Merge branch 'main' into feature-mjang-cert-csg-changelog

Author: mjang

.github/workflows/linkchecker.yml

@@ -104,7 +104,7 @@ jobs:
       # Run LinkChecker
       - name: Run LinkChecker on ${{ matrix.doc_paths }}
         continue-on-error: ${{ env.isProduction != 'true' }}
-        uses: nick-fields/retry@c97818ca39074beaea45180dba704f92496a0082 # v3.0.1
+        uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
         with:
           timeout_minutes: 10
           max_attempts: 3

content/nginx/deployment-guides/amazon-web-services/high-availability-network-load-balancer.md

@@ -41,7 +41,7 @@ NGINX Plus also provides reverse‑proxy and load balancing features, including
 - [Management and real‑time configuration changes with DevOps‑friendly tools](https://www.nginx.com/products/nginx/load-balancing/#load-balancing-api)
 
 <span id="overview"></span>
-## Solution Overview
+## Solution overview
 
 The combined solution described further in these instructions consists of:
 
@@ -88,7 +88,7 @@ The steps to set up an AWS NLB for an HA, all‑active NGINX Plus deployment i
 - [Launch the AWS NLB](#nlb-launch)
 
 <span id="nlb-eip"></span>
-### Allocate an Elastic IP Address
+### Allocate an Elastic IP address
 
 The first step is to allocate an Elastic IP address, which becomes the fixed IP address for your AWS NLB. Using an Elastic IP address is optional, but it is strongly recommended that you do so. With a dynamic IP address, the AWS NLB might not remain reachable if you reconfigure or restart it.
 
@@ -139,7 +139,7 @@ The new Elastic IP address displays on the **Elastic IPs** dashboard. Make a no
 5. Select the *Next: Configure Routing* button. The **Step 2: Configure Routing** window opens.
 
 <span id="nlb-routing-options"></span>
-### Configure the AWS NLB Routing Options
+### Configure the AWS NLB routing options
 
 In this step, you create a _target group_, using the **Step 2: Configure Routing** window. The target group contains the set of EC2 instances across which your AWS NLB load balances traffic. You specify those EC2 instances later, in the step [Register Instances in the Target Group](#nlb-register-instances)).
 
@@ -169,7 +169,7 @@ In this step, you create a _target group_, using the **Step 2: Configure Routing
 3. Select the *Next: Register Targets* button. The **Step 3: Register Targets** window opens.
 
 <span id="nlb-register-instances"></span>
-### Register Instances in the Target Group
+### Register instances in the target group
 
 In this step, you add instances to the empty target group you created in the previous section. Use the the **Step 3: Register Targets** window to add both NGINX Plus load balancer instances.
 
@@ -242,7 +242,7 @@ Use our Packer and Terraform scripts to completely automate the process:
 Once you have created and configured the EC2 instances, your prerequisites are complete. Continue to [Configure an AWS Network Load Balancer](#nlb-configure).
 
 <span id="create-instance-install-nginx"></span>
-#### Create EC2 Instances and Install the NGINX Software
+#### Create EC2 instances and install the NGINX software
 
 The deployed solution in these instructions uses six EC2 instances. Two instances run NGINX Plus. These load balance traffic to the other four instances, which run NGINX Open Source as a web server. The four NGINX Open Source instances deploy in two pairs; each pair runs a different app.
 
@@ -267,7 +267,7 @@ Assign the following names to the instances, then install the indicated NGINX so
 <a href="/nginx/images/aws-nlb-instances-summary.png"><img src="/nginx/images/aws-nlb-instances-summary.png" alt="" width="1024" height="263" class="aligncenter size-full wp-image-54856" style="border:2px solid #666666; padding:2px; margin:2px;" /></a>
 
 <span id="configure-web-servers"></span>
-#### Configure NGINX Open Source on the Web Servers
+#### Configure NGINX Open Source on the web servers
 
 Configure NGINX Open Source instances as web servers. These should return a page specifying the server name, address, and other information. As an example, here's the page returned by *App 1*:
 
@@ -285,7 +285,7 @@ Repeat the instructions on all four web servers:
   - <span style="color:#666666; font-weight:bolder">ngx-oss-app2-2</span>
 
 <span id="configure-load-balancers"></span>
-#### Configure NGINX Plus on the Load Balancers
+#### Configure NGINX Plus on the load balancers
 
 Configure NGINX Plus instances as load balancers. These distribute requests to NGINX Open Source web servers set up in [Configure NGINX Open Source on the Web Servers](#configure-web-servers).
 
@@ -294,7 +294,7 @@ Use the *Step‑by‑step* instructions in our deployment guide, [Setting Up an
 Repeat the instructions on both <span style="color:#666666; font-weight:bolder; white-space: nowrap;">ngx-plus-1</span> and <span style="color:#666666; font-weight:bolder; white-space: nowrap;">ngx-plus-2</span>.
 
 <span id="create-instances-automated"></span>
-### Automate Instance Setup with Packer and Terraform
+### Automate instance setup with Packer and Terraform
 
 You can automate set up of the six instances described in these instructions. Automation is an alternative to creating and configuring each instance one at a time. To automate the set up, use the Packer and Terraform scripts from our [GitHub repository](https://github.com/nginxinc/NGINX-Demos/tree/master/aws-nlb-ha-asg). These scripts will:
 

layouts/redoc/single.html

@@ -60,24 +60,32 @@
   }
 </style>
 <!--Use wide page layout for the API reference pages-->
-<div
-  class="row flex-md-nowrap"
-  style="
-    position: relative;
-    flex-wrap: nowrap;
-    margin-right: 9px;
-    max-width: calc(100% + 9px);
-  "
->
-  <nav
-    class="sidenav overflow-auto col-md-3 d-none d-md-block d-print-none sidebar-toggle-hidden-width"
-    style="width: 25%; border-right: 1px solid #e6e6e6"
-    ;
+<section class="main-layout api">
+  <div class="sidebar-layout" data-mf="true" style="display:none;">
+    <nav id="sidebar-v2" class="sidebar">
+      {{ partial "sidebar-v2.html" . }}
+    </nav>
+  </div>
+  <div
+    class="row flex-md-nowrap content-layout"
+    style="
+      position: relative;
+      flex-wrap: nowrap;
+      margin-right: 9px;
+      max-width: calc(100% + 9px);
+    "
   >
-    {{ partial "sidebar.html" . }}
-  </nav>
-  <div class="nginx-docs-api-container">
-    <div id="api-component">{{ .Content}}</div>
+    <nav
+      id="sidebar"
+      class="sidenav overflow-auto col-md-3 d-none d-md-block d-print-none sidebar-toggle-hidden-width"
+      style="width: 25%; border-right: 1px solid #e6e6e6"
+      ;
+    >
+      {{ partial "sidebar.html" . }}
+    </nav>
+    <div class="nginx-docs-api-container">
+      <div id="api-component">{{ .Content}}</div>
+    </div>
+  </section>
   </div>
-</div>
 {{ end }}

static/nginx-one/api/one.json

@@ -38,7 +38,7 @@
     },
     {
       "name": "Certificates",
-      "description": "The `Certificates` object in the NGINX One console represents an SSL certificate, covering both managed and unmanaged types. \nYou can view essential details like issuer, expiration status, and the instances or config sync groups where each certificate is deployed.\n",
+      "description": "The `Certificates` object in NGINX One Console represents an SSL certificate, covering both managed and unmanaged types. \nYou can view essential details like issuer, expiration status, and the instances or config sync groups where each certificate is deployed.\n",
       "x-displayName": "Certificates"
     },
     {
@@ -48,7 +48,7 @@
     },
     {
       "name": "Events",
-      "description": "Get a list of system events in the NGINX One console.\n",
+      "description": "Get a list of system events in NGINX One Console.\n",
       "x-displayName": "Events"
     },
     {
@@ -616,7 +616,7 @@
         ],
         "summary": "Delete an SSL certificate",
         "operationId": "deleteCertificate",
-        "description": "Deletes a managed SSL certificate from the NGINX One console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration.",
+        "description": "Deletes a managed SSL certificate from NGINX One Console. This operation is disabled for unmanaged certificates, as they get cleaned up automatically when they are not used in any NGINX configuration.",
         "responses": {
           "204": {
             "description": "Successfully deleted the SSL certificate."
@@ -1127,7 +1127,7 @@
           "Config Sync Groups"
         ],
         "summary": "Delete an NGINX config sync group",
-        "description": "Delete a NGINX config sync group from the NGINX One console. You can delete a config sync group, only if it contains no NGINX instances.\n",
+        "description": "Delete a NGINX config sync group from NGINX One Console. You can delete a config sync group, only if it contains no NGINX instances.\n",
         "operationId": "deleteConfigSyncGroup",
         "responses": {
           "204": {
@@ -1702,7 +1702,7 @@
           "Config Sync Groups"
         ],
         "summary": "Retrieves stored NGINX configurations for a NGINX config sync group",
-        "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 5 are kept on the NGINX One Console for a NGINX config sync group.",
+        "description": "Returns a list of all configurations for a NGINX config sync group. Only the last 5 are kept on NGINX One Console for a NGINX config sync group.",
         "operationId": "listConfigSyncGroupConfigurations",
         "responses": {
           "200": {
@@ -2811,7 +2811,7 @@
           "Instances"
         ],
         "summary": "Retrieves the stored NGINX configurations for an instance",
-        "description": "Returns a list of all configurations for a NGINX instance. Only the last 5 are kept on the NGINX One Console for a NGINX instance.",
+        "description": "Returns a list of all configurations for a NGINX instance. Only the last 5 are kept on NGINX One Console for a NGINX instance.",
         "operationId": "listInstanceConfigurations",
         "responses": {
           "200": {
@@ -3731,7 +3731,7 @@
         "properties": {
           "total": {
             "type": "integer",
-            "description": "The absolute total number of the resource in the NGINX One Console.\n"
+            "description": "The absolute total number of the resource in NGINX One Console.\n"
           },
           "count": {
             "type": "integer",
@@ -4078,7 +4078,7 @@
       },
       "CertificateType": {
         "type": "string",
-        "description": "Certificate type:\n  * `ca_bundle` - This certificate object is a CA bundle.\n  * `cert_key` - This certificate object is consisted of public certificates and key.\n  * `unmanaged` - This certificate is not managed by NGINX One console and its type is unmanaged.\n",
+        "description": "Certificate type:\n  * `ca_bundle` - This certificate object is a CA bundle.\n  * `cert_key` - This certificate object is consisted of public certificates and key.\n  * `unmanaged` - This certificate is not managed by NGINX One Console and its type is unmanaged.\n",
         "enum": [
           "ca_bundle",
           "cert_key",
@@ -5535,7 +5535,7 @@
       },
       "NginxConfigPayloads": {
         "type": "array",
-        "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n  * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n  * The `contents` field is optional and is ignored if included.\n* The NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, the NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n",
+        "description": "An array of payloads that track the file paths of each SSL certificates and key, indicating where to deploy\nthem onto the data plane instance.\n* If the `type` is `managed_certificate` or `managed_key`, you need to specify an `object_id`.\n  * The `object_id` must represent a managed certificate object, or a `400 Bad Request` is returned. \n  * The `contents` field is optional and is ignored if included.\n* NGINX One Console manages deployed file paths only for managed certificates and keys. If you don't want \nthem to be managed by NGINX One Console, `inline_content` and `inline_secret` can be used for certificates or \nkeys, respectively. When you retrieve certificate deployment details, only the file paths of managed \ncertificates and keys will be shown.\n* If you use `inline_content` and `inline_secret` in your NGINX configuration, NGINX One Console \nwill detect them. When they are used as SSL directives of the NGINX configuration \nfor certificates and keys, the certificates will be listed as `unmanaged_certificate` in the certificate \ndeployment details.\n",
         "items": {
           "$ref": "#/components/schemas/NginxConfigPayload"
         },

static/scripts/install-nim-bundle.sh

@@ -697,6 +697,41 @@ This action deletes all files in the following directories: /etc/nms , /etc/ngin
   fi
 }
 
+download_third_party_dependencies(){
+  if cat /etc/*-release | grep -iq 'debian\|ubuntu'; then
+      if echo "${target_distribution}" | grep -iq 'debian\|ubuntu'; then
+          mkdir "${TEMP_DIR}/${target_distribution}/keepalived"
+          apt-get install --download-only -o Dir::Cache="${TEMP_DIR}/${target_distribution}/keepalived" keepalived
+      else
+        if command -v docker >/dev/null 2>&1; then
+            mkdir "${TEMP_DIR}/${target_distribution}/keepalived"
+            docker run --rm -it -v "${TEMP_DIR}/${target_distribution}/keepalived":/downloads fedora dnf download --resolve --destdir=/downloads keepalived
+        else
+            echo "Cross platform packing requires Docker. Please install Docker and try again."
+            exit 1
+        fi
+      fi
+  elif cat /etc/*-release | grep -iq 'centos\|fedora\|rhel\|Amazon Linux'; then
+      if echo "${target_distribution}" | grep -iq 'centos\|fedora\|rhel\|Amazon Linux'; then
+          mkdir "${TEMP_DIR}/${target_distribution}/keepalived"
+          yumdownloader --destdir="${TEMP_DIR}/${target_distribution}/keepalived" --resolve keepalived
+      else
+          if command -v docker >/dev/null 2>&1; then
+              mkdir -p "${TEMP_DIR}/keepalived"
+              docker run --rm -it -v "${TEMP_DIR}/keepalived":/tmp/nim ubuntu bash -c "apt-get update && mkdir -p /tmp/nim && apt-get install -y --download-only -o Dir::Cache=\"/tmp/nim\" keepalived"
+              mkdir "${TEMP_DIR}/${target_distribution}/keepalived"
+              mv ${TEMP_DIR}/keepalived/archives/* ${TEMP_DIR}/${target_distribution}/keepalived
+          else
+              echo "Cross platform packing requires Docker. Please install Docker and try again."
+              exit 1
+          fi
+      fi
+  else
+      printf "Unsupported distribution"
+      exit 1
+  fi
+}
+
 OPTS_STRING="k:c:m:d:i:s:p:n:hv:t:j:rf:l"
 while getopts ${OPTS_STRING} opt; do
   case ${opt} in
@@ -938,11 +973,12 @@ else
       url_file_download "$file_to_download" "$save_path"
       echo "Downloaded NGINX Instance Manager package - $save_path"
     done
+    download_third_party_dependencies
     bundle_file="nim-${NIM_VERSION}-${target_distribution}.tar.gz"
     echo -n "Creating NGINX Instance Manager install bundle ... ${bundle_file}"
     cp ${NGINX_CERT_PATH}  "${TEMP_DIR}/${target_distribution}/nginx-repo.crt"
     cp ${NGINX_CERT_KEY_PATH} "${TEMP_DIR}/${target_distribution}/nginx-repo.key"
-    tar -zcf "$bundle_file" -C "${TEMP_DIR}/${target_distribution}" .
+    tar -zcf "$bundle_file" -C "${TEMP_DIR}/${target_distribution}/" .
     echo -e "\nSuccessfully created the NGINX Instance Manager bundle - $bundle_file"
     curl -s -o /dev/null --cert ${NGINX_CERT_PATH} --key ${NGINX_CERT_KEY_PATH} "https://pkgs.nginx.com/nms/?using_install_script=true&app=nim&mode=offline"
 
@@ -971,6 +1007,11 @@ else
             DEBIAN_FRONTEND=noninteractive dpkg -i  "$pkg_clickhouse_srv"
             check_last_command_status "dpkg -i \"$pkg_clickhouse_srv\"" $?
         done
+        if [ -d "${TEMP_DIR}/keepalived" ]; then
+            echo "Installing keepalived from ${TEMP_DIR}/keepalived"
+            DEBIAN_FRONTEND=noninteractive dpkg -i ${TEMP_DIR}/keepalived/*.deb
+            check_last_command_status "dpkg -i ${TEMP_DIR}/keepalived/*.deb" $?
+        fi
         for pkg_nim in "${TEMP_DIR}"/nms-instance-manager*.deb; do
             echo "Installing NGINX Instance Manager from ${pkg_nim}"
             DEBIAN_FRONTEND=noninteractive dpkg -i "$pkg_nim"
@@ -1005,6 +1046,11 @@ else
           echo "Installing clickhouse dependencies from ${pkg_clickhouse}"
           yum localinstall -y -v --disableplugin=subscription-manager --skip-broken "$pkg_clickhouse_srv"
         done
+        if [ -d "${TEMP_DIR}/keepalived" ]; then
+            echo "Installing keepalived from ${TEMP_DIR}/keepalived"
+            yum localinstall -y -v --disableplugin=subscription-manager --skip-broken "${TEMP_DIR}/keepalived/*.rpm"
+            check_last_command_status "dpkg -i yum localinstall -y -v --disableplugin=subscription-manager --skip-broken ${TEMP_DIR}/keepalived/*.rpm" $?
+        fi
         for pkg_nim in "${TEMP_DIR}"/nms-instance-manager*.rpm; do
           echo "Installing NGINX Instance Manager from ${pkg_nim}"
           yum localinstall -y -v --disableplugin=subscription-manager --skip-broken "$pkg_nim"