closes #ISSUE
 
 ### Checklist
 
-Before creating a PR, run through this checklist and mark each as complete.
+Before merging a pull request, run through this checklist and mark each as complete.
 
 - [ ] I have read the [contributing guidelines](/CONTRIBUTING.md)
 - [ ] I have signed the [F5 Contributor License Agreement (CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md)
+- [ ] I have ensured that documentation content adheres to [the style guide](/templates/style-guide.md)
+- [ ] If the change involves potentially sensitive changes, I have assessed the possible impact
 - [ ] If applicable, I have added tests that prove my fix is effective or that my feature works
 - [ ] If applicable, I have checked that any relevant tests pass after adding my changes
 - [ ] I have updated any relevant documentation ([`README.md`](/README.md) and [`CHANGELOG.md`](/CHANGELOG.md))
 - [ ] I have rebased my branch onto main
 - [ ] I will ensure my PR is targeting the main branch and pulling from my branch from my own fork
-- [ ] If the change involves:
-  - Code
-  - Anything that resembles Personally identifying information (PII)
-    - Make sure to use placeholders such as `<username>` in place of PII
-  - URLs (watch for [typosquatting](https://support.microsoft.com/en-us/topic/what-is-typosquatting-54a18872-8459-4d47-b3e3-d84d9a362eb0))
-  - Significant new/revised content
-    
-  In these cases, the change will require at least two (2) approvals before merging
+
+Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation.
+
+Please refer to [our style guide](/templates/style-guide.md) for guidance about placeholder content.

.github/workflows/daily-deploy.yml

@@ -8,7 +8,7 @@ on:
         - cron: '0 1 * * *'
 jobs:
     trigger:
-        uses: nginxinc/docs/.github/workflows/build-push.yml@main
+        uses: nginx/documentation/.github/workflows/build-push.yml@main
         with:
             environment: "prod"
         secrets:

.github/workflows/fossa.yml

@@ -25,6 +25,6 @@ jobs:
         uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
 
       - name: Scan
-        uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0
+        uses: fossas/fossa-action@93a52ecf7c3ac7eb40f5de77fd69b1a19524de94 # v1.5.0
         with:
           api-key: ${{ secrets.FOSSA_TOKEN }}

.github/workflows/linkchecker.yml

@@ -31,7 +31,7 @@ env:
     --ignore-url ^https://lightstep.com --ignore-url ^https://www.owasp.org/ --ignore-url ^https://www.maxmind.com --ignore-url ^https://www.splunk.com/
     --ignore-url ^https://oauth2.googleapis.com --ignore-url ^https://openidconnect.googleapis.com --ignore-url ^https://www.base64url.com/
     --ignore-url ^https://go.googlesource.com/ --ignore-url ^https://go.googlesource.com/sync --ignore-url ^https://linkerd.io/2.13/
-    --ignore-url ^http://www.redirectpage.com/
+    --ignore-url ^http://www.redirectpage.com/ --ignore-url ^https://www.gnu.org/
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-ingress-controller/css
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginxaas/azure/css
     --ignore-url ^https://\([a-zA-Z0-9-]+\).nginx.com/nginx-gateway-fabric/css

.github/workflows/ossf_scorecard.yml

@@ -56,6 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload SARIF results to code scanning
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5
         with:
           sarif_file: results.sarif

.github/workflows/stale.yml

@@ -18,7 +18,7 @@ jobs:
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9.0.0
+      - uses: actions/stale@v9.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: 'This issue is stale because it has been open for 90 days with no activity. Remove the stale label or add a comment to keep it open. If you do not take action, this will be closed in 10 days.'

config/_default/config.toml

@@ -7,14 +7,15 @@ pygmentsUseClasses = true
 enableGitInfo = true
 
 [permalinks]
+  amplify = '/nginx-amplify/:sections[1:]/:filename'
   controller = '/nginx-controller/:sections[1:]/:filename'
+  mesh = '/nginx-service-mesh/:sections[1:]/:filename'
   modsec-waf = '/nginx-waf/:sections[1:]/:filename'
   nap-dos = '/nginx-app-protect-dos/:sections[1:]/:filename'
   nap-waf = '/nginx-app-protect-waf/:sections[1:]/:filename'
-  nms = '/nginx-management-suite/:sections[1:]/:filename'
-  amplify = '/nginx-amplify/:sections[1:]/:filename'
-  mesh = '/nginx-service-mesh/:sections[1:]/:filename'
+  ngf = '/nginx-gateway-fabric/:sections[1:]/:filename'
   nim = '/nginx-instance-manager/:sections[1:]/:filename'
+  nms = '/nginx-management-suite/:sections[1:]/:filename'
 
 [caches]
   [caches.modules]
@@ -36,7 +37,7 @@ enableGitInfo = true
   buildtype = "webdocs"
   RSSLink = "/index.xml"
   author = "NGINX Inc." # add your company name
-  github = "nginxinc" # add your github profile name
+  github = "nginx" # add your github profile name
   twitter = "@nginx" # add your twitter profile
   noindex_kinds = [
     "taxonomy",

content/includes/licensing-and-reporting/log-location-and-monitoring.md

@@ -0,0 +1,33 @@
+---
+docs:
+---
+
+Monitor the [NGINX error log](https://nginx.org/en/docs/ngx_core_module.html#error_log), typically located at `/var/log/nginx/error.log`, for subscription-related issues — such as failed usage reports or approaching license expirations — to catch problems early and keep your subscription compliant.
+
+<br>
+
+Examples of subscription-related log entries include:
+
+- **Failure to upload usage reports**:
+
+  ``` text
+  [error] 36387#36387: server returned 500 for <fqdn>:<port> during usage report
+  [error] 36528#36528: <fqdn>:<port> could not be resolved (host not found) during usage report
+  [error] 36619#36619: connect() failed (111: Connection refused) for <fqdn>:<port> during usage report
+  [error] 38888#88: server returned 401 for <ip_address>:443 during usage report
+  ```
+
+- **License approaching expiration**:
+
+  ``` text
+  [warn] license will expire in 14 days
+  ```
+
+- **License expiration**:
+
+  ``` text
+  [alert] license expiry; grace period will end in 89 days
+  [emerg] license expired
+  ```
+
+  {{<important>}}When a license expires, NGINX Plus stops processing traffic.{{</important>}}

content/includes/ngf/index.md

@@ -0,0 +1,3 @@
+---
+headless: true
+---

content/includes/ngf/installation/delay-pod-termination/delay-pod-termination-overview.md

@@ -0,0 +1,9 @@
+---
+docs: "DOCS-1441"
+---
+
+To avoid client service interruptions when upgrading NGINX Gateway Fabric, you can configure [`PreStop` hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) to delay terminating the NGINX Gateway Fabric pod, allowing the pod to complete certain actions before shutting down. This ensures a smooth upgrade without any downtime, also known as a zero downtime upgrade.
+
+For an in-depth explanation of how Kubernetes handles pod termination, see the [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination) topic on their official website.
+
+{{<note>}}Keep in mind that NGINX won't shut down while WebSocket or other long-lived connections are open. NGINX will only stop when these connections are closed by the client or the backend. If these connections stay open during an upgrade, Kubernetes might need to shut down NGINX forcefully. This sudden shutdown could interrupt service for clients.{{</note>}}