docs: transfer N4A docs (#196)

* docs: transfer N4A docs

* docs: add url meta

* docs: convert markdown images to shortcode images

---------

Co-authored-by: Alan Dooley <[email protected]>

Author: JTorreG

.github/workflows/linkchecker.yml

@@ -72,7 +72,7 @@ jobs:
         uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           creds: ${{secrets.AZURE_CREDENTIALS_DOCS}}
- 
+
       - name: Retrieve secrets from Keyvault
         if: env.isProduction != 'true'
         id: keyvault

config/_default/config.toml

@@ -16,7 +16,9 @@ enableGitInfo = true
   ngf = '/nginx-gateway-fabric/:sections[1:]/:filename'
   nim = '/nginx-instance-manager/:sections[1:]/:filename'
   nms = '/nginx-management-suite/:sections[1:]/:filename'
+  unit = '/nginx-unit/:sections[1:]/:filename'
   agent = '/nginx-agent/:sections[1:]/:filename'
+  nginxaas = '/nginxaas/azure/:sections[1:]/:filename'
 
 [caches]
   [caches.modules]

content/includes/nginxaas-azure/logging-analysis-azure-storage.md

@@ -0,0 +1,48 @@
+---
+docs: "DOCS-000"
+---
+
+If the diagnostic setting destination details included a storage account, logs show up in the storage container "insights-logs-nginxlogs" with the following format: `resourceID=/<NGINXaaS-resourceID>/y=<YYYY>/m=<MM>/d=<DD>/h=<HH>/PT1H.json`
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+| **Attribute**               | **Description** |
+|-----------------------------|-----------------|
+| `<NGINXaaS-resourceID>`     | The resourceID of the NGINXaaS deployment in upper case.|
+| `<YYYY>`                    | The four-digit year when the log batch was generated.|
+| `<MM>`                      | The two-digit month when the log batch was generated.|
+| `<DD>`                      | The two-digit day when the log batch was generated.|
+| `<HH>`                      | The two-digit hour value that indicates the starting hour for the log batch, in 24 hour UTC format|
+{{</bootstrap-table>}}
+
+{{<note>}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Azure Storage container.{{</note>}}
+
+Each log event in the "PT1H.json" file is written in a new line delimited JSON text format. The properties that show up in each log line are described in the [Top Level Common Schema](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-schema#top-level-common-schema) documentation.
+
+For instance, an access log event logging to a particular file path will have attributes similar to this example:
+
+```yaml
+{
+	"category": "NginxLogs",
+	"location": "westcentralus",
+	"operationName": "NGINX.NGINXPLUS/NGINXDEPLOYMENTS/LOG",
+	"properties": {
+		"message": "172.92.129.50 - \"-\" [18/Jan/2024:17:59:00 +0000] \"GET / HTTP/1.1\" 200 11232 \"-\" \"curl/8.4.0\" \"-\" \"20.69.58.179\" sn=\"localhost\" rt=0.000 ua=\"-\" us=\"-\" ut=\"-\" ul=\"-\" cs=\"-\" ",
+		"filePath": "/var/log/nginx/access.log"
+	},
+	"resourceId": "/SUBSCRIPTIONS/FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF/RESOURCEGROUPS/RESOURCEGROUP1/PROVIDERS/NGINX.NGINXPLUS/NGINXDEPLOYMENTS/TEST1",
+	"time": "2024-01-18T17:59:00.363956795Z"
+}
+```
+
+If [syslog-based](#logging-to-syslog) logs are used, the log event entry has different **properties** sub-fields:
+
+```yaml
+#...
+"properties": {
+		"message": "172.92.129.50 - - [16/Jan/2024:18:00:00 +0000] \"GET / HTTP/1.1\" 200 11232 \"-\" \"curl/8.4.0\"",
+		"tag": "nginx",
+		"severity": "info",
+		"facility": "local7"
+	},
+#...
+```

content/includes/nginxaas-azure/logging-analysis-logs-analytics.md

@@ -0,0 +1,30 @@
+---
+docs: "DOCS-000"
+---
+
+If the diagnostic setting destination details included a Logs Analytics workspace, logs show up in the table "NGXOperationLogs" with the following non-standard attributes:
+
+{{<bootstrap-table "table table-striped table-bordered">}}
+| **Attribute**               | **Description** |
+|-----------------------------|-----------------|
+| **Location**                  | The location of the NGINXaaS resource.|
+| **Message**                 | The generated NGINX log line. |
+| **FilePath**                 | The path to which NGINX logs were configured to be logged to if the nginx config used file-based logs. |
+| **Tag**                 | The tag with which NGINX logs were generated if syslog-based log configuration is used. By default this is nginx |
+| **Facility**                 | The syslog facility with which NGINX logs were generated if syslog-based log configuration is used. |
+| **Severity**                | The syslog severity with which NGINX logs were generated if syslog-based log configuration is used. |
+
+{{</bootstrap-table>}}
+
+Using a [KQL](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/), a custom query can be run to view the logs:
+
+```
+NGXOperationLogs
+| where Location contains "eastus"
+```
+
+For more information on the standard attributes that appear in Logs Analytics,see the [Standard columns in Azure Monitor Logs](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-standard-columns) documentation.
+
+For more information on using [KQL](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/) see [Queries in Log Analytics](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/queries?tabs=groupby).
+
+{{<note>}}It can take up to 90 minutes after adding diagnostic settings for logs to appear in the provided Logs Analytics Workspace.{{</note>}}

content/includes/nginxaas-azure/logging-config-access-logs.md

@@ -0,0 +1,39 @@
+---
+docs: "DOCS-000"
+---
+
+NGINX access logs are disabled by default. You can enable access logs by adding **access_log** directives to your NGINX configuration to specify the location of the logs and formats. The log path should always be configured to be inside **/var/log/nginx**.
+
+```nginx
+http {
+	log_format myfmt '$remote_addr - $remote_user [$time_local] '
+						   '"$request" $status $body_bytes_sent '
+						   '"$http_referer" "$http_user_agent" "$gzip_ratio"';
+
+	access_log /var/log/nginx/nginx-access.log myfmt;
+	# ...
+}
+```
+
+{{<note>}} The **$time_local** variable includes the date and time for each log. It helps with ordering logs after export. {{</note>}}
+
+To explicitly disable access logs, apply the following config:
+
+```nginx
+http {
+	access_log off;
+}
+```
+
+or
+
+```nginx
+http {
+	access_log /dev/null;
+}
+```
+
+To learn more about how to specify `access__log` in different configuration levels and their effect, see [access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log)
+
+{{<warning>}}Unless you use **syslog**, keep NGINX logs in the **/var/log/nginx** directory. Otherwise, you may lose data from your logs.
+{{</warning>}}

content/includes/nginxaas-azure/logging-config-error-logs.md

@@ -0,0 +1,19 @@
+---
+docs: "DOCS-000"
+---
+
+By default, NGINXaaS for Azure puts the error log at **/var/log/nginx/error.log**. It includes messages with severity **error** and above.
+
+While you should configure log files in the **/var/log/nginx** directory, you can change the filename and severity level. For example, the following line in the NGINX configuration sends errors to the `nginx-error.log` file, and limits messages to a severity level of **emerg**:
+
+```nginx
+error_log /var/log/nginx/nginx-error.log emerg;
+```
+
+Alternatively, you can disable error logs completely with the following line:
+
+```nginx
+error_log /dev/null;
+```
+
+To learn more about how to specify `error_log` in different configuration levels, see the documentation of the [error_log](https://nginx.org/en/docs/ngx_core_module.html?#error_log) directive.

content/includes/nginxaas-azure/logging-limitations.md

@@ -0,0 +1,8 @@
+---
+docs: "DOCS-000"
+---
+
+1. File-based logs must be configured to use the path **/var/log/nginx**.
+1. The **gzip** parameter for the **access_log** directive is not supported, and uploading a config with this parameter will cause an error.
+1. Logging **error_log** to a cyclic memory buffer using the **memory:** prefix is not allowed and will cause a config upload error.
+1. Egress Networking charges apply for traffic sent from the NGINX deployment to a syslog server present in a different VNet.

content/includes/nginxaas-azure/ncu-description.md

@@ -0,0 +1,11 @@
+---
+docs: "DOCS-1476"
+---
+
+An NGINX Capacity Unit (NCU) quantifies the capacity of an NGINX instance based on the underlying compute resources. This abstraction allows you to specify the desired capacity in NCUs without having to consider the regional hardware differences.
+
+An NGINX Capacity Unit consists of the following parameters:
+
+* CPU: an NCU provides 20 [Azure Compute Units](https://learn.microsoft.com/en-us/azure/virtual-machines/acu) (ACUs)
+* Bandwidth: an NCU provides 60 Mbps of network throughput
+* Concurrent connections: an NCU provides 400 concurrent connections. This performance is not guaranteed when NGINX App Protect WAF is used with NGINXaaS

content/includes/nginxaas-azure/ssl-tls-prerequisites.md

@@ -0,0 +1,21 @@
+---
+docs: "DOCS-000"
+---
+
+- AKV to store certificates that you want to add to the deployment.
+
+- A user or system assigned identity associated with your NGINXaaS deployment. Ensure that your managed identity (MI) has read access to secrets stored in AKV:
+
+  - If using Azure RBAC for AKV, ensure that your MI has [Key Vault Secrets User](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-secrets-user) or higher permissions.
+
+  - If using Access Policies for AKV, ensure that your MI has *GET secrets* or higher permissions.
+
+- In addition to the MI permissions, if using the Azure portal to manage certificates, ensure that you have read access to list certificates inside the Key Vault:
+
+  - If using Azure RBAC for AKV, ensure that you have [Key Vault Reader](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-reader) or higher permissions.
+
+  - If using Access Policies for AKV, ensure that you have *LIST certificates* or higher permissions.
+
+  - If public access is disabled on your key vault, [configure Network Security Perimeter]({{< relref "/nginxaas-azure/quickstart/security-controls/certificates.md#configure-network-security-perimeter-nsp" >}}) and add an inbound access rule to allow your client IP address.
+
+- If you're unfamiliar with Azure Key Vault, check out the [Azure Key Vault concepts](https://docs.microsoft.com/en-us/azure/key-vault/general/basic-concepts) documentation from Microsoft.

content/includes/nginxaas-azure/terraform-prerequisites.md

@@ -0,0 +1,9 @@
+---
+docs: "DOCS-000"
+---
+
+- Confirm that you meet the [NGINXaaS Prerequisites]({{< relref "/nginxaas-azure/getting-started/prerequisites.md" >}}).
+- [Authenticate Terraform to Azure](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure)
+- [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install)
+
+{{< caution >}} The examples in the NGINXaaS for Azure Snippets GitHub repository use the prerequisites module [available in the same repository](https://github.com/nginxinc/nginxaas-for-azure-snippets/tree/main/terraform/prerequisites). {{< /caution >}}